Virus w32/horst.gen27
Fermé
didine21
Messages postés
4
Date d'inscription
samedi 21 février 2009
Statut
Membre
Dernière intervention
22 février 2009
-
21 févr. 2009 à 22:25
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 22 févr. 2009 à 18:36
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 22 févr. 2009 à 18:36
A voir également:
- Virus w32/horst.gen27
- Youtu.be virus - Accueil - Guide virus
- Svchost.exe virus - Guide
- Tinyurl.com virus - Forum Virus
- W32.malware.gen ✓ - Forum Virus
- Faux message virus ordinateur - Accueil - Arnaque
7 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
21 févr. 2009 à 23:09
21 févr. 2009 à 23:09
slt,
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
didine21
Messages postés
4
Date d'inscription
samedi 21 février 2009
Statut
Membre
Dernière intervention
22 février 2009
21 févr. 2009 à 23:47
21 févr. 2009 à 23:47
Merci pour ton aide
Voici le rapport
ComboFix 09-02-19.01 - NADINE 2009-02-21 23:30:29.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.894.350 [GMT 1:00]
Lancé depuis: c:\users\NADINE\Desktop\ComboFix.exe
AV: AntiVirus Firewall 7.00 *On-access scanning enabled* (Updated)
FW: AntiVirus Firewall 7.00 *disabled*
* Un nouveau point de restauration a été créé
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\GamesBar\oberontb.dll
c:\users\NADINE\AppData\Local\Temp\sessmgr.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-21 au 2009-02-21 ))))))))))))))))))))))))))))))))))))
.
2009-02-21 16:49 . 2009-02-21 16:49 <REP> d-------- c:\program files\Trend Micro
2009-02-16 08:20 . 2008-06-20 02:18 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-16 08:20 . 2008-06-20 02:17 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-16 08:20 . 2008-06-20 02:18 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-16 08:20 . 2008-06-20 02:17 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-16 08:20 . 2008-06-20 02:18 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-16 08:20 . 2008-06-20 02:17 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-16 08:20 . 2008-06-20 02:17 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-16 08:19 . 2008-06-20 02:18 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-16 08:17 . 2009-02-16 08:19 39,518,208 --a------ c:\windows\ocsetup_install_NetFx3.etl
2009-02-16 08:17 . 2009-02-16 08:19 49,152 --a------ c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-02-16 08:17 . 2009-02-16 08:19 16,384 --a------ c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-02-16 08:09 . 2008-07-27 19:00 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-16 08:09 . 2008-07-27 19:00 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-16 08:09 . 2008-07-27 19:00 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-16 08:09 . 2008-07-27 19:00 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-16 08:08 . 2008-07-27 19:00 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-16 07:54 . 2008-12-05 05:29 428,032 --a------ c:\windows\System32\EncDec.dll
2009-02-16 07:53 . 2008-12-05 05:29 1,244,672 --a------ c:\windows\System32\mcmde.dll
2009-02-16 07:53 . 2008-12-05 05:29 292,352 --a------ c:\windows\System32\psisdecd.dll
2009-02-16 07:53 . 2008-12-05 05:29 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-16 07:53 . 2008-12-05 05:29 177,152 --a------ c:\windows\System32\mpg2splt.ax
2009-02-16 07:53 . 2008-12-05 05:29 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-16 07:53 . 2008-12-05 05:29 68,608 --a------ c:\windows\System32\Mpeg2Data.ax
2009-02-16 07:53 . 2008-12-05 05:29 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2009-02-11 08:38 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\System32\D3DX9_37.dll
2009-02-11 08:38 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\System32\d3dx9_35.dll
2009-02-11 08:38 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\System32\d3dx9_34.dll
2009-02-11 07:30 . 2009-02-11 07:30 <REP> d-------- c:\users\NADINE\AppData\Roaming\Leadertech
2009-02-09 20:09 . 2009-02-09 20:09 <REP> d-------- c:\program files\SystemRequirementsLab
2009-02-09 14:21 . 2009-02-09 14:21 <REP> d-------- c:\users\NADINE\AppData\Roaming\Ace
2009-02-09 14:16 . 2009-02-09 14:16 <REP> d-------- c:\program files\THQ
2009-02-08 10:30 . 2009-02-08 10:30 <REP> d-------- c:\program files\Ubi Soft
2009-02-07 20:38 . 2009-02-07 20:43 <REP> d-------- c:\users\All Users\Lea passion Mode
2009-02-07 20:38 . 2009-02-07 20:43 <REP> d-------- c:\programdata\Lea passion Mode
2009-02-07 16:53 . 2009-02-07 16:53 <REP> d-------- c:\users\NADINE\AppData\Roaming\Ahead
