Net project virus possible solution
Résolu/Fermé
Audrey45
Messages postés
18
Date d'inscription
mardi 26 février 2008
Statut
Membre
Dernière intervention
7 avril 2008
-
27 févr. 2008 à 00:06
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 13 mai 2008 à 23:36
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 13 mai 2008 à 23:36
A voir également:
- Net project virus possible solution
- Paint net - Télécharger - Dessin & Illustration
- Net framework - Télécharger - Divers Utilitaires
- Gantt project gratuit - Télécharger - Gestion de projets
- Pack solution - Télécharger - Divers Utilitaires
- Solution rébus image ✓ - Forum Loisirs / Divertissements
39 réponses
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
27 févr. 2008 à 13:18
27 févr. 2008 à 13:18
Bonjour audrey,
Tu as deux anti virus > avast et mcAfee, ca ne sert a rien en plus ca crée des conflits; alors supprime avast !
Tu n´as pas de par feu :
instales :
Zone alarm :
https://www.generation-nt.com/zonealarm-vista-checkpoint-firewall-telecharger-actualite-42256.html
https://www.zonealarm.com/software/free-firewall
https://www.malekal.com/tutoriel-zonealarm-firewall/
ou
Comodo 3 pro : ( plus dure a configurer )
http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro
puis il reste des saloperie comme je te l´avais dis...
Fais ceci :
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message ainsi qu´un nouveau hijack this.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
@+
Tu as deux anti virus > avast et mcAfee, ca ne sert a rien en plus ca crée des conflits; alors supprime avast !
Tu n´as pas de par feu :
instales :
Zone alarm :
https://www.generation-nt.com/zonealarm-vista-checkpoint-firewall-telecharger-actualite-42256.html
https://www.zonealarm.com/software/free-firewall
https://www.malekal.com/tutoriel-zonealarm-firewall/
ou
Comodo 3 pro : ( plus dure a configurer )
http://www.commentcamarche.net/telecharger/telecharger 34055041 comodo firewall pro
puis il reste des saloperie comme je te l´avais dis...
Fais ceci :
Télécharge combofix.exe (par sUBs) sur ton Bureau.
-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message ainsi qu´un nouveau hijack this.
-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
@+
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
27 févr. 2008 à 02:37
27 févr. 2008 à 02:37
Salut audrey45,
Oui tu as l´air d´avoir bien agi, merci également de partager ton experience; mais connaissant cette infection, elle instale d´autres cochoneries. Alors je te propose de poster un rapport hijack this pour voir ce qu´il reste...
Télécharge HijackThis ici :
-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/Hijenr.gif
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
Post le rapport généré ici stp...
@+
Oui tu as l´air d´avoir bien agi, merci également de partager ton experience; mais connaissant cette infection, elle instale d´autres cochoneries. Alors je te propose de poster un rapport hijack this pour voir ce qu´il reste...
Télécharge HijackThis ici :
-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/Hijenr.gif
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
Post le rapport généré ici stp...
@+
Audrey45
Messages postés
18
Date d'inscription
mardi 26 février 2008
Statut
Membre
Dernière intervention
7 avril 2008
27 févr. 2008 à 10:37
27 févr. 2008 à 10:37
Bonjour,
Merci pour ta réponse.
Voici le rapport de Hijackthis en espérant que tu puisses trouver les choses que le virus a infecté. Merci encore!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:28:47, on 27/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\vVX6000.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [mpeg window] "C:\ProgramData\Third Body Body.l2hbnrg"
O4 - HKCU\..\Run: [1 mags 16 more] "C:\ProgramData\balm readme data.qa5py9"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubisoft\Rayman 3\Register\schedule.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcf_device - - C:\Windows\system32\lxcfcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Merci pour ta réponse.
Voici le rapport de Hijackthis en espérant que tu puisses trouver les choses que le virus a infecté. Merci encore!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:28:47, on 27/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\vVX6000.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [mpeg window] "C:\ProgramData\Third Body Body.l2hbnrg"
O4 - HKCU\..\Run: [1 mags 16 more] "C:\ProgramData\balm readme data.qa5py9"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubisoft\Rayman 3\Register\schedule.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcf_device - - C:\Windows\system32\lxcfcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Audrey45
Messages postés
18
Date d'inscription
mardi 26 février 2008
Statut
Membre
Dernière intervention
7 avril 2008
27 févr. 2008 à 14:53
27 févr. 2008 à 14:53
Re,
J'ai installé Zone Alarm, puis Combofix et voici le rapport:
ComboFix 08-02-25.3 - Audrey 2008-02-27 13:17:21.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.211 [GMT 0:00]
Endroit: C:\Users\Audrey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UL7ZXT8Z\ComboFix[1].exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Helper
C:\Windows\system32\x64
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-27 to 2008-02-27 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 12:59 --------- d-----w C:\Users\Audrey\AppData\Roaming\OpenOffice.org2
2008-02-27 12:55 352,615 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-02-27 12:44 --------- d-----w C:\ProgramData\CheckPoint
2008-02-27 12:44 --------- d-----w C:\Program Files\Zone Labs
2008-02-27 09:16 691,545 ----a-w C:\Windows\unins000.exe
2008-02-27 09:16 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-02-27 09:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-26 19:03 --------- d-----w C:\ProgramData\Roxio
2008-02-26 18:58 --------- d-----w C:\Users\Audrey\AppData\Roaming\Roxio
2008-02-26 18:58 --------- d-----w C:\ProgramData\Sonic
2008-02-25 22:45 --------- d-----w C:\Program Files\WinSpyKiller
2008-02-25 21:48 --------- d-----w C:\ProgramData\Grisoft
2008-02-25 21:27 --------- d-----w C:\Program Files\Trend Micro
2008-02-25 21:04 --------- d-----w C:\Program Files\Unlocker
2008-02-25 18:58 --------- d-----w C:\Program Files\Alwil Software
2008-02-23 11:00 --------- d-----w C:\Program Files\PDFCreator
2008-02-23 10:59 253,116 ----a-w C:\Windows\PDFCreator_Toolbar_Uninstaller_485.exe
2008-02-23 10:59 --------- d-----w C:\Program Files\PDFCreator Toolbar
2008-02-21 18:55 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-21 15:23 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-21 12:26 --------- d-----w C:\Program Files\Microsoft Works
2008-02-21 12:25 --------- d-----w C:\Program Files\MSBuild
2008-02-21 12:22 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-21 12:16 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-02-17 15:40 --------- d-----w C:\Program Files\Odebit Multimédia
2008-02-15 12:12 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-15 12:12 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-15 12:04 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-15 12:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-15 12:04 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-15 12:04 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-15 12:04 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys
2008-02-15 12:04 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-15 12:04 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-15 12:04 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-15 12:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-15 12:04 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-15 12:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-15 12:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-15 12:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-15 12:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-15 12:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-15 12:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-15 12:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-15 12:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-15 12:03 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-15 11:59 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-15 11:59 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-15 11:59 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-15 11:59 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-15 11:57 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-08 22:54 --------- d-----w C:\Users\Audrey\AppData\Roaming\dvdcss
2008-02-06 12:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-05 19:06 97,216 ----a-w C:\Windows\system32\drivers\AnyDVD.sys
2008-01-23 10:38 276,368 ----a-w C:\Windows\system32\drivers\~GLH0014.TMP
2008-01-23 10:38 276,368 ------w C:\Windows\system32\drivers\vsdatant.sys
2008-01-23 10:37 54,672 ----a-w C:\Windows\System32\vsutil_loc040c.dll
2008-01-23 10:37 1,086,952 ----a-w C:\Windows\System32\zpeng24.dll
2008-01-13 09:15 --------- d-----w C:\Program Files\Windows Mail
2008-01-12 23:11 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-12 23:11 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-12 23:11 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-12 23:10 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-12 21:08 --------- d-----w C:\Program Files\Logitech
2008-01-12 21:08 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-12 21:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 18:22 --------- d-----w C:\Users\Audrey\AppData\Roaming\Shareaza
2008-01-09 18:22 --------- d-----w C:\Program Files\Shareaza
2008-01-09 18:17 --------- d-----w C:\Program Files\Shareaza Applications
2008-01-03 18:48 --------- d-----w C:\ProgramData\DVD Shrink
2007-12-28 20:43 --------- d-----w C:\Program Files\AviSynth 2.5
2007-12-28 20:42 --------- d-----w C:\Program Files\eRightSoft
2007-12-12 03:30 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 03:30 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 03:30 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-06 12:09 1,014,754 ----a-w C:\Windows\System32\Prison Break.scr
2007-12-04 13:04 837,496 ----a-w C:\Windows\System32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2007-11-18 20:50 250 ----a-w C:\Users\Audrey\AppData\Roaming\DelAll.bat
2007-10-14 11:20 262,144 ----a-w C:\ProgramData\ntuser.dat
2007-09-19 20:29 85,768 ----a-w C:\Users\Audrey\AppData\Roaming\GDIPFONTCACHEV1.DAT
2007-09-14 18:28 174 --sha-w C:\Program Files\desktop.ini
2007-10-16 13:10 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-16 13:10 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-16 13:10 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
{81705D67-3F73-4983-859B-97D0922E5ABE}
[HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 23:10 1232896]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2008-02-06 10:06 89024]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 15:15 221184]
"mpeg window"="C:\ProgramData\Third Body Body.l2hbnrg" [2007-10-01 18:49 176144]
"1 mags 16 more"="C:\ProgramData\balm readme data.qa5py9" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36 201728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-20 14:52 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 23:14 833072]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-06 09:02 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 09:05 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-06 09:02 81920]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 15:32 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 09:58 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 11:39 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 08:56 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 08:32 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"VX6000"="C:\Windows\vVX6000.exe" [2006-12-19 09:29 994072]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 15:48 275800]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2007-02-22 19:50 112216]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 10:27 136768]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 10:02 103712]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 17:19 15872]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-23 10:37 959976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-11-04 19:38:08 3450608]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe [2008-02-23 10:58:21 2641920]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B0043770-305B-4FA8-868E-E4576F3A5797}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{4F3925C3-2FFC-4F50-AFE7-067306899C64}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{E851503B-8A5A-4798-B497-6C8ED447E816}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{2E667C91-5FEE-44BA-B99D-1BFDF8309535}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{4987DFA9-C065-4205-B428-5E5BA66236C7}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{346880C1-D97C-4864-82B4-2F052C172850}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{8BE16641-D832-4190-83F6-71438711CEA2}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{6166B906-44C7-4E8D-B55F-07218A87E6C1}"= UDP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{DA9CE5F9-9085-4660-B3D5-512241908A41}"= TCP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"TCP Query User{11888435-E838-499E-AFF5-96EBF3DC64BB}C:\program files\microsoft lifecam\lifecam.exe"= UDP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe|Desc=LifeCam.exe
"UDP Query User{0B79FAB6-15F0-4AF6-998A-210AD0C501EA}C:\program files\microsoft lifecam\lifecam.exe"= TCP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe|Desc=LifeCam.exe
"{B3F00AC2-8186-4192-89E8-C7151DA033C5}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{2532ADAF-5BBE-498A-817F-77235A332A31}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{7E07C925-D97F-4D7B-B3BC-553F66F0BCDA}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{7524FF70-6357-4B69-A9C0-0AD025E8A725}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{0770F02F-D9D2-4F1C-B614-BF8544B6E7D0}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{906C8DAA-4CEB-4153-A1E4-5ED6268BBB7C}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{BEF186A6-6E96-47C3-813D-CB9CA119E316}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{1367D8F7-A711-4652-ABDA-332D8178CABD}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{B84B3FD0-AD01-48D5-BCAB-A5080B32A479}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"TCP Query User{EFCCFAD6-6438-40F3-80D6-1EE257DBFAFC}C:\program files\shareaza applications\shareaza\shareaza.exe"= UDP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza|Desc=Shareaza
"UDP Query User{E646ACBB-EFC4-4F8D-92DA-E8F4FC144749}C:\program files\shareaza applications\shareaza\shareaza.exe"= TCP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza|Desc=Shareaza
"TCP Query User{2E7918C1-0A2E-4EE2-8DC4-6FF26B85071B}C:\program files\shareaza\shareaza.exe"= UDP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing|Desc=Shareaza Ultimate File Sharing
"UDP Query User{3E693B3E-4C21-4711-924B-F817F6D891C9}C:\program files\shareaza\shareaza.exe"= TCP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing|Desc=Shareaza Ultimate File Sharing
"TCP Query User{DC92403E-D4CD-42C1-9232-5AD5988FBFDE}C:\program files\hp\hp software update\hpwucli.exe"= UDP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client|Desc=HP Software Update Client
"UDP Query User{0BBD0578-174C-408B-AAB5-895F6ADC03D2}C:\program files\hp\hp software update\hpwucli.exe"= TCP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client|Desc=HP Software Update Client
"{59568F2C-9105-4D4A-9332-E80D7E451585}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"= C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 14:52]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-04 12:13]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 04:27]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 10:29]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 14:43]
S3 NETw3v32;Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 09:02]
S3 NuVision;Hauppauge WinTV USB Pro (PAL I,D/K);C:\Windows\system32\DRIVERS\NUVision.sys [2005-07-08 20:40]
S3 VX6000;Microsoft LifeCam VX-6000;C:\Windows\system32\DRIVERS\VX6000Xp.sys [2006-12-19 09:29]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37111f01-9cd9-11dc-95c1-0016d4e95c4b}]
\shell\AutoRun\command - wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f9660e-be0b-11dc-815c-0016d4e95c4b}]
\shell\AutoRun\command - F:\AutoTransfer.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-27 11:23:30 C:\Windows\Tasks\User_Feed_Synchronization-{5D8B38A1-6B2B-4525-B28E-FDBC704D82C9}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 13:21:31
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
Temps d'accomplissement: 2008-02-27 13:22:49
.
