Aller au contenu

sebah

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    10

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par sebah

  1. sebah
    Mon pc ce comporte vraiment mieux. Il est plus rapide et surtout les redirections ont complètement disparus. Je peux enfin utiliser Firefox sans stress. Merci beaucoup.
  2. sebah
    Bonjour, Voiçi le rapport. ############################## | UsbFix V6.036 | User : [uSER] () # HOSTNAME Update on 21/09/2009 by Chiquitine29, C_XX & Chimay8 Start at: 19:23:45 | 22/09/2009 Website : http://pagesperso-orange.fr/NosTools/index.html Intel® Core2 Duo CPU E6750 @ 2.66GHz Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Disabled AV : AVG Anti-Virus Network Edition 8.5 [ Enabled | Updated ] C:\ -> Disque fixe local # 145,1 Go (104,89 Go free) # NTFS D:\ -> Disque fixe local # 149,01 Go (101,57 Go free) # NTFS E:\ -> Disque CD-ROM F:\ -> Disque fixe local # 247,21 Mo (112,05 Mo free) [uSB XXXXXX] # FAT H:\ -> Connexion réseau # 246,57 Go (39,09 Go free) [[uSER]] # NTFS Z:\ -> Connexion réseau ############################## | Processus actifs | C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe D:\XXXXXX\Programs\MySQL\MySQL\bin\mysqld-nt.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\OCS Inventory Agent\ocsservice.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\Explorer.EXE ################## | Fichiers # Dossiers infectieux | Supprimé ! C:\autorun.inf Supprimé ! D:\autorun.inf Supprimé ! F:\autorun.inf Supprimé ! H:\autorun.inf ################## | Registre # Clés Run infectieuses | ################## | Registre # Mountpoints2 | ################## | Listing des fichiers présent | [19/08/2004 14:18|--a------|0] C:\AUTOEXEC.BAT [07/05/2008 18:27|--a------|77800] C:\bar.emf [12/11/2007 12:38|--a------|212] C:\Boot.bak [16/09/2009 10:25|-rahs----|282] C:\boot.ini [08/11/2007 19:20|--a------|212] C:\boot.ini.comodofirewall [05/08/2004 13:00|-rahs----|4952] C:\Bootfont.bin [03/08/2004 23:00|--a------|263488] C:\cmldr [19/08/2004 14:18|--a------|0] C:\CONFIG.SYS [27/07/2009 13:23|--a------|174] C:\containerInit_Gzip_UTF16.bin [27/07/2009 13:23|--a------|174] C:\containerInit_Gzip_UTF8.bin [27/07/2009 13:23|--a------|330] C:\containerInit_Text_UTF16_multipleStream.bin [27/07/2009 13:23|--a------|174] C:\containerInit_Text_UTF16_singleStream.bin [27/07/2009 13:23|--a------|330] C:\containerInit_Text_UTF8_multipleStream.bin [27/07/2009 13:23|--a------|174] C:\containerInit_Text_UTF8_singleStream.bin [23/10/2007 22:22|-rah-----|6412] C:\dell.sdr [?|?|?] C:\hiberfil.sys [09/11/2007 12:40|--a------|4128] C:\INFCACHE.1 [19/08/2004 14:18|--ah-----|0] C:\IO.SYS [19/08/2004 14:18|--ah-----|0] C:\MSDOS.SYS [05/08/2004 13:00|-rahs----|47564] C:\NTDETECT.COM [22/01/2009 14:32|-rahs----|252240] C:\ntldr [?|?|?] C:\pagefile.sys [16/04/2009 10:46|--a------|3932214] C:\Sans titre.bmp [22/09/2009 19:54|--a------|4264] C:\UsbFix.txt [19/11/2007 18:54|--a------|146] C:\YServer.txt [10/04/2009 11:07|--a------|73216] D:\cahier de charge.doc [10/03/2009 11:46|--a------|3626761] D:\FxxxEXXV3Server_Config-3.0.0.0_ATSC-2009-03-10.zip [28/07/2009 17:50|--a------|76328700] D:\installer_ATSC_3.3.4.208.exe [06/08/2009 15:25|--a------|76365427] D:\installer_ATSC_3.3.5.209.exe [16/04/2009 11:42|--a------|3848778] D:\SA.zip [04/07/2008 18:40|--a------|610304] F:\FxxxEXX-Solution - Usage Collection -Technical conception.doc [08/07/2008 18:54|--a------|10232] F:\backupUC_1 20080708 1854.sql [24/07/2008 10:51|--a------|83439] F:\errur mib congthiet.JPG [30/07/2008 19:04|--a------|137216] F:\FxxxCxxxxxxx_Solution-Server_Installation-V0.doc [28/07/2008 19:08|--a------|1369600] F:\FxxxCxxxxxxx-Solution - Usage Collection - Interface_Specifications_1.2.doc [29/07/2008 04:02|--a------|264192] F:\FxxxCxxxxxxx-Solution - Usage Collection - Server_Details_SpecificationsV1.1.doc [30/07/2008 16:43|--a------|104960] F:\FxxxCxxxxxxx-Solution-User_Guide-V0.doc [30/07/2008 08:45|--a------|869769] F:\FxxxEXX_SD_BCAST_v3.1_Product_Doc.pdf [22/10/2007 16:47|--a------|701074] F:\FxxxEXX_BDS_v3.0 beta_Product_Doc.pdf [16/08/2008 15:33|--ahs----|14848] F:\Thumbs.db [28/05/2007 21:00|--a------|1075504] F:\P5280122.JPG [03/09/2008 17:57|--a------|518144] F:\CampaignServerMulticampaignscreens.ppt [28/05/2007 22:49|--a------|1082877] F:\P5280151.JPG [17/10/2008 16:38|--a------|20992] F:\Un logiciel de gestion du personnel.doc [11/06/2009 12:31|--a------|1741683] F:\epg.zip [11/04/2008 18:49|--a------|557313] F:\MobileTV Engine - Usage Monitoring - Functional Specifications.docx [11/04/2008 18:49|--a------|1353216] F:\MobileTV Engine - Usage Monitoring - Functional Specifications.doc [22/04/2008 20:14|--a------|62997] F:\FragmentsExporterImpl.java [22/04/2008 18:55|--a------|9953] F:\sqlqureies.sql [28/05/2008 14:36|--a------|608768] F:\EB_MCO_xx_xx_vx.x_fr_2.6.doc [28/05/2008 14:36|--ah-----|162] F:\~$_MCO_xx_xx_vx.x_fr_2.6.doc [04/07/2008 18:40|--a------|178688] F:\FxxxEXX-Solution - Usage Collection - Server Details Specifications.doc [29/05/2008 18:56|--a------|594562] F:\FxxxEXX-Solution - Usage Collection - server-client_API.docx [03/06/2008 19:01|--a------|1362432] F:\FxxxEXX-Solution - Usage Collection - server-client_API.doc [04/06/2008 18:38|--a------|586862] F:\FxxxEXX-Solution - Usage Collection - Interface_Specifications.docx [04/06/2008 16:30|--a------|11300] F:\uxxxxcxxxxxxxv1.mwb [26/06/2008 18:02|--a------|64] F:\FxxxCxxxxxxxx.txt [27/06/2008 19:15|--a------|239] F:\logexample.txt [27/06/2008 17:30|--a------|1347] F:\logSchema.xsd [02/07/2008 13:09|--a------|377152] F:\springsecurity.pdf [27/06/2008 19:13|--a------|1393152] F:\FxxxCxxxxxxx-Solution - Functional System Specifications_V1.1.doc [20/06/2008 19:07|--a------|1386496] F:\FxxxEXX-Solution - Usage Collection - Functional Specifications.doc [27/06/2008 19:13|--a------|1362432] F:\FxxxEXX-Solution - Usage Collection - Interface_Specifications.doc [17/08/2006 12:14|--a------|40733] H:\Exp Way logo.png [12/11/2007 09:40|--a------|24] H:\HardwareID.txt [14/11/2007 10:28|--a------|1616] H:\ciredefault.license [14/11/2007 11:30|--a------|1616] H:\cireop1.license ################## | Vaccination | # C:\autorun.inf -> Folder created by UsbFix. # D:\autorun.inf -> Folder created by UsbFix. # F:\autorun.inf -> Folder created by UsbFix. # H:\autorun.inf -> Folder created by UsbFix.
