Rapport Combofix

[Misko]

Bonjour à tous, j'ai depuis quelques jours des blèmes avec mo ordi, et on m'a demandé (EP44) de télécharger et d'exécuter combofix et ouis de poster le rapport - aprés quelques processus - .

Sur le tutoral de combofix on m'a aussi orienté vers votre site, je vous remercie beaucoup d'avance de votre aide.

 

ComboFix 08-06-20.4 - Jessie 2008-07-01 9:27:38.1 - NTFSx86

Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1291 [GMT 1:00]

Endroit: C:\Users\Jessie\Desktop\ComboFix.exe

* Création d'un nouveau point de restauration

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat

C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat

C:\Windows\system32\KBL.LOG

 

----- BITS: Possible sites infectés -----

 

hxxp://ftp.hp.com

.

((((((((((((((((((((((((((((( Fichiers créés 2008-06-01 to 2008-07-01 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-24 15:49 . 2008-04-23 05:42 428,544 --a------ C:\Windows\System32\EncDec.dll

2008-06-24 15:49 . 2008-04-23 05:42 293,376 --a------ C:\Windows\System32\psisdecd.dll

2008-06-24 15:49 . 2008-04-23 05:41 218,624 --a------ C:\Windows\System32\psisrndr.ax

2008-06-24 15:49 . 2008-04-23 05:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax

2008-06-24 15:08 . 2008-05-10 02:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys

2008-06-24 15:07 . 2008-04-25 03:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb

2008-06-24 15:07 . 2008-04-26 09:08 1,314,816 --a------ C:\Windows\System32\quartz.dll

2008-06-24 15:07 . 2008-04-25 05:35 826,880 --a------ C:\Windows\System32\wininet.dll

2008-06-23 14:51 . 2008-06-23 14:51 <REP> d-------- C:\Program Files\Trend Micro

2008-06-23 10:29 . 2008-06-23 10:29 <REP> d-------- C:\Users\Jessie\AppData\Roaming\Malwarebytes

2008-06-23 10:29 . 2008-06-23 10:29 <REP> d-------- C:\Users\All Users\Malwarebytes

2008-06-23 10:29 . 2008-06-23 10:29 <REP> d-------- C:\ProgramData\Malwarebytes

2008-06-23 10:29 . 2008-06-23 12:07 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware

2008-06-22 02:00 . 2008-06-22 02:00 <REP> d-------- C:\Program Files\Astonsoft

2008-06-21 17:29 . 2008-06-21 18:03 <REP> d-a------ C:\Users\All Users\TEMP

2008-06-21 17:29 . 2008-06-21 18:03 <REP> d-a------ C:\ProgramData\TEMP

2008-06-09 20:31 . 2008-06-09 22:21 <REP> d-------- C:\Program Files\Mystery PI The Vegas Heist

2008-06-09 20:28 . 2008-06-09 20:32 <REP> d-------- C:\Windows\Mystery PI The Vegas Heist

2008-06-07 20:38 . 2008-06-07 20:38 <REP> d-------- C:\Program Files\ReflexiveArcade

2008-06-07 20:38 . 2008-06-07 20:40 <REP> d-------- C:\Program Files\Jewel Quest 2

2008-06-06 13:10 . 2008-06-06 13:10 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-06-06 12:42 . 2008-06-06 12:42 <REP> d-------- C:\PerfLogs

2008-06-06 10:41 . 2008-03-08 03:08 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll

2008-06-06 10:41 . 2008-03-08 05:21 1,695,744 --a------ C:\Windows\System32\gameux.dll

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-01 07:52 --------- d-----w C:\Program Files\McAfee

2008-06-29 14:58 27,430 ----a-w C:\Users\Jessie\AppData\Roaming\nvModes.dat

2008-06-24 14:51 --------- d-----w C:\Program Files\Windows Mail

2008-06-24 14:34 --------- d-----w C:\Users\Jessie\AppData\Roaming\SiteAdvisor

2008-06-23 19:03 --------- d-----w C:\ProgramData\CyberLink

2008-06-22 18:43 --------- d-----w C:\ProgramData\NVIDIA

2008-06-21 16:38 --------- d-----w C:\ProgramData\Gogii

2008-06-08 14:51 --------- d-----w C:\Users\Jessie\AppData\Roaming\CyberLink

2008-06-06 18:41 --------- d-----w C:\ProgramData\SpinTop Games

2008-06-06 12:00 174 --sha-w C:\Program Files\desktop.ini

2008-06-06 11:46 --------- d-----w C:\Program Files\Windows Sidebar

2008-06-06 11:46 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-06-06 11:46 --------- d-----w C:\Program Files\Windows Journal