2008-02-27 08:42:23 --- E O F ---
Et, par la suite j'ai redémarré l'ordi et j'ai refais un Hijackthis dont voici le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:05, on 27/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\vVX6000.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [mpeg window] "C:\ProgramData\Third Body Body.l2hbnrg"
O4 - HKCU\..\Run: [1 mags 16 more] "C:\ProgramData\balm readme data.qa5py9"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubisoft\Rayman 3\Register\schedule.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcf_device - - C:\Windows\system32\lxcfcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
J'ai installé Zone Alarm, puis Combofix et voici le rapport:
ComboFix 08-02-25.3 - Audrey 2008-02-27 13:17:21.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.211 [GMT 0:00]
Endroit: C:\Users\Audrey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UL7ZXT8Z\ComboFix[1].exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Helper
C:\Windows\system32\x64
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-27 to 2008-02-27 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 12:59 --------- d-----w C:\Users\Audrey\AppData\Roaming\OpenOffice.org2
2008-02-27 12:55 352,615 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-02-27 12:44 --------- d-----w C:\ProgramData\CheckPoint
2008-02-27 12:44 --------- d-----w C:\Program Files\Zone Labs
2008-02-27 09:16 691,545 ----a-w C:\Windows\unins000.exe
2008-02-27 09:16 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-02-27 09:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-26 19:03 --------- d-----w C:\ProgramData\Roxio
2008-02-26 18:58 --------- d-----w C:\Users\Audrey\AppData\Roaming\Roxio
2008-02-26 18:58 --------- d-----w C:\ProgramData\Sonic
2008-02-25 22:45 --------- d-----w C:\Program Files\WinSpyKiller
2008-02-25 21:48 --------- d-----w C:\ProgramData\Grisoft
2008-02-25 21:27 --------- d-----w C:\Program Files\Trend Micro
2008-02-25 21:04 --------- d-----w C:\Program Files\Unlocker
2008-02-25 18:58 --------- d-----w C:\Program Files\Alwil Software
2008-02-23 11:00 --------- d-----w C:\Program Files\PDFCreator
2008-02-23 10:59 253,116 ----a-w C:\Windows\PDFCreator_Toolbar_Uninstaller_485.exe
2008-02-23 10:59 --------- d-----w C:\Program Files\PDFCreator Toolbar
2008-02-21 18:55 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-21 15:23 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-21 12:26 --------- d-----w C:\Program Files\Microsoft Works
2008-02-21 12:25 --------- d-----w C:\Program Files\MSBuild
2008-02-21 12:22 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-21 12:16 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-02-17 15:40 --------- d-----w C:\Program Files\Odebit Multimédia
2008-02-15 12:12 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-15 12:12 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-15 12:04 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-15 12:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-15 12:04 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-15 12:04 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-15 12:04 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys
2008-02-15 12:04 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-15 12:04 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-15 12:04 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-15 12:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-15 12:04 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-15 12:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-15 12:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-15 12:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-15 12:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-15 12:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-15 12:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-15 12:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-15 12:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-15 12:03 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-15 11:59 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-15 11:59 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-15 11:59 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-15 11:59 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-15 11:57 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-08 22:54 --------- d-----w C:\Users\Audrey\AppData\Roaming\dvdcss
2008-02-06 12:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-05 19:06 97,216 ----a-w C:\Windows\system32\drivers\AnyDVD.sys
2008-01-23 10:38 276,368 ----a-w C:\Windows\system32\drivers\~GLH0014.TMP
2008-01-23 10:38 276,368 ------w C:\Windows\system32\drivers\vsdatant.sys
2008-01-23 10:37 54,672 ----a-w C:\Windows\System32\vsutil_loc040c.dll
2008-01-23 10:37 1,086,952 ----a-w C:\Windows\System32\zpeng24.dll
2008-01-13 09:15 --------- d-----w C:\Program Files\Windows Mail
2008-01-12 23:11 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-12 23:11 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-12 23:11 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-12 23:10 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-12 21:08 --------- d-----w C:\Program Files\Logitech
2008-01-12 21:08 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-12 21:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 18:22 --------- d-----w C:\Users\Audrey\AppData\Roaming\Shareaza
2008-01-09 18:22 --------- d-----w C:\Program Files\Shareaza
2008-01-09 18:17 --------- d-----w C:\Program Files\Shareaza Applications
2008-01-03 18:48 --------- d-----w C:\ProgramData\DVD Shrink
2007-12-28 20:43 --------- d-----w C:\Program Files\AviSynth 2.5
2007-12-28 20:42 --------- d-----w C:\Program Files\eRightSoft
2007-12-12 03:30 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 03:30 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 03:30 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-06 12:09 1,014,754 ----a-w C:\Windows\System32\Prison Break.scr
2007-12-04 13:04 837,496 ----a-w C:\Windows\System32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2007-11-18 20:50 250 ----a-w C:\Users\Audrey\AppData\Roaming\DelAll.bat
2007-10-14 11:20 262,144 ----a-w C:\ProgramData\ntuser.dat
2007-09-19 20:29 85,768 ----a-w C:\Users\Audrey\AppData\Roaming\GDIPFONTCACHEV1.DAT
2007-09-14 18:28 174 --sha-w C:\Program Files\desktop.ini
2007-10-16 13:10 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-16 13:10 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-16 13:10 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
{81705D67-3F73-4983-859B-97D0922E5ABE}
[HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 23:10 1232896]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2008-02-06 10:06 89024]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 15:15 221184]
"mpeg window"="C:\ProgramData\Third Body Body.l2hbnrg" [2007-10-01 18:49 176144]
"1 mags 16 more"="C:\ProgramData\balm readme data.qa5py9" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36 201728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-20 14:52 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 23:14 833072]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-06 09:02 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 09:05 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-06 09:02 81920]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 15:32 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 09:58 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 11:39 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 08:56 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 08:32 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"VX6000"="C:\Windows\vVX6000.exe" [2006-12-19 09:29 994072]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 15:48 275800]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2007-02-22 19:50 112216]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 10:27 136768]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 10:02 103712]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 17:19 15872]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-23 10:37 959976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-11-04 19:38:08 3450608]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe [2008-02-23 10:58:21 2641920]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B0043770-305B-4FA8-868E-E4576F3A5797}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{4F3925C3-2FFC-4F50-AFE7-067306899C64}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{E851503B-8A5A-4798-B497-6C8ED447E816}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{2E667C91-5FEE-44BA-B99D-1BFDF8309535}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{4987DFA9-C065-4205-B428-5E5BA66236C7}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{346880C1-D97C-4864-82B4-2F052C172850}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{8BE16641-D832-4190-83F6-71438711CEA2}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{6166B906-44C7-4E8D-B55F-07218A87E6C1}"= UDP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{DA9CE5F9-9085-4660-B3D5-512241908A41}"= TCP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"TCP Query User{11888435-E838-499E-AFF5-96EBF3DC64BB}C:\program files\microsoft lifecam\lifecam.exe"= UDP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe|Desc=LifeCam.exe
"UDP Query User{0B79FAB6-15F0-4AF6-998A-210AD0C501EA}C:\program files\microsoft lifecam\lifecam.exe"= TCP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe|Desc=LifeCam.exe
"{B3F00AC2-8186-4192-89E8-C7151DA033C5}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{2532ADAF-5BBE-498A-817F-77235A332A31}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{7E07C925-D97F-4D7B-B3BC-553F66F0BCDA}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{7524FF70-6357-4B69-A9C0-0AD025E8A725}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{0770F02F-D9D2-4F1C-B614-BF8544B6E7D0}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{906C8DAA-4CEB-4153-A1E4-5ED6268BBB7C}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{BEF186A6-6E96-47C3-813D-CB9CA119E316}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{1367D8F7-A711-4652-ABDA-332D8178CABD}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{B84B3FD0-AD01-48D5-BCAB-A5080B32A479}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"TCP Query User{EFCCFAD6-6438-40F3-80D6-1EE257DBFAFC}C:\program files\shareaza applications\shareaza\shareaza.exe"= UDP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza|Desc=Shareaza
"UDP Query User{E646ACBB-EFC4-4F8D-92DA-E8F4FC144749}C:\program files\shareaza applications\shareaza\shareaza.exe"= TCP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza|Desc=Shareaza
"TCP Query User{2E7918C1-0A2E-4EE2-8DC4-6FF26B85071B}C:\program files\shareaza\shareaza.exe"= UDP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing|Desc=Shareaza Ultimate File Sharing
"UDP Query User{3E693B3E-4C21-4711-924B-F817F6D891C9}C:\program files\shareaza\shareaza.exe"= TCP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing|Desc=Shareaza Ultimate File Sharing
"TCP Query User{DC92403E-D4CD-42C1-9232-5AD5988FBFDE}C:\program files\hp\hp software update\hpwucli.exe"= UDP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client|Desc=HP Software Update Client
"UDP Query User{0BBD0578-174C-408B-AAB5-895F6ADC03D2}C:\program files\hp\hp software update\hpwucli.exe"= TCP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client|Desc=HP Software Update Client
"{59568F2C-9105-4D4A-9332-E80D7E451585}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"= C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 14:52]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-04 12:13]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 04:27]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 10:29]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 14:43]
S3 NETw3v32;Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 09:02]
S3 NuVision;Hauppauge WinTV USB Pro (PAL I,D/K);C:\Windows\system32\DRIVERS\NUVision.sys [2005-07-08 20:40]
S3 VX6000;Microsoft LifeCam VX-6000;C:\Windows\system32\DRIVERS\VX6000Xp.sys [2006-12-19 09:29]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37111f01-9cd9-11dc-95c1-0016d4e95c4b}]
\shell\AutoRun\command - wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f9660e-be0b-11dc-815c-0016d4e95c4b}]
\shell\AutoRun\command - F:\AutoTransfer.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-27 11:23:30 C:\Windows\Tasks\User_Feed_Synchronization-{5D8B38A1-6B2B-4525-B28E-FDBC704D82C9}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 13:21:31
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
Temps d'accomplissement: 2008-02-27 13:22:49
.
