InfectionPC portable
TB60
-
touchatout -
touchatout -
Bonjour,
Nous avons un portable qui est apparemment infecté:
1/01/2009 19:38:48
Infections: 38
1: "Trojan" "hidden autorun" "Trojan.Poison.J" "Trojan.Poison.J is a key-logging Trojan for the Windows platform."
2: "Trojan" "autorun" "Infostealer.Banker.E" "Steals sensitive information from the infected computer (e.g. logins and passwords from online banking sessions)."
3: "Adware" "Registry" "Adware.eXact.BargainBuddy" "A browser helper object that monitors internet browsing sessions in an attempt to redirect search queries and distribute unsolicited advertisements."
4: "Backdoor" "C:/windows/system32/svchost.exe" "Win32.Rbot.fm" "An IRC controlled backdoor that can be used to gain unauthorized access to a victim's machine."
5: "Trojan" "autorun" "Trojan.Tooso" "Trojan.Tooso is a trojan which attempts to terminate and delete security related applications."
6: "Worm" "C:/windows/" "Win32.BlackMail.xx" ""This dangerous worm will destroy certain data files on an infected user's machine on February 3, 2008."
7: "Rogue" "C:/Program Files/TrustedAntivirus" "TrustedAntivirus" "A corrupt and misleading anti-virus program that may be usually installed with the help of malcous Trojans and other malware"
8: "Spyware" "C:/windows/system32/" "Spyware.007SpySoftware" "Program designed to monitor user activity. May be used with or without consent."
9: "Trojan" "C:/windows/" "Trojan-Downloader.VBS.Small.dc" "This Trojan downloads other files via the FTP protocol and launches them for execution on the victim machine without the user’s knowledge."
10: "Rogue" "C:/Program Files/SecurePCCleaner" "SecurePCCleaner" "Rogue Security Software: fake Security software that uses deceptive means for installation and purpose."
11: "Worm" "autorun" "Win32.Peacomm.dam" "A Trojan Downloader that is spread as an attachment to emails with news headlines as the subject lines which downloads additional security threats."
12: "Trojan" "C:/windows/" "Trojan-Dropper.Win32.Agent.bot" "This Trojan is designed to install and launch other malicious programs on the victim machine without the knowledge or consent of the user."
13: "Dialer" "C:/windows/system32/cmdial32.dll" "Dialer.Xpehbam.biz_dialer" "A Dialer that loads pornographic material. The url information shows Hardcore Pornographic pages."
14: "Worm" "C:/windows/system32/" "Win32.Delbot.AI" "Win32.Delbot.AI is a worm and IRC backdoor that exploits system and software vulnerabilities in order to provide remote access to the host PC."
15: "Dialer" "C:/windows/hidden/" "Dialer.Trafficjam.a" "Dialer.Trafficjam.a is a premium-rate phone dialer that automatically invokes paid access to various porn-related Web sites."
16: "Trojan" "autorun" "Win32.Outsbot.u" "A backdoor Trojan that is remotely controlled via Internet Relay Chat (IRC). It exploits Sony Digital Rights Management (DRM) software to hide its presence."
17: "Trojan" "hidden autorun" "Trojan.Win32.Agent.ado" "Trojan downloader that is spread as an attachment to a spam email and tries to download a password stealer."
18: "Spyware" "autorun" "Win32.PerFiler" "Win32.PerFiler is designed to retrieve and install files when executed. Win32.PerFiler is configured to download from either a designated web or FTP site."
19: "Spyware" "autorun" "Spyware.KnownBadSites" "Uses the Windows hosts file to redirect your browser to a malicious site when you try to access a valid site."
20: "Trojan" "C:/windows/" "Trojan-Downloader.VBS.Small.dc" "This Trojan downloads other files via the FTP protocol and launches them for execution on the victim machine without the user’s knowledge."
21: "Trojan" "C:/windows/system32/explorer.exe" "Trojan.MailGrabber.s" "Trojan horse that gets access to e-mail accounts on the infected computer."
22: "Trojan" "C:/windows/system32/" "Trojan.BAT.Adduser.t" "This Trojan has a malicious payload. It is a BAT file. It is 1129 bytes in size."
23: "Worm" "C:/windows/system/" "Worm.Bagle.CP" "This is a ""Bagle"" mass-mailer which demonstrates typical ""Bagle"" behavior."
24: "Spyware" "C:/windows/system32/iesetup.dll" "Spyware.IEMonster.d" ""Steals passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs."
25: "Worm" "hidden autorun" "Win32.Miewer.a" "A Trojan Downloader that masquerades as a legitimate system file. Associated processes connect to the Internet to download additional malicious files"
26: "Trojan" "C:/windows/system/drivers/etc/" "Trojan.IRCBot.d" "a worm that opens an IRC back door on the infected host. It spreads by exploiting the Windows Remote Buffer Overflow Vulnerability."
