rapport combofix

[Invité David S]

Bonsoir,

 

Suite à une idiotie de ma part (je n'aurais jamais dû cliquer sur le lien de cette fenêtre Msn),

je me suis retrouvé infecté par un trojan.

Aidé sur "commentcamarche.net", après msnfix,oad, msnfix, hijackthis, et maintenant combofix, j'espère que quelqu'un pourra déchiffrer ce dernier rapport et m'apporter une aide ou m'annoncer la bonne nouvelle que tout est nettoyé.

msnfix a été éxécuté avant hijackthis et hijackthis avant combofix.

Le premier rapport est le rapport d'oad (enfin je crois), c'est le premier éxécuté ce soir, mais depuis hier je tente de me débarrasser de cette m.... de trojan;

et donc j'ai déjà effectué msnfix avant ce soir et bien avant oad.

 

Merci d'avance à quiconque me répondra (et bon courage pour tout ce charabia).

 

 

17/04/2008 ---- 22:26:32,65

 

----------------------------------

§§§§§§ [%.exe ] §§§§§§

----------------------------------

[X] Registre

 

-------------- [ ] rapide

-- Fichier --- [ ] disque systeme

------------- [X] complete

 

 

********************

[Registre]

********************

 

Aucune entrée détectée

 

*******************

[Fichier]

*******************

 

 

 

*********************

[Même date]

*********************

 

Aucun fichier créé à la même date détecté

 

 

Outil Aide Diagnostic By !aur3n7 Version 1.1

----------------------------------

§§§§§ Fin Rapport §§§§§

----------------------------------

 

 

 

 

 

 

MSNFix 1.705

 

C:\MSNFix

Fix exécuté le 17/04/2008 - 22:40:28,31 By HP_Administrateur

mode normal

 

************************ Recherche les fichiers présents

 

... C:\WINDOWS\system32\%%%.exe

... C:\WINDOWS\system32\%%%.exe

... C:\WINDOWS\system32\%%%.exe

... C:\WINDOWS\mrofinu*.exe

... C:\WINDOWS\mrofinu*.exe.tmp

 

************************ Recherche les dossiers présents

 

... \TEMP\

 

 

 

 

************************ Suppression des fichiers

 

.. OK ... C:\WINDOWS\system32\%.exe

.. OK ... C:\WINDOWS\system32\%.exe

/!\ ... C:\WINDOWS\system32\%%%.exe

/!\ ... C:\WINDOWS\system32\%%%.exe

/!\ ... C:\WINDOWS\system32\%%%.exe

/!\ ... C:\WINDOWS\system32\%%%.exe

/!\ ... C:\WINDOWS\system32\%%%.exe

/!\ ... C:\WINDOWS\system32\%%%.exe

/!\ ... C:\WINDOWS\system32\%%%.exe

.. OK ... C:\WINDOWS\mrofinu*.exe

.. OK ... C:\WINDOWS\mrofinu*.exe.tmp

 

 

************************ Suppression des dossiers

 

/!\ ... \TEMP\

 

 

************************ Nettoyage du registre

 

 

 

Les fichiers encore présents seront supprimés au prochain redémarrage

 

 

************************ Suppression des fichiers

 

.. OK ... C:\WINDOWS\system32\real.txt

.. OK ... C:\WINDOWS\system32\%.exe

 

 

 

************************ Fichiers suspects

 

Aucun Fichier trouvé

 

 

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 17042008_22440104.zip

 

************************ HKLM\...\Winlogon\Userinit

 

Userinit = C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%.exe

 

 

------------------------------------------------------------------------

Auteur : !aur3n7 Contact: http://changelog.fr

------------------------------------------------------------------------

 

--------------------------------------------- END ---------------------------------------------

 

 

 

 

 

 

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:17:31, on 17/04/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\arservice.exe

C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\ARPWRMSG.EXE

C:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\PROGRA~1\Wanadoo\TaskBarIcon.exe

C:\Program Files\QuickTime\qttask.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE

C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\WINDOWS\mrofinu1423.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe

C:\PROGRA~1\Wanadoo\ComComp.exe

C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe

C:\PROGRA~1\Wanadoo\Toaster.exe

C:\PROGRA~1\Wanadoo\Inactivity.exe

C:\PROGRA~1\Wanadoo\PollingModule.exe

C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE

C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearchIndexer.exe

C:\PROGRA~1\Wanadoo\Watch.exe

C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE

C:\WINDOWS\17PHolmes1423.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\ALCXMNTR.EXE

c:\windows\system\hpsysdrv.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe

C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe

C:\Program Files\Outlook Express\msimn.exe

C:\PROGRA~1\Wanadoo\WOOBRO~1\DownloadManager.exe

C:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%.exe

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O2 - BHO: Barre d'outils MSN Search Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect

O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

O4 - HKLM\..\Run: [DMAScheduler] c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe

O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"

O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\%%%.exe

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD3257

O4 - HKLM\..\RunOnce: [symLnch] "C:\Documents and Settings\HP_Administrateur\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\HP_Administrateur\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Setup.exe" "/REALUPREBOOT /temp /patched"

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe

O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk

O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk

O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab

O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab

O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ControlInstaller Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab

O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - http://www.symantec.com/techsupp/activedata/nprdtinf.cab

O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshel...ronGameHost.cab

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe

O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 16658 bytes

 

 

 

 

 

ComboFix 08-04-16.5 - HP_Administrateur 2008-04-17 23:11:35.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.439 [GMT 2:00]

Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\KillBagle.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TR060827451036.gif

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TR062071411036.gif

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TR100363381036.gif

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TT010255901036.gif

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TT010808061036.gif

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TT010808531036.gif

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TT010808551036.gif

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TT010808561036.gif

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TT010808581036.gif

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TT011498171036.gif

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TT011585711036.gif

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TT011585891036.gif

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TT012334521036.gif

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TT060827451036.gif

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TT060827971036.gif

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TT061172961036.gif

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TT062071411036.gif

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TT062561561036.gif

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TT062561761036.gif

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TT062563521036.gif

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TT100309931036.gif

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TT100343531036.gif

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TT100343541036.gif

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TT100363381036.gif

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TT100363401036.gif

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TT100389571036.gif

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TT100391391036.gif

C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\TT100627581036.gif

C:\Documents and Settings\HP_Administrateur\real.txt

C:\WINDOWS\mrofinu1423.exe

C:\WINDOWS\mrofinu1423.exe.MSNFix

C:\WINDOWS\mrofinu1423.MSNFix

C:\WINDOWS\pack.epk

C:\WINDOWS\system32\%%%.exe

C:\WINDOWS\system32\_000005_.tmp.dll

C:\WINDOWS\system32\ubqoqg.exe

D:\Autorun.inf

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-03-17 to 2008-04-17 ))))))))))))))))))))))))))))))))))))

.

 

2008-04-17 23:01 . 2008-04-17 23:02 <REP> d-------- C:\combofix

2008-04-17 22:42 . 2008-04-17 22:42 8,272 --a------ C:\WINDOWS\system32\jgoiuh.exe

2008-04-17 22:42 . 2008-04-17 22:42 244 --ah----- C:\sqmnoopt03.sqm

2008-04-17 22:42 . 2008-04-17 22:42 232 --ah----- C:\sqmdata03.sqm

2008-04-17 22:15 . 2008-04-17 22:17 <REP> d-------- C:\hijackthis

2008-04-17 00:48 . 2008-04-17 00:48 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

2008-04-16 23:53 . 2008-04-16 23:53 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-04-16 23:53 . 2008-04-16 23:53 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Malwarebytes

2008-04-16 23:53 . 2008-04-16 23:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-04-16 09:21 . 2008-04-16 09:21 244 --ah----- C:\sqmnoopt02.sqm

2008-04-16 09:21 . 2008-04-16 09:21 232 --ah----- C:\sqmdata02.sqm

2008-04-15 22:37 . 2008-04-17 22:44 <REP> d-------- C:\MSNFix

2008-04-15 22:36 . 2008-04-15 22:36 766,851 --a------ C:\msnfix.MSNFix

2008-04-12 09:18 . 2008-04-12 09:18 244 --ah----- C:\sqmnoopt01.sqm

2008-04-12 09:18 . 2008-04-12 09:18 232 --ah----- C:\sqmdata01.sqm

2008-04-10 09:07 . 2008-04-10 09:07 244 --ah----- C:\sqmnoopt00.sqm

2008-04-10 09:07 . 2008-04-10 09:07 232 --ah----- C:\sqmdata00.sqm

2008-04-10 09:07 . 2008-04-10 09:07 0 --a------ C:\WINDOWS\system32\real.MSNFix

2008-04-05 10:46 . 2008-04-05 10:46 <REP> d-------- C:\Program Files\Windows Sidebar

2008-04-05 10:45 . 2008-04-06 00:10 <REP> d-------- C:\Program Files\Norton Internet Security

2008-04-05 09:56 . 2008-04-05 09:56 <REP> d-------- C:\Documents and Settings\All Users\Symantec Temporary Files

2008-04-04 08:24 . 2008-04-04 08:24 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Teleca

2008-04-04 08:23 . 2007-06-19 09:51 107,304 -ra------ C:\WINDOWS\system32\drivers\s816mdm.sys

