Menu

Suis-je infecter??? [Fermé]

informaticologue 332 Messages postés lundi 14 juillet 2008Date d'inscription 26 février 2011 Dernière intervention - 28 févr. 2009 à 21:32 - Dernière réponse : informaticologue 332 Messages postés lundi 14 juillet 2008Date d'inscription 26 février 2011 Dernière intervention
- 3 mars 2009 à 16:19
Bonjour,
Aidez moi les expers suis je-infecté?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:21, on 07/02/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Users\Jules\Program Files\DNA\btdna.exe
C:\Users\Jules\AppData\Local\aykic.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Jules\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\Jules\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\systray\systrayapp.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing)
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail] "C:\Users\Jules\AppData\Local\Temp\ImInstaller\IncrediMail\incredimail_install.exe" -startup -product IncrediMail -report -ffmsc 12345
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [BrandClearStubs] RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{ED3DF1A7-E9AD-41C7-A62A-1CDA6E33F517}
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Jules\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ukkuu] "c:\users\jules\appdata\local\ukkuu.exe" ukkuu
O4 - HKCU\..\Run: [aykic] "c:\users\jules\appdata\local\aykic.exe" aykic
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Jules\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {9D3B0E16-FCD8-4CC2-AC1A-10CE6B837F93} (Chrysis Core) - http://www.chrysis-online.com/produits/plugins/ChrysisCore.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
Afficher la suite 

30 réponses

informaticologue 332 Messages postés lundi 14 juillet 2008Date d'inscription 26 février 2011 Dernière intervention - 1 mars 2009 à 19:21
0
Utile
RSIT ????
Destrio5 87152 Messages postés dimanche 11 juillet 2010Date d'inscriptionContributeurStatut 25 avril 2018 Dernière intervention - 1 mars 2009 à 19:24
0
Utile
- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
informaticologue 332 Messages postés lundi 14 juillet 2008Date d'inscription 26 février 2011 Dernière intervention - 1 mars 2009 à 19:34
0
Utile
voila le rapport


Logfile of random's system information tool 1.05 (written by random/random)
Run by Jules at 2009-03-01 19:26:06
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 195 GB (41%) free of 469 GB
Total RAM: 2046 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:17, on 01/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\systray\systrayapp.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Windows\System32\mobsync.exe
C:\Windows\explorer.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\msfeedssync.exe
C:\Users\Jules\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jules.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [AGCoreCleanup] CMD /C RD /S /Q "C:/Program Files/AGI"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE RÉSEAU')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{940BE514-C863-41EE-94FE-5B6E28A8ED8A}: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.133,85.255.112.195
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
informaticologue 332 Messages postés lundi 14 juillet 2008Date d'inscription 26 février 2011 Dernière intervention - 2 mars 2009 à 18:53
0
Utile
Destrio je n'arrive pas a le télécharger j'ai une page Erreur de chargement de la page
Nouveau symptôme je dois cliquer deux fois pour me rendre sur un site a partir de google la premiere j'ai une page qui me dit de télécharger E-mule
Destrio5 87152 Messages postés dimanche 11 juillet 2010Date d'inscriptionContributeurStatut 25 avril 2018 Dernière intervention - 2 mars 2009 à 19:49
0
Utile
--> Désactive l'UAC le temps de la désinfection.

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur afin de le lancer.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
informaticologue 332 Messages postés lundi 14 juillet 2008Date d'inscription 26 février 2011 Dernière intervention - 3 mars 2009 à 15:40
0
Utile
Voil&a le rapport

ComboFix 09-03-02.01 - Jules 2009-03-02 20:36:31.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2046.1134 [GMT 1:00]
Lancé depuis: c:\users\Jules\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\recycler\S-0-9-40-100000880-100004925-100011867-8555.com
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\gaopdxrqptwncr.sys
c:\windows\system32\gaopdxtgryfsii.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((((((( Fichiers créés du 2009-02-02 au 2009-03-02 ))))))))))))))))))))))))))))))))))))
.

