ComboFIX SDFix HijackThis

[Pétair]

Bonjour à tous,

 

Brièvement, mon ordi rame, tres long temps de démarrage (10 min) et surtout impossible de faire une recherche sur quelque moteur de recherche que ce soit sur IE et Firefox bienque je puisse acceder aux sites en entrant les adresses directement. Etrange : Les moteurs de recherche fonctionnent sur Safari. Déconnexions intempestives.

 

J'ai lancé

- SDFix

- ComboFIX

- Hijackthis

- et finallement ZHP

 

Je vous livre dans l'ordre les 4 rapports.

 

Tout semble être rentré dans l'ordre.

 

Si quelqu'un peut jeter un oeil pour voir si il ne reste pas d'anomalies.

Et peut-être que ces sources serviront à d'autres...

 

Merci,

 

J'ai appris beaucoup de choses sur votre forum.

SDFix: Version 1.182

Run by Julia on 15/05/2008 at 15:28

 

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

 

Checking Services :

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

 

Rebooting

 

 

Checking Files :

 

No Trojan Files Found

 

 

 

 

 

 

Removing Temp Files

 

ADS Check :

 

 

 

Final Check :

 

catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-15 15:56:38

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]

"s1"=dword:3bd7ecdc

"s2"=dword:9f2d8267

"h0"=dword:00000002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000001

"ujdew"=hex:c8,56,2a,bf,8d,e5,e3,6a,22,af,11,c1,3f,da,fe,cd,73,66,1e,93,51,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:63,28,f2,ea,cd,88,45,5e,ba,ec,80,06,0d,e9,b7,9b,59,c1,42,b5,1e,..

"p0"="C:\Program Files\DAEMON Tools\"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"khjeh"=hex:89,bf,aa,fd,8e,fb,82,84,d1,d0,d6,2d,fe,3f,24,48,18,47,3f,1c,ed,..

"a0"=hex:20,01,00,00,f4,ba,71,87,75,71,7f,4a,14,01,5c,ca,08,6e,9a,fd,9a,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:02,08,5a,17,86,7d,34,50,0b,52,51,23,f1,f5,90,89,9f,2f,b6,54,a9,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

"khjeh"=hex:cb,c1,ea,30,96,3b,f6,a6,dc,7c,f8,cb,d5,2b,5a,2f,d2,83,60,57,1b,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]

"h0"=dword:00000001

"ujdew"=hex:c8,56,2a,bf,8d,e5,e3,6a,22,af,11,c1,3f,da,fe,cd,73,66,1e,93,51,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]

"h0"=dword:00000000

"khjeh"=hex:63,28,f2,ea,cd,88,45,5e,ba,ec,80,06,0d,e9,b7,9b,59,c1,42,b5,1e,..

"p0"="C:\Program Files\DAEMON Tools\"

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]

"khjeh"=hex:89,bf,aa,fd,8e,fb,82,84,d1,d0,d6,2d,fe,3f,24,48,18,47,3f,1c,ed,..

"a0"=hex:20,01,00,00,f4,ba,71,87,75,71,7f,4a,14,01,5c,ca,08,6e,9a,fd,9a,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]

"khjeh"=hex:02,08,5a,17,86,7d,34,50,0b,52,51,23,f1,f5,90,89,9f,2f,b6,54,a9,..

 

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]

"khjeh"=hex:cb,c1,ea,30,96,3b,f6,a6,dc,7c,f8,cb,d5,2b,5a,2f,d2,83,60,57,1b,..