  3. sebah
    Bonjour, voici le rapport avec USBFix ############################## | UsbFix V6.036 | User : [user] () # SOUFRE Update on 21/09/2009 by Chiquitine29, C_XX & Chimay8 Start at: 12:19:53 | 22/09/2009 Website : http://pagesperso-orange.fr/NosTools/index.html Intel® Core2 Duo CPU E6750 @ 2.66GHz Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Disabled AV : AVG Anti-Virus Network Edition 8.5 [ Enabled | Updated ] C:\ -> Disque fixe local # 145,1 Go (104,82 Go free) # NTFS D:\ -> Disque fixe local # 149,01 Go (101,57 Go free) # NTFS E:\ -> Disque CD-ROM F:\ -> Disque fixe local # 247,21 Mo (112,06 Mo free) [uSB [company]] # FAT H:\ -> Connexion réseau # 246,57 Go (39,1 Go free) [[user]] # NTFS Z:\ -> Connexion réseau ############################## | Active processes | C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe D:\[company]\Programs\MySQL\MySQL\bin\mysqld-nt.exe C:\Program Files\FileZilla Server\FileZilla Server.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\OCS Inventory Agent\ocsservice.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ICO.EXE C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\Program Files\Skype\Phone\Skype.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\msdtc.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\SQLyog Community\SQLyog.exe C:\Program Files\Eclipsephp\eclipse.exe C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe C:\Program Files\Mozilla Firefox3\firefox.exe C:\Program Files\TortoiseSVN\bin\TortoiseMerge.exe C:\WINDOWS\system32\Pmxmiced.exe C:\Program Files\npp5.4.3.bin\unicode\notepad++.exe C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\GIMP-2.0\bin\gimp-2.4.exe C:\Program Files\GIMP-2.0\lib\gimp\2.0\plug-ins\script-fu.exe C:\Program Files\TortoiseSVN\bin\TortoiseProc.exe C:\WINDOWS\system32\wbem\wmiprvse.exe ################## | Files # Infected Folders | H:\autorun.inf ################## | Registry # Infected run Keys | [HKLM\SYSTEM\CurrentControlSet\Services\FileZilla Server] [HKLM\SYSTEM\ControlSet001\Services\FileZilla Server] [HKLM\SYSTEM\ControlSet002\Services\FileZilla Server] [HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FILEZILLA_SERVER] [HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_FILEZILLA_SERVER] [HKLM\SYSTEM\ControlSet002\Enum\Root\LEGACY_FILEZILLA_SERVER] [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools" [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" ################## | Registry # Mountpoints2 | HKCU\..\..\Explorer\MountPoints2\##sisyphe#homes Shell\AutoRun\command =H:\DRIVER///vozacka.exe Shell\explore\command =H:\DRIVER//vozacka.exe Shell\open\command =H:\DRIVER//vozacka.exe ################## | ! End of report # UsbFix V6.036 ! |
  4. sebah
    Bonjour, L'ordinateur se comporte en générale beaucoup mieux: démarrage plus rapide et surtout plus de redirection. Voiç le rapport Kaspersky: -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Monday, September 21, 2009 Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Friday, September 18, 2009 15:37:57 Records in database: 2848522 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ H:\ Z:\ Scan statistics: Objects scanned: 904935 Threats found: 7 Infected objects found: 10 Suspicious objects found: 0 Scan duration: 10:49:16 File name / Threat / Threats count C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\827568A28AD44457A81ABC08309D7D62\lib\DskHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 1 C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\827568A28AD44457A81ABC08309D7D62\lib\YugmaPlugin.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1360 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\config\systemprofile\protect.dll.vir Infected: Trojan.Win32.Agent2.lbu 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\reset5c.dll.vir Infected: Email-Worm.Win32.Joleee.dci 1 C:\Qoobox\Quarantine\F\autorun.inf.vir Infected: Worm.Win32.AutoRun.gpy 1 F:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP537\A0139572.inf Infected: Trojan.Win32.AutoRun.bn 1 F:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP538\A0139574.inf Infected: Trojan.Win32.AutoRun.bn 1 F:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP539\A0139577.inf Infected: Trojan.Win32.AutoRun.bn 1 F:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP565\A0140215.inf Infected: Worm.Win32.AutoRun.gpy 1 H:\autorun.inf Infected: Trojan.Win32.AutoRun.bx 1 Selected area has been scanned.
  5. sebah
    Re bonjour. il a 4 fichier zip qui contiennent un protect.dll il s'agit de : C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondesdn1.zip C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondesdn3.zip C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondesdn7.zip C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondesdn7.zip voci la répose d'analyse avec virus total: ************************************************** Fichier Virtumondesdn1.zip reçu le 2009.09.17 12:40:11 (UTC) Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.24 2009.09.17 - AhnLab-V3 5.0.0.2 2009.09.16 - AntiVir 7.9.1.19 2009.09.17 - Antiy-AVL 2.0.3.7 2009.09.17 - Authentium 5.1.2.4 2009.09.17 - Avast 4.8.1351.0 2009.09.16 - AVG 8.5.0.412 2009.09.17 - BitDefender 7.2 2009.09.17 - CAT-QuickHeal 10.00 2009.09.17 - ClamAV 0.94.1 2009.09.17 - Comodo 2348 2009.09.17 - DrWeb 5.0.0.12182 2009.09.17 - eSafe 7.0.17.0 2009.09.16 - eTrust-Vet 31.6.6743 2009.09.17 - F-Prot 4.5.1.85 2009.09.16 - F-Secure 8.0.14470.0 2009.09.17 - Fortinet 3.120.0.0 2009.09.17 W32/Agent2.LBU!tr GData 19 2009.09.17 - Ikarus T3.1.1.72.0 2009.09.17 - Jiangmin 11.0.800 2009.09.17 - K7AntiVirus 7.10.846 2009.09.16 - Kaspersky 7.0.0.125 2009.09.17 - McAfee 5743 2009.09.16 - McAfee+Artemis 5743 2009.09.16 - McAfee-GW-Edition 6.8.5 2009.09.17 - Microsoft 1.5005 2009.09.17 - NOD32 4433 2009.09.17 - Norman 6.01.09 2009.09.16 - nProtect 2009.1.8.0 2009.09.17 - Panda 10.0.2.2 2009.09.16 - PCTools 4.4.2.0 2009.09.17 - Prevx 3.0 2009.09.17 - Rising 21.47.33.00 2009.09.17 - Sophos 4.45.0 2009.09.17 - Sunbelt 3.2.1858.2 2009.09.17 <Encrypted Archive> Symantec 1.4.4.12 2009.09.17 - TheHacker 6.3.4.4.404 2009.09.15 - TrendMicro 8.950.0.1094 2009.09.17 - VBA32 3.12.10.10 2009.09.17 - ViRobot 2009.9.17.1941 2009.09.17 - VirusBuster 4.6.5.0 2009.09.16 - Information additionnelle File size: 12009 bytes MD5...: f907238216e769f9424ec826c634691e SHA1..: 123f37b327983177b6ef44a25a64d0fdab7ae3f6 SHA256: 33737834dbf1e245b31c1ae50dff20025fdf584e9b1c3e6360f8797d0663f4d7 ssdeep: 192:FqIpRVRxSr29PnnPDTsSblgVg2/vcZouEvK2UYoTBXr+bPzW9WK94mMNKHG:<br>x3xSE/9gt/UW5U5TtIzWh94N<br> PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set<br>- pdfid.: - trid..: ZIP compressed archive (100.0%) sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br> Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.24 2009.09.17 - AhnLab-V3 5.0.0.2 2009.09.16 - AntiVir 7.9.1.19 2009.09.17 - Antiy-AVL 2.0.3.7 2009.09.17 - Authentium 5.1.2.4 2009.09.17 - Avast 4.8.1351.0 2009.09.16 - AVG 8.5.0.412 2009.09.17 - BitDefender 7.2 2009.09.17 - CAT-QuickHeal 10.00 2009.09.17 - ClamAV 0.94.1 2009.09.17 - Comodo 2348 2009.09.17 - DrWeb 5.0.0.12182 2009.09.17 - eSafe 7.0.17.0 2009.09.16 - eTrust-Vet 31.6.6743 2009.09.17 - F-Prot 4.5.1.85 2009.09.16 - F-Secure 8.0.14470.0 2009.09.17 - Fortinet 3.120.0.0 2009.09.17 W32/Agent2.LBU!tr GData 19 2009.09.17 - Ikarus T3.1.1.72.0 2009.09.17 - Jiangmin 11.0.800 2009.09.17 - K7AntiVirus 7.10.846 2009.09.16 - Kaspersky 7.0.0.125 2009.09.17 - McAfee 5743 2009.09.16 - McAfee+Artemis 5743 2009.09.16 - McAfee-GW-Edition 6.8.5 2009.09.17 - Microsoft 1.5005 2009.09.17 - NOD32 4433 2009.09.17 - Norman 6.01.09 2009.09.16 - nProtect 2009.1.8.0 2009.09.17 - Panda 10.0.2.2 2009.09.16 - PCTools 4.4.2.0 2009.09.17 - Prevx 3.0 2009.09.17 - Rising 21.47.33.00 2009.09.17 - Sophos 4.45.0 2009.09.17 - Sunbelt 3.2.1858.2 2009.09.17 <Encrypted Archive> Symantec 1.4.4.12 2009.09.17 - TheHacker 6.3.4.4.404 2009.09.15 - TrendMicro 8.950.0.1094 2009.09.17 - VBA32 3.12.10.10 2009.09.17 - ViRobot 2009.9.17.1941 2009.09.17 - VirusBuster 4.6.5.0 2009.09.16 - Information additionnelle File size: 12009 bytes MD5...: f907238216e769f9424ec826c634691e SHA1..: 123f37b327983177b6ef44a25a64d0fdab7ae3f6 SHA256: 33737834dbf1e245b31c1ae50dff20025fdf584e9b1c3e6360f8797d0663f4d7 ssdeep: 192:FqIpRVRxSr29PnnPDTsSblgVg2/vcZouEvK2UYoTBXr+bPzW9WK94mMNKHG:<br>x3xSE/9gt/UW5U5TtIzWh94N<br> PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set<br>- pdfid.: - trid..: ZIP compressed archive (100.0%) sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br> ******************************************************************************** *************************************** Fichier Virtumondesdn3.zip reçu le 2009.09.17 12:43:06 (UTC) Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.24 2009.09.17 - AhnLab-V3 5.0.0.2 2009.09.16 - AntiVir 7.9.1.19 2009.09.17 - Antiy-AVL 2.0.3.7 2009.09.17 - Authentium 5.1.2.4 2009.09.17 - Avast 4.8.1351.0 2009.09.16 - AVG 8.5.0.412 2009.09.17 - BitDefender 7.2 2009.09.17 - CAT-QuickHeal 10.00 2009.09.17 - ClamAV 0.94.1 2009.09.17 - Comodo 2348 2009.09.17 - DrWeb 5.0.0.12182 2009.09.17 - eSafe 7.0.17.0 2009.09.16 - eTrust-Vet 31.6.6743 2009.09.17 - F-Prot 4.5.1.85 2009.09.16 - F-Secure 8.0.14470.0 2009.09.17 - Fortinet 3.120.0.0 2009.09.17 W32/Agent2.LBU!tr GData 19 2009.09.17 - Ikarus T3.1.1.72.0 2009.09.17 - Jiangmin 11.0.800 2009.09.17 - K7AntiVirus 7.10.846 2009.09.16 - Kaspersky 7.0.0.125 2009.09.17 - McAfee 5743 2009.09.16 - McAfee+Artemis 5743 2009.09.16 - McAfee-GW-Edition 6.8.5 2009.09.17 - Microsoft 1.5005 2009.09.17 - NOD32 4433 2009.09.17 - Norman 6.01.09 2009.09.16 - nProtect 2009.1.8.0 2009.09.17 - Panda 10.0.2.2 2009.09.16 - PCTools 4.4.2.0 2009.09.17 - Prevx 3.0 2009.09.17 - Rising 21.47.33.00 2009.09.17 - Sophos 4.45.0 2009.09.17 - Sunbelt 3.2.1858.2 2009.09.17 <Encrypted Archive> Symantec 1.4.4.12 2009.09.17 - TheHacker 6.3.4.4.404 2009.09.15 - TrendMicro 8.950.0.1094 2009.09.17 - VBA32 3.12.10.10 2009.09.17 - ViRobot 2009.9.17.1941 2009.09.17 - VirusBuster 4.6.5.0 2009.09.16 - Information additionnelle File size: 12009 bytes MD5...: 6adb9c4407b62247abec6a90ca8fe19f SHA1..: edf29d4df98af2409934e90b5f2e19e1757590dc SHA256: 754e0e133f9cfaea3fb5080331f6905ecb6c7b7f1d0ccdd050b607ee2185c2e4 ssdeep: 192:aqIpRVRxSr29PnnPDTsSblgVg2/vcZouEvK2UYoTBXr+bPzW9WK94mMNKHD:<br>63xSE/9gt/UW5U5TtIzWh94Q<br> PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set<br>- pdfid.: - trid..: ZIP compressed archive (100.0%) sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br> Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.24 2009.09.17 - AhnLab-V3 5.0.0.2 2009.09.16 - AntiVir 7.9.1.19 2009.09.17 - Antiy-AVL 2.0.3.7 2009.09.17 - Authentium 5.1.2.4 2009.09.17 - Avast 4.8.1351.0 2009.09.16 - AVG 8.5.0.412 2009.09.17 - BitDefender 7.2 2009.09.17 - CAT-QuickHeal 10.00 2009.09.17 - ClamAV 0.94.1 2009.09.17 - Comodo 2348 2009.09.17 - DrWeb 5.0.0.12182 2009.09.17 - eSafe 7.0.17.0 2009.09.16 - eTrust-Vet 31.6.6743 2009.09.17 - F-Prot 4.5.1.85 2009.09.16 - F-Secure 8.0.14470.0 2009.09.17 - Fortinet 3.120.0.0 2009.09.17 W32/Agent2.LBU!tr GData 19 2009.09.17 - Ikarus T3.1.1.72.0 2009.09.17 - Jiangmin 11.0.800 2009.09.17 - K7AntiVirus 7.10.846 2009.09.16 - Kaspersky 7.0.0.125 2009.09.17 - McAfee 5743 2009.09.16 - McAfee+Artemis 5743 2009.09.16 - McAfee-GW-Edition 6.8.5 2009.09.17 - Microsoft 1.5005 2009.09.17 - NOD32 4433 2009.09.17 - Norman 6.01.09 2009.09.16 - nProtect 2009.1.8.0 2009.09.17 - Panda 10.0.2.2 2009.09.16 - PCTools 4.4.2.0 2009.09.17 - Prevx 3.0 2009.09.17 - Rising 21.47.33.00 2009.09.17 - Sophos 4.45.0 2009.09.17 - Sunbelt 3.2.1858.2 2009.09.17 <Encrypted Archive> Symantec 1.4.4.12 2009.09.17 - TheHacker 6.3.4.4.404 2009.09.15 - TrendMicro 8.950.0.1094 2009.09.17 - VBA32 3.12.10.10 2009.09.17 - ViRobot 2009.9.17.1941 2009.09.17 - VirusBuster 4.6.5.0 2009.09.16 - Information additionnelle File size: 12009 bytes MD5...: 6adb9c4407b62247abec6a90ca8fe19f SHA1..: edf29d4df98af2409934e90b5f2e19e1757590dc SHA256: 754e0e133f9cfaea3fb5080331f6905ecb6c7b7f1d0ccdd050b607ee2185c2e4 ssdeep: 192:aqIpRVRxSr29PnnPDTsSblgVg2/vcZouEvK2UYoTBXr+bPzW9WK94mMNKHD:<br>63xSE/9gt/UW5U5TtIzWh94Q<br> PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set<br>- pdfid.: - trid..: ZIP compressed archive (100.0%) sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br> ******************************************************************************** ************************** Fichier Virtumondesdn7.zip reçu le 2009.09.17 12:44:33 (UTC) Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.24 2009.09.17 - AhnLab-V3 5.0.0.2 2009.09.16 - AntiVir 7.9.1.19 2009.09.17 - Antiy-AVL 2.0.3.7 2009.09.17 - Authentium 5.1.2.4 2009.09.17 - Avast 4.8.1351.0 2009.09.16 - AVG 8.5.0.412 2009.09.17 - BitDefender 7.2 2009.09.17 - CAT-QuickHeal 10.00 2009.09.17 - ClamAV 0.94.1 2009.09.17 - Comodo 2348 2009.09.17 - DrWeb 5.0.0.12182 2009.09.17 - eSafe 7.0.17.0 2009.09.16 - eTrust-Vet 31.6.6743 2009.09.17 - F-Prot 4.5.1.85 2009.09.16 - F-Secure 8.0.14470.0 2009.09.17 - Fortinet 3.120.0.0 2009.09.17 W32/Agent2.LBU!tr GData 19 2009.09.17 - Ikarus T3.1.1.72.0 2009.09.17 - Jiangmin 11.0.800 2009.09.17 - K7AntiVirus 7.10.846 2009.09.16 - Kaspersky 7.0.0.125 2009.09.17 - McAfee 5743 2009.09.16 - McAfee+Artemis 5743 2009.09.16 - McAfee-GW-Edition 6.8.5 2009.09.17 - Microsoft 1.5005 2009.09.17 - NOD32 4433 2009.09.17 - Norman 6.01.09 2009.09.16 - nProtect 2009.1.8.0 2009.09.17 - Panda 10.0.2.2 