27: "Worm" "hidden autorun" "Win32.Miewer.a" "A Trojan Downloader that masquerades as a legitimate system file."
28: "Worm" "C:/windows/temp/" "Win32.Rbot.CBX" "A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine."
29: "Trojan" "C:/windows/hidden/" "Trojan.Clicker.EC" "Trojan.Clicker.EC is an information stealing Trojan that masquerades as a legitimate system file so as to avoid detection and subsequent removal."
30: "Adware" "autorun" "Zlob.PornAdvertiser.ba" "Adware that displays pop-up/pop-under advertisements of pornographic or online gambling Web sites."
31: "Worm" "autorun" "Win32.Peacomm.dam" "A Trojan Downloader that is spread as an attachment to emails with news headlines as the subject lines which downloads additional security threats."
32: "Trojan" "C:/windows/system/mui/" "Trojan.Dropper.MSWord.j" "A Microsoft Word macro virus that drops a trojan onto the infected host."
33: "Spyware" "autorun" "Win32.PerFiler" "Win32.PerFiler is designed to retrieve and install files when executed. Win32.PerFiler is configured to download from either a designated web or FTP site."
34: "Trojan" "C:/windows/system/drivers/" "Win32.Spamta.KG.worm" "A multi-component mass-mailing worm that downloads and executes files from the Internet."
35: "Spyware" "autorun" "Spyware.IMMonitor" "program that can be used to monitor and record conversations in popular instant messaging applications."
36: "Trojan" "C:/windows/system/mui/" "Win32.Clagger.C" "This is small Trojan downloader that downloads files and lowers security settings. It is spreading as an email attachment."
37: "Trojan" "C:/windows/system32/alg.exe" "Trojan.Alg.t" "Trojan program that can compromise your private information stored on the hard drive."
38: "Worm" "C:/windows/temp/" "Win32.Sdbot.ADN" "A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine."
J'ai passé SDFix.exe:
b]SDFix: Version 1.240 /b
Run by Administrateur on 11/01/2009 at 18:51
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services /b:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files /b:
No Trojan Files Found
Removing Temp Files
[b]ADS Check /b:
[b]Final Check /b:
driver loading error catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 18:58:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services /b:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ArcGIS\\Bin\\ArcCatalog.exe"="C:\\Program Files\\ArcGIS\\Bin\\ArcCatalog.exe:*:Enabled:ArcCatalog"
"C:\\Program Files\\ArcGIS\\Bin\\ArcGlobe.exe"="C:\\Program Files\\ArcGIS\\Bin\\ArcGlobe.exe:*:Enabled:ArcGlobe"
"C:\\Program Files\\ArcGIS\\Bin\\ArcReader.exe"="C:\\Program Files\\ArcGIS\\Bin\\ArcReader.exe:*:Enabled:ArcReader"
"C:\\Program Files\\ArcGIS\\Bin\\ArcScene.exe"="C:\\Program Files\\ArcGIS\\Bin\\ArcScene.exe:*:Enabled:ArcScene"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd:*:Disabled:Age of Empires II Expansion"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD:*:Disabled:Age of Empires II"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Steam\\steam.exe"="C:\\Program Files\\Steam\\steam.exe:*:Disabled:Steam"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files /b:
[b]Files with Hidden Attributes /b:
Fri 12 Mar 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Fri 12 Mar 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Fri 12 Mar 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Fri 21 Oct 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 21 Oct 2005 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv11.bak"
Tue 19 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Fri 21 Oct 2005 4,348 A..H. --- "C:\Documents and Settings\TROUILLET Laurent\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Mon 9 Apr 2007 401 A..H. --- "C:\Documents and Settings\TROUILLET Laurent\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Sat 5 Aug 2006 400 A..H. --- "C:\Documents and Settings\TROUILLET Laurent\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Mon 9 Apr 2007 20,480 A..H. --- "C:\Documents and Settings\TROUILLET Laurent\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"