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]

"OODEFRAG08.00.00.01WORKSTATION"="77F6704B8D8573BA3CC40A3B8FF681FC627D965A37DFBD8EE0EA9E46146E93C4E00DA0820D1

53089DE4196F8647F25E3957B43899116E30B3812CFA4608C860E7F174480E686E50E87C63D4E4C4C

05FD7F7A0A93598748FE9C3BFE7FDF1C7CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74

CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C

5D575E7D6A3B9808FEBC9E127BECC74C733A7F30007A5C56111885FCAA30E9570B3F9A3C3BCF68B6E

71D7D7A1ED99907E77BB97776354A46DF752C88FD1C28639EC5A1446F4B2297E4E501890A8BDA8FEB

F704471D7F2E62790581A7A64FBFDA86864A7583189E117A4712E62CB27751EB0CE8260348DBD5791

2C935B5B50CCD31D92F9F29BE60B70647C2F8F518BA86568994AC7DB38521815A682180EE4AA1900A

0E26D57D50F4EB5DCA379F33D4BF9FB45888231A47983610E9EB20D09C8F1A564B0043C4B90811730

8ACA435DADD3F4628F951051C63BF587A2D71638BA447716C3772BB4C81E16C78FAC27F4418326B9D

5828B5677D4ACE6C0E96E200BF16021D6CA13B99C74B1B41D5FEA86EF97546758A0B9FEC368880B5C

CF2C0C7978723AC535AD09A944148A9069E7B1A628EEA900F22E8D7B12CEEEEBC309F963422650D32

E4BDA974BAAE9CE6ADF5E90305E2F476DB6E34E7F0905944BCDA8272EFC956654FF788CBB0FEAC6A7

B4CE6E2E3A9C9E764BE74A41150D3DB49FB8503FC49425A6CA757CDA35C8B139AE17FDCBB33DB9AB3

1FEC87CD0BE413C946FDE9DA4CAF96D2AC1F8594E012F9E2D301209EE19E5D0005D783EC14B68C78A

BAE82223423AF5B17CBD08B173B4BEEF0222F2610A390C49CD162362F97FD5257BD7668D341D1A52C

AC61917FA7461F3979616D0AA628C3C5DCBDF598F8319824B5484F7057BB926673BB370D1CC115658

560921102B00114DD86FCFD7105D02284CC7447D2C049F1393C8EA97EA3B8DFA52C3BD93945C3CE1F

002100B9ECC2967E2C8185C5C7B2B2790E2DB0DC69B4459D960E8EEF1797F04EC23A36316DFBFA57E

21DCFE84E7EBB13342E70E423786A16C6B54CEE6C4FAB7AB9242BD7A0CE7AAA43F53C17611ED7C784

312F6CF438541CB76422239DFC611C2540D95536CFF5F7703F55CDA3C78442285825E996E8BE20374

C969D1878290A19F237736F57829FE32B1CB0CE75730D1ECA7B7AD4C696F5E8A4A2915E5F4F83FCA6

291F2404E7E9E9768007ACE48995B6B055DD115101D6C4A9335C041053288CC487693CB6A2FEA45DE

CBA9D19DFB0983CC4F6BD4C51DD939B287633B068FED640228AB61364EF07A2B95B13D7C4153D9D53

CE633D940CF3BC598229A876F0C18DBA5B270390ADDB0AB71C162BBADEF10CFB10207008465AD50D4

5372319CB03A487D9B3B4BF8EBD5F"

 

scanning hidden files ...

 

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log 131072 bytes

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 65536 bytes

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 2

 

 

Remaining Services :

 

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\\Program Files\\SmartFTP\\SmartFTP.exe"="C:\\Program Files\\SmartFTP\\SmartFTP.exe:*:Enabled:SmartFTP Client"

"C:\\Program Files\\Java\\jre1.6.0\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0\\bin\\javaw.exe:*:Enabled:Java Platform SE binary"

"C:\\Program Files\\wamp\\Apache2\\bin\\httpd.exe"="C:\\Program Files\\wamp\\Apache2\\bin\\httpd.exe:*:Enabled:Apache HTTP Server"

"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"

"C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"

"C:\\temp\\HP_WebRelease\\setup\\HPZnet01.exe"="C:\\temp\\HP_WebRelease\\setup\\HPZnet01.exe:*:Enabled:hpznet01.exe"