2009.09.16 - PCTools 4.4.2.0 2009.09.17 - Prevx 3.0 2009.09.17 - Rising 21.47.33.00 2009.09.17 - Sophos 4.45.0 2009.09.17 - Sunbelt 3.2.1858.2 2009.09.17 <Encrypted Archive> Symantec 1.4.4.12 2009.09.17 - TheHacker 6.3.4.4.404 2009.09.15 - TrendMicro 8.950.0.1094 2009.09.17 - VBA32 3.12.10.10 2009.09.17 - ViRobot 2009.9.17.1941 2009.09.17 - VirusBuster 4.6.5.0 2009.09.16 - Information additionnelle File size: 12001 bytes MD5...: b116fed427b4c94896a85b6462008364 SHA1..: b799d1ce281a734da932fdf10b9da4b5149ef057 SHA256: 9dfaded3ba65537d7a5c319610a01e3800e677e30b280e3b41a95dff07717cc6 ssdeep: 192:imUmLtCYvCYmEwyXzz5Ihxy3XJUMzm0CY6Hy0M2MalxQa1ImL+P3d4o8:imU<br>mLzvdmSsADY7KGxQXmS/d4o8<br> PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set<br>- pdfid.: - trid..: ZIP compressed archive (100.0%) sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br> Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.24 2009.09.17 - AhnLab-V3 5.0.0.2 2009.09.16 - AntiVir 7.9.1.19 2009.09.17 - Antiy-AVL 2.0.3.7 2009.09.17 - Authentium 5.1.2.4 2009.09.17 - Avast 4.8.1351.0 2009.09.16 - AVG 8.5.0.412 2009.09.17 - BitDefender 7.2 2009.09.17 - CAT-QuickHeal 10.00 2009.09.17 - ClamAV 0.94.1 2009.09.17 - Comodo 2348 2009.09.17 - DrWeb 5.0.0.12182 2009.09.17 - eSafe 7.0.17.0 2009.09.16 - eTrust-Vet 31.6.6743 2009.09.17 - F-Prot 4.5.1.85 2009.09.16 - F-Secure 8.0.14470.0 2009.09.17 - Fortinet 3.120.0.0 2009.09.17 W32/Agent2.LBU!tr GData 19 2009.09.17 - Ikarus T3.1.1.72.0 2009.09.17 - Jiangmin 11.0.800 2009.09.17 - K7AntiVirus 7.10.846 2009.09.16 - Kaspersky 7.0.0.125 2009.09.17 - McAfee 5743 2009.09.16 - McAfee+Artemis 5743 2009.09.16 - McAfee-GW-Edition 6.8.5 2009.09.17 - Microsoft 1.5005 2009.09.17 - NOD32 4433 2009.09.17 - Norman 6.01.09 2009.09.16 - nProtect 2009.1.8.0 2009.09.17 - Panda 10.0.2.2 2009.09.16 - PCTools 4.4.2.0 2009.09.17 - Prevx 3.0 2009.09.17 - Rising 21.47.33.00 2009.09.17 - Sophos 4.45.0 2009.09.17 - Sunbelt 3.2.1858.2 2009.09.17 <Encrypted Archive> Symantec 1.4.4.12 2009.09.17 - TheHacker 6.3.4.4.404 2009.09.15 - TrendMicro 8.950.0.1094 2009.09.17 - VBA32 3.12.10.10 2009.09.17 - ViRobot 2009.9.17.1941 2009.09.17 - VirusBuster 4.6.5.0 2009.09.16 - Information additionnelle File size: 12001 bytes MD5...: b116fed427b4c94896a85b6462008364 SHA1..: b799d1ce281a734da932fdf10b9da4b5149ef057 SHA256: 9dfaded3ba65537d7a5c319610a01e3800e677e30b280e3b41a95dff07717cc6 ssdeep: 192:imUmLtCYvCYmEwyXzz5Ihxy3XJUMzm0CY6Hy0M2MalxQa1ImL+P3d4o8:imU<br>mLzvdmSsADY7KGxQXmS/d4o8<br> PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set<br>- pdfid.: - trid..: ZIP compressed archive (100.0%) sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br> ******************************************************************************** ************************************* Fichier Virtumondesdn8.zip reçu le 2009.09.17 12:45:40 (UTC) Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.24 2009.09.17 - AhnLab-V3 5.0.0.2 2009.09.16 - AntiVir 7.9.1.19 2009.09.17 - Antiy-AVL 2.0.3.7 2009.09.17 - Authentium 5.1.2.4 2009.09.17 - Avast 4.8.1351.0 2009.09.16 - AVG 8.5.0.412 2009.09.17 - BitDefender 7.2 2009.09.17 - CAT-QuickHeal 10.00 2009.09.17 - ClamAV 0.94.1 2009.09.17 - Comodo 2348 2009.09.17 - DrWeb 5.0.0.12182 2009.09.17 - eSafe 7.0.17.0 2009.09.16 - eTrust-Vet 31.6.6743 2009.09.17 - F-Prot 4.5.1.85 2009.09.16 - F-Secure 8.0.14470.0 2009.09.17 - Fortinet 3.120.0.0 2009.09.17 W32/Agent2.LBU!tr GData 19 2009.09.17 - Ikarus T3.1.1.72.0 2009.09.17 - Jiangmin 11.0.800 2009.09.17 - K7AntiVirus 7.10.846 2009.09.16 - Kaspersky 7.0.0.125 2009.09.17 - McAfee 5743 2009.09.16 - McAfee+Artemis 5743 2009.09.16 - McAfee-GW-Edition 6.8.5 2009.09.17 - Microsoft 1.5005 2009.09.17 - NOD32 4433 2009.09.17 - Norman 6.01.09 2009.09.16 - nProtect 2009.1.8.0 2009.09.17 - Panda 10.0.2.2 2009.09.16 - PCTools 4.4.2.0 2009.09.17 - Prevx 3.0 2009.09.17 - Rising 21.47.33.00 2009.09.17 - Sophos 4.45.0 2009.09.17 - Sunbelt 3.2.1858.2 2009.09.17 <Encrypted Archive> Symantec 1.4.4.12 2009.09.17 - TheHacker 6.3.4.4.404 2009.09.15 - TrendMicro 8.950.0.1094 2009.09.17 - VBA32 3.12.10.10 2009.09.17 - ViRobot 2009.9.17.1941 2009.09.17 - VirusBuster 4.6.5.0 2009.09.16 - Information additionnelle File size: 12007 bytes MD5...: adde6c37f4457f9bfc2be1b42596383d SHA1..: 386a5bb6840dce86a8438c78cc25e39c342ebede SHA256: 06d6d4a93d12a198917bfb93c3ebd0a0ac497a9adefa1165a0995b7fb0b06e93 ssdeep: 192:aGOo+DCzKaR+aoKisRRPU6MuuRvjyZO//2JnEr4MHHgIasqsO8O5G:aP9+zw<br>aoKisRLyqO/eunCL85<br> PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set<br>- pdfid.: - sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br> trid..: ZIP compressed archive (100.0%) Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.24 2009.09.17 - AhnLab-V3 5.0.0.2 2009.09.16 - AntiVir 7.9.1.19 2009.09.17 - Antiy-AVL 2.0.3.7 2009.09.17 - Authentium 5.1.2.4 2009.09.17 - Avast 4.8.1351.0 2009.09.16 - AVG 8.5.0.412 2009.09.17 - BitDefender 7.2 2009.09.17 - CAT-QuickHeal 10.00 2009.09.17 - ClamAV 0.94.1 2009.09.17 - Comodo 2348 2009.09.17 - DrWeb 5.0.0.12182 2009.09.17 - eSafe 7.0.17.0 2009.09.16 - eTrust-Vet 31.6.6743 2009.09.17 - F-Prot 4.5.1.85 2009.09.16 - F-Secure 8.0.14470.0 2009.09.17 - Fortinet 3.120.0.0 2009.09.17 W32/Agent2.LBU!tr GData 19 2009.09.17 - Ikarus T3.1.1.72.0 2009.09.17 - Jiangmin 11.0.800 2009.09.17 - K7AntiVirus 7.10.846 2009.09.16 - Kaspersky 7.0.0.125 2009.09.17 - McAfee 5743 2009.09.16 - McAfee+Artemis 5743 2009.09.16 - McAfee-GW-Edition 6.8.5 2009.09.17 - Microsoft 1.5005 2009.09.17 - NOD32 4433 2009.09.17 - Norman 6.01.09 2009.09.16 - nProtect 2009.1.8.0 2009.09.17 - Panda 10.0.2.2 2009.09.16 - PCTools 4.4.2.0 2009.09.17 - Prevx 3.0 2009.09.17 - Rising 21.47.33.00 2009.09.17 - Sophos 4.45.0 2009.09.17 - Sunbelt 3.2.1858.2 2009.09.17 <Encrypted Archive> Symantec 1.4.4.12 2009.09.17 - TheHacker 6.3.4.4.404 2009.09.15 - TrendMicro 8.950.0.1094 2009.09.17 - VBA32 3.12.10.10 2009.09.17 - ViRobot 2009.9.17.1941 2009.09.17 - VirusBuster 4.6.5.0 2009.09.16 - Information additionnelle File size: 12007 bytes MD5...: adde6c37f4457f9bfc2be1b42596383d SHA1..: 386a5bb6840dce86a8438c78cc25e39c342ebede SHA256: 06d6d4a93d12a198917bfb93c3ebd0a0ac497a9adefa1165a0995b7fb0b06e93 ssdeep: 192:aGOo+DCzKaR+aoKisRRPU6MuuRvjyZO//2JnEr4MHHgIasqsO8O5G:aP9+zw<br>aoKisRLyqO/eunCL85<br> PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set<br>- pdfid.: - sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br> trid..: ZIP compressed archive (100.0%)
  6. sebah