Sun 30 Jul 2006 496,880 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\652df4481e78cf8db95f337e5e6fd06c\BIT32.tmp"
Sun 30 Jul 2006 498,416 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a42f4d4aec80f787c077283561db7334\BIT31.tmp"
Sun 30 Jul 2006 2,302,800 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c7c7a391754ccb26fa038f9569884d16\BIT35.tmp"
Wed 24 Dec 2008 40,960 ...H. --- "C:\Documents and Settings\TROUILLET Laurent\Mes documents\Mon travail\M2 Am‚nagement\La Tour Phare\~WRL3080.tmp"
Sun 30 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\035933f8200812cad539195e91cbe107\download\BIT25.tmp"
Sun 30 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\15908649fc77adb6fd92a7a9d96363e8\download\BIT24.tmp"
Sun 30 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2188236ebfb773be9367bf47c988d6f4\download\BIT2A.tmp"
Sun 30 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2ffcd6f975143621cd7ba191a25e7dee\download\BIT20.tmp"
Sun 30 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\46b6215de5d83b8828fa6f76b79196ef\download\BIT1E.tmp"
Mon 31 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6b5f484130e76f990053cd368ea0c649\download\BITF.tmp"
Mon 31 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\92187aedab601bb25548bba6adc50cc9\download\BIT10.tmp"
Sun 30 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\925c7afc2ba478434e358c78673b4a12\download\BIT23.tmp"
Sun 30 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\96323f4b2477b2d772cfb04f3513215f\download\BIT27.tmp"
Mon 31 Jul 2006 5,797,940 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\97e754582377d850e2164a4adca20caa\download\BIT19.tmp"
Sun 30 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\982e3592e6cb28f674d1d6319523b1b9\download\BIT26.tmp"
Sun 30 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b2b9feec5d877dde28227c507e3c9f03\download\BIT1D.tmp"
Sun 30 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\bec6ccdc2e87326a059fbc24a1ba98c2\download\BIT28.tmp"
Sun 30 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\d34105cbc07cfc82a840c12d5e028679\download\BIT29.tmp"
Sun 30 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\eb54cd851acca1509d7ffb5dc4f80842\download\BIT1B.tmp"
Sun 30 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Downlhttp://www.commentcamarche.net/forum/oad\S-1-5-18\fda4a07ab7a56c6d4616537d15334ad6\download\BIT1C.tmp"
Thu 30 Oct 2008 124,416 A..H. --- "C:\Documents and Settings\TROUILLET Laurent\Mes documents\Mon travail\M2 Am‚nagement\Atelier Projet Urbain\Louvres\Etape R‚ferences\zac kellemrann\~WRL2615.tmp"
Thu 11 Aug 2005 3,430,912 A..H. --- "C:\Documents and Settings\TROUILLET Laurent\Mes documents\Mon travail\M2 Am‚nagement\Atelier Projet Urbain\Louvres\PLU Louvres\RAPPORT DE PRESENTATION\diagnostic\~WRL2125.tmp"
Thu 18 Aug 2005 7,221,248 A..H. --- "C:\Documents and Settings\TROUILLET Laurent\Mes documents\Mon travail\M2 Am‚nagement\Atelier Projet Urbain\Louvres\PLU Louvres\RAPPORT DE PRESENTATION\justification des orientations du PADD\~WRL0843.tmp"
[b]Finished!/b
Puis Combofix.exe:
omboFix 09-01-10.03 - TROUILLET Laurent 2009-01-11 19:06:58.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1015.551 [GMT 1:00]
Lancé depuis: c:\documents and settings\TROUILLET Laurent\Bureau\d‚tection\ComboFix.exe
* Un nouveau point de restauration a été créé
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:/color
c:\program files\Tall Emu\Online Armor\OAWatch.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\TROUILLET Laurent\Bureau\System Security.lnk
c:\documents and settings\TROUILLET Laurent\Menu D‚marrer\Programmes\System Security
c:\documents and settings\TROUILLET Laurent\Menu Démarrer\Programmes\System Security\System Security.lnk
c:\windows\Downloaded Program Files\setup.dll
c:\windows\system32\mfcans32.DLL
c:\windows\system32\mfcuia32.dll
c:\windows\system32\msrdo20.dll
c:\windows\system32\rdocurs.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-11 au 2009-01-11 ))))))))))))))))))))))))))))))))))))
.