"C:\\temp\\HP_WebRelease\\setup\\hponicifs01.exe"="C:\\temp\\HP_WebRelease\\setup\\hponicifs01.exe:*:Enabled:hponicifs01.exe"

"C:\\Documents and Settings\\Julia\\Bureau\\Tank.exe"="C:\\Documents and Settings\\Julia\\Bureau\\Tank.exe:*:Enabled:Tank"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\\Program Files\\Tank.exe"="C:\\Program Files\\Tank.exe:*:Enabled:Tank"

"C:\\Documents and Settings\\Julia\\Local Settings\\Application Data\\Simplify Media\\SimplifyPeer.exe"="C:\\Documents and Settings\\Julia\\Local Settings\\Application Data\\Simplify Media\\SimplifyPeer.exe:*:Enabled:Simplify Media Peer"

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"

"I:\\Games\\Sins\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe"="I:\\Games\\Sins\\Stardock Games\\Sins of a Solar Empire\\Sins of a Solar Empire.exe:*:Enabled:Sins of a Solar Empire"

"I:\\Games\\FM8\\fm.exe"="I:\\Games\\FM8\\fm.exe:*:Enabled:Football Manager 2008"

"I:\\Games\\CALL4\\iw3mp.exe"="I:\\Games\\CALL4\\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

Remaining Files :

 

 

File Backups: - C:\SDFix\backups\backups.zip

 

Files with Hidden Attributes :

 

Mon 21 Apr 2008 0 ...H. --- "C:\Program Files\Steem\CRA85.tmp"

Mon 21 Apr 2008 737,280 ...H. --- "C:\Program Files\Steem\MSA8A.tmp"

Mon 5 May 2008 1,482,527 ..SH. --- "C:\WINDOWS\system32\udkorpuq.tmp"

Mon 28 Nov 2005 26,624 A..H. --- "C:\Documents and Settings\Julia\Mes documents\~WRL0001.tmp"

Sun 5 Aug 2001 800 ..SH. --- "C:\Program Files\Pixologic\ZBrush3\zmem02svr.dll"

Tue 5 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT1D.tmp"

Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT21.tmp"

Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BIT26.tmp"

Wed 7 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT433.tmp"

Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT19.tmp"

Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT22.tmp"

Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2ddfe46b45214573a0c1029d3fb2d13c\BITF8FE.tmp"

Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT1F.tmp"

Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\32491eff6ad2701ca09162e85f3af81a\BIT1C.tmp"

Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4ad15fafe6eea422b922ca567c9dee6e\BIT1B.tmp"

Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6e997085302ceb108f7932d89e50db5c\BIT25.tmp"

Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT24.tmp"

Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b69c46c5109d0f8b0dee9fab84906813\BIT1E.tmp"

Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c4f88f947d390c49edce5fbcc347ee34\BIT27.tmp"

Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT20.tmp"

Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT23.tmp"

Thu 10 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fa6c916bb150f8a929e7a4ffdfbc120f\BIT1A.tmp"

Thu 7 Dec 2006 3,096,576 A..H. --- "C:\Documents and Settings\Julia\Application Data\U3\temp\Launchpad Removal.exe"

 

Finished!

 

ComboFix 08-05-12.1 - Julia 2008-05-15 16:28:59.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1367 [GMT 2:00]

Endroit: C:\Documents and Settings\Julia\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Julia\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

* Création d'un nouveau point de restauration

* Resident AV is active

 