2009-03-02 19:54 . 2009-03-02 20:03 262,144 --a------ c:\windows\SPInstall.etl
2009-03-01 19:26 . 2009-03-01 19:26 <REP> d-------- C:\rsit
2009-03-01 18:58 . 2009-03-01 19:22 <REP> d-------- c:\program files\Ad-remover
2009-03-01 15:08 . 2009-03-01 15:08 <REP> d-------- c:\program files\MoviesPlay
2009-03-01 14:30 . 2009-03-01 14:30 <REP> d-------- c:\users\Colin\AppData\Roaming\agi
2009-02-28 21:39 . 2009-03-01 11:50 <REP> d-------- c:\program files\Navilog1
2009-02-28 11:22 . 2008-04-26 09:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2009-02-28 11:22 . 2008-04-12 04:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2009-02-28 11:22 . 2008-04-05 02:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2009-02-28 11:22 . 2008-04-05 04:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2009-02-27 22:39 . 2009-02-27 23:24 <REP> d-------- C:\perflogs
2009-02-24 19:52 . 2009-02-24 19:52 <REP> d-------- c:\program files\Kiwee Toolbar
2009-02-24 19:51 . 2009-02-24 19:51 2,117,632 --a------ c:\windows\System32\python25.dll
2009-02-24 19:51 . 2008-09-16 17:26 1,332,197 --a------ c:\windows\System32\pythondll.zip
2009-02-24 19:51 . 2009-02-24 19:51 339,968 --a------ c:\windows\System32\pythoncom25.dll
2009-02-24 19:51 . 2009-02-24 19:51 114,688 --a------ c:\windows\System32\pywintypes25.dll
2009-02-21 12:23 . 2009-02-21 12:23 <REP> d-------- c:\program files\Microsoft Sync Framework
2009-02-19 21:08 . 2009-02-19 21:08 <REP> d-------- c:\program files\Microsoft Visual Studio 8
2009-02-15 15:15 . 2009-02-15 15:16 <REP> d-------- c:\program files\GameSpy Arcade
2009-02-15 15:11 . 2009-02-15 15:11 <REP> d-------- c:\program files\LucasArts
2009-02-15 12:24 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-15 12:24 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 12:24 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 12:24 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 12:24 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-13 12:16 . 2009-03-01 14:29 <REP> d-------- c:\users\Colin\Tracing
2009-02-13 12:14 . 2009-02-13 12:14 <REP> d-------- c:\users\Colin\Program Files
2009-02-13 12:14 . 2009-03-01 15:49 <REP> d-------- c:\users\Colin\AppData\Roaming\DNA
2009-02-11 19:43 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 19:43 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-09 13:02 . 2009-03-01 19:23 <REP> d-------- c:\program files\Dofus
2009-02-08 20:42 . 2009-03-02 20:26 <REP> d-------- c:\users\Jules\Tracing
2009-02-08 20:39 . 2009-02-08 20:39 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-02-08 20:35 . 2009-02-08 20:39 <REP> d-------- c:\program files\Microsoft
2009-02-08 20:33 . 2009-02-08 20:33 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-08 20:29 . 2009-02-08 20:29 <REP> d-------- c:\program files\Common Files\Windows Live
2009-02-08 09:48 . 2009-02-08 09:48 <REP> dr-h----- c:\users\Jules\AppData\Roaming\SecuROM
2009-02-08 09:41 . 2009-02-08 09:41 <REP> d-------- c:\program files\Zone Labs
2009-02-07 19:20 . 2009-02-07 19:20 <REP> d-------- c:\program files\Trend Micro
2009-02-07 17:49 . 2009-02-13 12:55 <REP> d-------- c:\programdata\Electronic Arts
2009-02-07 17:49 . 2009-02-07 17:49 7,760 --a------ c:\windows\System32\ealregsnapshot1.reg
2009-02-07 17:21 . 2009-02-07 17:21 <REP> d--h----- c:\windows\msdownld.tmp
2009-02-07 12:05 . 2009-02-07 12:05 43,520 --a------ c:\windows\System32\CmdLineExt03.dll
2009-02-07 11:55 . 2009-02-07 11:55 <REP> d-------- c:\program files\THQ
2009-02-07 11:55 . 2009-02-07 11:55 <REP> d-------- C:\Extras
2009-02-07 11:55 . 2009-02-07 11:55 <REP> d-------- C:\Autorun
2009-02-07 10:25 . 2009-02-08 15:51 139,264 --a------ c:\windows\War3Unin.exe
2009-02-07 10:25 . 2009-02-08 16:00 87,963 --a------ c:\windows\War3Unin.dat
2009-02-07 10:25 . 2009-02-08 15:51 2,829 --a------ c:\windows\War3Unin.pif
2009-02-07 10:22 . 2009-02-17 12:09 <REP> d-------- c:\program files\Warcraft III