2008-02-27 08:42:23 --- E O F ---
Et, par la suite j'ai redémarré l'ordi et j'ai refais un Hijackthis dont voici le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:47:05, on 27/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\vVX6000.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [mpeg window] "C:\ProgramData\Third Body Body.l2hbnrg"
O4 - HKCU\..\Run: [1 mags 16 more] "C:\ProgramData\balm readme data.qa5py9"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubisoft\Rayman 3\Register\schedule.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcf_device - - C:\Windows\system32\lxcfcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
27 févr. 2008 à 19:07
27 févr. 2008 à 19:07
Audrey,
Ok pour zone alarm
A l´aide de hijack this coche et fix la ligne suivante :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/uk/
comment fixer :
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
on va supprimer les infections + sweet im qui est aussi une saloperie...
Copie le texte ci-dessous :
File::
C:\ProgramData\balm readme data.qa5py9
C:\ProgramData\Third Body Body.l2hbnrg
Folder::
C:\Program Files\WinSpyKiller
C:\Program Files\NetProject
C:\Program Files\Macrogaming
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=-
"{81705D67-3F73-4983-859B-97D0922E5ABE}"=-
"{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}"=-
[-HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mpeg window"=-
"1 mags 16 more"=-
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
@+
Ok pour zone alarm
A l´aide de hijack this coche et fix la ligne suivante :
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.shareazaweb.com/uk/
comment fixer :
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
on va supprimer les infections + sweet im qui est aussi une saloperie...
Copie le texte ci-dessous :
File::
C:\ProgramData\balm readme data.qa5py9
C:\ProgramData\Third Body Body.l2hbnrg
Folder::
C:\Program Files\WinSpyKiller
C:\Program Files\NetProject
C:\Program Files\Macrogaming
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=-
"{81705D67-3F73-4983-859B-97D0922E5ABE}"=-
"{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}"=-
[-HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mpeg window"=-
"1 mags 16 more"=-
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
@+
Audrey45
Messages postés
18
Date d'inscription
mardi 26 février 2008
Statut
Membre
Dernière intervention
7 avril 2008
27 févr. 2008 à 20:14
27 févr. 2008 à 20:14
Salut,
Voici le nouveau Combofix; j'espère que je n'ais pas fais d'erreur!
ComboFix 08-02-25.3 - Audrey 2008-02-27 18:46:26.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.289 [GMT 0:00]
Endroit: C:\Users\Audrey\Desktop\ComboFix.exe
Command switches used :: C:\Users\Audrey\Documents\CFScript.txt
* Création d'un nouveau point de restauration
FILE ::
File:: C:\ProgramData\balm readme data.qa5py9 C:\ProgramData\Third Body Body.l2hbnrg Folder:: C:\Program Files\WinSpyKiller C:\Program Files\NetProject C:\Program Files\Macrogaming Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=- "{81705D67-3F73-4983-859B-97D0922E5ABE}"=- "{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}"=- [-HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SweetIM"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mpeg window"=- "1 mags 16 more"=-
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-27 to 2008-02-27 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 16:28 --------- d-----w C:\Users\Audrey\AppData\Roaming\OpenOffice.org2
2008-02-27 16:26 352,615 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-02-27 12:44 --------- d-----w C:\ProgramData\CheckPoint
2008-02-27 12:44 --------- d-----w C:\Program Files\Zone Labs
2008-02-27 09:16 691,545 ----a-w C:\Windows\unins000.exe
2008-02-27 09:16 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-02-27 09:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-26 19:03 --------- d-----w C:\ProgramData\Roxio
2008-02-26 18:58 --------- d-----w C:\Users\Audrey\AppData\Roaming\Roxio
2008-02-26 18:58 --------- d-----w C:\ProgramData\Sonic
2008-02-25 22:45 --------- d-----w C:\Program Files\WinSpyKiller
2008-02-25 21:48 --------- d-----w C:\ProgramData\Grisoft
2008-02-25 21:27 --------- d-----w C:\Program Files\Trend Micro
2008-02-25 21:04 --------- d-----w C:\Program Files\Unlocker
2008-02-25 18:58 --------- d-----w C:\Program Files\Alwil Software
2008-02-23 11:00 --------- d-----w C:\Program Files\PDFCreator
2008-02-23 10:59 253,116 ----a-w C:\Windows\PDFCreator_Toolbar_Uninstaller_485.exe
2008-02-23 10:59 --------- d-----w C:\Program Files\PDFCreator Toolbar
2008-02-21 18:55 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-21 15:23 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-21 12:26 --------- d-----w C:\Program Files\Microsoft Works
2008-02-21 12:25 --------- d-----w C:\Program Files\MSBuild
2008-02-21 12:22 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-21 12:16 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-02-17 15:40 --------- d-----w C:\Program Files\Odebit Multimédia
2008-02-15 12:12 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-15 12:12 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-15 12:04 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-15 12:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-15 12:04 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-15 12:04 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-15 12:04 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys
2008-02-15 12:04 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-15 12:04 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-15 12:04 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-15 12:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-15 12:04 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-15 12:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-15 12:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-15 12:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-15 12:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-15 12:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-15 12:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-15 12:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-15 12:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-15 12:03 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-15 11:59 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-15 11:59 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-15 11:59 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-15 11:59 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-15 11:57 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-08 22:54 --------- d-----w C:\Users\Audrey\AppData\Roaming\dvdcss
2008-02-06 12:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-05 19:06 97,216 ----a-w C:\Windows\system32\drivers\AnyDVD.sys
2008-01-23 10:38 276,368 ----a-w C:\Windows\system32\drivers\~GLH0014.TMP
2008-01-23 10:38 276,368 ------w C:\Windows\system32\drivers\vsdatant.sys
2008-01-23 10:37 54,672 ----a-w C:\Windows\System32\vsutil_loc040c.dll
2008-01-23 10:37 1,086,952 ----a-w C:\Windows\System32\zpeng24.dll
2008-01-13 09:15 --------- d-----w C:\Program Files\Windows Mail
2008-01-12 23:11 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-12 23:11 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-12 23:11 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-12 23:10 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-12 21:08 --------- d-----w C:\Program Files\Logitech
2008-01-12 21:08 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-12 21:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 18:22 --------- d-----w C:\Users\Audrey\AppData\Roaming\Shareaza
2008-01-09 18:22 --------- d-----w C:\Program Files\Shareaza
2008-01-09 18:17 --------- d-----w C:\Program Files\Shareaza Applications
2008-01-03 18:48 --------- d-----w C:\ProgramData\DVD Shrink
2007-12-28 20:43 --------- d-----w C:\Program Files\AviSynth 2.5
2007-12-28 20:42 --------- d-----w C:\Program Files\eRightSoft
2007-12-12 03:30 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 03:30 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 03:30 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-06 12:09 1,014,754 ----a-w C:\Windows\System32\Prison Break.scr
2007-12-04 13:04 837,496 ----a-w C:\Windows\System32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2007-11-18 20:50 250 ----a-w C:\Users\Audrey\AppData\Roaming\DelAll.bat
2007-10-14 11:20 262,144 ----a-w C:\ProgramData\ntuser.dat
2007-09-19 20:29 85,768 ----a-w C:\Users\Audrey\AppData\Roaming\GDIPFONTCACHEV1.DAT
2007-09-14 18:28 174 --sha-w C:\Program Files\desktop.ini
2007-10-16 13:10 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-16 13:10 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-16 13:10 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
{81705D67-3F73-4983-859B-97D0922E5ABE}
[HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 23:10 1232896]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2008-02-06 10:06 89024]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 15:15 221184]
"mpeg window"="C:\ProgramData\Third Body Body.l2hbnrg" [2007-10-01 18:49 176144]
"1 mags 16 more"="C:\ProgramData\balm readme data.qa5py9" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36 201728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-20 14:52 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 23:14 833072]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-06 09:02 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 09:05 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-06 09:02 81920]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 15:32 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 09:58 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 11:39 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 08:56 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 08:32 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"VX6000"="C:\Windows\vVX6000.exe" [2006-12-19 09:29 994072]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 15:48 275800]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2007-02-22 19:50 112216]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 10:27 136768]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 10:02 103712]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 17:19 15872]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-23 10:37 959976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-11-04 19:38:08 3450608]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe [2008-02-23 10:58:21 2641920]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B0043770-305B-4FA8-868E-E4576F3A5797}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{4F3925C3-2FFC-4F50-AFE7-067306899C64}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{E851503B-8A5A-4798-B497-6C8ED447E816}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{2E667C91-5FEE-44BA-B99D-1BFDF8309535}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{4987DFA9-C065-4205-B428-5E5BA66236C7}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{346880C1-D97C-4864-82B4-2F052C172850}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{8BE16641-D832-4190-83F6-71438711CEA2}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{6166B906-44C7-4E8D-B55F-07218A87E6C1}"= UDP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{DA9CE5F9-9085-4660-B3D5-512241908A41}"= TCP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"TCP Query User{11888435-E838-499E-AFF5-96EBF3DC64BB}C:\program files\microsoft lifecam\lifecam.exe"= UDP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe|Desc=LifeCam.exe
"UDP Query User{0B79FAB6-15F0-4AF6-998A-210AD0C501EA}C:\program files\microsoft lifecam\lifecam.exe"= TCP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe|Desc=LifeCam.exe
"{B3F00AC2-8186-4192-89E8-C7151DA033C5}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{2532ADAF-5BBE-498A-817F-77235A332A31}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{7E07C925-D97F-4D7B-B3BC-553F66F0BCDA}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{7524FF70-6357-4B69-A9C0-0AD025E8A725}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{0770F02F-D9D2-4F1C-B614-BF8544B6E7D0}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{906C8DAA-4CEB-4153-A1E4-5ED6268BBB7C}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{BEF186A6-6E96-47C3-813D-CB9CA119E316}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{1367D8F7-A711-4652-ABDA-332D8178CABD}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{B84B3FD0-AD01-48D5-BCAB-A5080B32A479}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"TCP Query User{EFCCFAD6-6438-40F3-80D6-1EE257DBFAFC}C:\program files\shareaza applications\shareaza\shareaza.exe"= UDP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza|Desc=Shareaza
"UDP Query User{E646ACBB-EFC4-4F8D-92DA-E8F4FC144749}C:\program files\shareaza applications\shareaza\shareaza.exe"= TCP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza|Desc=Shareaza
"TCP Query User{2E7918C1-0A2E-4EE2-8DC4-6FF26B85071B}C:\program files\shareaza\shareaza.exe"= UDP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing|Desc=Shareaza Ultimate File Sharing
"UDP Query User{3E693B3E-4C21-4711-924B-F817F6D891C9}C:\program files\shareaza\shareaza.exe"= TCP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing|Desc=Shareaza Ultimate File Sharing
"TCP Query User{DC92403E-D4CD-42C1-9232-5AD5988FBFDE}C:\program files\hp\hp software update\hpwucli.exe"= UDP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client|Desc=HP Software Update Client
"UDP Query User{0BBD0578-174C-408B-AAB5-895F6ADC03D2}C:\program files\hp\hp software update\hpwucli.exe"= TCP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client|Desc=HP Software Update Client
"{59568F2C-9105-4D4A-9332-E80D7E451585}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"= C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 14:52]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-04 12:13]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 04:27]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 10:29]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 14:43]
S3 NETw3v32;Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 09:02]
S3 NuVision;Hauppauge WinTV USB Pro (PAL I,D/K);C:\Windows\system32\DRIVERS\NUVision.sys [2005-07-08 20:40]
S3 VX6000;Microsoft LifeCam VX-6000;C:\Windows\system32\DRIVERS\VX6000Xp.sys [2006-12-19 09:29]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37111f01-9cd9-11dc-95c1-0016d4e95c4b}]
\shell\AutoRun\command - wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f9660e-be0b-11dc-815c-0016d4e95c4b}]
\shell\AutoRun\command - F:\AutoTransfer.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-27 11:23:30 C:\Windows\Tasks\User_Feed_Synchronization-{5D8B38A1-6B2B-4525-B28E-FDBC704D82C9}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 18:49:36
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
Temps d'accomplissement: 2008-02-27 18:50:44
ComboFix2.txt 2008-02-27 13:22:51
.