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\cookies.ini

C:\WINDOWS\pskt.ini

C:\WINDOWS\system32\bkkuekhw.dll

C:\WINDOWS\system32\daelsyyr.ini

C:\WINDOWS\system32\dlgtvuga.dll

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\dyoxuquu.ini

C:\WINDOWS\system32\essontdr.ini

C:\WINDOWS\system32\gujxlero.dll

C:\WINDOWS\system32\icwiiebe.dll

C:\WINDOWS\system32\jkkLDTnk.dll

C:\WINDOWS\system32\kcohdgwt.ini

C:\WINDOWS\system32\knqscivy.ini

C:\WINDOWS\system32\kuhjpxnc.ini

C:\WINDOWS\system32\laedmfiq.dll

C:\WINDOWS\system32\lhnjnist.dll

C:\WINDOWS\system32\mlJArrqo.dll

C:\WINDOWS\system32\nhkonbos.dll

C:\WINDOWS\system32\nrffdpok.dll

C:\WINDOWS\system32\nvapythb.dll

C:\WINDOWS\system32\oqrrAJlm.ini

C:\WINDOWS\system32\oqrrAJlm.ini2

C:\WINDOWS\system32\ovxygvvl.dll

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\pqsnalii.dll

C:\WINDOWS\system32\qfipxrda.dll

C:\WINDOWS\system32\qoqqjfht.dll

C:\WINDOWS\system32\rdtnosse.dll

C:\WINDOWS\system32\rouqvsye.dll

C:\WINDOWS\system32\ryhhkwrf.dll

C:\WINDOWS\system32\srybasts.dll

C:\WINDOWS\system32\suxgbcui.ini

C:\WINDOWS\system32\svjgirtf.dll

C:\WINDOWS\system32\thfjqqoq.ini

C:\WINDOWS\system32\tigffqfu.dll

C:\WINDOWS\system32\udkorpuq.ini

C:\WINDOWS\system32\uhshnpkl.dll

C:\WINDOWS\system32\vorugkec.ini

C:\WINDOWS\system32\weujroil.dll

C:\WINDOWS\system32\wjthropx.dll

C:\WINDOWS\system32\wnpipxtl.dll

C:\WINDOWS\system32\wpcap.dll

C:\WINDOWS\system32\xpkdjarg.ini

C:\WINDOWS\system32\yriyncsx.dll

G:\Autorun.inf

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_NPF

-------\Service_NPF

 

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))

.

 

2008-05-15 15:13 . 2008-05-15 15:13 <REP> d-------- C:\WINDOWS\ERUNT

2008-05-15 15:06 . 2008-05-15 16:06 <REP> d-------- C:\SDFix

2008-05-15 14:45 . 2008-05-15 16:26 13,030 --a------ C:\PDOXUSRS.NET

2008-05-15 14:44 . 2008-05-15 14:44 <REP> d-------- C:\Program Files\ZebHelpProcess 2

2008-05-15 14:44 . 2008-05-15 14:44 <REP> d-------- C:\Program Files\Fichiers communs\Borland Shared

2008-05-15 14:44 . 1999-01-20 05:01 210,032 --a------ C:\WINDOWS\system32\DBCLIENT.DLL

2008-05-15 14:44 . 1999-11-12 05:11 183,808 --a------ C:\WINDOWS\system32\BDEADMIN.CPL

2008-05-15 11:31 . 2008-05-15 11:31 2,112 --a------ C:\WINDOWS\system32\mnbelqal.exe

2008-05-13 12:57 . 2008-05-13 12:57 2,112 --a------ C:\WINDOWS\system32\pminpokh.exe

2008-05-09 10:52 . 2008-05-09 10:52 2,112 --a------ C:\WINDOWS\system32\drewisjr.exe

2008-05-07 11:28 . 2008-05-07 11:28 2,112 --a------ C:\WINDOWS\system32\qfgfwhfk.exe

2008-05-05 15:44 . 2008-05-05 15:44 <REP> d-------- C:\zapman_softwares

2008-05-05 15:44 . 2008-05-05 15:44 <REP> d-------- C:\Program Files\RankSpirit

2008-05-05 15:44 . 2008-05-05 15:44 <REP> d-------- C:\Documents and Settings\Julia\Application Data\Microsoft Shared

2008-05-05 15:44 . 2008-05-05 15:44 6,853 --a------ C:\WINDOWS\pcserver.gif

2008-05-05 15:43 . 2008-05-05 15:43 1,185,897 --a------ C:\Documents and Settings\Julia\Archive.zip