2009-01-11 19:03 . 2009-01-11 19:04 <REP> d-------- C:\32788R22FWJFW
2009-01-11 18:44 . 2004-08-20 10:30 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage r‚seau
2009-01-11 18:44 . 2004-08-20 10:30 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-01-11 18:44 . 2004-08-20 10:30 <REP> d--h----- c:\documents and settings\Administrateur\ModŠles
2009-01-11 18:44 . 2004-08-20 10:42 <REP> dr------- c:\documents and settings\Administrateur\Mes documents
2009-01-11 18:44 . 2004-08-20 10:30 <REP> dr------- c:\documents and settings\Administrateur\Menu D‚marrer
2009-01-11 18:44 . 2005-10-19 10:15 <REP> dr------- c:\documents and settings\Administrateur\Favoris
2009-01-11 18:44 . 2005-10-19 10:15 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-01-11 18:44 . 2005-10-19 10:15 <REP> d-------- c:\documents and settings\Administrateur\Application Data\You've Got Pictures Screensaver
2009-01-11 18:44 . 2005-10-19 10:18 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Symantec
2009-01-11 18:44 . 2005-10-19 10:22 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Jasc Software Inc
2009-01-11 18:44 . 2005-10-19 10:09 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Intel
2009-01-11 18:44 . 2009-01-11 18:44 <REP> d-------- c:\documents and settings\Administrateur
2009-01-11 18:01 . 2009-01-11 18:01 579,584 --a------ c:\windows\system32\dllcache\user32.dll
2009-01-11 17:58 . 2009-01-11 17:58 <REP> d-------- c:\windows\ERUNT
2009-01-11 17:50 . 2009-01-11 19:00 <REP> d-------- C:\SDFix
2009-01-11 17:32 . 2009-01-11 17:32 <REP> d-------- c:\program files\CCleaner
2009-01-11 17:10 . 2009-01-11 17:10 <REP> d-------- c:\program files\Enigma Software Group
2009-01-11 16:54 . 2009-01-11 16:54 <REP> d-------- c:\program files\Tall Emu
2009-01-11 16:54 . 2009-01-11 19:02 <REP> d-------- c:\documents and settings\TROUILLET Laurent\Application Data\OnlineArmor
2009-01-11 16:54 . 2009-01-11 16:54 <REP> d-------- c:\documents and settings\All Users\Application Data\OnlineArmor
2009-01-11 16:54 . 2007-11-08 06:37 68,608 --a------ c:\windows\system32\drivers\OADriver.sys
2009-01-11 16:54 . 2007-09-29 00:06 25,600 --a------ c:\windows\system32\drivers\OAmon.sys
2009-01-11 16:54 . 2007-09-29 00:06 18,944 --a------ c:\windows\system32\drivers\ndisrd.sys
2009-01-11 16:52 . 2009-01-11 16:52 <REP> d-------- c:\program files\Lavasoft
2009-01-11 16:51 . 2009-01-11 16:51 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-11 15:35 . 2009-01-11 15:35 <REP> d-------- c:\program files\Trend Micro
2009-01-11 15:06 . 2009-01-11 15:24 <REP> d-------- c:\program files\Navilog1
2009-01-11 14:55 . 2009-01-11 14:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-11 14:48 . 2009-01-11 14:48 <REP> d-------- c:\program files\Yahoo!
2009-01-11 11:00 . 2009-01-11 11:00 <REP> d-------- c:\documents and settings\All Users\Application Data\85806563
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 18:02 --------- d-----w c:\documents and settings\TROUILLET Laurent\Application Data\OpenOffice.org2
2009-01-11 15:52 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-11 14:06 --------- d-----w c:\program files\Google
2008-12-13 06:37 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 19:18 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-07 20:05 --------- d-----w c:\program files\AOL 9.0
2008-12-01 13:25 66,888 ----a-w c:\documents and settings\TROUILLET Laurent\Application Data\GDIPFONTCACHEV1.DAT
2008-11-25 18:16 --------- d-----w c:\program files\SFR
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-24 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-10-19 98304]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-10-19 26112]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-20 266497]
"996003490"="c:\documents and settings\All Users\Application Data\85806563\996003490.exe" [2009-01-11 1843748]
"OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2007-11-16 5029952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\TROUILLET Laurent\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 393216]
c:\documents and settings\TROUILLET Laurent\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 393216]
c:\documents and settings\TROUILLET Laurent\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 393216]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2007-11-16 633344]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
R1 NDISRD;NDISRD;c:\windows\system32\drivers\ndisrd.sys [2009-01-11 18944]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-01-11 68608]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-01-11 25600]
S4 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [2009-01-11 4625984]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33c6c092-aa1c-11db-92d5-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
uStart Page = www.sfr.fr/kit/adsl/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 192.168.1.3:80
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
c:\windows\Downloaded Program Files\setup.exe - O16 -: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51}
file://d:\arcreader\setup.exe
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 19:08:25
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc21.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\CLBCATQ.DLL
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Heure de fin: 2009-01-11 19:10:01
ComboFix-quarantined-files.txt 2009-01-11 18:09:54
Avant-CF: 32ÿ556ÿ613ÿ632 octets libres
AprÞs-CF: 32,551,165,952 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
187 --- E O F --- 2009-01-11 15:42:20
Et ensuite HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46:38, on 11/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\All Users\Application Data\85806563\996003490.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\AOL Compagnon\companion.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\MonJack.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.sfr.fr/kit/adsl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.3:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [996003490] "C:\Documents and Settings\All Users\Application Data\85806563\996003490.exe"
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - file://D:\ArcReader\setup.exe
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Nous avons un portable qui est apparemment infecté:
1/01/2009 19:38:48
Infections: 38
1: "Trojan" "hidden autorun" "Trojan.Poison.J" "Trojan.Poison.J is a key-logging Trojan for the Windows platform."
2: "Trojan" "autorun" "Infostealer.Banker.E" "Steals sensitive information from the infected computer (e.g. logins and passwords from online banking sessions)."
3: "Adware" "Registry" "Adware.eXact.BargainBuddy" "A browser helper object that monitors internet browsing sessions in an attempt to redirect search queries and distribute unsolicited advertisements."