2009-02-06 19:39 . 2009-02-06 19:39 308,600 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\System32\sirenacm.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 19:22 --------- d-----w c:\programdata\avg8
2009-03-01 18:23 --------- d-----w c:\program files\Packard Bell
2009-03-01 14:50 --------- d-----w c:\users\Colin\AppData\Roaming\Azureus
2009-03-01 13:52 --------- d-----w c:\users\Colin\AppData\Roaming\LimeWire
2009-03-01 13:30 --------- d-----w c:\program files\Steam
2009-03-01 10:51 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-28 20:46 --------- d-----w c:\users\Jules\AppData\Roaming\Azureus
2009-02-28 18:09 --------- d-----w c:\users\Jules\AppData\Roaming\BraCa_Soft
2009-02-28 16:19 --------- d---a-w c:\programdata\Sports Interactive
2009-02-28 10:12 174 --sha-w c:\program files\desktop.ini
2009-02-27 22:27 --------- d-----w c:\program files\Windows Sidebar
2009-02-27 22:27 --------- d-----w c:\program files\Windows Photo Gallery
2009-02-27 22:27 --------- d-----w c:\program files\Windows Mail
2009-02-27 22:27 --------- d-----w c:\program files\Windows Journal
2009-02-27 22:27 --------- d-----w c:\program files\Windows Defender
2009-02-27 22:27 --------- d-----w c:\program files\Windows Collaboration
2009-02-27 22:27 --------- d-----w c:\program files\Windows Calendar
2009-02-27 21:59 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-02-27 21:59 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-02-27 17:06 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-24 15:53 1,128 ----a-w c:\users\Jules\AppData\Roaming\wklnhst.dat
2009-02-21 11:24 --------- d-----w c:\program files\Windows Live
2009-02-21 08:58 --------- d-----w c:\programdata\Microsoft Help
2009-02-19 20:14 --------- d-----w c:\program files\MSBuild
2009-02-19 17:32 --------- d-----w c:\users\Jules\AppData\Roaming\LimeWire
2009-02-08 08:26 --------- d-----w c:\programdata\Symantec
2009-02-08 08:26 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-08 08:25 --------- d-----w c:\program files\Norton 360
2009-02-08 08:24 --------- d-----w c:\program files\Symantec
2009-02-08 08:14 --------- d-----w c:\program files\AVS4YOU
2009-02-07 18:26 --------- d-----w c:\users\Jules\AppData\Roaming\DNA
2009-02-07 16:49 --------- d-----w c:\program files\Electronic Arts
2009-02-06 21:01 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-28 16:07 --------- d-----w c:\users\Jules\AppData\Roaming\uTorrent
2009-01-24 17:16 --------- d-----w c:\program files\Common Files\Steam
2009-01-21 18:11 --------- d-----w c:\users\Jules\AppData\Roaming\Pro Cycling Manager 2008
2009-01-18 13:40 --------- d-----w c:\users\Jules\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2009-01-18 10:59 --------- d-----w c:\users\Colin\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2009-01-16 18:33 --------- d-----w c:\users\Jules\AppData\Roaming\La Bataille pour la Terre du Milieu ™ II
2009-01-15 17:46 --------- d-----w c:\program files\eMule
2009-01-11 15:07 --------- d-----w c:\users\Jules\AppData\Roaming\Xilisoft Corporation
2009-01-11 15:06 --------- d-----w c:\program files\Xilisoft
2009-01-11 11:14 --------- d-----w c:\users\Colin\AppData\Roaming\La Bataille pour la Terre du Milieu ™ II
2009-01-08 17:46 --------- d-----w c:\users\Colin\AppData\Roaming\La Bataille pour la Terre du Milieu
2009-01-02 17:16 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-02 17:15 103,736 ----a-w c:\windows\System32\PnkBstrB.exe
2008-11-09 12:53 1,222 ----a-w c:\users\Colin\AppData\Roaming\wklnhst.dat
2007-12-25 08:34 22,328 ----a-w c:\users\Colin\AppData\Roaming\PnkBstrK.sys
2002-08-26 17:54 327,680 ----a-r c:\users\Colin\AppData\Roaming\MafiaSetup.exe
2007-09-13 06:33 157,184 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-06 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-06 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 c:\windows\RtHDVCpl.exe]