2008-05-05 14:07 . 2008-05-05 14:07 1,040,669 --a------ C:\upload_moi_STATION2PETAIR.tar.gz

2008-05-05 13:58 . 2008-05-05 13:58 <REP> d-------- C:\Program Files\Trend Micro

2008-05-05 12:26 . 2008-05-05 12:26 1,482,527 ---hs---- C:\WINDOWS\system32\udkorpuq.tmp

2008-05-04 12:03 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll

2008-05-04 12:03 . 2007-05-31 19:29 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll

2008-05-04 12:01 . 2008-05-04 12:01 274 --a------ C:\WINDOWS\game.ini

2008-05-04 11:46 . 2008-05-04 11:46 <REP> d--hs---- C:\WINDOWS\ftpcache

2008-05-04 06:23 . 2008-05-04 06:23 <REP> d-------- C:\Documents and Settings\Julia\Application Data\Sports Interactive

2008-05-04 06:21 . 2008-05-04 06:21 <REP> dr-h----- C:\Documents and Settings\Julia\Application Data\SecuROM

2008-05-04 06:19 . 2008-05-04 06:20 <REP> d--h----- C:\Program Files\Zero G Registry

2008-05-04 06:17 . 2008-05-04 06:17 <REP> d--h----- C:\Documents and Settings\Julia\InstallAnywhere

2008-05-03 12:15 . 2008-05-03 12:15 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{0E8E33D8-193A-414A-A909-0F101A142D26}

2008-05-02 10:28 . 2008-05-15 15:05 109,727 --a------ C:\WINDOWS\BM2b60845b.xml

2008-05-02 00:51 . 2008-05-05 12:47 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP

2008-05-01 21:41 . 2008-05-01 23:41 <REP> d-------- C:\movie

2008-05-01 21:07 . 2008-05-05 16:07 <REP> d-------- C:\Program Files\No1 DVD Ripper

2008-05-01 21:07 . 2008-05-01 23:12 67 --a------ C:\WINDOWS\#1 DVD Ripper.INI

2008-04-29 10:24 . 2008-04-29 10:25 <REP> d-------- C:\Program Files\Microsoft Expression

2008-04-25 15:28 . 2008-04-25 15:28 26 --a------ C:\CaptImag.ini

2008-04-25 15:00 . 2008-04-25 15:00 <REP> d-------- C:\Program Files\IMG-TXT 5

2008-04-24 16:09 . 2008-04-24 16:09 <REP> d-------- C:\Documents and Settings\Julia\Application Data\Allume Systems

2008-04-24 16:08 . 2008-04-24 16:08 <REP> d-------- C:\Program Files\Allume Systems

2008-04-24 16:00 . 2008-04-24 16:00 <REP> d-------- C:\Program Files\7-Zip

2008-04-24 11:28 . 2008-04-24 11:28 <REP> dr------- C:\Documents and Settings\Julia\Application Data\Brother

2008-04-23 16:22 . 2008-04-23 16:22 55 --a------ C:\WINDOWS\brmx2001.ini

2008-04-23 16:22 . 2008-04-23 16:22 40 --a------ C:\WINDOWS\opt_2460.ini

2008-04-23 12:15 . 2001-08-23 17:20 6,912 --a------ C:\WINDOWS\system32\drivers\serscan.sys

2008-04-23 12:15 . 2001-08-23 17:20 6,912 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys

2008-04-23 12:15 . 2008-04-23 16:21 282 --a------ C:\WINDOWS\Brpfx04a.ini

2008-04-23 12:15 . 2008-04-23 16:21 150 --a------ C:\WINDOWS\brpcfx.ini

2008-04-23 12:15 . 2008-04-23 12:16 65 --a------ C:\WINDOWS\system32\BD7820N.dat

2008-04-23 12:14 . 2008-04-23 12:14 <REP> d-------- C:\Program Files\Common Files

2008-04-23 12:14 . 2008-04-23 12:14 <REP> d-------- C:\Program Files\Brother

2008-04-23 12:12 . 2008-04-23 12:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Brother