2008-06-06 11:46 --------- d-----w C:\Program Files\Windows Defender

2008-06-06 11:46 --------- d-----w C:\Program Files\Windows Collaboration

2008-06-06 11:46 --------- d-----w C:\Program Files\Windows Calendar

2008-06-06 11:16 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-06-06 11:16 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-06-04 19:24 --------- d-----w C:\ProgramData\WildTangent

2008-06-04 19:23 --------- d-----w C:\Program Files\BoontyGames

2008-05-31 19:09 --------- d-----w C:\ProgramData\InterAction studios

2008-05-30 19:18 --------- d-----w C:\Users\Jessie\AppData\Roaming\Gaijin Ent

2008-05-30 19:11 --------- d-----w C:\Program Files\Super Granny 3 DeLEGiON

2008-05-27 15:56 --------- d-----w C:\Program Files\Microsoft Silverlight

2008-05-27 15:48 --------- d-----w C:\Users\Jessie\AppData\Roaming\funkitron

2008-05-24 18:14 --------- d-----w C:\Users\Jessie\AppData\Roaming\PlayFirst

2008-05-24 18:14 --------- d-----w C:\ProgramData\PlayFirst

2008-05-22 19:41 --------- d-----w C:\Program Files\Super Granny 4

2008-05-22 19:03 --------- d-----w C:\Program Files\Dream Chronicles 2

2008-05-17 22:53 --------- d-----w C:\ProgramData\Sandlot Games

2008-05-17 22:49 --------- d-----w C:\ProgramData\MumboJumbo

2008-05-16 21:16 --------- d-----w C:\Users\Jessie\AppData\Roaming\Magic Academy

2008-05-16 20:16 --------- d-----w C:\ProgramData\HiddenSecretsNightmare

2008-05-15 21:38 --------- d-----w C:\Program Files\HP Games

2008-05-15 10:53 --------- d-----w C:\ProgramData\Microsoft Help

2008-05-04 22:21 --------- d-----w C:\Users\Jessie\AppData\Roaming\iWin

2008-05-04 20:46 --------- d-----w C:\Program Files\SiteAdvisor

2008-05-04 19:21 --------- d-----w C:\Users\Jessie\AppData\Roaming\7Wonders

2008-05-04 18:46 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller

2008-05-04 18:46 --------- d-----w C:\Program Files\Windows Live

2008-05-04 18:30 --------- d-----w C:\ProgramData\WLInstaller

2008-05-04 17:57 --------- d-----w C:\Users\Jessie\AppData\Roaming\Media Player Classic

2008-05-04 17:56 --------- d-----w C:\Program Files\K-Lite Codec Pack

2008-05-02 18:48 --------- d-----w C:\Program Files\Common Files\McAfee

2008-05-02 18:08 --------- d-----w C:\ProgramData\SiteAdvisor

2008-05-02 18:08 --------- d-----w C:\ProgramData\McAfee

2008-05-02 18:04 --------- d-----w C:\Program Files\McAfee.com

2008-05-02 17:34 988,216 ----a-w C:\Windows\System32\winload.exe

2008-05-02 17:34 927,288 ----a-w C:\Windows\System32\winresume.exe

2008-05-02 17:34 615,992 ----a-w C:\Windows\System32\ci.dll

2008-05-02 17:34 6,656 ----a-w C:\Windows\System32\kbd106n.dll

2008-05-02 17:34 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll

2008-05-02 17:34 40,960 ----a-w C:\Windows\System32\srclient.dll

2008-05-02 17:34 378,368 ----a-w C:\Windows\System32\srcore.dll

2008-05-02 17:34 318,464 ----a-w C:\Windows\System32\rstrui.exe

2008-05-02 17:34 19,000 ----a-w C:\Windows\System32\kd1394.dll

2008-05-02 17:34 14,848 ----a-w C:\Windows\System32\srdelayed.exe

2008-05-02 17:33 2,032,128 ----a-w C:\Windows\System32\win32k.sys

2008-05-02 17:32 295,936 ----a-w C:\Windows\System32\gdi32.dll

2008-05-02 17:22 --------- d-----w C:\Program Files\MSXML 4.0

2008-05-02 15:20 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-05-02 15:19 --------- d-----w C:\ProgramData\Symantec

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 08:33 1233920]