2008-04-04 08:22 . 2008-04-04 08:22 <REP> d-------- C:\Program Files\Sony

2008-04-04 08:13 . 2008-04-04 08:13 <REP> d-------- C:\Program Files\Sony Ericsson

2008-04-04 08:13 . 2008-04-04 08:14 <REP> d-------- C:\Program Files\Fichiers communs\Teleca Shared

2008-04-04 08:13 . 2008-04-04 08:13 <REP> d-------- C:\Program Files\Fichiers communs\Sony Ericsson Shared

2008-04-04 08:13 . 2008-04-04 08:13 <REP> d-------- C:\Documents and Settings\HP_Administrateur\Application Data\Sony Ericsson

2008-04-04 08:12 . 2008-04-04 08:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Teleca

2008-04-04 08:12 . 2008-04-04 08:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-17 21:17 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared

2008-04-17 21:06 --------- d-----w C:\Program Files\Wanadoo

2008-04-17 20:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec

2008-04-15 04:40 --------- d-----w C:\Program Files\eMule

2008-04-05 21:41 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF

2008-04-05 21:41 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-04-05 21:41 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT

2008-04-05 21:41 --------- d-----w C:\Program Files\Symantec

2008-04-05 08:48 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\Symantec

2008-03-24 17:36 --------- d-----w C:\Program Files\Norton SystemWorks

2008-03-19 15:33 131,800 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\GDIPFONTCACHEV1.DAT

2008-03-06 19:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf

2008-03-06 19:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys

2008-03-06 19:32 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat

2008-03-06 10:09 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-02-19 12:51 --------- d-----w C:\Program Files\Everest Poker

2006-12-17 09:59 87,608 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\ezpinst.exe

2006-12-17 09:59 47,360 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\pcouffin.sys

2006-06-29 12:40 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe

2006-06-28 11:59 976 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat

2006-10-11 16:14 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin

2006-06-15 10:52 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys

2004-08-10 11:00 65,024 --sha-w C:\WINDOWS\system32\asycfilt.dll

2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll

2004-08-10 11:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll

2004-08-10 11:00 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll

2007-12-04 18:41 550,912 --sha-w C:\WINDOWS\system32\oleaut32.dll

2004-08-10 11:00 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll

2004-08-10 11:00 30,749 --sha-w C:\WINDOWS\system32\vbajet32.dll

1999-04-25 15:00 368,912 --sha-w C:\WINDOWS\system32\Vbar332.dll

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

2007-08-24 21:51 316784 --a------ C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

2008-04-05 11:16 116088 --a------ C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll" [2007-08-24 21:51 316784]

 

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll [2007-08-24 21:51 316784]

 

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]

[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-26 08:48 67128]

"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]

"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360]

"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2006-09-21 23:36 43520]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-21 17:02 68856]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 16:18 94208]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 21:34 64512]

"ftutil2"="ftutil2.dll" [2004-06-07 14:05 106496 C:\WINDOWS\system32\ftutil2.dll]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 03:15 77312 C:\WINDOWS\arpwrmsg.exe]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-14 23:51 7323648]

"nwiz"="nwiz.exe" [2005-12-14 23:51 1519616 C:\WINDOWS\system32\nwiz.exe]

"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 08:35 49152]

"DMAScheduler"="c:\Program Files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe" [2005-11-01 10:01 90112]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 23:14 237568]

"PCDrProfiler"="" []

"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-11-10 02:29 249856]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 07:12 49152]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 14:46 28160 C:\WINDOWS\KHALMNPR.Exe]

"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-01-02 01:41 180269]

"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]

"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-07-01 14:31 282624]

"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-02 16:44 61440]

"mmtask"="C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2006-01-17 13:12 53248]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]

"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]

"EPSON Stylus Photo RX520 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.exe" [2005-04-07 06:00 98304]

"NWEReboot"="" []

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]

"EoEngine"="" []

"EoNet"="" []

"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [ ]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]

"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 08:16 528384]

"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 22:53 714608]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"SymLnch"="C:\Documents and Settings\HP_Administrateur\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" [2007-08-26 18:04 687976]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\eMule\\emule.exe"=

 

R1 ATMhelpr;ATMhelpr;C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 05:00]

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon []

R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-12-27 01:08]

R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 13:00]

S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]

S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]

S3 s816bus;Sony Ericsson Device 816 driver (WDM);C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 09:51]

S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 09:51]

S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 09:51]

S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 09:51]

S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 09:51]

S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 09:51]

S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 09:51]

 

*Newly Created Service* - COMHOST

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-04-12 02:31:28 C:\WINDOWS\Tasks\Norton Internet Security - Effectuer une analyse complète du système - HP_Administrateur.job"