Sujet Précédent Sujet Suivant

ORDIN INFECTE WIN 32 ET autres

RICONET Messages postés 125 Statut Membre -  
RICONET Messages postés 125 Statut Membre -
Bonjour,
Je me rends compte que je suis infecté par le virus WIN 32 et ses avatares. J'ai utlisé mon antivirus NOD 32, qui me protégeais bien jusqu'alors mais je n'ai sans doute pas été vigilant sur mes téléchargements...bref.
Depuis j'ai le Centre de sécurité Windows qui me dis que la mise à jour est désactivé, hors dans mon panneau de configuration, tout est activé.
J'ai également le message :" Erreur de chargement de C:\windows\system32\odnpqqkp.dll
Le module est introuvable "

Je viens de recevoir le message d'alerte "message d'avertissement de http:::bestantivirusscanner.com " et ont me demande de télécharger l'antivirus.

Mon antivirus viens de sactiver pour : http:incrates.com:iCash.exe

Peut-on m'aider?
Merçi
A voir également:

24 réponses

Précédent
  • 1
  • 2
Réponse 21 / 24
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
bon ok si sa revient alors c'est que findykill ne suffit pas

telecharge combofix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

installe la console de recuperation puis ensuite redemarre en mode sans echec comme expliqué par genproc et lance l'application puis tu ne touche + a rien meme pas à la souris sous peine de figer le PC.

puis redemarre en mode normal et poste le rapport de combofix qui ce trouve dans C/combofix.txt

et relance findykill choisit option 1 et poste le rapport
0
Réponse 22 / 24
RICONET Messages postés 125 Statut Membre
 
Je me trompe peut-être mais ça ma l'air d'être bon. Voilà les rapport.

ComboFix 09-01-13.03 - FAMILLE 2009-01-13 21:19:14.1 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1024.803 [GMT 1:00]
Lancé depuis: c:\documents and settings\FAMILLE\Bureau\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Outdated)

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\Internet Explorer\2.exe
c:\windows\system32\10306.dll
c:\windows\system32\27601.dll
c:\windows\system32\9052.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\ipypwgfu.ini
c:\windows\system32\pkqqpndo.ini
c:\windows\system32\SrchSTS.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\wechppht.ini
c:\windows\system32\WS2Fix.exe
c:\windows\winhelp.ini
D:\resycled
d:\resycled\boot.com
F:\resycled
f:\resycled\boot.com
G:\resycled
g:\resycled\boot.com
L:\resycled
l:\resycled\boot.com
O:\resycled
o:\resycled\boot.com
P:\resycled
p:\resycled\boot.com

----- BITS: Il y a peut-être des sites infectés -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICF

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-13 au 2009-01-13 ))))))))))))))))))))))))))))))))))))
.