4: "Backdoor" "C:/windows/system32/svchost.exe" "Win32.Rbot.fm" "An IRC controlled backdoor that can be used to gain unauthorized access to a victim's machine."
5: "Trojan" "autorun" "Trojan.Tooso" "Trojan.Tooso is a trojan which attempts to terminate and delete security related applications."
6: "Worm" "C:/windows/" "Win32.BlackMail.xx" ""This dangerous worm will destroy certain data files on an infected user's machine on February 3, 2008."
7: "Rogue" "C:/Program Files/TrustedAntivirus" "TrustedAntivirus" "A corrupt and misleading anti-virus program that may be usually installed with the help of malcous Trojans and other malware"
8: "Spyware" "C:/windows/system32/" "Spyware.007SpySoftware" "Program designed to monitor user activity. May be used with or without consent."
9: "Trojan" "C:/windows/" "Trojan-Downloader.VBS.Small.dc" "This Trojan downloads other files via the FTP protocol and launches them for execution on the victim machine without the user’s knowledge."
10: "Rogue" "C:/Program Files/SecurePCCleaner" "SecurePCCleaner" "Rogue Security Software: fake Security software that uses deceptive means for installation and purpose."
11: "Worm" "autorun" "Win32.Peacomm.dam" "A Trojan Downloader that is spread as an attachment to emails with news headlines as the subject lines which downloads additional security threats."
12: "Trojan" "C:/windows/" "Trojan-Dropper.Win32.Agent.bot" "This Trojan is designed to install and launch other malicious programs on the victim machine without the knowledge or consent of the user."
13: "Dialer" "C:/windows/system32/cmdial32.dll" "Dialer.Xpehbam.biz_dialer" "A Dialer that loads pornographic material. The url information shows Hardcore Pornographic pages."
14: "Worm" "C:/windows/system32/" "Win32.Delbot.AI" "Win32.Delbot.AI is a worm and IRC backdoor that exploits system and software vulnerabilities in order to provide remote access to the host PC."
15: "Dialer" "C:/windows/hidden/" "Dialer.Trafficjam.a" "Dialer.Trafficjam.a is a premium-rate phone dialer that automatically invokes paid access to various porn-related Web sites."
16: "Trojan" "autorun" "Win32.Outsbot.u" "A backdoor Trojan that is remotely controlled via Internet Relay Chat (IRC). It exploits Sony Digital Rights Management (DRM) software to hide its presence."
17: "Trojan" "hidden autorun" "Trojan.Win32.Agent.ado" "Trojan downloader that is spread as an attachment to a spam email and tries to download a password stealer."
18: "Spyware" "autorun" "Win32.PerFiler" "Win32.PerFiler is designed to retrieve and install files when executed. Win32.PerFiler is configured to download from either a designated web or FTP site."
19: "Spyware" "autorun" "Spyware.KnownBadSites" "Uses the Windows hosts file to redirect your browser to a malicious site when you try to access a valid site."
20: "Trojan" "C:/windows/" "Trojan-Downloader.VBS.Small.dc" "This Trojan downloads other files via the FTP protocol and launches them for execution on the victim machine without the user’s knowledge."
21: "Trojan" "C:/windows/system32/explorer.exe" "Trojan.MailGrabber.s" "Trojan horse that gets access to e-mail accounts on the infected computer."
22: "Trojan" "C:/windows/system32/" "Trojan.BAT.Adduser.t" "This Trojan has a malicious payload. It is a BAT file. It is 1129 bytes in size."
23: "Worm" "C:/windows/system/" "Worm.Bagle.CP" "This is a ""Bagle"" mass-mailer which demonstrates typical ""Bagle"" behavior."
24: "Spyware" "C:/windows/system32/iesetup.dll" "Spyware.IEMonster.d" ""Steals passwords from Internet Explorer, Mozilla Firefox, Outlook and other programs."
25: "Worm" "hidden autorun" "Win32.Miewer.a" "A Trojan Downloader that masquerades as a legitimate system file. Associated processes connect to the Internet to download additional malicious files"
26: "Trojan" "C:/windows/system/drivers/etc/" "Trojan.IRCBot.d" "a worm that opens an IRC back door on the infected host. It spreads by exploiting the Windows Remote Buffer Overflow Vulnerability."
27: "Worm" "hidden autorun" "Win32.Miewer.a" "A Trojan Downloader that masquerades as a legitimate system file."
28: "Worm" "C:/windows/temp/" "Win32.Rbot.CBX" "A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine."
29: "Trojan" "C:/windows/hidden/" "Trojan.Clicker.EC" "Trojan.Clicker.EC is an information stealing Trojan that masquerades as a legitimate system file so as to avoid detection and subsequent removal."