2008-04-23 12:09 . 2008-04-23 12:09 <REP> d-------- C:\Documents and Settings\Julia\Setup7820N

2008-04-23 12:09 . 2008-04-23 12:10 <REP> d-------- C:\Documents and Settings\Julia\Data

2008-04-20 23:12 . 2008-05-04 16:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-15 14:41 --------- d-----w C:\Documents and Settings\Julia\Application Data\.purple

2008-05-09 15:41 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-09 09:46 --------- d-----w C:\Documents and Settings\Julia\Application Data\FileZilla

2008-05-05 10:10 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia

2008-05-05 10:10 --------- d-----w C:\Program Files\AVS4YOU

2008-05-05 10:09 --------- d-----w C:\Program Files\Google

2008-05-05 09:31 --------- d-----w C:\Program Files\Azureus

2008-05-05 07:32 --------- d-----w C:\Documents and Settings\Julia\Application Data\Azureus

2008-05-02 15:29 --------- d-----w C:\Program Files\FreeGo

2008-05-01 19:39 --------- d-----w C:\Documents and Settings\Julia\Application Data\dvdcss

2008-04-30 10:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help

2008-04-23 10:14 --------- d-----w C:\Program Files\Fichiers communs\InstallShield

2008-04-21 19:24 --------- d-----w C:\Program Files\Steem

2008-04-20 16:18 --------- d-----w C:\Program Files\Safari

2008-04-20 16:18 --------- d-----w C:\Documents and Settings\Julia\Application Data\gtk-2.0

2008-04-20 16:17 --------- d-----w C:\Program Files\Apple Software Update

2008-04-19 12:02 --------- d-----w C:\Program Files\Notepad++

2008-04-15 08:29 --------- d-----w C:\Documents and Settings\Julia\Application Data\Notepad++

2008-04-12 14:35 --------- d-----w C:\Program Files\uTorrent

2008-04-12 13:34 --------- d-----w C:\Program Files\2B System

2008-04-11 16:39 --------- d-----w C:\Program Files\iTunes

2008-04-11 16:39 --------- d-----w C:\Program Files\iPod

2008-04-11 16:37 --------- d-----w C:\Program Files\QuickTime

2008-04-10 12:26 --------- d-----w C:\Program Files\Java

2008-04-10 11:25 --------- d-----w C:\Program Files\Smart Projects

2008-04-03 09:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet

2008-03-25 17:53 1,931,264 ----a-w C:\Program Files\Tank.exe

2008-03-24 17:41 --------- d-----w C:\Program Files\Pidgin

2008-03-24 17:41 --------- d-----w C:\Program Files\Fichiers communs\GTK

2008-03-23 18:58 --------- d-----w C:\Documents and Settings\Julia\Application Data\NewsLeecher

2008-03-19 09:41 --------- d-----w C:\Program Files\Bonjour

2007-12-05 18:17 454,656 ----a-w C:\Program Files\putty.exe

2003-07-30 17:06 458 ----a-w C:\Program Files\Fichiers communs\sqrt.help

2003-07-30 13:34 783 ----a-w C:\Program Files\Fichiers communs\env_script.txt

1999-08-20 09:46 285,965 ----a-w C:\Program Files\MCBINARY.EXE

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{A08FB30D-51C4-4E54-AA5E-FF18739802EA}]

@=Mediafour Mac Volume Icons

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 17:08 65536]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-03 15:18 94208]

"E06FXLRD_96441781"="C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.exe" [2005-06-04 18:03 301776]

"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 16:16 171464]

"Pidgin"="C:\Program Files\Pidgin\pidgin.exe" [2008-02-29 17:19 44658]

"AdobeUpdater"="C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 15:43 45056]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 01:32 761945]

"AGRSMMSG"="AGRSMMSG.exe" [2005-10-15 15:29 88203 C:\WINDOWS\agrsmmsg.exe]