2008-02-27 08:42:23 --- E O F ---
Et voici le rapport de Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:21, on 27/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\vVX6000.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\progra~1\micros~3\office12\outlook.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [mpeg window] "C:\ProgramData\Third Body Body.l2hbnrg"
O4 - HKCU\..\Run: [1 mags 16 more] "C:\ProgramData\balm readme data.qa5py9"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubisoft\Rayman 3\Register\schedule.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcf_device - - C:\Windows\system32\lxcfcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Voici le nouveau Combofix; j'espère que je n'ais pas fais d'erreur!
ComboFix 08-02-25.3 - Audrey 2008-02-27 18:46:26.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.289 [GMT 0:00]
Endroit: C:\Users\Audrey\Desktop\ComboFix.exe
Command switches used :: C:\Users\Audrey\Documents\CFScript.txt
* Création d'un nouveau point de restauration
FILE ::
File:: C:\ProgramData\balm readme data.qa5py9 C:\ProgramData\Third Body Body.l2hbnrg Folder:: C:\Program Files\WinSpyKiller C:\Program Files\NetProject C:\Program Files\Macrogaming Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=- "{81705D67-3F73-4983-859B-97D0922E5ABE}"=- "{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}"=- [-HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SweetIM"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mpeg window"=- "1 mags 16 more"=-
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-27 to 2008-02-27 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 16:28 --------- d-----w C:\Users\Audrey\AppData\Roaming\OpenOffice.org2
2008-02-27 16:26 352,615 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-02-27 12:44 --------- d-----w C:\ProgramData\CheckPoint
2008-02-27 12:44 --------- d-----w C:\Program Files\Zone Labs
2008-02-27 09:16 691,545 ----a-w C:\Windows\unins000.exe
2008-02-27 09:16 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-02-27 09:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-26 19:03 --------- d-----w C:\ProgramData\Roxio
2008-02-26 18:58 --------- d-----w C:\Users\Audrey\AppData\Roaming\Roxio
2008-02-26 18:58 --------- d-----w C:\ProgramData\Sonic
2008-02-25 22:45 --------- d-----w C:\Program Files\WinSpyKiller
2008-02-25 21:48 --------- d-----w C:\ProgramData\Grisoft
2008-02-25 21:27 --------- d-----w C:\Program Files\Trend Micro
2008-02-25 21:04 --------- d-----w C:\Program Files\Unlocker
2008-02-25 18:58 --------- d-----w C:\Program Files\Alwil Software
2008-02-23 11:00 --------- d-----w C:\Program Files\PDFCreator
2008-02-23 10:59 253,116 ----a-w C:\Windows\PDFCreator_Toolbar_Uninstaller_485.exe
2008-02-23 10:59 --------- d-----w C:\Program Files\PDFCreator Toolbar
2008-02-21 18:55 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-21 15:23 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-21 12:26 --------- d-----w C:\Program Files\Microsoft Works
2008-02-21 12:25 --------- d-----w C:\Program Files\MSBuild
2008-02-21 12:22 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-21 12:16 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-02-17 15:40 --------- d-----w C:\Program Files\Odebit Multimédia
2008-02-15 12:12 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-15 12:12 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-15 12:04 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-15 12:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-15 12:04 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-15 12:04 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-15 12:04 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys
2008-02-15 12:04 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-15 12:04 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-15 12:04 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-15 12:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-15 12:04 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-15 12:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-15 12:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-15 12:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-15 12:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-15 12:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-15 12:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-15 12:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-15 12:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-15 12:03 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-15 11:59 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-15 11:59 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-15 11:59 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-15 11:59 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-15 11:57 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-08 22:54 --------- d-----w C:\Users\Audrey\AppData\Roaming\dvdcss
2008-02-06 12:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-05 19:06 97,216 ----a-w C:\Windows\system32\drivers\AnyDVD.sys
2008-01-23 10:38 276,368 ----a-w C:\Windows\system32\drivers\~GLH0014.TMP
2008-01-23 10:38 276,368 ------w C:\Windows\system32\drivers\vsdatant.sys
2008-01-23 10:37 54,672 ----a-w C:\Windows\System32\vsutil_loc040c.dll
2008-01-23 10:37 1,086,952 ----a-w C:\Windows\System32\zpeng24.dll
2008-01-13 09:15 --------- d-----w C:\Program Files\Windows Mail
2008-01-12 23:11 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-12 23:11 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-12 23:11 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-12 23:10 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-12 21:08 --------- d-----w C:\Program Files\Logitech
2008-01-12 21:08 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-12 21:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 18:22 --------- d-----w C:\Users\Audrey\AppData\Roaming\Shareaza
2008-01-09 18:22 --------- d-----w C:\Program Files\Shareaza
2008-01-09 18:17 --------- d-----w C:\Program Files\Shareaza Applications
2008-01-03 18:48 --------- d-----w C:\ProgramData\DVD Shrink
2007-12-28 20:43 --------- d-----w C:\Program Files\AviSynth 2.5
2007-12-28 20:42 --------- d-----w C:\Program Files\eRightSoft
2007-12-12 03:30 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 03:30 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 03:30 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-06 12:09 1,014,754 ----a-w C:\Windows\System32\Prison Break.scr
2007-12-04 13:04 837,496 ----a-w C:\Windows\System32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2007-11-18 20:50 250 ----a-w C:\Users\Audrey\AppData\Roaming\DelAll.bat
2007-10-14 11:20 262,144 ----a-w C:\ProgramData\ntuser.dat
2007-09-19 20:29 85,768 ----a-w C:\Users\Audrey\AppData\Roaming\GDIPFONTCACHEV1.DAT
2007-09-14 18:28 174 --sha-w C:\Program Files\desktop.ini
2007-10-16 13:10 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-16 13:10 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-16 13:10 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
{81705D67-3F73-4983-859B-97D0922E5ABE}
[HKEY_CLASSES_ROOT\clsid\{81705d67-3f73-4983-859b-97d0922e5abe}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 23:10 1232896]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2008-02-06 10:06 89024]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 15:15 221184]
"mpeg window"="C:\ProgramData\Third Body Body.l2hbnrg" [2007-10-01 18:49 176144]
"1 mags 16 more"="C:\ProgramData\balm readme data.qa5py9" [ ]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36 201728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-20 14:52 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 23:14 833072]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-06 09:02 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 09:05 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-06 09:02 81920]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 15:32 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 09:58 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 11:39 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 08:56 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 08:32 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"VX6000"="C:\Windows\vVX6000.exe" [2006-12-19 09:29 994072]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 15:48 275800]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2007-02-22 19:50 112216]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 10:27 136768]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-08-12 10:02 103712]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 17:19 15872]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-23 10:37 959976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-11-04 19:38:08 3450608]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe [2008-02-23 10:58:21 2641920]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B0043770-305B-4FA8-868E-E4576F3A5797}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{4F3925C3-2FFC-4F50-AFE7-067306899C64}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{E851503B-8A5A-4798-B497-6C8ED447E816}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{2E667C91-5FEE-44BA-B99D-1BFDF8309535}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{4987DFA9-C065-4205-B428-5E5BA66236C7}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{346880C1-D97C-4864-82B4-2F052C172850}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{8BE16641-D832-4190-83F6-71438711CEA2}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{6166B906-44C7-4E8D-B55F-07218A87E6C1}"= UDP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{DA9CE5F9-9085-4660-B3D5-512241908A41}"= TCP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"TCP Query User{11888435-E838-499E-AFF5-96EBF3DC64BB}C:\program files\microsoft lifecam\lifecam.exe"= UDP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe|Desc=LifeCam.exe
"UDP Query User{0B79FAB6-15F0-4AF6-998A-210AD0C501EA}C:\program files\microsoft lifecam\lifecam.exe"= TCP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe|Desc=LifeCam.exe
"{B3F00AC2-8186-4192-89E8-C7151DA033C5}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{2532ADAF-5BBE-498A-817F-77235A332A31}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{7E07C925-D97F-4D7B-B3BC-553F66F0BCDA}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{7524FF70-6357-4B69-A9C0-0AD025E8A725}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{0770F02F-D9D2-4F1C-B614-BF8544B6E7D0}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{906C8DAA-4CEB-4153-A1E4-5ED6268BBB7C}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{BEF186A6-6E96-47C3-813D-CB9CA119E316}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{1367D8F7-A711-4652-ABDA-332D8178CABD}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{B84B3FD0-AD01-48D5-BCAB-A5080B32A479}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"TCP Query User{EFCCFAD6-6438-40F3-80D6-1EE257DBFAFC}C:\program files\shareaza applications\shareaza\shareaza.exe"= UDP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza|Desc=Shareaza
"UDP Query User{E646ACBB-EFC4-4F8D-92DA-E8F4FC144749}C:\program files\shareaza applications\shareaza\shareaza.exe"= TCP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza|Desc=Shareaza
"TCP Query User{2E7918C1-0A2E-4EE2-8DC4-6FF26B85071B}C:\program files\shareaza\shareaza.exe"= UDP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing|Desc=Shareaza Ultimate File Sharing
"UDP Query User{3E693B3E-4C21-4711-924B-F817F6D891C9}C:\program files\shareaza\shareaza.exe"= TCP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing|Desc=Shareaza Ultimate File Sharing
"TCP Query User{DC92403E-D4CD-42C1-9232-5AD5988FBFDE}C:\program files\hp\hp software update\hpwucli.exe"= UDP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client|Desc=HP Software Update Client
"UDP Query User{0BBD0578-174C-408B-AAB5-895F6ADC03D2}C:\program files\hp\hp software update\hpwucli.exe"= TCP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client|Desc=HP Software Update Client
"{59568F2C-9105-4D4A-9332-E80D7E451585}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"= C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 14:52]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-04 12:13]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 04:27]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 10:29]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 14:43]
S3 NETw3v32;Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 09:02]
S3 NuVision;Hauppauge WinTV USB Pro (PAL I,D/K);C:\Windows\system32\DRIVERS\NUVision.sys [2005-07-08 20:40]
S3 VX6000;Microsoft LifeCam VX-6000;C:\Windows\system32\DRIVERS\VX6000Xp.sys [2006-12-19 09:29]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37111f01-9cd9-11dc-95c1-0016d4e95c4b}]
\shell\AutoRun\command - wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f9660e-be0b-11dc-815c-0016d4e95c4b}]
\shell\AutoRun\command - F:\AutoTransfer.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-27 11:23:30 C:\Windows\Tasks\User_Feed_Synchronization-{5D8B38A1-6B2B-4525-B28E-FDBC704D82C9}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 18:49:36
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
-> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
Temps d'accomplissement: 2008-02-27 18:50:44
ComboFix2.txt 2008-02-27 13:22:51
.