30: "Adware" "autorun" "Zlob.PornAdvertiser.ba" "Adware that displays pop-up/pop-under advertisements of pornographic or online gambling Web sites."
31: "Worm" "autorun" "Win32.Peacomm.dam" "A Trojan Downloader that is spread as an attachment to emails with news headlines as the subject lines which downloads additional security threats."
32: "Trojan" "C:/windows/system/mui/" "Trojan.Dropper.MSWord.j" "A Microsoft Word macro virus that drops a trojan onto the infected host."
33: "Spyware" "autorun" "Win32.PerFiler" "Win32.PerFiler is designed to retrieve and install files when executed. Win32.PerFiler is configured to download from either a designated web or FTP site."
34: "Trojan" "C:/windows/system/drivers/" "Win32.Spamta.KG.worm" "A multi-component mass-mailing worm that downloads and executes files from the Internet."
35: "Spyware" "autorun" "Spyware.IMMonitor" "program that can be used to monitor and record conversations in popular instant messaging applications."
36: "Trojan" "C:/windows/system/mui/" "Win32.Clagger.C" "This is small Trojan downloader that downloads files and lowers security settings. It is spreading as an email attachment."
37: "Trojan" "C:/windows/system32/alg.exe" "Trojan.Alg.t" "Trojan program that can compromise your private information stored on the hard drive."
38: "Worm" "C:/windows/temp/" "Win32.Sdbot.ADN" "A worm and IRC backdoor that exploits system and software vulnerabilities in order to provide unmitigated remote access to the host machine."
J'ai passé SDFix.exe:
b]SDFix: Version 1.240 /b
Run by Administrateur on 11/01/2009 at 18:51
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services /b:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files /b:
No Trojan Files Found
Removing Temp Files
[b]ADS Check /b:
[b]Final Check /b:
driver loading error catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 18:58:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services /b:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ArcGIS\\Bin\\ArcCatalog.exe"="C:\\Program Files\\ArcGIS\\Bin\\ArcCatalog.exe:*:Enabled:ArcCatalog"
"C:\\Program Files\\ArcGIS\\Bin\\ArcGlobe.exe"="C:\\Program Files\\ArcGIS\\Bin\\ArcGlobe.exe:*:Enabled:ArcGlobe"
"C:\\Program Files\\ArcGIS\\Bin\\ArcReader.exe"="C:\\Program Files\\ArcGIS\\Bin\\ArcReader.exe:*:Enabled:ArcReader"
"C:\\Program Files\\ArcGIS\\Bin\\ArcScene.exe"="C:\\Program Files\\ArcGIS\\Bin\\ArcScene.exe:*:Enabled:ArcScene"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd:*:Disabled:Age of Empires II Expansion"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD:*:Disabled:Age of Empires II"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Steam\\steam.exe"="C:\\Program Files\\Steam\\steam.exe:*:Disabled:Steam"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[b]Remaining Files /b:
[b]Files with Hidden Attributes /b:
Fri 12 Mar 2004 54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Fri 12 Mar 2004 156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Fri 12 Mar 2004 31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Fri 21 Oct 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 21 Oct 2005 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv11.bak"
Tue 19 Jun 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Fri 21 Oct 2005 4,348 A..H. --- "C:\Documents and Settings\TROUILLET Laurent\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Mon 9 Apr 2007 401 A..H. --- "C:\Documents and Settings\TROUILLET Laurent\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Sat 5 Aug 2006 400 A..H. --- "C:\Documents and Settings\TROUILLET Laurent\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Mon 9 Apr 2007 20,480 A..H. --- "C:\Documents and Settings\TROUILLET Laurent\Mes documents\Ma musique\Sauvegarde de la licence\drmv2lic.bak"
Sun 30 Jul 2006 496,880 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\652df4481e78cf8db95f337e5e6fd06c\BIT32.tmp"
Sun 30 Jul 2006 498,416 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\a42f4d4aec80f787c077283561db7334\BIT31.tmp"
Sun 30 Jul 2006 2,302,800 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c7c7a391754ccb26fa038f9569884d16\BIT35.tmp"
Wed 24 Dec 2008 40,960 ...H. --- "C:\Documents and Settings\TROUILLET Laurent\Mes documents\Mon travail\M2 Am‚nagement\La Tour Phare\~WRL3080.tmp"
Sun 30 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\035933f8200812cad539195e91cbe107\download\BIT25.tmp"
Sun 30 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\15908649fc77adb6fd92a7a9d96363e8\download\BIT24.tmp"
Sun 30 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2188236ebfb773be9367bf47c988d6f4\download\BIT2A.tmp"
Sun 30 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2ffcd6f975143621cd7ba191a25e7dee\download\BIT20.tmp"
Sun 30 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\46b6215de5d83b8828fa6f76b79196ef\download\BIT1E.tmp"
Mon 31 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\6b5f484130e76f990053cd368ea0c649\download\BITF.tmp"