2009-01-13 18:00 . 2009-01-13 18:03 <REP> d-------- C:\ToolBar SD
2009-01-13 17:29 . 2009-01-13 17:29 <REP> d-------- c:\program files\CCleaner
2009-01-13 09:17 . 2009-01-13 09:27 <REP> d-------- c:\program files\Navilog1
2009-01-12 21:17 . 2009-01-12 21:18 <REP> d-------- C:\rsit
2009-01-12 21:17 . 2009-01-12 21:18 <REP> d-------- c:\program files\trend micro
2009-01-12 21:10 . 2009-01-12 21:10 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-12 21:07 . 2009-01-12 21:08 <REP> d-------- c:\program files\QuickTime
2009-01-12 21:07 . 2009-01-12 21:07 <REP> d-------- c:\program files\Fichiers communs\Apple
2009-01-12 21:05 . 2009-01-12 21:05 <REP> d-------- c:\program files\Apple Software Update
2009-01-12 21:05 . 2009-01-12 21:05 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple
2009-01-12 10:08 . 2009-01-12 12:31 <REP> d-------- c:\program files\FindyKill
2009-01-12 10:05 . 2009-01-12 10:05 244 --ah----- C:\sqmnoopt07.sqm
2009-01-12 10:05 . 2009-01-12 10:05 232 --ah----- C:\sqmdata07.sqm
2009-01-11 17:22 . 2009-01-11 17:22 244 --ah----- C:\sqmnoopt06.sqm
2009-01-11 17:22 . 2009-01-11 17:22 232 --ah----- C:\sqmdata06.sqm
2009-01-11 13:55 . 2009-01-11 13:55 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-11 13:55 . 2009-01-11 13:55 <REP> d-------- c:\documents and settings\FAMILLE\Application Data\Malwarebytes
2009-01-11 13:55 . 2009-01-11 13:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-11 13:55 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-11 13:55 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-11 11:29 . 2009-01-11 11:29 244 --ah----- C:\sqmnoopt05.sqm
2009-01-11 11:29 . 2009-01-11 11:29 232 --ah----- C:\sqmdata05.sqm
2009-01-11 11:27 . 2009-01-11 11:27 244 --ah----- C:\sqmnoopt04.sqm
2009-01-11 11:27 . 2009-01-11 11:27 232 --ah----- C:\sqmdata04.sqm
2009-01-11 11:22 . 2009-01-11 11:22 244 --ah----- C:\sqmnoopt03.sqm
2009-01-11 11:22 . 2009-01-11 11:22 232 --ah----- C:\sqmdata03.sqm
2009-01-08 13:03 . 2009-01-08 13:03 271,360 --a------ c:\windows\system32\drivers\atksgt.sys
2009-01-08 13:03 . 2009-01-08 13:03 18,048 --a------ c:\windows\system32\drivers\lirsgt.sys
2009-01-08 12:48 . 2009-01-08 18:56 <REP> d-------- c:\program files\Monte Cristo
2008-12-27 12:23 . 2008-12-27 12:23 <REP> d-------- c:\windows\system32\IOSUBSYS
2008-12-27 12:23 . 2008-12-27 12:23 <REP> d-------- c:\program files\Google
2008-12-26 22:24 . 2008-04-14 04:34 20,992 --a------ c:\windows\system32\dshowext.ax
2008-12-26 22:24 . 2008-04-14 04:34 20,992 --a--c--- c:\windows\system32\dllcache\dshowext.ax
2008-12-26 21:40 . 2008-12-26 21:40 <REP> d-------- c:\documents and settings\FAMILLE\Application Data\ArcSoft
2008-12-26 21:25 . 2008-12-26 21:25 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-26 21:25 . 2008-12-26 21:25 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_phaudlwr_01005.Wdf
2008-12-26 21:20 . 2007-10-02 15:55 491,520 --a------ c:\windows\system32\vspc1300.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 17:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-13 16:22 --------- d-----w c:\program files\a-squared Free
2009-01-12 20:13 --------- d-----w c:\program files\Skype
2009-01-12 20:10 --------- d-----w c:\program files\Java
2009-01-12 20:02 --------- d-----w c:\program files\Fichiers communs\Adobe