2008-02-27 08:42:23 --- E O F ---
Et voici le rapport de Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:21, on 27/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\vVX6000.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\progra~1\micros~3\office12\outlook.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Web Application - {81705D67-3F73-4983-859B-97D0922E5ABE} - C:\Program Files\NetProject\wamdl.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [mpeg window] "C:\ProgramData\Third Body Body.l2hbnrg"
O4 - HKCU\..\Run: [1 mags 16 more] "C:\ProgramData\balm readme data.qa5py9"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubisoft\Rayman 3\Register\schedule.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcf_device - - C:\Windows\system32\lxcfcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
27 févr. 2008 à 23:43
27 févr. 2008 à 23:43
Audrey,
Malheureusement tu as comis une erreure en injectant le script...
Telecharge le fichier en clickant sur l´adresse ci dessous (c´est le fichier CFScript.txt), dezip le et place le sur ton bureau a coté de l´icone de combofix.
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.rar
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
@+
Malheureusement tu as comis une erreure en injectant le script...
Telecharge le fichier en clickant sur l´adresse ci dessous (c´est le fichier CFScript.txt), dezip le et place le sur ton bureau a coté de l´icone de combofix.
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.rar
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
@+
Audrey45
Messages postés
18
Date d'inscription
mardi 26 février 2008
Statut
Membre
Dernière intervention
7 avril 2008
28 févr. 2008 à 11:38
28 févr. 2008 à 11:38
Bonjour,
Bon j'ai recommencé et cette fois-ci, Combofix a supprimé beaucoup plus de trucs!
Voici le rapport:
ComboFix 08-02-25.3 - Audrey 2008-02-28 10:12:54.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.291 [GMT 0:00]
Endroit: C:\Users\Audrey\Desktop\ComboFix.exe
Command switches used :: C:\Users\Audrey\Desktop\CFScript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\ProgramData\balm readme data.qa5py9
C:\ProgramData\Third Body Body.l2hbnrg
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Macrogaming
C:\Program Files\Macrogaming\SweetIM\conf\adapter.xml
C:\Program Files\Macrogaming\SweetIM\conf\autoupdate.xml
C:\Program Files\Macrogaming\SweetIM\conf\logger.xml
C:\Program Files\Macrogaming\SweetIM\conf\messages.xml
C:\Program Files\Macrogaming\SweetIM\conf\sweetim.xml
C:\Program Files\Macrogaming\SweetIM\conf\sweetimapp.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\main_user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\manu.pomme@wanadoo.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\manu.pomme@wanadoo.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u00100B3.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u00100B6.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u0010106.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u001084F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u001088D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u0010896.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u0010898.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u00108A7.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u00108A8.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u0020082.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u002008A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u0020096.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u002009E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u00200A4.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u002013F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u004002F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\cache_indx.dat
C:\Program Files\Macrogaming\SweetIM\default.xml
C:\Program Files\Macrogaming\SweetIM\mgAdaptersProxy.dll
C:\Program Files\Macrogaming\SweetIM\mgAIMAuto.dll
C:\Program Files\Macrogaming\SweetIM\mgAIMMessengerAdapter.dll
C:\Program Files\Macrogaming\SweetIM\mgArchive.dll
C:\Program Files\Macrogaming\SweetIM\mgcommon.dll
C:\Program Files\Macrogaming\SweetIM\mgcommunication.dll
C:\Program Files\Macrogaming\SweetIM\mgconfig.dll
C:\Program Files\Macrogaming\SweetIM\mgFlashPlayer.dll
C:\Program Files\Macrogaming\SweetIM\mghooking.dll
C:\Program Files\Macrogaming\SweetIM\mgIEPlayer.dll
C:\Program Files\Macrogaming\SweetIM\mglogger.dll
C:\Program Files\Macrogaming\SweetIM\mgMediaPlayer.dll
C:\Program Files\Macrogaming\SweetIM\mgMsnAuto.dll
C:\Program Files\Macrogaming\SweetIM\mgMsnMessengerAdapter.dll
C:\Program Files\Macrogaming\SweetIM\mgSweetIM.dll
C:\Program Files\Macrogaming\SweetIM\mgUpdateSupport.dll
C:\Program Files\Macrogaming\SweetIM\mgxml_wrapper.dll
C:\Program Files\Macrogaming\SweetIM\mgYahooAuto.dll
C:\Program Files\Macrogaming\SweetIM\mgYahooMessengerAdapter.dll
C:\Program Files\Macrogaming\SweetIM\msvcp71.dll
C:\Program Files\Macrogaming\SweetIM\msvcr71.dll
C:\Program Files\Macrogaming\SweetIM\resources\images\AudibleButton.png
C:\Program Files\Macrogaming\SweetIM\resources\images\DisplayPicturesButton.png
C:\Program Files\Macrogaming\SweetIM\resources\images\EmoticonButton.png
C:\Program Files\Macrogaming\SweetIM\resources\images\NudgeButton.png
C:\Program Files\Macrogaming\SweetIM\resources\images\SoundFxButton.png
C:\Program Files\Macrogaming\SweetIM\resources\images\WinksButton.png
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Macrogaming\SweetIMBarForIE\affid.dat
C:\Program Files\Macrogaming\SweetIMBarForIE\basis.xml
C:\Program Files\Macrogaming\SweetIMBarForIE\Bookmarks_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\Cache\cd2005c66fba47ff715ecc444d3bc1fb.xml
C:\Program Files\Macrogaming\SweetIMBarForIE\Email_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\Games_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\Greetingcards_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\Mobile_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\Music_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\News_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\Shoping_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\SmileySmile.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\SmileyWink.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\sweetimicons.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.crc
C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.xml
C:\Program Files\Macrogaming\SweetIMBarForIE\version.txt
C:\Program Files\WinSpyKiller
C:\Program Files\WinSpyKiller\Uninstall.exe
C:\Program Files\WinSpyKiller\WinSpyKiller.lic
C:\Program Files\WinSpyKiller\WinSpyKiller1.wk
C:\ProgramData\Third Body Body.l2hbnrg
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-28 to 2008-02-28 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 19:03 --------- d-----w C:\Users\Audrey\AppData\Roaming\OpenOffice.org2
2008-02-27 18:59 352,615 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-02-27 12:44 --------- d-----w C:\ProgramData\CheckPoint
2008-02-27 12:44 --------- d-----w C:\Program Files\Zone Labs
2008-02-27 09:16 691,545 ----a-w C:\Windows\unins000.exe
2008-02-27 09:16 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-02-27 09:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-26 19:03 --------- d-----w C:\ProgramData\Roxio
2008-02-26 18:58 --------- d-----w C:\Users\Audrey\AppData\Roaming\Roxio
2008-02-26 18:58 --------- d-----w C:\ProgramData\Sonic
2008-02-25 21:48 --------- d-----w C:\ProgramData\Grisoft
2008-02-25 21:27 --------- d-----w C:\Program Files\Trend Micro
2008-02-25 21:04 --------- d-----w C:\Program Files\Unlocker
2008-02-25 18:58 --------- d-----w C:\Program Files\Alwil Software
2008-02-23 11:00 --------- d-----w C:\Program Files\PDFCreator
2008-02-23 10:59 253,116 ----a-w C:\Windows\PDFCreator_Toolbar_Uninstaller_485.exe
2008-02-23 10:59 --------- d-----w C:\Program Files\PDFCreator Toolbar
2008-02-21 18:55 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-21 15:23 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-21 12:26 --------- d-----w C:\Program Files\Microsoft Works
2008-02-21 12:25 --------- d-----w C:\Program Files\MSBuild
2008-02-21 12:22 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-21 12:16 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-02-17 15:40 --------- d-----w C:\Program Files\Odebit Multimédia
2008-02-15 12:12 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-15 12:12 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-15 12:04 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-15 12:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-15 12:04 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-15 12:04 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-15 12:04 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys
2008-02-15 12:04 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-15 12:04 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-15 12:04 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-15 12:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-15 12:04 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-15 12:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-15 12:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-15 12:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-15 12:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-15 12:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-15 12:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-15 12:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-15 12:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-15 12:03 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-15 11:59 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-15 11:59 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-15 11:59 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-15 11:59 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-15 11:57 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-08 22:54 --------- d-----w C:\Users\Audrey\AppData\Roaming\dvdcss
2008-02-06 12:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-05 19:06 97,216 ----a-w C:\Windows\system32\drivers\AnyDVD.sys
2008-01-23 10:38 276,368 ----a-w C:\Windows\system32\drivers\~GLH0014.TMP
2008-01-23 10:38 276,368 ------w C:\Windows\system32\drivers\vsdatant.sys
2008-01-23 10:37 54,672 ----a-w C:\Windows\System32\vsutil_loc040c.dll
2008-01-23 10:37 1,086,952 ----a-w C:\Windows\System32\zpeng24.dll
2008-01-13 09:15 --------- d-----w C:\Program Files\Windows Mail
2008-01-12 23:11 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-12 23:11 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-12 23:11 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-12 23:10 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-12 21:08 --------- d-----w C:\Program Files\Logitech
2008-01-12 21:08 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-12 21:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 18:22 --------- d-----w C:\Users\Audrey\AppData\Roaming\Shareaza
2008-01-09 18:22 --------- d-----w C:\Program Files\Shareaza
2008-01-09 18:17 --------- d-----w C:\Program Files\Shareaza Applications
2008-01-03 18:48 --------- d-----w C:\ProgramData\DVD Shrink
2007-12-28 20:43 --------- d-----w C:\Program Files\AviSynth 2.5
2007-12-28 20:42 --------- d-----w C:\Program Files\eRightSoft
2007-12-12 03:30 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 03:30 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 03:30 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-06 12:09 1,014,754 ----a-w C:\Windows\System32\Prison Break.scr
2007-12-04 13:04 837,496 ----a-w C:\Windows\System32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2007-11-18 20:50 250 ----a-w C:\Users\Audrey\AppData\Roaming\DelAll.bat
2007-10-14 11:20 262,144 ----a-w C:\ProgramData\ntuser.dat
2007-09-19 20:29 85,768 ----a-w C:\Users\Audrey\AppData\Roaming\GDIPFONTCACHEV1.DAT
2007-09-14 18:28 174 --sha-w C:\Program Files\desktop.ini