Mon 31 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\92187aedab601bb25548bba6adc50cc9\download\BIT10.tmp"
Sun 30 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\925c7afc2ba478434e358c78673b4a12\download\BIT23.tmp"
Sun 30 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\96323f4b2477b2d772cfb04f3513215f\download\BIT27.tmp"
Mon 31 Jul 2006 5,797,940 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\97e754582377d850e2164a4adca20caa\download\BIT19.tmp"
Sun 30 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\982e3592e6cb28f674d1d6319523b1b9\download\BIT26.tmp"
Sun 30 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\b2b9feec5d877dde28227c507e3c9f03\download\BIT1D.tmp"
Sun 30 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\bec6ccdc2e87326a059fbc24a1ba98c2\download\BIT28.tmp"
Sun 30 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\d34105cbc07cfc82a840c12d5e028679\download\BIT29.tmp"
Sun 30 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\eb54cd851acca1509d7ffb5dc4f80842\download\BIT1B.tmp"
Sun 30 Jul 2006 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Downlhttp://www.commentcamarche.net/forum/oad\S-1-5-18\fda4a07ab7a56c6d4616537d15334ad6\download\BIT1C.tmp"
Thu 30 Oct 2008 124,416 A..H. --- "C:\Documents and Settings\TROUILLET Laurent\Mes documents\Mon travail\M2 Am‚nagement\Atelier Projet Urbain\Louvres\Etape R‚ferences\zac kellemrann\~WRL2615.tmp"
Thu 11 Aug 2005 3,430,912 A..H. --- "C:\Documents and Settings\TROUILLET Laurent\Mes documents\Mon travail\M2 Am‚nagement\Atelier Projet Urbain\Louvres\PLU Louvres\RAPPORT DE PRESENTATION\diagnostic\~WRL2125.tmp"
Thu 18 Aug 2005 7,221,248 A..H. --- "C:\Documents and Settings\TROUILLET Laurent\Mes documents\Mon travail\M2 Am‚nagement\Atelier Projet Urbain\Louvres\PLU Louvres\RAPPORT DE PRESENTATION\justification des orientations du PADD\~WRL0843.tmp"
[b]Finished!/b
Puis Combofix.exe:
omboFix 09-01-10.03 - TROUILLET Laurent 2009-01-11 19:06:58.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1015.551 [GMT 1:00]
Lancé depuis: c:\documents and settings\TROUILLET Laurent\Bureau\d‚tection\ComboFix.exe
* Un nouveau point de restauration a été créé
.
[color=purple]Les fichiers ci-dessous ont été désactivés pendant l'exécution:/color
c:\program files\Tall Emu\Online Armor\OAWatch.dll
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\TROUILLET Laurent\Bureau\System Security.lnk
c:\documents and settings\TROUILLET Laurent\Menu D‚marrer\Programmes\System Security
c:\documents and settings\TROUILLET Laurent\Menu Démarrer\Programmes\System Security\System Security.lnk
c:\windows\Downloaded Program Files\setup.dll
c:\windows\system32\mfcans32.DLL
c:\windows\system32\mfcuia32.dll
c:\windows\system32\msrdo20.dll
c:\windows\system32\rdocurs.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-11 au 2009-01-11 ))))))))))))))))))))))))))))))))))))
.
2009-01-11 19:03 . 2009-01-11 19:04 <REP> d-------- C:\32788R22FWJFW
2009-01-11 18:44 . 2004-08-20 10:30 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage r‚seau
2009-01-11 18:44 . 2004-08-20 10:30 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-01-11 18:44 . 2004-08-20 10:30 <REP> d--h----- c:\documents and settings\Administrateur\ModŠles
2009-01-11 18:44 . 2004-08-20 10:42 <REP> dr------- c:\documents and settings\Administrateur\Mes documents
2009-01-11 18:44 . 2004-08-20 10:30 <REP> dr------- c:\documents and settings\Administrateur\Menu D‚marrer
2009-01-11 18:44 . 2005-10-19 10:15 <REP> dr------- c:\documents and settings\Administrateur\Favoris
2009-01-11 18:44 . 2005-10-19 10:15 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-01-11 18:44 . 2005-10-19 10:15 <REP> d-------- c:\documents and settings\Administrateur\Application Data\You've Got Pictures Screensaver
2009-01-11 18:44 . 2005-10-19 10:18 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Symantec
2009-01-11 18:44 . 2005-10-19 10:22 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Jasc Software Inc
2009-01-11 18:44 . 2005-10-19 10:09 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Intel
2009-01-11 18:44 . 2009-01-11 18:44 <REP> d-------- c:\documents and settings\Administrateur
2009-01-11 18:01 . 2009-01-11 18:01 579,584 --a------ c:\windows\system32\dllcache\user32.dll
2009-01-11 17:58 . 2009-01-11 17:58 <REP> d-------- c:\windows\ERUNT
2009-01-11 17:50 . 2009-01-11 19:00 <REP> d-------- C:\SDFix
2009-01-11 17:32 . 2009-01-11 17:32 <REP> d-------- c:\program files\CCleaner
2009-01-11 17:10 . 2009-01-11 17:10 <REP> d-------- c:\program files\Enigma Software Group
2009-01-11 16:54 . 2009-01-11 16:54 <REP> d-------- c:\program files\Tall Emu
2009-01-11 16:54 . 2009-01-11 19:02 <REP> d-------- c:\documents and settings\TROUILLET Laurent\Application Data\OnlineArmor
2009-01-11 16:54 . 2009-01-11 16:54 <REP> d-------- c:\documents and settings\All Users\Application Data\OnlineArmor
2009-01-11 16:54 . 2007-11-08 06:37 68,608 --a------ c:\windows\system32\drivers\OADriver.sys
2009-01-11 16:54 . 2007-09-29 00:06 25,600 --a------ c:\windows\system32\drivers\OAmon.sys