2009-01-12 19:29 --------- d-----w c:\documents and settings\FAMILLE\Application Data\uTorrent
2009-01-10 15:20 --------- d-----w c:\program files\Mozilla Thunderbird
2009-01-10 15:11 --------- d-----w c:\documents and settings\FAMILLE\Application Data\MailWasherPro
2008-12-26 21:25 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-10 17:46 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-30 11:36 --------- d-----w c:\program files\TKexeKalender
2008-11-28 10:45 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-27 20:48 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-25 09:23 --------- d-----w c:\program files\Electronic Arts
2008-11-23 16:52 --------- d-----w c:\program files\Windows Live
2008-11-23 16:45 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-11-23 16:26 --------- d-----w c:\documents and settings\FAMILLE\Application Data\MSNInstaller
2008-11-18 20:30 --------- d-----w c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2008-11-16 17:44 --------- d-----w c:\program files\DivX
2008-11-15 16:47 --------- d-----w c:\documents and settings\FAMILLE\Application Data\Anuman Interactive
2008-11-15 15:23 --------- d-----w c:\program files\dBpowerAMP
2008-11-14 20:42 --------- d-----w c:\documents and settings\FAMILLE\Application Data\PCF-VLC
2008-04-14 02:33 65,024 --sha-w c:\windows\system32\asycfilt.dll
2004-08-05 12:00 3,584 --sha-w c:\windows\system32\comcat.dll
1998-05-20 15:14 28,672 --sha-w c:\windows\system32\lfawd90n.dll
1998-05-15 15:00 33,792 --sha-w c:\windows\system32\lfbmp90n.dll
1998-05-18 15:50 27,136 --sha-w c:\windows\system32\lfcal90n.dll
1998-05-15 14:59 64,512 --sha-w c:\windows\system32\lffax90n.dll
1997-11-21 16:03 338,944 --sha-w c:\windows\system32\lffpx7.dll
1998-05-20 15:14 88,576 --sha-w c:\windows\system32\lffpx90n.dll
1998-05-15 15:02 39,936 --sha-w c:\windows\system32\lfgif90n.dll
1998-05-15 15:03 31,232 --sha-w c:\windows\system32\lfpct90n.dll
1998-04-04 18:25 30,720 --sha-w c:\windows\system32\lfpcx90n.dll
1998-06-23 08:10 133,632 --sha-w c:\windows\system32\lfpng90n.dll
1998-05-18 16:27 29,184 --sha-w c:\windows\system32\lfpsd90n.dll
1998-05-15 15:05 118,272 --sha-w c:\windows\system32\lftif90n.dll
1998-04-04 18:26 25,600 --sha-w c:\windows\system32\lfwfx90n.dll
1998-05-15 15:05 28,672 --sha-w c:\windows\system32\lfwmf90n.dll
1998-04-04 18:26 27,648 --sha-w c:\windows\system32\lfwpg90n.dll
1998-05-15 14:27 238,592 --sha-w c:\windows\system32\ltann90n.dll
1998-05-15 14:26 220,160 --sha-w c:\windows\system32\LTDIS90n.dll
1998-04-04 18:22 146,432 --sha-w c:\windows\system32\ltefx90n.dll
1998-05-20 15:13 104,448 --sha-w c:\windows\system32\ltimg90n.dll
1998-05-20 15:14 38,400 --sha-w c:\windows\system32\ltisi90n.dll
1998-06-19 13:44 290,304 --sha-w c:\windows\system32\ltkrn90n.dll
1998-04-03 17:01 3,824 --sha-w c:\windows\system32\ltthk90w.dll
1998-05-19 16:53 35,328 --sha-w c:\windows\system32\lttwn90n.dll
1998-04-03 17:01 45,936 --sha-w c:\windows\system32\ltvdd90w.drv
2008-04-14 02:33 1,028,096 --sha-w c:\windows\system32\mfc42.dll
2008-04-14 02:33 343,040 --sha-w c:\windows\system32\msvcrt.dll
1998-04-29 18:00 58,880 --sha-w c:\windows\system32\npplg90N.dll
2008-04-14 02:33 551,936 --sha-w c:\windows\system32\oleaut32.dll
2008-04-14 02:33 84,992 --sha-w c:\windows\system32\olepro32.dll
.