2007-10-16 13:10 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-16 13:10 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-16 13:10 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 23:10 1232896]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2008-02-06 10:06 89024]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 15:15 221184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36 201728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-20 14:52 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 23:14 833072]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-06 09:02 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 09:05 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-06 09:02 81920]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 15:32 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 09:58 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 11:39 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 08:56 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 08:32 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"VX6000"="C:\Windows\vVX6000.exe" [2006-12-19 09:29 994072]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 15:48 275800]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2007-02-22 19:50 112216]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 10:27 136768]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 17:19 15872]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-23 10:37 959976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-11-04 19:38:08 3450608]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe [2008-02-23 10:58:21 2641920]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B0043770-305B-4FA8-868E-E4576F3A5797}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{4F3925C3-2FFC-4F50-AFE7-067306899C64}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{E851503B-8A5A-4798-B497-6C8ED447E816}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{2E667C91-5FEE-44BA-B99D-1BFDF8309535}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{4987DFA9-C065-4205-B428-5E5BA66236C7}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{346880C1-D97C-4864-82B4-2F052C172850}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{8BE16641-D832-4190-83F6-71438711CEA2}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{6166B906-44C7-4E8D-B55F-07218A87E6C1}"= UDP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{DA9CE5F9-9085-4660-B3D5-512241908A41}"= TCP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"TCP Query User{11888435-E838-499E-AFF5-96EBF3DC64BB}C:\program files\microsoft lifecam\lifecam.exe"= UDP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe|Desc=LifeCam.exe
"UDP Query User{0B79FAB6-15F0-4AF6-998A-210AD0C501EA}C:\program files\microsoft lifecam\lifecam.exe"= TCP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe|Desc=LifeCam.exe
"{B3F00AC2-8186-4192-89E8-C7151DA033C5}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{2532ADAF-5BBE-498A-817F-77235A332A31}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{7E07C925-D97F-4D7B-B3BC-553F66F0BCDA}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{7524FF70-6357-4B69-A9C0-0AD025E8A725}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{0770F02F-D9D2-4F1C-B614-BF8544B6E7D0}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{906C8DAA-4CEB-4153-A1E4-5ED6268BBB7C}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{BEF186A6-6E96-47C3-813D-CB9CA119E316}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{1367D8F7-A711-4652-ABDA-332D8178CABD}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{B84B3FD0-AD01-48D5-BCAB-A5080B32A479}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"TCP Query User{EFCCFAD6-6438-40F3-80D6-1EE257DBFAFC}C:\program files\shareaza applications\shareaza\shareaza.exe"= UDP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza|Desc=Shareaza
"UDP Query User{E646ACBB-EFC4-4F8D-92DA-E8F4FC144749}C:\program files\shareaza applications\shareaza\shareaza.exe"= TCP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza|Desc=Shareaza
"TCP Query User{2E7918C1-0A2E-4EE2-8DC4-6FF26B85071B}C:\program files\shareaza\shareaza.exe"= UDP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing|Desc=Shareaza Ultimate File Sharing
"UDP Query User{3E693B3E-4C21-4711-924B-F817F6D891C9}C:\program files\shareaza\shareaza.exe"= TCP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing|Desc=Shareaza Ultimate File Sharing
"TCP Query User{DC92403E-D4CD-42C1-9232-5AD5988FBFDE}C:\program files\hp\hp software update\hpwucli.exe"= UDP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client|Desc=HP Software Update Client
"UDP Query User{0BBD0578-174C-408B-AAB5-895F6ADC03D2}C:\program files\hp\hp software update\hpwucli.exe"= TCP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client|Desc=HP Software Update Client
"{59568F2C-9105-4D4A-9332-E80D7E451585}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"= C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 14:52]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-04 12:13]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 04:27]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 10:29]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 14:43]
S3 NETw3v32;Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 09:02]
S3 NuVision;Hauppauge WinTV USB Pro (PAL I,D/K);C:\Windows\system32\DRIVERS\NUVision.sys [2005-07-08 20:40]
S3 VX6000;Microsoft LifeCam VX-6000;C:\Windows\system32\DRIVERS\VX6000Xp.sys [2006-12-19 09:29]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37111f01-9cd9-11dc-95c1-0016d4e95c4b}]
\shell\AutoRun\command - wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f9660e-be0b-11dc-815c-0016d4e95c4b}]
\shell\AutoRun\command - F:\AutoTransfer.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-27 11:23:30 C:\Windows\Tasks\User_Feed_Synchronization-{5D8B38A1-6B2B-4525-B28E-FDBC704D82C9}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-28 10:16:45
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-28 10:17:55
ComboFix-quarantined-files.txt 2008-02-28 10:17:52
ComboFix2.txt 2008-02-27 18:50:45
ComboFix3.txt 2008-02-27 13:22:51
.
2008-02-27 08:42:23 --- E O F ---
Et le rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:54, on 28/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\vVX6000.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubisoft\Rayman 3\Register\schedule.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcf_device - - C:\Windows\system32\lxcfcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Bon j'ai recommencé et cette fois-ci, Combofix a supprimé beaucoup plus de trucs!
Voici le rapport:
ComboFix 08-02-25.3 - Audrey 2008-02-28 10:12:54.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.291 [GMT 0:00]
Endroit: C:\Users\Audrey\Desktop\ComboFix.exe
Command switches used :: C:\Users\Audrey\Desktop\CFScript.txt
* Création d'un nouveau point de restauration
FILE ::
C:\ProgramData\balm readme data.qa5py9
C:\ProgramData\Third Body Body.l2hbnrg
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Macrogaming
C:\Program Files\Macrogaming\SweetIM\conf\adapter.xml
C:\Program Files\Macrogaming\SweetIM\conf\autoupdate.xml
C:\Program Files\Macrogaming\SweetIM\conf\logger.xml
C:\Program Files\Macrogaming\SweetIM\conf\messages.xml
C:\Program Files\Macrogaming\SweetIM\conf\sweetim.xml
C:\Program Files\Macrogaming\SweetIM\conf\sweetimapp.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\main_user_config.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\manu.pomme@wanadoo.fr\emoticons_shortcut.xml
C:\Program Files\Macrogaming\SweetIM\conf\users\manu.pomme@wanadoo.fr\user_config.xml
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u00100B3.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u00100B6.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u0010106.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u001084F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u001088D.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u0010896.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u0010898.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u00108A7.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u00108A8.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u0020082.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u002008A.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u0020096.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u002009E.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u00200A4.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u002013F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\[u]0/u004002F.dat
C:\Program Files\Macrogaming\SweetIM\data\contentdb\cache_indx.dat
C:\Program Files\Macrogaming\SweetIM\default.xml
C:\Program Files\Macrogaming\SweetIM\mgAdaptersProxy.dll
C:\Program Files\Macrogaming\SweetIM\mgAIMAuto.dll
C:\Program Files\Macrogaming\SweetIM\mgAIMMessengerAdapter.dll
C:\Program Files\Macrogaming\SweetIM\mgArchive.dll
C:\Program Files\Macrogaming\SweetIM\mgcommon.dll
C:\Program Files\Macrogaming\SweetIM\mgcommunication.dll
C:\Program Files\Macrogaming\SweetIM\mgconfig.dll
C:\Program Files\Macrogaming\SweetIM\mgFlashPlayer.dll
C:\Program Files\Macrogaming\SweetIM\mghooking.dll
C:\Program Files\Macrogaming\SweetIM\mgIEPlayer.dll
C:\Program Files\Macrogaming\SweetIM\mglogger.dll
C:\Program Files\Macrogaming\SweetIM\mgMediaPlayer.dll
C:\Program Files\Macrogaming\SweetIM\mgMsnAuto.dll
C:\Program Files\Macrogaming\SweetIM\mgMsnMessengerAdapter.dll
C:\Program Files\Macrogaming\SweetIM\mgSweetIM.dll
C:\Program Files\Macrogaming\SweetIM\mgUpdateSupport.dll
C:\Program Files\Macrogaming\SweetIM\mgxml_wrapper.dll
C:\Program Files\Macrogaming\SweetIM\mgYahooAuto.dll
C:\Program Files\Macrogaming\SweetIM\mgYahooMessengerAdapter.dll
C:\Program Files\Macrogaming\SweetIM\msvcp71.dll
C:\Program Files\Macrogaming\SweetIM\msvcr71.dll
C:\Program Files\Macrogaming\SweetIM\resources\images\AudibleButton.png
C:\Program Files\Macrogaming\SweetIM\resources\images\DisplayPicturesButton.png
C:\Program Files\Macrogaming\SweetIM\resources\images\EmoticonButton.png
C:\Program Files\Macrogaming\SweetIM\resources\images\NudgeButton.png
C:\Program Files\Macrogaming\SweetIM\resources\images\SoundFxButton.png
C:\Program Files\Macrogaming\SweetIM\resources\images\WinksButton.png
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Macrogaming\SweetIMBarForIE\affid.dat
C:\Program Files\Macrogaming\SweetIMBarForIE\basis.xml
C:\Program Files\Macrogaming\SweetIMBarForIE\Bookmarks_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\Cache\cd2005c66fba47ff715ecc444d3bc1fb.xml
C:\Program Files\Macrogaming\SweetIMBarForIE\Email_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\Games_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\Greetingcards_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\Mobile_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\Music_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\News_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\Shoping_23x18.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\SmileySmile.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\SmileyWink.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\sweetimicons.bmp
C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.crc
C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.xml
C:\Program Files\Macrogaming\SweetIMBarForIE\version.txt
C:\Program Files\WinSpyKiller
C:\Program Files\WinSpyKiller\Uninstall.exe
C:\Program Files\WinSpyKiller\WinSpyKiller.lic
C:\Program Files\WinSpyKiller\WinSpyKiller1.wk
C:\ProgramData\Third Body Body.l2hbnrg
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-28 to 2008-02-28 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 19:03 --------- d-----w C:\Users\Audrey\AppData\Roaming\OpenOffice.org2
2008-02-27 18:59 352,615 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-02-27 12:44 --------- d-----w C:\ProgramData\CheckPoint
2008-02-27 12:44 --------- d-----w C:\Program Files\Zone Labs
2008-02-27 09:16 691,545 ----a-w C:\Windows\unins000.exe
2008-02-27 09:16 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-02-27 09:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-26 19:03 --------- d-----w C:\ProgramData\Roxio
2008-02-26 18:58 --------- d-----w C:\Users\Audrey\AppData\Roaming\Roxio
2008-02-26 18:58 --------- d-----w C:\ProgramData\Sonic
2008-02-25 21:48 --------- d-----w C:\ProgramData\Grisoft
2008-02-25 21:27 --------- d-----w C:\Program Files\Trend Micro
2008-02-25 21:04 --------- d-----w C:\Program Files\Unlocker
2008-02-25 18:58 --------- d-----w C:\Program Files\Alwil Software
2008-02-23 11:00 --------- d-----w C:\Program Files\PDFCreator
2008-02-23 10:59 253,116 ----a-w C:\Windows\PDFCreator_Toolbar_Uninstaller_485.exe
2008-02-23 10:59 --------- d-----w C:\Program Files\PDFCreator Toolbar
2008-02-21 18:55 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-21 15:23 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-21 12:26 --------- d-----w C:\Program Files\Microsoft Works
2008-02-21 12:25 --------- d-----w C:\Program Files\MSBuild
2008-02-21 12:22 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-21 12:16 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-02-17 15:40 --------- d-----w C:\Program Files\Odebit Multimédia