    Bonjour, Merci encore pour ton aide car mon pc va déjà beaucoup mieux. La redirection à disparu et il beaucoup plus rapide au démarrage. Après avoir fait comme tu m'as demandé, voici: *Le log Malwarebytes' : Malwarebytes' Anti-Malware 1.41 Version de la base de données: 2795 Windows 5.1.2600 Service Pack 3 17/09/2009 09:13:20 mbam-log-2009-09-17 (09-13-20).txt Type de recherche: Examen complet (C:\|D:\|F:\|) Eléments examinés: 1225101 Temps écoulé: 7 hour(s), 55 minute(s), 11 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 2 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 6 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AlerterALG (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dup (Trojan.FakeAlert) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP565\A0140126.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP565\A0140169.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP565\A0140170.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP565\A0140168.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Démarrage\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\ebahini\Menu Démarrer\Programmes\Démarrage\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully. ******************************************************************************** ************************ * Voiçi un nouveau log Hijackthis C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe D:\[company]\Programs\MySQL\MySQL\bin\mysqld-nt.exe C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe C:\Program Files\FileZilla Server\FileZilla Server.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\OCS Inventory Agent\ocsservice.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ICO.EXE C:\WINDOWS\system32\Pmxmiced.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Mozilla Firefox3\firefox.exe C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe C:\Documents and Settings\[uSER]\Bureau\HiJackThisAAA.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=2071024 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\[uSER]\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194543576859 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: [company]_MySQL - Unknown owner - D:\[company]\Programs\MySQL\MySQL\bin\mysqld-nt (file missing) O23 - Service: [product]_BDS_ATSC - Red Hat®, Inc. - C:\[company]\[product]ServerV3_ATSC\BDS\Server\jboss\service\jbosssvc.exe O23 - Service: [product]_BDS_BCAST - Red Hat®, Inc. - C:\[company]\[product]ServerV3_BCAST\BDS\Server\jboss\service\jbosssvc.exe O23 - Service: [product]_BDS_IPDC - Red Hat®, Inc. - C:\[company]\[product]ServerV3_IPDC\BDS\Server\jboss\service\jbosssvc.exe O23 - Service: [product]_SA1_BCAST - Red Hat®, Inc. - C:\[company]\[product]ServerV3_BCAST\SA1\Server\jboss\service\jbosssvc.exe O23 - Service: [product]_SA1_IPDC - Unknown owner - C:\[company]\[product]ServerV3_IPDC\SA1\Server\jboss\service\jbosssvc.exe (file missing) O23 - Service: [product]_SA_ATSC - Red Hat®, Inc. - C:\[company]\[product]ServerV3_ATSC\SA\Server\jboss\service\jbosssvc.exe O23 - Service: [product]_SA_BCAST - Red Hat®, Inc. - C:\[company]\[product]ServerV3_BCAST\SA\Server\jboss\service\jbosssvc.exe O23 - Service: [product]_SA_IPDC - Unknown owner - D:\[company]\[product]ServerV3_IPDC\SA\Server\jboss\service\jbosssvc.exe (file missing) O23 - Service: [product]_UDS_BCAST - Red Hat®, Inc. - C:\[company]\[product]ServerV3_BCAST\UDS\Server\jboss\service\jbosssvc.exe O23 - Service: [product]_UDS_IPDC - Red Hat®, Inc. - C:\[company]\[product]ServerV3_IPDC\UDS\Server\jboss\service\jbosssvc.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) - http://ocsinventory.sourceforge.net - C:\Program Files\OCS Inventory Agent\ocsservice.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 12951 bytes
  7. sebah
    J'ai utilisé ComboFix comme tu m'a demandé. J'ai eu aucun problème de réseau après le redémarrage fait par ComboFix. Voici le log avec ComboFix. ComboFix 09-09-14.02 - [uSER] 16/09/2009 10:41.1.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2046.1007 [GMT 2:00] Lancé depuis: c:\documents and settings\[uSER]\Bureau\sebah.exe AV: AVG Anti-Virus Network Edition *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\[uSER]\protect.dll c:\recycler\S-1-5-21-0195683166-1423885373-959594104-4730 c:\recycler\S-1-5-21-0860499879-2929856219-639102028-0567 c:\recycler\S-1-5-21-1420974468-6783677105-790404289-9916 c:\recycler\S-1-5-21-2810127182-2749329522-201851194-7622 c:\recycler\S-1-5-21-5912146895-3933009188-269336417-2723 c:\recycler\S-1-5-21-6070424291-6900327706-862495960-0885 c:\recycler\S-1-5-21-7303307263-4235931701-159497084-8973 c:\recycler\S-1-5-21-7416270056-6550884302-750915589-3492 c:\recycler\S-1-5-21-7986510224-1201809354-367062772-9445 c:\recycler\S-1-5-21-9127841322-7062987680-337265772-3596 c:\recycler\S-1-5-21-9777951479-0976443225-082396291-7939 c:\recycler\S-1-5-21-9988634750-1254618705-487683348-0062 c:\windows\Installer\2c204.msi c:\windows\system32\config\systemprofile\protect.dll c:\windows\system32\drivers\kbiwkmqbwespws.sys c:\windows\system32\drivers\str.sys c:\windows\system32\kbiwkmdagucpal.dat c:\windows\system32\kbiwkmvxewfdst.dat c:\windows\system32\reset5c.dll F:\autorun.inf ----- BITS: Il y a peut-être des sites infectés ----- hxxp://download.yimg.com . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_kbiwkmpixduiuw -------\Service_kbiwkmpixduiuw ((((((((((((((((((((((((((((( Fichiers créés du 2009-08-16 au 2009-09-16 )))))))))))))))))))))))))))))))))))) . 2009-09-14 15:22 . 2009-09-14 15:22 -------- d-----w- c:\documents and settings\[uSER]\Application Data\Malwarebytes 2009-09-14 15:22 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-14 15:22 . 2009-09-14 15:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-09-14 15:22 . 2009-09-14 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-09-14 15:22 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-14 08:08 . 2009-09-14 08:38 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-10 03:33 . 2009-06-21 21:47 153088 ------w- c:\windows\system32\dllcache\triedit.dll 2009-09-09 16:43 . 2009-09-14 08:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-08-25 10:21 . 2009-08-25 10:21 21376 ----a-w- c:\windows\system32\drivers\dup.sys 2009-08-25 02:17 . 2009-08-25 02:17 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache 2009-08-24 10:23 . 2009-08-24 10:23 -------- d-----w- c:\program files\Safari 2009-08-24 09:12 . 2009-08-24 09:12 -------- d-----w- C:\spoolerlogs 2009-08-17 09:51 . 2009-08-17 09:51 -------- d-----w- c:\program files\iPod 2009-08-17 09:51 . 2009-08-17 09:51 -------- d-----w- c:\program files\iTunes . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-16 09:00 . 2009-01-08 11:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-09-16 08:52 . 2007-11-15 09:10 -------- d-----w- c:\documents and settings\[uSER]\Application Data\Skype 2009-09-16 08:29 . 2008-06-19 13:26 -------- d-----w- c:\program files\Mozilla Firefox3 2009-09-16 08:20 . 