------- Sigcheck -------

2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\explorer.exe
2007-06-13 14:10 1037312 b795475444d6d57a572c14b9e1a29839 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 14:22 979456 80a5400514eb32d393654768c4017e46 c:\windows\$NtServicePackUninstall$\explorer.exe
2004-08-05 13:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-05-25 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-12-09 949376]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-01-27 1381376]
"iTunesHelper"="f:\itunes2\iTunesHelper.exe" [2007-03-14 257088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-12 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"nwiz"="nwiz.exe" [2006-08-11 c:\windows\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-05-20 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

c:\documents and settings\FAMILLE\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-04-24 110592]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-05-25 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-05-25 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ftdotf.dll fdtsrv.dll lecbjl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6qtxx.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"f:\\iTunes2\\iTunes.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"g:\\JEUX\\TrackMania Nations ESWC\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"g:\\JEUX\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\Participatory Culture Foundation\\Miro\\xulrunner\\python\\Miro_Downloader.exe"=
"g:\\Station ripper\\StationRipper\\StationRipperConsole.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Galactic Battlegrounds\\Game\\Battlegrounds.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2008-01-03 4064]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-12-09 15424]
R3 BENDER;Pinnacle DV/AV Capture;c:\windows\system32\drivers\bender.sys [2007-12-09 200320]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;c:\windows\system32\drivers\WlanBZXP.sys [2008-10-11 402432]
S0 ati6qtxx;ati6qtxx;c:\windows\system32\Drivers\ati6qtxx.sys --> c:\windows\system32\Drivers\ati6qtxx.sys [?]
S0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys --> c:\windows\system32\DRIVERS\ntcdrdrv.sys [?]
S3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys --> c:\windows\system32\DRIVERS\phaudlwr.sys [?]
S3 SPC1300;USB2.0 PC Camera (SPC1300);c:\windows\system32\DRIVERS\spc1300.sys --> c:\windows\system32\DRIVERS\spc1300.sys [?]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - InCDrec

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E555}]
p:\sauvegarde dvd\ANY DVD\SlySoft\AnyDVD 6.3.0.0\AnyDVD leftover killer 1.3.exe -M
.
Contenu du dossier 'Tâches planifiées'

2009-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-01-13 c:\windows\Tasks\bcijdvrp.job
- c:\windows\system32\rundll32.exe [2008-04-14 03:34]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-MSMSGS - c:\program files\Messenger\msmsgs.exe
HKLM-Run-eCarteBleue-CDE-P3 - c:\program files\e-Carte Bleue\Caisse Epargne\Ma e-Carte Bleue\ECB-CDE.exe
HKLM-Run-NoteBurner - c:\program files\NoteBurner\VTBurnerGUI.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe

.
------- Examen supplémentaire -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
mWindow Title =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\FAMILLE\Application Data\Mozilla\Firefox\Profiles\qzw5sb25.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-fr&FORM=MIMWA1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-13 21:28:40
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\c:\docume~1\FAMILLE\LOCALS~1\Temp\ASFWHide"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1004336348-515967899-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Electronic Arts\C*o*m*m*a*n*d* *&* *C*o*n*q*u*e*r* *3* *L*e*s* *g*u*e*r*r*e*s* *d*u* *T*i*b*e*r*i*u*m*"!\Assistance]
"Order"=hex:08,00,00,00,02,00,00,00,ce,02,00,00,01,00,00,00,04,00,00,00,92,00,
00,00,00,00,00,00,84,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,72,00,32,\

[HKEY_USERS\S-1-5-21-1004336348-515967899-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6e,1c,9e,fc,f9,41,cc,31,e9,87,14,b1,34,e4,3c,bf,55,bb,a6,a1,0f,83,c5,
20,c0,ac,7d,82,b4,21,04,3d,e1,e2,66,31,57,6f,5a,cd,ff,9f,b8,72,ee,54,02,87,\
"??"=hex:90,31,a4,3c,cf,6f,32,ee,dc,1d,eb,c6,97,6d,c0,36

[HKEY_USERS\S-1-5-21-1004336348-515967899-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:3d,db,c8,87,75,a7,0d,29,ba,7f,fc,40,99,15,e1,2d,42,e9,5c,be,bd,
31,5c,fa,a7,4d,4b,33,04,44,24,5c,b4,27,03,72,83,49,c8,e5,46,b1,7e,6b,14,2a,\
"rkeysecu"=hex:eb,67,ac,a6,8b,d1,cd,5e,4c,12,bf,a6,5b,70,42,8d