"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 15:02 352256]

"TPSMain"="TPSMain.exe" [2005-08-03 17:09 266240 C:\WINDOWS\system32\TPSMain.exe]

"NDSTray.exe"="NDSTray.exe" []

"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 13:25 73728]

"TFncKy"="TFncKy.exe" []

"TDispVol"="TDispVol.exe" [2005-09-15 15:19 73728 C:\WINDOWS\system32\TDispVol.exe]

"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 06:20 122940]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 12:37 667718]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 11:41 602182]

"NWEReboot"="" []

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]

"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]

"pdfSaver3"="" []

"RTHDCPL"="RTHDCPL.EXE" [2005-12-10 00:49 15691264 C:\WINDOWS\RTHDCPL.exe]

"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2005-11-28 11:47 569413]

"BigDogPath"="C:\WINDOWS\VM_STI.exe" [ ]

"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 03:41 49152]

"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-14 16:05 1410304]

"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 20:54 623992]

"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-01-07 17:30 864256]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"midi1"= BCR2000.DLL

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk

backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H2O]

--a------ 2005-05-11 02:46 200069 C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mediafour Mac Volume Notifications]

-ra------ 2002-12-17 22:43 61440 C:\Program Files\Fichiers communs\Mediafour\MACVNTFY.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediafourGettingStartedWithMacDrive6]

--a------ 2004-08-26 20:12 86016 C:\Program Files\Mediafour\MacDrive\MacDrive.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Updates]

 

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]

--a------ 2005-05-17 10:24 118784 C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Pervasive.SQL Workgroup"=2 (0x2)

"gusvc"=2 (0x2)

"FMSAdmin"=2 (0x2)

"FMS"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"C:\\Program Files\\SmartFTP\\SmartFTP.exe"=

"C:\\Program Files\\Java\\jre1.6.0\\bin\\javaw.exe"=

"C:\\Program Files\\wamp\\Apache2\\bin\\httpd.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"C:\\temp\\HP_WebRelease\\setup\\HPZnet01.exe"=

"C:\\temp\\HP_WebRelease\\setup\\hponicifs01.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"C:\\Program Files\\Tank.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

 

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-11-14 16:06]

R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys [2005-05-09 20:08]

S3 BCR2000;B-Control Rotary/Fader 2000 (12/23/2004,1.1.1.1);C:\WINDOWS\system32\drivers\bcr2000.sys [2006-01-19 19:20]

S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 15:47]

S3 wampapache;wampapache;"C:\Program Files\wamp\apache2\bin\httpd.exe" -k runservice []

S3 wampmysqld;wampmysqld;"C:\Program Files\wamp\mysql\bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\wamp\mysql\my.ini" wampmysqld []

S4 FMS;Flash Media Server (FMS);"C:\Program Files\Macromedia\Flash Media Server 2\FMSMaster.exe" [2007-01-12 15:24]

S4 FMSAdmin;Flash Media Administration Server;"C:\Program Files\Macromedia\Flash Media Server 2\FMSAdmin.exe" [2007-01-12 15:04]

S4 MDFSYSNT;MDFSYSNT;C:\WINDOWS\system32\drivers\MDFSYSNT.sys [2006-09-13 20:53]

S4 MDPMGRNT;MDPMGRNT;C:\WINDOWS\system32\drivers\MDPMGRNT.sys [2006-04-30 16:57]

S4 Pervasive.SQL Workgroup;EBP - Pervasive.SQL Workgroup;C:\PVSW\Bin\WGE_SRV.EXE [2006-12-07 16:08]

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-04-20 16:17:09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-15 16:44:53

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

--------------------- DLLs a charg‚ sous des processus courants ---------------------

 

PROCESS: C:\WINDOWS\explorer.exe

-> C:\WINDOWS\system32\TDispVol.dll

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\system32\ati2evxx.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\oodag.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

C:\WINDOWS\system32\searchindexer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\ati2evxx.exe