2009-08-13 08:02 -------- d-----w- c:\program files\Eclipsephp 2009-09-16 08:09 . 2007-11-12 10:12 -------- d-----w- c:\program files\OCS Inventory Agent 2009-09-16 07:42 . 2009-06-02 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-09-16 07:30 . 2009-05-26 07:55 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-09-15 12:20 . 2008-03-20 14:43 -------- d-----w- c:\documents and settings\[uSER]\Application Data\SQLyog 2009-09-15 09:04 . 2007-11-13 09:41 -------- d-----w- c:\program files\Mozilla Thunderbird 2009-09-11 01:04 . 2008-12-09 09:29 -------- d-----w- c:\program files\Microsoft Silverlight 2009-09-11 01:01 . 2007-10-23 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-09-09 16:27 . 2009-03-19 13:56 8 ----a-w- c:\windows\system32\nvModes.dat 2009-09-09 09:11 . 2007-11-23 11:39 -------- d-----w- c:\program files\Eclipse 2009-08-27 16:50 . 2008-04-24 13:15 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{4AFCE0F4-39DD-49F6-A098-FB07AC26E2C3} 2009-08-25 08:59 . 2008-10-29 16:08 -------- d-----w- c:\documents and settings\[uSER]\Application Data\SSH 2009-08-20 10:00 . 2008-11-06 10:15 -------- d-----w- c:\documents and settings\[uSER]\Application Data\TeamViewer 2009-08-17 09:51 . 2009-07-01 17:00 -------- d-----w- c:\program files\Fichiers communs\Apple 2009-08-17 09:51 . 2009-05-13 07:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2009-08-05 18:13 . 2009-03-05 12:40 -------- d-----w- c:\documents and settings\[uSER]\Application Data\FileZilla 2009-08-05 09:00 . 2004-08-19 12:03 205312 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-31 14:37 . 2007-11-23 09:46 -------- d-----w- c:\documents and settings\[uSER]\Application Data\MySQL 2009-07-31 06:21 . 2009-05-26 07:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-07-31 06:21 . 2009-05-26 07:55 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-31 06:21 . 2009-05-26 07:55 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-07-30 01:19 . 2008-01-09 08:59 -------- d-----w- c:\program files\Fichiers communs\Merge Modules 2009-07-27 11:23 . 2007-11-23 12:44 330 ----a-w- C:\containerInit_Text_UTF8_multipleStream.bin 2009-07-27 11:23 . 2007-11-23 12:44 330 ----a-w- C:\containerInit_Text_UTF16_multipleStream.bin 2009-07-27 11:23 . 2007-11-23 12:44 174 ----a-w- C:\containerInit_Text_UTF8_singleStream.bin 2009-07-27 11:23 . 2007-11-23 12:44 174 ----a-w- C:\containerInit_Text_UTF16_singleStream.bin 2009-07-27 11:23 . 2007-11-23 12:44 174 ----a-w- C:\containerInit_Gzip_UTF8.bin 2009-07-27 11:23 . 2007-11-23 12:44 174 ----a-w- C:\containerInit_Gzip_UTF16.bin 2009-07-17 19:03 . 2004-08-19 12:03 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-16 07:14 . 2004-08-19 12:03 626558 ----a-w- c:\windows\system32\perfh00C.dat 2009-07-16 07:14 . 2004-08-19 12:03 133896 ----a-w- c:\windows\system32\perfc00C.dat 2009-07-16 01:00 . 2009-07-16 01:00 229208 ----a-w- c:\windows\system32\drivers\VMM.sys 2009-07-13 21:43 . 2004-08-19 12:04 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-07-13 08:28 . 2009-07-13 08:31 13047158 ----a-w- c:\program files\UltraEdit-32.7z 2009-07-03 16:57 . 2004-08-19 12:03 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-28 22:14 . 2008-07-31 08:12 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-06-25 08:26 . 2004-08-19 12:03 54272 ----a-w- c:\windows\system32\wdigest.dll 2009-06-25 08:26 . 2004-08-19 12:03 56832 ----a-w- c:\windows\system32\secur32.dll 2009-06-25 08:26 . 2004-08-19 12:03 147456 ----a-w- c:\windows\system32\schannel.dll 2009-06-25 08:26 . 2004-08-19 12:03 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-06-25 08:26 . 2004-08-19 12:03 736768 ----a-w- c:\windows\system32\lsasrv.dll 2009-06-25 08:26 . 2004-08-19 12:03 301568 ----a-w- c:\windows\system32\kerberos.dll 2009-06-24 11:18 . 2004-08-19 12:03 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2008-11-13 10:02 . 2007-11-15 11:31 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2008-11-13 10:02 . 2007-11-15 11:31 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2008-11-13 10:02 . 2007-11-15 11:31 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2008-11-13 10:02 . 2007-11-15 11:31 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2008-11-13 10:02 . 2007-11-15 11:31 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000] "Google Update"="c:\documents and settings\[uSER]\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-26 4351216] "AdobeUpdater"="c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2008-09-26 2356088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-27 8429568] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496] "ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184] "ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-10-03 81920] "RoxWatchTray"="c:\program files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 118784] "dscactivate"="c:\dell\dsca.exe" [2007-07-30 16384] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-13 2007832] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2007-07-22 16132608] "PMX Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2007-03-08 49152] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160] c:\documents and settings\[uSER]\Menu D‚marrer\Programmes\D‚marrage\ ChkDisk.lnk - c:\windows\system32\rundll32.exe [2004-8-19 33792] RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [2008-7-22 495616] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Monitor Apache Servers.lnk - c:\program files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2008-12-10 41042] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-07-31 06:21 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Java\\jdk1.6.0_03\\bin\\javaw.exe"= "c:\\WINDOWS\\system32\\javaw.exe"= "c:\\Program Files\\Java\\jdk1.6.0_03\\bin\\java.exe"= "c:\\Program Files\\Mozilla Firefox3\\firefox.exe"= "c:\\Program Files\\Java\\jdk1.6.0_03\\bin\\jconsole.exe"= "c:\\Program Files\\Eclipsephp\\eclipse.exe"= "c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG8\\avgam.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Documents and Settings\\[uSER]\\temp\\TeamViewer\\Version4\\TeamViewer.exe"= "%windir%\\system32\\lsass.