2008-02-15 12:12 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-15 12:12 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-15 12:04 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-15 12:04 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-15 12:04 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-15 12:04 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-15 12:04 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys
2008-02-15 12:04 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-15 12:04 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-15 12:04 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-15 12:04 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-15 12:04 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-15 12:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-15 12:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-15 12:04 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-15 12:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-15 12:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-15 12:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-15 12:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-15 12:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-15 12:03 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-15 11:59 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-15 11:59 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-15 11:59 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-15 11:59 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-15 11:57 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-08 22:54 --------- d-----w C:\Users\Audrey\AppData\Roaming\dvdcss
2008-02-06 12:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-05 19:06 97,216 ----a-w C:\Windows\system32\drivers\AnyDVD.sys
2008-01-23 10:38 276,368 ----a-w C:\Windows\system32\drivers\~GLH0014.TMP
2008-01-23 10:38 276,368 ------w C:\Windows\system32\drivers\vsdatant.sys
2008-01-23 10:37 54,672 ----a-w C:\Windows\System32\vsutil_loc040c.dll
2008-01-23 10:37 1,086,952 ----a-w C:\Windows\System32\zpeng24.dll
2008-01-13 09:15 --------- d-----w C:\Program Files\Windows Mail
2008-01-12 23:11 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-12 23:11 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-12 23:11 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-12 23:10 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-12 21:08 --------- d-----w C:\Program Files\Logitech
2008-01-12 21:08 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-12 21:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-09 18:22 --------- d-----w C:\Users\Audrey\AppData\Roaming\Shareaza
2008-01-09 18:22 --------- d-----w C:\Program Files\Shareaza
2008-01-09 18:17 --------- d-----w C:\Program Files\Shareaza Applications
2008-01-03 18:48 --------- d-----w C:\ProgramData\DVD Shrink
2007-12-28 20:43 --------- d-----w C:\Program Files\AviSynth 2.5
2007-12-28 20:42 --------- d-----w C:\Program Files\eRightSoft
2007-12-12 03:30 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 03:30 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 03:30 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-06 12:09 1,014,754 ----a-w C:\Windows\System32\Prison Break.scr
2007-12-04 13:04 837,496 ----a-w C:\Windows\System32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\Windows\System32\AvastSS.scr
2007-11-18 20:50 250 ----a-w C:\Users\Audrey\AppData\Roaming\DelAll.bat
2007-10-14 11:20 262,144 ----a-w C:\ProgramData\ntuser.dat
2007-09-19 20:29 85,768 ----a-w C:\Users\Audrey\AppData\Roaming\GDIPFONTCACHEV1.DAT
2007-09-14 18:28 174 --sha-w C:\Program Files\desktop.ini
2007-10-16 13:10 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-16 13:10 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-16 13:10 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-12 23:10 1232896]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2008-02-06 10:06 89024]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 15:15 221184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 12:36 201728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-08-20 14:52 1006264]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 23:14 833072]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-11-06 09:02 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-11-06 09:05 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-11-06 09:02 81920]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 15:32 167936]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 09:58 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 11:39 46704]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 08:56 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 08:32 472800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"VX6000"="C:\Windows\vVX6000.exe" [2006-12-19 09:29 994072]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 15:48 275800]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2007-02-22 19:50 112216]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 10:27 136768]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24 286720]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 13:00 79224]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 17:19 15872]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 09:25 6731312]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-01-23 10:37 959976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
C:\Users\Audrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-11-04 19:38:08 3450608]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
PDFCreator.lnk - C:\Program Files\PDFCreator\PDFCreator.exe [2008-02-23 10:58:21 2641920]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B0043770-305B-4FA8-868E-E4576F3A5797}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{4F3925C3-2FFC-4F50-AFE7-067306899C64}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{E851503B-8A5A-4798-B497-6C8ED447E816}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{2E667C91-5FEE-44BA-B99D-1BFDF8309535}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{4987DFA9-C065-4205-B428-5E5BA66236C7}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{346880C1-D97C-4864-82B4-2F052C172850}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{8BE16641-D832-4190-83F6-71438711CEA2}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{6166B906-44C7-4E8D-B55F-07218A87E6C1}"= UDP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"{DA9CE5F9-9085-4660-B3D5-512241908A41}"= TCP:C:\Program Files\McAfee\Common Framework\FrameworkService.exe:McAfee Framework Service
"TCP Query User{11888435-E838-499E-AFF5-96EBF3DC64BB}C:\program files\microsoft lifecam\lifecam.exe"= UDP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe|Desc=LifeCam.exe
"UDP Query User{0B79FAB6-15F0-4AF6-998A-210AD0C501EA}C:\program files\microsoft lifecam\lifecam.exe"= TCP:C:\program files\microsoft lifecam\lifecam.exe:LifeCam.exe|Desc=LifeCam.exe
"{B3F00AC2-8186-4192-89E8-C7151DA033C5}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{2532ADAF-5BBE-498A-817F-77235A332A31}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{7E07C925-D97F-4D7B-B3BC-553F66F0BCDA}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{7524FF70-6357-4B69-A9C0-0AD025E8A725}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{0770F02F-D9D2-4F1C-B614-BF8544B6E7D0}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{906C8DAA-4CEB-4153-A1E4-5ED6268BBB7C}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{BEF186A6-6E96-47C3-813D-CB9CA119E316}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{1367D8F7-A711-4652-ABDA-332D8178CABD}"= UDP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"{B84B3FD0-AD01-48D5-BCAB-A5080B32A479}"= TCP:C:\Program Files\Shareaza\Shareaza.exe:Shareaza
"TCP Query User{EFCCFAD6-6438-40F3-80D6-1EE257DBFAFC}C:\program files\shareaza applications\shareaza\shareaza.exe"= UDP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza|Desc=Shareaza
"UDP Query User{E646ACBB-EFC4-4F8D-92DA-E8F4FC144749}C:\program files\shareaza applications\shareaza\shareaza.exe"= TCP:C:\program files\shareaza applications\shareaza\shareaza.exe:Shareaza|Desc=Shareaza
"TCP Query User{2E7918C1-0A2E-4EE2-8DC4-6FF26B85071B}C:\program files\shareaza\shareaza.exe"= UDP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing|Desc=Shareaza Ultimate File Sharing
"UDP Query User{3E693B3E-4C21-4711-924B-F817F6D891C9}C:\program files\shareaza\shareaza.exe"= TCP:C:\program files\shareaza\shareaza.exe:Shareaza Ultimate File Sharing|Desc=Shareaza Ultimate File Sharing
"TCP Query User{DC92403E-D4CD-42C1-9232-5AD5988FBFDE}C:\program files\hp\hp software update\hpwucli.exe"= UDP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client|Desc=HP Software Update Client
"UDP Query User{0BBD0578-174C-408B-AAB5-895F6ADC03D2}C:\program files\hp\hp software update\hpwucli.exe"= TCP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client|Desc=HP Software Update Client
"{59568F2C-9105-4D4A-9332-E80D7E451585}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe"= C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2007-12-04 14:52]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-04 12:13]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 04:27]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-11-06 10:29]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-01-03 14:43]
S3 NETw3v32;Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 09:02]
S3 NuVision;Hauppauge WinTV USB Pro (PAL I,D/K);C:\Windows\system32\DRIVERS\NUVision.sys [2005-07-08 20:40]
S3 VX6000;Microsoft LifeCam VX-6000;C:\Windows\system32\DRIVERS\VX6000Xp.sys [2006-12-19 09:29]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{37111f01-9cd9-11dc-95c1-0016d4e95c4b}]
\shell\AutoRun\command - wd_windows_tools\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f9660e-be0b-11dc-815c-0016d4e95c4b}]
\shell\AutoRun\command - F:\AutoTransfer.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-27 11:23:30 C:\Windows\Tasks\User_Feed_Synchronization-{5D8B38A1-6B2B-4525-B28E-FDBC704D82C9}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-28 10:16:45
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-02-28 10:17:55
ComboFix-quarantined-files.txt 2008-02-28 10:17:52
ComboFix2.txt 2008-02-27 18:50:45
ComboFix3.txt 2008-02-27 13:22:51
.
2008-02-27 08:42:23 --- E O F ---
Et le rapport Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:54, on 28/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\vVX6000.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubisoft\Rayman 3\Register\schedule.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: lxcf_device - - C:\Windows\system32\lxcfcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
28 févr. 2008 à 14:02
28 févr. 2008 à 14:02
Bonjour audrey,
Oui la c´est mieux ;-)
Supprime ceci si present :
C:\ProgramData\balm readme data.qa5py9
Pour cela affiche les dossiers et fichiers cachés comme ceci :
https://www.micro-astuce.com/Forum/afficher-les-fichiers-caches-t1607.html
Puis
Desinstales avast ! Tu as deja mc Afee !!! deux anti virus = conflit et risque d´annuler l´effet des deux...
A l´aide de hijack this coche et fix les lignes ci dessous:
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
comment fixer :
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
Voila`
@+
Oui la c´est mieux ;-)
Supprime ceci si present :
C:\ProgramData\balm readme data.qa5py9
Pour cela affiche les dossiers et fichiers cachés comme ceci :
https://www.micro-astuce.com/Forum/afficher-les-fichiers-caches-t1607.html
Puis
Desinstales avast ! Tu as deja mc Afee !!! deux anti virus = conflit et risque d´annuler l´effet des deux...
A l´aide de hijack this coche et fix les lignes ci dessous:
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
comment fixer :
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
Voila`
@+
Audrey45
Messages postés
18
Date d'inscription
mardi 26 février 2008
Statut
Membre
Dernière intervention
7 avril 2008
28 févr. 2008 à 19:59
28 févr. 2008 à 19:59
Bonsoir,
Je n'ai pas trouvé le fichier suivant: C:\ProgramData\balm readme data.qa5py9 : donc, je n'ai pas pu le supprimer.
J'ai pourtant suivi les indications mais il n'y a rien qui correspond à ce fichier dans ProgramData...
Par contre, j'ai désinstallé Avast et j'ai 'fixé' les 5 problèmes avec Hijackthis.
Voici le nouveau rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:44, on 28/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\vVX6000.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\progra~1\micros~3\office12\outlook.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubisoft\Rayman 3\Register\schedule.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: lxcf_device - - C:\Windows\system32\lxcfcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Je n'ai pas trouvé le fichier suivant: C:\ProgramData\balm readme data.qa5py9 : donc, je n'ai pas pu le supprimer.