"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 17:36 455968]

"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 08:33 125952]

"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 08:33 202240]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 09:29 102400]

"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 14:34 634880]

"RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 14:27 4702208 C:\Windows\RtHDVCpl.exe]

"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 07:02 174616]

"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-09-30 19:34 181544]

"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 14:31 202032]

"OnScreenDisplay"="C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 13:54 554320]

"UCam_Menu"="C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 23:13 218408]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]

"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]

"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]

"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 08:47 480560]

"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 15:53 311296]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]

"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-06-22 00:12 36640]

"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]

"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 19:31 1033512]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 21:05 86016]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 21:05 8497696]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 21:05 81920]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.l3codecp"= l3codecp.acm

"VIDC.YV12"= yv12vfw.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{193DAF2B-E008-4B37-9039-EA1C687DD5E5}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{BD046E90-F042-4ADF-98F0-49D0BF91FFDA}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader

"{630FD9F8-80AA-45A3-9DC1-D7C4CF0854CE}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{0AC7094B-6AB3-4C94-984B-7A278921DE78}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{060D820E-6A05-4455-867C-C0B5E0013342}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector

"{E0EF5EFA-5562-4787-81A3-A29261FD19D3}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play

"{31E34FDE-62E3-4BED-8512-F9B78B302C3C}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program

"{34C1B908-CD9C-4BC2-8B77-5B8D31380D89}"= Profile=Private|Profile=Public|C:\Program Files\Common Files\Mcafee\MNA\McNaSvc.exe:McAfee Network Agent

"{D6D97FBE-CA94-4542-A5E2-12CC7835FE4F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]

"EnableFirewall"= 0 (0x0)

 

R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 10:30]

 

*Newly Created Service* - CATCHME

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

.

Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

"2008-05-02 18:47:52 C:\Windows\Tasks\McDefragTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe'

"2008-05-02 18:47:52 C:\Windows\Tasks\McQcTask.job"

- c:\program files\mcafee\mqc\QcConsol.exe

"2008-07-01 07:50:30 C:\Windows\Tasks\User_Feed_Synchronization-{8ED3B971-CFC4-487A-8846-DDB715202692}.job"­;

- C:\Windows\system32\msfeedssync.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-01 09:31:17

Windows 6.0.6001 Service Pack 1 NTFS

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-07-01 9:32:34

ComboFix-quarantined-files.txt 2008-07-01 08:32:25

 

Pre-Run: 178,604,236,800 octets libres

Post-Run: 178,605,867,008 octets libres

 

195 --- E O F --- 2008-06-27 14:28:59

[Falkra]

Bonjour, poste un rapport hijackThis dans ta prochaine réponse stp.

On ne commence pas par Cf, habituellement, sauf cas particuliers.

Mais Ep44 devait avoir une bonne raison de te le prescrire.

 

Clique sur ce lien pour télécharger HijackThis 2.0.2 :

http://www.trendsecure.com/portal/en-US/_d.../HiJackThis.exe

Cette version est sans installateur ou Zip à décompresser, choisis de l'enregistrer sur le bureau.

 

Double-clique sur l'icône HijackThis :

 

HijackThis démarre, c'est le premier bouton qui nous intéresse "Do a system scan and save a logfile" (le fichier "log" est le rapport).

Clique dessus.

 

Copie-colle le contenu du rapport qui va s'afficher dans le Bloc-notes dans ta prochaine réponse.

[Misko]

Je l'avais déja fait mais je te le reposte. Merci

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:52:24, on 23/06/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Hp\QuickPlay\QPService.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\SearchFilterHost.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll

O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe

O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide

O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O23 - Service: McAfee Application Installer Cleanup (0185511214213492) (0185511214213492mcinstcleanup) - McAfee, Inc. - C:\Windows\TEMP\018551~1.EXE

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe

O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe

O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe

[Falkra]

Je l'avais déja fait mais je te le reposte. Merci

Je ne comprends pas, tu n'as que ces deux posts au compteur sur ce forum, ce qui laisse quelques possibilités :

- posté dans le JRAD

- posté par MP

- posté sur autre forum

- autre

 

Je ne te prescris rien, et te conseille d'attendre Ep44 et/ou de lui signaler le lien vers ce sujet, s'il a déjà commencé quelque chose, il sait où il en est et saura te guider pour la suite.

[Misko]

J'avais commencé sur le site comment ca marche, mais sit u peux m'aider cela serait si tu pouvais m'aider STP, je peux te poster toutes les discussions.