2009-02-07 16:49 . 2009-02-07 16:49 <REP> d-------- c:\users\All Users\Nero
2009-02-07 16:49 . 2009-02-07 16:49 <REP> d-------- c:\programdata\Nero
2009-02-07 16:49 . 2009-02-07 16:49 <REP> d-------- c:\program files\Nero
2009-02-06 19:39 . 2009-02-06 19:39 308,600 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\System32\sirenacm.dll
2009-02-06 13:16 . 2009-02-06 13:16 0 --a------ c:\windows\ativpsrm.bin
2009-02-06 13:12 . 2009-02-06 13:12 <REP> d-------- C:\ATI
2009-02-06 08:07 . 2009-02-19 23:26 <REP> d-------- c:\users\All Users\ma-config.com
2009-02-06 08:07 . 2009-02-19 23:26 <REP> d-------- c:\programdata\ma-config.com
2009-02-06 08:07 . 2009-02-19 23:26 <REP> d-------- c:\program files\ma-config.com
2009-02-05 23:29 . 2009-02-05 23:29 <REP> d-------- c:\users\NADINE\AppData\Roaming\Emme
2009-01-28 23:34 . 2009-01-28 23:34 410,984 --a------ c:\windows\System32\deploytk.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-21 22:32 --------- d-----w c:\program files\GamesBar
2009-02-21 13:20 --------- d-----w c:\programdata\Google Updater
2009-02-21 10:15 --------- d-----w c:\program files\Windows Live
2009-02-21 08:48 --------- d-----w c:\users\NADINE\AppData\Roaming\Media Player
2009-02-20 09:35 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-11 11:01 --------- d-----w c:\program files\Windows Mail
2009-02-08 12:21 --------- d-----w c:\program files\Lecteur CANALPLAY
2009-02-07 22:15 --------- d-----w c:\program files\AviSynth 2.5
2009-02-07 16:14 --------- d---a-w c:\programdata\TEMP
2009-02-07 15:50 --------- d-----w c:\programdata\Ahead
2009-02-07 15:50 --------- d-----w c:\program files\Common Files\Ahead
2009-02-03 06:47 --------- d-----w c:\users\NADINE\AppData\Roaming\iWin
2009-01-15 04:16 826,368 ----a-w c:\windows\System32\wininet.dll
2009-01-15 04:16 56,320 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-15 04:15 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2009-01-14 07:15 4,235,776 ----a-w c:\windows\system32\drivers\atikmdag.sys
2009-01-14 05:03 425,984 ----a-w c:\windows\System32\ATIDEMGX.dll
2009-01-14 05:02 159,744 ----a-w c:\windows\System32\atitmmxx.dll
2009-01-14 05:01 43,520 ----a-w c:\windows\System32\ati2edxx.dll
2009-01-14 05:01 348,160 ----a-w c:\windows\System32\atipdlxx.dll
2009-01-14 05:01 286,720 ----a-w c:\windows\System32\Ati2evxx.dll
2009-01-14 05:01 274,432 ----a-w c:\windows\System32\Oemdspif.dll
2009-01-14 04:59 729,088 ----a-w c:\windows\System32\Ati2evxx.exe
2009-01-14 04:44 3,963,392 ----a-w c:\windows\System32\atiumdag.dll
2009-01-14 04:22 4,765,696 ----a-w c:\windows\System32\atiumdva.dll
2009-01-14 04:08 50,688 ----a-w c:\windows\System32\amdpcom32.dll
2009-01-14 04:07 122,880 ----a-w c:\windows\System32\atiadlxx.dll
2009-01-14 03:59 11,247,616 ----a-w c:\windows\System32\atioglxx.dll
2009-01-14 03:50 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-01-14 02:54 57,344 ----a-w c:\windows\System32\amdcalrt.dll
2009-01-14 02:53 53,248 ----a-w c:\windows\System32\amdcalcl.dll
2009-01-14 02:51 3,239,936 ----a-w c:\windows\System32\amdcaldd.dll
2008-12-29 11:17 --------- d-----w c:\programdata\EmailNotifier
2008-12-27 17:18 --------- d-----w c:\program files\Red Kawa
2008-12-12 10:02 174 --sha-w c:\program files\desktop.ini
2008-10-12 15:37 905 ----a-w c:\program files\uninstal.log
2008-11-16 16:31 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-11-16 16:31 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-11-16 16:31 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-18 68856]
"OrangePlayer"="c:\program files\Orange\Media Player\Media Player.exe" [2008-12-02 319488]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"F-Secure Manager"="c:\program files\Orange\AntivirusFirewall\Common\FSM32.EXE" [2007-06-13 176177]
"F-Secure TNB"="c:\program files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" [2007-06-13 733184]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2008-02-21 1647912]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 c:\windows\RtHDVCpl.