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,dc,53,5c,79,9a,
93,8c,40,e2,63,26,f1,3f,c8,ff,68,9a,9c,c9,13,92,b4,bb,b4,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,78,ee,2b,66,5d,
c9,55,11,6a,9c,d6,61,af,45,84,18,fc,9b,1c,56,9c,f0,f1,89,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,e5,a7,2a,73,6a,
b1,86,e6,ff,7c,85,e0,43,d4,0e,fe,d1,a2,74,01,eb,ee,b9,87,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,d7,72,0e,3c,2e,
35,cd,c3,86,8c,21,01,be,91,eb,e7,32,27,8f,b4,e0,db,07,37,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,b2,8e,16,4d,22,
7b,51,2e,f5,1d,4d,73,a8,13,5c,05,03,86,b7,72,be,a5,44,83,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,20,cd,e5,dd,6d,
72,f9,a9,df,20,58,62,78,6b,cf,c8,60,2e,ff,8d,3c,d2,50,f5,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,df,09,62,fe,9e,
df,52,43,fb,a7,78,e6,12,2f,9a,ea,0a,b2,3f,a1,17,2f,2a,85,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,48,62,ea,45,e4,
4a,1a,9f,01,3a,48,fc,e8,04,4a,f1,3b,74,30,95,ed,6c,d8,d4,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,de,ed,d3,1a,6e,
44,28,20,f6,0f,4e,58,98,5b,89,c9,7d,18,01,67,d3,f3,09,05,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,f3,2e,46,83,4d,
8c,5a,be,3d,ce,ea,26,2d,45,aa,78,bb,ae,10,a3,a6,f0,f0,f1,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,e1,78,12,d7,a8,
50,4d,49,2a,b7,cc,b5,b9,7f,41,e7,12,21,df,ea,14,04,62,ab,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,2e,c6,48,36,45,
72,53,e1,6c,43,2d,1e,aa,22,2f,9c,ff,e5,b8,61,eb,0b,76,94,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(820)
c:\windows\system32\scecli.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
c:\program files\SAGEM WiFi manager\WLANUTL.EXE
.
**************************************************************************
.
Heure de fin: 2009-01-13 21:33:02 - La machine a redémarré [FAMILLE]
ComboFix-quarantined-files.txt 2009-01-13 20:32:57

Avant-CF: 23 789 424 640 octets libres
Après-CF: 22,634,115,072 octets libres

361 --- E O F --- 2008-12-18 20:08:46

* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 21:35:17 le 13/01/2009
* Windows XP - Internet Explorer 6.0.2900.5512

((((((((((((((((( *** Recherche *** ))))))))))))))))))

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Ahead\InCD\InCD.exe
F:\iTunes2\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe

--------------- [ Fichiers/Dossiers infectieux ] ----------------

»»»» Presence des fichiers dans C:

»»»» Presence des fichiers dans C:\WINDOWS

»»»» Presence des fichiers dans C:\WINDOWS\Prefetch

Found ! - C:\WINDOWS\prefetch\13562.EXE-33B71DE2.pf
Found ! - C:\WINDOWS\prefetch\1371.EXE-3B22235C.pf
Found ! - C:\WINDOWS\prefetch\15817.EXE-2899E8EE.pf
Found ! - C:\WINDOWS\prefetch\22101.EXE-29749CFE.pf
Found ! - C:\WINDOWS\prefetch\3618.EXE-280C76C3.pf

»»»» Presence des fichiers dans C:\WINDOWS\system32

»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers

»»»» Presence des fichiers dans C:\Documents and Settings\FAMILLE\Application Data

»»»» Presence des fichiers dans C:\DOCUME~1\FAMILLE\LOCALS~1\Temp

»»»» Presence des fichiers dans C:\Documents and Settings\FAMILLE\Local Settings\Temporary Internet Files\Content.IE5

Found ! [26/04/2000 17:41] - C:\Program Files\ScanButton 3.0\Web-ClubPhoto\UPLOAD\filelist.txt

--------------- [ Registre / Startup ] ----------------

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
LDM=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz=nwiz.exe /install
NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
nod32kui="C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
InCD=C:\Program Files\Ahead\InCD\InCD.exe
iTunesHelper="F:\iTunes2\iTunesHelper.exe"
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
Logitech Hardware Abstraction Layer=KHALMNPR.EXE
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Clés infectieuses ] ----------------

--------------- [ Etat / Services ] ----------------

+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

Ndisuio - Type de démarrage = 3

EapHost - Type de démarrage = 2

Ip6Fw - Type de démarrage = 2

SharedAccess - Type de démarrage = 2

wuauserv - Type de démarrage = 2

wscsvc - Type de démarrage = 2

--------------- [ Recherche dans supports amovibles] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

F: - Lecteur fixe

G: - Lecteur fixe

L: - Lecteur fixe

O: - Lecteur fixe

P: - Lecteur fixe

+- presence des fichiers :

--------------- [ Registre / Mountpoint2 ] ----------------

-> Not found !