c:\users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SmpcSys"=c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe
"PcSync"=c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2E127600-40B6-404B-BC6F-10505B667627}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6716BF2E-4290-428B-8AAA-B2576E0CB495}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4AF04E4F-50E4-4488-AF37-01BF2BDC6B73}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1CC8D575-55F2-4036-8F62-5AEBD69E6C3F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{B5921348-B33A-4036-A387-457D5DB5C309}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{94063043-830F-45ED-9EAA-CE45E379F78F}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{34E21BBA-C6F8-4561-BF2A-03593CCA0B90}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{8C838E28-6A3B-4BE1-B27A-50EDAE841FF8}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"{D27EAE27-2056-45A0-901A-EC8C6A8BB36D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{8BC378B9-DDB9-4644-8AB2-56CFF3966D43}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{1880BC6B-AD2A-4F3A-96BB-9FCBDB2A310F}"= UDP:c:\program files\Steam\steamapps\common\football manager 2009\fm.exe:Football Manager 2009
"{7320722E-D587-4A42-BDDF-B214C6E67777}"= TCP:c:\program files\Steam\steamapps\common\football manager 2009\fm.exe:Football Manager 2009
"{A34346D3-32C6-4715-8998-D9F42015074D}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{5C2B0933-D818-4922-8E4D-31FFF7F80023}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{A74B1AA0-0238-4B55-811A-F91A7A4BBA48}"= Disabled:UDP:c:\users\Colin\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{499627AA-0B81-445B-8800-6C418FD9A1AC}"= Disabled:TCP:c:\users\Colin\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{AEA400C1-E10B-45C6-8B77-ABB4B937DE76}"= Disabled:UDP:c:\users\Jules\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{035722A8-4F5D-4523-9A63-93808CD7872D}"= Disabled:TCP:c:\users\Jules\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{AC3311A6-A3D8-4345-9715-8A22299A04FA}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{A55680A5-C8E4-4507-9C9D-B19A463B603B}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{04A11CF4-F9E0-4794-B0F8-0774FA81F7DD}"= UDP:c:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{50226B5A-ED69-4D18-BD54-973A674300F4}"= TCP:c:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{773C09EA-6A63-47D4-9318-0F5A85972948}"= UDP:c:\program files\LucasArts\Star Wars Battlefront\GameData\battlefront.exe:Star Wars(TM): Battlefront(TM)
"{E6B7ABC6-2EDF-49B5-A4F4-728AEE108CD3}"= TCP:c:\program files\LucasArts\Star Wars Battlefront\GameData\battlefront.exe:Star Wars(TM): Battlefront(TM)
"{51681AAB-FA43-4EA2-B91D-84FF805BA778}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9C3A9E7D-00C8-473C-AD7A-15811C7D022F}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{43AF5FAC-725E-47F6-BFA8-5F35EE4ED0B5}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{056117F4-FFC3-4DA9-9824-1B63BAFECAB3}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E3B23184-B673-45F1-A2F0-4EDE428290BD}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0729F1AD-9560-4812-94FF-EA0308E76280}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= c:\program files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 appdrv01;Application Driver (01);c:\windows\System32\drivers\appdrv01.sys [2008-09-06 2915944]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [2008-01-16 28224]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bbb503c0-f03e-11dc-8971-001c252f6b0c}]
\shell\AutoRun\command - L:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f2c9ec-773a-11dd-a897-001c252f6b0c}]
\shell\AutoRun\command - i:\setup\rsrc\Autorun.exe
\shell\dinstall\command - i:\directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f2c9f3-773a-11dd-a897-001c252f6b0c}]
\shell\AutoRun\command - J:\SETUP.EXE
\shell\configure\command - J:\SETUP.EXE
\shell\install\command - J:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e32111ca-bc7d-11dc-bca7-001c252f6b0c}]
\shell\AutoRun\command - I:\OblivionLauncher.exe
.
Contenu du dossier 'Tâches planifiées'