J'ai pourtant suivi les indications mais il n'y a rien qui correspond à ce fichier dans ProgramData...
Par contre, j'ai désinstallé Avast et j'ai 'fixé' les 5 problèmes avec Hijackthis.
Voici le nouveau rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:44, on 28/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\vVX6000.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\progra~1\micros~3\office12\outlook.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubisoft\Rayman 3\Register\schedule.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: lxcf_device - - C:\Windows\system32\lxcfcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
28 févr. 2008 à 22:53
28 févr. 2008 à 22:53
Audrey
Pour le fichier que je t´ai demandé de chercher c´est pour voir si il existait encore > tant mieux si tu ne le trouve pas!
Sinon coche et fix encore ces deux lignes :
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
puis passe un coup de ccleaner :
Ccleaner:
-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):
http://www.commentcamarche.net/telecharger/telechargement 168 ccleaner
-> L´installer.
-> Une fois installé et lancé :
Dans la colonne de gauche, click sur :
->"erreurs" :
Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.
ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.
->"nettoyeur"
quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.
-> Tutoriel en image :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
-> Pour ceux qui voudraient aller plus loin en compagnie de jesses (fonctions avancés) :
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
Et puis ca serait bien que tu fasse ce scan en ligne également :
https://www.micro-astuce.com/securite/NanoScan-Panda.php
Post le rapport obtenu ici
@+
Pour le fichier que je t´ai demandé de chercher c´est pour voir si il existait encore > tant mieux si tu ne le trouve pas!
Sinon coche et fix encore ces deux lignes :
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
puis passe un coup de ccleaner :
Ccleaner:
-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):
http://www.commentcamarche.net/telecharger/telechargement 168 ccleaner
-> L´installer.
-> Une fois installé et lancé :
Dans la colonne de gauche, click sur :
->"erreurs" :
Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.
ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.
->"nettoyeur"
quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.
-> Tutoriel en image :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
-> Pour ceux qui voudraient aller plus loin en compagnie de jesses (fonctions avancés) :
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
Et puis ca serait bien que tu fasse ce scan en ligne également :
https://www.micro-astuce.com/securite/NanoScan-Panda.php
Post le rapport obtenu ici
@+
Audrey45
Messages postés
18
Date d'inscription
mardi 26 février 2008
Statut
Membre
Dernière intervention
7 avril 2008
29 févr. 2008 à 11:06
29 févr. 2008 à 11:06
Bonjour,
Voici le nouveau Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:57:47, on 29/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\vVX6000.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\System32\mobsync.exe
C:\progra~1\micros~3\office12\outlook.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\DllHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubisoft\Rayman 3\Register\schedule.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: lxcf_device - - C:\Windows\system32\lxcfcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Voici le nouveau Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:57:47, on 29/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\vVX6000.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\System32\mobsync.exe
C:\progra~1\micros~3\office12\outlook.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\DllHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubisoft\Rayman 3\Register\schedule.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: lxcf_device - - C:\Windows\system32\lxcfcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
29 févr. 2008 à 13:21
29 févr. 2008 à 13:21
Salut audrey,
Je pensse que c´est tres bien tout ca...
panda total scan a trouvé l´un des composant de combofix...
coche et fix ceci : c´est les activ x de panda :
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
puis il y a un bout de norton qui m´avais echapé...
fais ceci :
fais apparaitre la case executer :
http://www.libellules.ch/dotclear/index.php?2007/02/09/1685-afficher-le-menu-executer-sous-vista
puis dans la boite de dialogue tape ceci : cmd et valide par ok
dans la fenetre noir tape ceci avec les espaces et les guillemets :
sc delete "Symantec Lic NetConnect service" valide par enter
voila
@+
Je pensse que c´est tres bien tout ca...
panda total scan a trouvé l´un des composant de combofix...
coche et fix ceci : c´est les activ x de panda :
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
puis il y a un bout de norton qui m´avais echapé...
fais ceci :
fais apparaitre la case executer :
http://www.libellules.ch/dotclear/index.php?2007/02/09/1685-afficher-le-menu-executer-sous-vista
puis dans la boite de dialogue tape ceci : cmd et valide par ok
dans la fenetre noir tape ceci avec les espaces et les guillemets :
sc delete "Symantec Lic NetConnect service" valide par enter
voila
@+
Audrey45
Messages postés
18
Date d'inscription
mardi 26 février 2008
Statut
Membre
Dernière intervention
7 avril 2008
29 févr. 2008 à 16:58
29 févr. 2008 à 16:58
Salut,
J'ai réussi à faire tout ce que tu m'as demandé sauf la dernière chose concernant Symantec. L'ordi n'arrive pas à me supprimer ce que tu me demandes: il dit que 'le service spécifié n'existe pas en tant que service installé'.
Alors, j'ai trouvé tous les dossiers qui concernent Symantec (y compris les dossiers et fichiers cachés) et j'ai tout supprimé manuellement... j'espère avoir bien fais!
Voici le nouveau Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:58:09, on 29/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\vVX6000.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\progra~1\micros~3\office12\outlook.exe
C:\PROGRA~1\MICROS~3\Office12\WINWORD.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubisoft\Rayman 3\Register\schedule.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: lxcf_device - - C:\Windows\system32\lxcfcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
J'ai réussi à faire tout ce que tu m'as demandé sauf la dernière chose concernant Symantec. L'ordi n'arrive pas à me supprimer ce que tu me demandes: il dit que 'le service spécifié n'existe pas en tant que service installé'.
Alors, j'ai trouvé tous les dossiers qui concernent Symantec (y compris les dossiers et fichiers cachés) et j'ai tout supprimé manuellement... j'espère avoir bien fais!
Voici le nouveau Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:58:09, on 29/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\vVX6000.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\progra~1\micros~3\office12\outlook.exe
C:\PROGRA~1\MICROS~3\Office12\WINWORD.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubisoft\Rayman 3\Register\schedule.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: lxcf_device - - C:\Windows\system32\lxcfcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
29 févr. 2008 à 18:34
29 févr. 2008 à 18:34
Re,
oui tu as bien fais pour les dossier norton, mais le service est toujours la :
essaie comme ca :
sc delete "CLTNetCnService" valide par enter
avec ou sans les guillemets
dis moi quoi
@+
oui tu as bien fais pour les dossier norton, mais le service est toujours la :
essaie comme ca :
sc delete "CLTNetCnService" valide par enter
avec ou sans les guillemets
dis moi quoi
@+
Audrey45
Messages postés
18
Date d'inscription
mardi 26 février 2008
Statut
Membre
Dernière intervention
7 avril 2008
1 mars 2008 à 10:51
1 mars 2008 à 10:51
Bonjour,
J'ai tenté de supprimer le service symantec mais sans succès avec ou sans guillemets. J'ai essayé en mode sans échec de supprimer des dossiers et des fichiers Symantec mais certains restent et d'autres se retrouvent dans la corbeille et reviennent automatiquement à leur place... Et Hijackthis repère toujours le service Symantec.
J'ai par ailleurs un soucis: c'est que l'ordinateur quelques fois depuis environ 3 jours se redémarre sans prévenir en affichant un message d'erreur système de la part de Windows (écran bleu central sur fond noir).
Se pourrait-il que certains programmes soient en conflit ou autre chose?
Merci, à+
J'ai tenté de supprimer le service symantec mais sans succès avec ou sans guillemets. J'ai essayé en mode sans échec de supprimer des dossiers et des fichiers Symantec mais certains restent et d'autres se retrouvent dans la corbeille et reviennent automatiquement à leur place... Et Hijackthis repère toujours le service Symantec.
J'ai par ailleurs un soucis: c'est que l'ordinateur quelques fois depuis environ 3 jours se redémarre sans prévenir en affichant un message d'erreur système de la part de Windows (écran bleu central sur fond noir).
Se pourrait-il que certains programmes soient en conflit ou autre chose?
Merci, à+
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
1 mars 2008 à 17:35
1 mars 2008 à 17:35
Salut audrey,
essaie de passer ceci:
Desinstalleur Norton:
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
dis moi quoi
@+
essaie de passer ceci:
Desinstalleur Norton:
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
dis moi quoi
@+
Audrey45
Messages postés
18
Date d'inscription
mardi 26 février 2008
Statut
Membre
Dernière intervention
7 avril 2008
1 mars 2008 à 19:08
1 mars 2008 à 19:08
Salut,
Je pense que cette fois-ci c'est la bonne: ça a marché!
Voici le nouveau Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:10, on 01/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\vVX6000.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubisoft\Rayman 3\Register\schedule.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: lxcf_device - - C:\Windows\system32\lxcfcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
Je pense que cette fois-ci c'est la bonne: ça a marché!
Voici le nouveau Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:10, on 01/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\vVX6000.exe
C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/ymj/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [VX6000] C:\Windows\vVX6000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubisoft\Rayman 3\Register\schedule.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (file missing)
O23 - Service: lxcf_device - - C:\Windows\system32\lxcfcoms.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
1 mars 2008 à 19:13
1 mars 2008 à 19:13
audrey45,
ca me parait ok maintenant ;-)
un petit nettoyage de registre pour terminer :
telecharge et instal regcleaner:
http://www.01net.com/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/4894.html
tutorial :
http://www.softastuces.com/tuto/maint/regcleaner/
dis moi comment ca va de ton coté?
@+
ca me parait ok maintenant ;-)
un petit nettoyage de registre pour terminer :
telecharge et instal regcleaner:
http://www.01net.com/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/4894.html
tutorial :
http://www.softastuces.com/tuto/maint/regcleaner/
dis moi comment ca va de ton coté?
@+
Audrey45
Messages postés
18
Date d'inscription
mardi 26 février 2008
Statut
Membre
Dernière intervention
7 avril 2008
1 mars 2008 à 20:20
1 mars 2008 à 20:20
Voilà, j'ai passé Regcleaner. J'ai conservé certaines choses puisque je ne savais pas si c'était dangereux ou pas (notamment tout ce qui portait le nom de 'Microsoft').
Sinon, pour le problème d'erreur système de Windows, j'ai ouvert le gestionnaire de périphériques et apparemment il y a un problème avec la carte réseau 6T04 quelque chose mais paraît-il que c'est normal (comme indiqué dans le site de Microsoft) donc j'ai désactivé ce truc et rien n'a changé dans ma connexion ou mon réseau.
En plus, j'ai mis à jour le pilote de mon Chipset Graphic Intel(R) 945 et depuis, l'ordi ne m'a pas refait le coup de l'erreur système... à voir!
En tout cas, merci beaucoup!
Sinon, pour le problème d'erreur système de Windows, j'ai ouvert le gestionnaire de périphériques et apparemment il y a un problème avec la carte réseau 6T04 quelque chose mais paraît-il que c'est normal (comme indiqué dans le site de Microsoft) donc j'ai désactivé ce truc et rien n'a changé dans ma connexion ou mon réseau.
En plus, j'ai mis à jour le pilote de mon Chipset Graphic Intel(R) 945 et depuis, l'ordi ne m'a pas refait le coup de l'erreur système... à voir!
En tout cas, merci beaucoup!