------------------- ! Fin du rapport ! --------------------

Merçi encore. Le logo jaune avec un point d'exclamation remplace le message d'alerte. J'attends d'avoir ton avis avant de faire quoique ce soit. Si tout est OK je pense faire un point de restauration (Je sais pas trop comment le faire mais je pense trouver))
0
Réponse 23 / 24
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
Bonjour,

repasse findykill en option 2 et poste le rapport

puis clic sur le point d'exclamation sur fond jaune c'est les mise a jour windows, donc fait les..

Puis Fais un scan RAPIDE avec malwarebyte pour supprimer d'eventuel traces

puis reposte un hijackthis après tous sa

As tu encore des problemes ?

NON attends pour le point de restauration on finira par sa voyons deja si tu n'as plus de probleme
0
Réponse 24 / 24
RICONET Messages postés 125 Statut Membre
 
Salut,
Alors voilà, je transmet les deux rapports et Malwarebytes' Anti-Malware n'a rien détecté.
Pour info, la mise à jour de windows c'était faite automatiquement hier soir, à la fermeture de WINDOWS.

* executed from : C:\Program Files\FindyKill
* Update on 05/01/09 par Chiquitine29
* Start at 12:39:27 the 14/01/2009
* Windows XP - Internet Explorer 6.0.2900.5512

((((((((((((((( *** deleting *** ))))))))))))))))))

--------------- [ Active Processes ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\userinit.exe

--------------- [ Infected files / folders ] ----------------

»»»» Supression files in C:

»»»» Supression files in C:\WINDOWS

»»»» Supression files in C:\WINDOWS\Prefetch

Deleted ! - C:\WINDOWS\prefetch\13562.EXE-33B71DE2.pf
Deleted ! - C:\WINDOWS\prefetch\1371.EXE-3B22235C.pf
Deleted ! - C:\WINDOWS\prefetch\15817.EXE-2899E8EE.pf
Deleted ! - C:\WINDOWS\prefetch\22101.EXE-29749CFE.pf
Deleted ! - C:\WINDOWS\prefetch\3618.EXE-280C76C3.pf

»»»» Supression files in C:\WINDOWS\system32

»»»» Supression files in C:\WINDOWS\system32\drivers

»»»» Supression files in C:\Documents and Settings\FAMILLE\Application Data

»»»» Supression files in C:\DOCUME~1\FAMILLE\LOCALS~1\Temp

»»»» Supression files in C:\Documents and Settings\FAMILLE\Local Settings\Temporary Internet Files\Content.IE5

--------------- [ Registry / Infected keys ] ----------------

Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winfilse.exe
Deleted ! - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winupgro.exe

--------------- [ States / Restarting of services ] ----------------

+- Services : [ Auto=2 / Request=3 / Disable=4 ]

Ndisuio - Type of startup = 3

EapHost - Type of startup = 2

Ip6Fw - Type of startup = 2

SharedAccess - Type of startup = 2

wuauserv - Type of startup = 2

wscsvc - Type of startup = 2

--------------- [ Cleaning removable drives ] ----------------

+- Informations :

C: - Lecteur fixe

D: - Lecteur fixe

F: - Lecteur fixe

G: - Lecteur fixe

L: - Lecteur fixe

O: - Lecteur fixe

P: - Lecteur fixe

+- deleting files :

--------------- [ Registry / Mountpoint2 ] ----------------

-> Not found !

--------------- [ Searching Other Infections ] ----------------

--------------- [ Searching Cracks / Keygen ] ----------------

C:\Documents and Settings\All Users\Application Data\IncrediMail\Data\Sound\tchaikovsky_the_nutcracker.imw

---------------- ! End of report ! ------------------

HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:04:36, on 14/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\FAMILLE\Mes documents\Mes fichiers reçus\RenomHiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iTunesHelper] "F:\iTunes2\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe
O4 - Global Startup: Mémento.lnk = Q:\quicken\billmind.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: bw+0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {49C8FC5E-C90A-491C-B16D-3459B2A05006} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: ftdotf.dll fdtsrv.dll lecbjl.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
0

Discussions similaires

svp 32Gb est il egal a 32Go??
William Fernand -
nemrod18 -

3 réponses