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OrangePlayer"="c:\program files\Orange\Media Player\Media Player.exe" [2008-12-02 319488]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-13 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\ACERZO~1\ACERZO~2\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{755DDF93-2A40-464C-8E19-14D57FDFE54C}"= UDP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{9E139F13-729C-48A3-A542-F8D1B9041878}"= TCP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{083C222B-2E43-435E-A4FA-69B43D170DBD}"= UDP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{CCAC3715-6F13-4B05-AFE8-9CB066D07D09}"= TCP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{7A11D0DC-4B4D-4D6B-9395-1FB0BB02F739}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{CAEDC0A9-FA60-4B8B-8EB7-4679892F69D7}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{3CF0A38F-BDCA-4850-B9CC-79DA144B0CA6}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{801EC1BA-4EA4-4830-8FE6-B53B0271F818}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{25C8D0F9-7579-488A-9363-C9EC507F3255}"= UDP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{8C209F36-3196-43EF-AEA2-F7691A219A8D}"= TCP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"TCP Query User{A6B0B88A-F61B-4F64-931E-CD922A791D0A}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{02027374-4E03-4C6E-8F0B-902B6F854324}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{4AF14319-7188-4F48-8034-80726D109AB7}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{AA68DA61-C0FE-4559-8D72-7572FBF4B88F}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
"TCP Query User{EF9F3667-A3AF-4A0F-8FD3-60C32041D636}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{E5A540EC-1495-4C49-9B39-DEC47EB17B10}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{96F1E7DC-5206-46CA-AB72-BFE6CC656092}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{EB2E29E7-E5AB-4541-90EA-CA23137A3CB1}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
"TCP Query User{14838634-59C2-4C14-A0F7-58444261C217}c:\\program files\\ubisoft\\splinter cell pandora tomorrow\\pandora.exe"= UDP:c:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe:pandora
"UDP Query User{5F136960-4BBE-446E-A834-038928D23D0A}c:\\program files\\ubisoft\\splinter cell pandora tomorrow\\pandora.exe"= TCP:c:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe:pandora
"TCP Query User{760A39E4-7316-40D4-8BBD-C71C3E3224D1}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{BB91D7EB-F20D-4642-B40C-329AFB735F00}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{A3E3F4BF-F174-44AD-80E7-B94B2AFB4982}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{9625BD1C-EAB9-448C-8018-504E527AD8F2}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{341C9A1E-5E2F-4A57-B4EC-2BD7D33274D6}d:\\tv ants\\tvants\\tvants.exe"= UDP:d:\tv ants\tvants\tvants.exe:TVAnts
"UDP Query User{6863F4D6-5295-4A0D-816F-49444F3C66A2}d:\\tv ants\\tvants\\tvants.exe"= TCP:d:\tv ants\tvants\tvants.exe:TVAnts
"TCP Query User{4A358201-FCE9-48FD-9C70-C37C55684E2F}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{1D5403FA-DC1D-47AC-9EC0-912B037083AA}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"{9E02F63E-19DC-4CA1-84DC-9CA2BB87343E}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{A3C6045A-8EA9-4CFA-B960-4D743490F569}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{D22CFAA6-5532-4087-B1ED-2BEC1D89AD42}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{23E96367-86E4-4474-B102-81B7B20EAB73}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{A6FAF2E2-CA90-4171-836E-BA43EE802D25}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\Orange\AntivirusFirewall\HIPS\fshs.sys [2008-04-11 41184]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [2008-04-11 28000]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2008-04-11 60064]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsvista.sys [2008-04-11 6144]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [2008-04-11 52736]
R3 PAC7302;PAC7302 VGA USB Camera;c:\windows\System32\drivers\PAC7302.SYS [2008-04-11 457856]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\System32\drivers\e4ldr.sys [2008-04-11 69656]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\System32\drivers\e4usbaw.sys [2008-04-11 104344]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [2008-04-11 28224]
S3 Service CANALPLAY;Service CANALPLAY;d:\canal plus player\CanalPlayService.exe [2009-02-08 431776]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Orange\AntivirusFirewall\Anti-Virus\win2k\fsfilter.sys [2008-04-11 33024]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Orange\AntivirusFirewall\Anti-Virus\win2k\fsrec.sys [2008-04-11 18432]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4eddd62f-9c27-11dd-ac45-0019db78bc6b}]
\shell\AutoRun\command - K:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a4b146a-b54a-11dd-bf8f-0019db78bc6b}]
\shell\Auto\command - cmd /C launch.bat
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
.