C:\WINDOWS\system32\searchprotocolhost.exe

C:\Program Files\Toshiba\ConfigFree\NDSTray.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\Program Files\Toshiba\Commandes TOSHIBA\TFncKy.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\searchfilterhost.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-05-15 16:56:26 - machine was rebooted

ComboFix-quarantined-files.txt 2008-05-15 14:55:45

 

Pre-Run: 2,330,173,440 octets libres

Post-Run: 2,236,063,744 octets libres

 

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP ?dition familiale" /noexecute=optin /fastdetect

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

 

328 --- E O F --- 2008-04-30 10:32:28

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:08:19, on 15/05/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\oodag.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\Synaptics\SynTP\Toshiba.exe

C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe

C:\WINDOWS\system32\TDispVol.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\Program Files\Brother\ControlCenter2\brctrcen.exe

C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe

C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Pidgin\pidgin.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCSVR.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;*.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe

O4 - HKLM\..\Run: [TFncKy] TFncKy.exe

O4 - HKLM\..\Run: [TDispVol] TDispVol.exe

O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE Thrustmaster USB PC Camera

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun

O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [E06FXLRD_96441781] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m

O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [Pidgin] C:\Program Files\Pidgin\pidgin.exe

O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll

O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll

O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Abmdnhpfttr - Lavasoft - (no file)

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe

O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\apache2\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe

O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Julia/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg

 

--

End of file - 14557 bytes

 

Zeb Help Process 2.2 by Nicolas Coolman - Rapport de synthèse du 15/05/2008 17:11:49

 

 

Processus superflu non nécessaire au système

 

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe => HP®Update Scheduler

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) => Yahoo Companion!

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe => HP®Update Scheduler

 

Processus inutile au démarrage du système

 

C:\Program Files\Bonjour\mDNSResponder.exe => Apple Computer®Bonjour for Windows

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe => Apple Computer®Bonjour for Windows

 

Sécurité du système (Antivirus, FireWall, Anti-Malwares)

 

Eset®NOD32 Antivirus

Lavasoft AB®Ad-Aware 2007

 

Rapport simplifié

 

Processus lancés

C:\Program Files\Bonjour\mDNSResponder.exe => Apple Computer®Bonjour for Windows

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe => HP®Update Scheduler

C:\WINDOWS\system32\notepad.exe

C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

Analyse des lignes R0, R1, R2, R3 - Internet Explorer Start/Search pages URLs

Valeur de clé de registre modifiée (R0)

Valeur de clé de registre créée (R1)

Création d'une valeur supplémentaire là ou seule une valeur est attendue (R3)

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) => Yahoo Companion!

Analyse des autres lignes (Others)

Browser Helper Objects (O2)

Internet Explorer Toolbars (O3)

Applications démarrées automatiquement par le registre (O4)

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe => HP®Update Scheduler

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [E06FXLRD_96441781] "C:\Program Files\Microsoft Encarta\Collection Microsoft Encarta 2006 DVD\EDICT.EXE" -m

Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8)

Boutons situés sur la barre d'outils principale d'Internet Explorer (O9)

Protocole additionnel et piratage de protocole (O18)

Liste des services NT non Microsoft et non désactivés (O23)

O23 - Service: Abmdnhpfttr - Lavasoft - (no file)

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe => Apple Computer®Bonjour for Windows

Enumération des composants ActiveX (O24)

O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Julia/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg

[Wullfk]

Bonjour,

 

tu as effectué tous cela sur les conseils d'un membre spécialiste (Junior-Sécurité ou Modérateur-Sécurité), ou sans assistance?

 

Dans le dernier cas, c'est plus que risqué, et même inconscient , si ton PC fonctionne mieux tan mieux pour toi, et je dirais que tu es chanceux.

 

à l'avenir évite ce genre d'expérience, et par la même occasion lit ça:

 

Procédure de fourniture d'aide

 

Procédure de demande d'aide et désinfection

 

Salut

Modifié le 15 mai 2008 par Wullfk