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3306:TCP"= 3306:TCP:MySQL Server "80:UDP"= 80:UDP:Port80_UDP [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 0 (0x0) R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [26/05/2009 09:56 12552] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [26/05/2009 09:55 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [26/05/2009 09:56 108552] R2 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [10/12/2008 00:10 24636] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [26/05/2009 09:55 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [26/05/2009 09:55 297752] R2 BcmSqlStartupSvc;Service de démarrage SQL Server pour le Gestionnaire de contacts professionnels;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [16/01/2008 10:46 30312] R2 OCS INVENTORY;OCS INVENTORY SERVICE;c:\program files\OCS Inventory Agent\OcsService.exe [27/02/2007 21:32 61440] R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [25/11/2005 17:43 31896] R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [08/11/2007 19:16 18432] R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [08/11/2007 19:16 14336] S1 Dup;Dup;c:\windows\system32\drivers\dup.sys [25/08/2009 12:21 21376] S2 AlerterALG;Avertissement AlerterALG;c:\windows\TEMP\rqrmstneyi.exe service --> c:\windows\TEMP\rqrmstneyi.exe service [?] S2 [company]_MySQL;[company]_MySQL;"d:\[company]\Programs\MySQL\MySQL\bin\mysqld-nt" --defaults-file="d:\[company]\Programs\MySQL\MySQL\my.ini" [company]_MySQL --> d:\[company]\Programs\MySQL\MySQL\bin\mysqld-nt [?] S2 vrxrmjb;vrxrmjb;\??\c:\windows\system32\drivers\rgwgvolqgsze.sys --> c:\windows\system32\drivers\rgwgvolqgsze.sys [?] S2 zgotscgoy;zgotscgoy;\??\c:\windows\system32\drivers\norzkfn.sys --> c:\windows\system32\drivers\norzkfn.sys [?] S3 FastESG_BDS_ATSC;FastESG_BDS_ATSC;c:\[company]\FastEsgServerV3_ATSC\BDS\Server\jboss\service\jbosssvc.exe [02/06/2009 12:38 45056] S3 FastESG_BDS_BCAST;FastESG_BDS_BCAST;c:\[company]\FastEsgServerV3_BCAST\BDS\Server\jboss\service\jbosssvc.exe [18/11/2008 16:14 45056] S3 FastESG_BDS_IPDC;FastESG_BDS_IPDC;c:\[company]\FastEsgServerV3_IPDC\BDS\Server\jboss\service\jbosssvc.exe [16/04/2009 11:30 45056] S3 FastESG_SA_ATSC;FastESG_SA_ATSC;c:\[company]\FastEsgServerV3_ATSC\SA\Server\jboss\service\jbosssvc.exe [02/06/2009 12:38 45056] S3 FastESG_SA_BCAST;FastESG_SA_BCAST;c:\[company]\FastEsgServerV3_BCAST\SA\Server\jboss\service\jbosssvc.exe [27/05/2009 19:17 45056] S3 FastESG_SA_IPDC;FastESG_SA_IPDC;"d:\[company]\FastEsgServerV3_IPDC\SA\Server\jboss\service\jbosssvc.exe" -r FastESG_SA_IPDC --> d:\[company]\FastEsgServerV3_IPDC\SA\Server\jboss\service\jbosssvc.exe [?] S3 FastESG_SA1_BCAST;FastESG_SA1_BCAST;c:\[company]\FastEsgServerV3_BCAST\SA1\Server\jboss\service\jbosssvc.exe [25/03/2008 16:02 45056] S3 FastESG_SA1_IPDC;FastESG_SA1_IPDC;"c:\[company]\FastEsgServerV3_IPDC\SA1\Server\jboss\service\jbosssvc.exe" -r FastESG_SA1_IPDC --> c:\[company]\FastEsgServerV3_IPDC\SA1\Server\jboss\service\jbosssvc.exe [?] S3 FastESG_UDS_BCAST;FastESG_UDS_BCAST;c:\[company]\FastEsgServerV3_BCAST\UDS\Server\jboss\service\jbosssvc.exe [18/11/2008 16:14 45056] S3 FastESG_UDS_IPDC;FastESG_UDS_IPDC;c:\[company]\FastEsgServerV3_IPDC\UDS\Server\jboss\service\jbosssvc.exe [09/03/2009 11:59 45056] S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [18/12/2008 05:25 29181272] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 22:22 34064] S3 Tomcat5;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe [03/01/2006 17:14 102400] S4 msvsmon80;Débogueur distant Visual Studio 2005;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [02/12/2006 07:28 2805000] --- Autres Services/Pilotes en mémoire --- *NewlyCreated* - 000005C7 *Deregistered* - 000005C7 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##sisyphe#homes] \Shell\AutoRun\command - H:\DRIVER///vozacka.exe \Shell\explore\command - H:\DRIVER//vozacka.exe \Shell\open\command - H:\DRIVER//vozacka.exe . Contenu du dossier 'Tâches planifiées' 2009-09-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2009-09-16 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-08 10:11] 2009-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2139989288-483860436-2398042574-3312Core.job - c:\documents and settings\[uSER]\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 08:43] 2009-09-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2139989288-483860436-2398042574-3312UA.job - c:\documents and settings\[uSER]\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 08:43] 2009-09-16 c:\windows\Tasks\User_Feed_Synchronization-{62E1BDF9-5B0D-4712-82F5-0C6BEE17A425}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] 2009-09-16 c:\windows\Tasks\User_Feed_Synchronization-{91DDEA57-F7B2-499B-AC89-9CAF5F56DFBA}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\[uSER]\Application Data\Mozilla\Firefox\Profiles\xd737aiw.Firefox3SEB\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.startup.homepage - hxxp://www.[company].com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= FF - plugin: c:\documents and settings\[uSER]\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- PARAMETRES FIREFOX ---- FF - user.js: yahoo.homepage.dontask - true. - - - - ORPHELINS SUPPRIMES - - - - HKLM-Run-VaCtrl - c:\program files\VoiceAge\Common\VaCtrl.exe HKU-Default-Run-autochk - c:\docume~1\NETWOR~1\protect.dll Notify-reset5c - reset5c.dll AddRemove-Canon ScanGear Toolbox 3.1 - c:\windows\IsUn040c.exe -fc:\program files\Canon\ScanGear Toolbox Ver3.1\Uninst.isu AddRemove-HijackThis - c:\documents and settings\[uSER]\Bureau\HijackThis.exe AddRemove-KB000000_SQL9 - c:\windows\SQL9_KB000000_ENU\Hotfix.exe AddRemove-Notepad++ - c:\program files\Notepad++\uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-16 11:00 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\[company]_MySQL] "ImagePath"="\"d:\[company]\Programs\MySQL\MySQL\bin\mysqld-nt\" --defaults-file=\"d:\[company]\Programs\MySQL\MySQL\my.ini\" [company]_MySQL" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'explorer.exe'(2644) c:\program files\TortoiseSVN\bin\tortoisesvn.dll c:\program files\TortoiseSVN\bin\intl3_svn.dll c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Microsoft Virtual PC\VPCShExH.DLL c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\pmxscrll.dll c:\windows\system32\PMXCOMM.dll c:\windows\system32\PMXHOOKS.dll . ------------------------ Autres processus actifs ------------------------ . c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\progra~1\AVG\AVG8\avgam.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\FileZilla Server\FileZilla server.exe c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe c:\windows\system32\nvsvc32.exe c:\program files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\TortoiseSVN\bin\TSVNCache.exe c:\windows\system32\pmxmiced.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe c:\program files\Java\jre1.6.0_03\bin\jucheck.exe . ************************************************************************** . Heure de fin: 2009-09-16 11:14 - La machine a redémarré ComboFix-quarantined-files.txt 2009-09-16 09:12 Avant-CF: 110 732 238 848 octets libres Après-CF: 113 386 381 312 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect 320 --- E O F --- 2009-09-16 01:17 Merci beaucoup.