2009-03-02 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 17:38]

2009-02-20 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-16 13:28]

2009-03-02 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21 17:34]

2009-03-02 c:\windows\Tasks\User_Feed_Synchronization-{76461DD1-B6E6-4076-BBA9-EF584055E07F}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]

2009-03-02 c:\windows\Tasks\User_Feed_Synchronization-{E9994E27-B913-4BBB-A62C-60E7B671623C}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
- - - - ORPHELINS SUPPRIMES - - - -

WebBrowser-{32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\DAEMON Tools Toolbar\DTToolbar.dll


.
------- Examen supplémentaire -------
.
mWindow Title =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: orange.fr\www
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\users\Jules\AppData\Roaming\Mozilla\Firefox\Profiles\3b3eh5kn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MICJE8&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Jules\Program Files\DNA\plugins\npbtdna.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 20:43:37
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés:

**************************************************************************
.
Heure de fin: 2009-03-02 20:45:33
ComboFix-quarantined-files.txt 2009-03-02 19:45:32

Avant-CF: 199,862,468,608 octets libres
Après-CF: 199,871,180,800 octets libres

270 --- E O F --- 2009-03-01 02:20:56
Destrio5 87152 Messages postés dimanche 11 juillet 2010Date d'inscriptionContributeurStatut 25 avril 2018 Dernière intervention - 3 mars 2009 à 15:41
0
Utile
Maintenant, tu peux installer le SP1.
informaticologue 332 Messages postés lundi 14 juillet 2008Date d'inscription 26 février 2011 Dernière intervention - 3 mars 2009 à 16:13
0
Utile
dESTRIO LE sp1 EST Déja installer SUR MON pc
Destrio5 87152 Messages postés dimanche 11 juillet 2010Date d'inscriptionContributeurStatut 25 avril 2018 Dernière intervention - 3 mars 2009 à 16:15
0
Utile
---> Relance RSIT et poste le rapport log.
informaticologue 332 Messages postés lundi 14 juillet 2008Date d'inscription 26 février 2011 Dernière intervention - 3 mars 2009 à 16:19
0
Utile
Logfile of random's system information tool 1.05 (written by random/random)
Run by Jules at 2009-03-03 16:18:39
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 189 GB (40%) free of 469 GB
Total RAM: 2046 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:48, on 03/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jules\Downloads\RSIT(2).exe
C:\Program Files\Trend Micro\HijackThis\Jules.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
Suis-je infecter??? - page 1