2009-01-11 16:54 . 2007-09-29 00:06 18,944 --a------ c:\windows\system32\drivers\ndisrd.sys
2009-01-11 16:52 . 2009-01-11 16:52 <REP> d-------- c:\program files\Lavasoft
2009-01-11 16:51 . 2009-01-11 16:51 <REP> d-------- c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-11 15:35 . 2009-01-11 15:35 <REP> d-------- c:\program files\Trend Micro
2009-01-11 15:06 . 2009-01-11 15:24 <REP> d-------- c:\program files\Navilog1
2009-01-11 14:55 . 2009-01-11 14:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-01-11 14:48 . 2009-01-11 14:48 <REP> d-------- c:\program files\Yahoo!
2009-01-11 11:00 . 2009-01-11 11:00 <REP> d-------- c:\documents and settings\All Users\Application Data\85806563
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 18:02 --------- d-----w c:\documents and settings\TROUILLET Laurent\Application Data\OpenOffice.org2
2009-01-11 15:52 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-11 14:06 --------- d-----w c:\program files\Google
2008-12-13 06:37 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 19:18 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-07 20:05 --------- d-----w c:\program files\AOL 9.0
2008-12-01 13:25 66,888 ----a-w c:\documents and settings\TROUILLET Laurent\Application Data\GDIPFONTCACHEV1.DAT
2008-11-25 18:16 --------- d-----w c:\program files\SFR
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:35 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-24 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 32881]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-10-19 98304]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-10-19 26112]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-20 266497]
"996003490"="c:\documents and settings\All Users\Application Data\85806563\996003490.exe" [2009-01-11 1843748]
"OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2007-11-16 5029952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\TROUILLET Laurent\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 393216]
c:\documents and settings\TROUILLET Laurent\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 393216]
c:\documents and settings\TROUILLET Laurent\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 393216]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\TALLEM~1\ONLINE~1\oaevent.dll" [2007-11-16 633344]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 16:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
R1 NDISRD;NDISRD;c:\windows\system32\drivers\ndisrd.sys [2009-01-11 18944]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2009-01-11 68608]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2009-01-11 25600]
S4 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [2009-01-11 4625984]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33c6c092-aa1c-11db-92d5-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contenu du dossier 'Tâches planifiées'
.
.
------- Examen supplémentaire -------
.
uStart Page = www.sfr.fr/kit/adsl/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = 192.168.1.3:80
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
c:\windows\Downloaded Program Files\setup.exe - O16 -: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51}
file://d:\arcreader\setup.exe
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 19:08:25
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc21.tmp"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(968)
c:\windows\system32\CLBCATQ.DLL
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Heure de fin: 2009-01-11 19:10:01
ComboFix-quarantined-files.txt 2009-01-11 18:09:54
Avant-CF: 32ÿ556ÿ613ÿ632 octets libres
AprÞs-CF: 32,551,165,952 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
187 --- E O F --- 2009-01-11 15:42:20
Et ensuite HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46:38, on 11/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\All Users\Application Data\85806563\996003490.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\Program Files\AOL Compagnon\companion.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\MonJack.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.sfr.fr/kit/adsl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.3:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (file missing)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [996003490] "C:\Documents and Settings\All Users\Application Data\85806563\996003490.exe"
O4 - HKLM\..\Run: [OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B91AEDBE-93DF-4017-8BB3-F1C300C0EC51} - file://D:\ArcReader\setup.exe
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (Contrôleur de DownloadManager) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
A voir également:
- InfectionPC portable
- Nettoyer ordinateur portable lent - Guide
- Réinitialiser pc portable - Guide
- Hwmonitor portable - Télécharger - Informations & Diagnostic
- Activer pavé tactile pc portable - Guide
- Test batterie pc portable - Guide