  8. sebah
    Voici le le log du scan avec catchme scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbiwkmpixduiuw] "start"=dword:00000001 "type"=dword:00000001 "group"="file system" "imagepath"=str(2):"\systemroot\system32\drivers\kbiwkmqbwespws.sys" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbiwkmpixduiuw\main] "aid"="10001" "sid"="2" "cmddelay"=dword:00003840 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbiwkmpixduiuw\modules] "kbiwkmrk.sys"="\systemroot\system32\drivers\kbiwkmqbwespws.sys" "kbiwkmcmd.dll"="\systemroot\system32\kbiwkmftqfqxns.dll" "kbiwkmlog.dat"="\systemroot\system32\kbiwkmvxewfdst.dat" "kbiwkmwsp.dll"="\systemroot\system32\kbiwkmjkntpmlp.dll" "kbiwkm.dat"="\systemroot\system32\kbiwkmdagucpal.dat" "kbiwkmwsp8.dll"="\systemroot\system32\kbiwkmkmigvpxl.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kbiwkmpixduiuw] "start"=dword:00000001 "type"=dword:00000001 "group"="file system" "imagepath"=str(2):"\systemroot\system32\drivers\kbiwkmqbwespws.sys" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kbiwkmpixduiuw\main] "aid"="10001" "sid"="2" "cmddelay"=dword:00003840 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kbiwkmpixduiuw\modules] "kbiwkmrk.sys"="\systemroot\system32\drivers\kbiwkmqbwespws.sys" "kbiwkmcmd.dll"="\systemroot\system32\kbiwkmftqfqxns.dll" "kbiwkmlog.dat"="\systemroot\system32\kbiwkmvxewfdst.dat" "kbiwkmwsp.dll"="\systemroot\system32\kbiwkmjkntpmlp.dll" "kbiwkm.dat"="\systemroot\system32\kbiwkmdagucpal.dat" "kbiwkmwsp8.dll"="\systemroot\system32\kbiwkmkmigvpxl.dll" scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0
  9. sebah
    Bonjour, merci pour ton aide. Apparemment je suis complètement infecté. Voici mon rapport avec Malwarebytes: Malwarebytes' Anti-Malware 1.41 Version de la base de données: 2795 Windows 5.1.2600 Service Pack 3 15/09/2009 16:12:51 mbam-log-2.txt Type de recherche: Examen complet (C:\|) Eléments examinés: 782220 Temps écoulé: 6 hour(s), 53 minute(s), 33 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 2 Clé(s) du Registre infectée(s): 4 Valeur(s) du Registre infectée(s): 3 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 15 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\autochk.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\reset5c.dll (Trojan.Agent) -> No action taken. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\reset5c (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AlerterALG (Trojan.Downloader) -> No action taken. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\kbiwkmpixduiuw (Rootkit.TDSS) -> No action taken. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\dup (Trojan.FakeAlert) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Trojan.Agent) -> No action taken. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\autochk.dll (Trojan.Agent) -> No action taken. C:\Documents and Settings\ebahini\Menu Démarrer\Programmes\Démarrage\ChkDisk.dll (Trojan.Agent) -> No action taken. C:\Documents and Settings\LocalService\protect.dll (Trojan.Agent) -> No action taken. C:\Documents and Settings\NetworkService\protect.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\Temp\rundll32.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Démarrage\ChkDisk.dll (Trojan.Agent) -> No action taken. C:\Documents and Settings\ebahini\Menu Démarrer\Programmes\Démarrage\ChkDisk.lnk (Trojan.FakeAlert) -> No action taken. C:\WINDOWS\system32\drivers\kbiwkmqbwespws.sys (Rootkit.TDSS) -> No action taken. C:\WINDOWS\system32\drivers\str.sys (Rootkit.Agent) -> No action taken. C:\WINDOWS\system32\kbiwkmdagucpal.dat (Rootkit.TDSS) -> No action taken. C:\WINDOWS\system32\kbiwkmvxewfdst.dat (Rootkit.TDSS) -> No action taken. C:\WINDOWS\system32\reset5c.dll (Trojan.Agent) -> No action taken. C:\WINDOWS\Temp\nsrbgxod.bak (Trojan.Agent) -> No action taken. C:\Documents and Settings\[HOME]\Local Settings\Temp\nsrbgxod.bak (Trojan.Agent) -> No action taken. C:\Documents and Settings\[HOME]\protect.dll (Trojan.Agent) -> No action taken. je n'ai encore rien entrepris. Je me demande s'il faut utiliser pour fixer ceux qu'il à détecter. j'ai lancé aussi un scan avec catchme, je met le log dès que c'est fini. Merci encore pour ta sollicitude.
  10. sebah
    Depuis presque une semaine j'ai un problème de redirection intempestive vers des adresse du genre podmena, globexonline, thefeeyard. J'ai tout essayer mais rien a faire quand je fais des requête et que je veux consulter les réponse je suis rediriger ver ces site puis des lien commercial genre ebay etc... Mon pc est devenu est devenu extrêmement lent. Merci de m'aider à résoudre ce problème. Voici mon rapport de log hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:08:16, on 14/09/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\TEMP\rqrmstneyi.exe C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe D:\[company]\Programs\MySQL\MySQL\bin\mysqld-nt.exe C:\Program Files\FileZilla Server\FileZilla Server.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\OCS Inventory Agent\ocsservice.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ICO.EXE C:\WINDOWS\system32\Pmxmiced.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Eclipsephp\eclipse.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe C:\Program Files\SQLyog Community\SQLyog.exe C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe C:\Documents and Settings\[uSER]\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\npp5.4.3.bin\unicode\notepad++.exe C:\Program Files\npp5.4.3.bin\unicode\notepad++.exe C:\Documents and Settings\[uSER]\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\[uSER]\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\[uSER]\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\[uSER]\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\[uSER]\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\[uSER]\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox3\firefox.exe C:\WINDOWS\TEMP\rqrmstneyi.exe C:\Documents and Settings\[uSER]\Bureau\HiJackThisAAA.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=2071024 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [dscactivate] c:\dell\dsca.exe 3 O4 - HKLM\..\Run: [VaCtrl] C:\Program Files\VoiceAge\Common\VaCtrl.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16 O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\[uSER]\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\[uSER]\protect.dll,_IWMPEvents@16 O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: ChkDisk.dll O4 - Startup: ChkDisk.lnk = ? O4 - Startup: RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1194543576859 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O20 - Winlogon Notify: reset5c - C:\WINDOWS\SYSTEM32\reset5c.dll O23 - Service: Avertissement AlerterALG (AlerterALG) - Unknown owner - C:\WINDOWS\TEMP\rqrmstneyi.exe O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OCS INVENTORY SERVICE (OCS INVENTORY) - http://ocsinventory.sourceforge.net - C:\Program Files\OCS Inventory Agent\ocsservice.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 15384 bytes
×
×
  • Créer...