Contenu du dossier 'Tâches planifiées'
2009-02-21 c:\windows\Tasks\User_Feed_Synchronization-{C561FCDA-04D5-4A97-AE3F-FF26873B2BAA}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.orange.fr/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
Trusted Zone: canalplay.com
Trusted Zone: canalplusactive.com
Trusted Zone: canalplay.com
Trusted Zone: canalplusactive.com
TCP: {33417D56-5BD1-4033-BD59-4783FF91B01D} = 80.10.246.1,192.168.1.1
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://ma-config.com/activex/hardwaredetection_3_1_1_0.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-21 23:38:10
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(732)
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc.dll
- - - - - - - > 'lsass.exe'(624)
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc.dll
- - - - - - - > 'csrss.exe'(508)
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc.dll
- - - - - - - > 'csrss.exe'(580)
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc.dll
.
Heure de fin: 2009-02-21 23:41:07
ComboFix-quarantined-files.txt 2009-02-21 22:41:03
Avant-CF: 50 859 192 320 octets libres
Après-CF: 50,564,890,624 octets libres
242 --- E O F --- 2009-02-19 18:47:49
Voici le rapport
ComboFix 09-02-19.01 - NADINE 2009-02-21 23:30:29.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.894.350 [GMT 1:00]
Lancé depuis: c:\users\NADINE\Desktop\ComboFix.exe
AV: AntiVirus Firewall 7.00 *On-access scanning enabled* (Updated)
FW: AntiVirus Firewall 7.00 *disabled*
* Un nouveau point de restauration a été créé
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\GamesBar\oberontb.dll
c:\users\NADINE\AppData\Local\Temp\sessmgr.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-01-21 au 2009-02-21 ))))))))))))))))))))))))))))))))))))
.
2009-02-21 16:49 . 2009-02-21 16:49 <REP> d-------- c:\program files\Trend Micro
2009-02-16 08:20 . 2008-06-20 02:18 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-16 08:20 . 2008-06-20 02:17 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-16 08:20 . 2008-06-20 02:18 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-16 08:20 . 2008-06-20 02:17 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-16 08:20 . 2008-06-20 02:18 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-16 08:20 . 2008-06-20 02:17 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-16 08:20 . 2008-06-20 02:17 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-16 08:19 . 2008-06-20 02:18 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-16 08:17 . 2009-02-16 08:19 39,518,208 --a------ c:\windows\ocsetup_install_NetFx3.etl
2009-02-16 08:17 . 2009-02-16 08:19 49,152 --a------ c:\windows\ocsetup_cbs_install_NetFx3.perf
2009-02-16 08:17 . 2009-02-16 08:19 16,384 --a------ c:\windows\ocsetup_cbs_install_NetFx3.dpx
2009-02-16 08:09 . 2008-07-27 19:00 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-16 08:09 . 2008-07-27 19:00 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-16 08:09 . 2008-07-27 19:00 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-16 08:09 . 2008-07-27 19:00 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-16 08:08 . 2008-07-27 19:00 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-16 07:54 . 2008-12-05 05:29 428,032 --a------ c:\windows\System32\EncDec.dll
2009-02-16 07:53 . 2008-12-05 05:29 1,244,672 --a------ c:\windows\System32\mcmde.dll
2009-02-16 07:53 . 2008-12-05 05:29 292,352 --a------ c:\windows\System32\psisdecd.dll
2009-02-16 07:53 . 2008-12-05 05:29 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-16 07:53 . 2008-12-05 05:29 177,152 --a------ c:\windows\System32\mpg2splt.ax
2009-02-16 07:53 . 2008-12-05 05:29 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-16 07:53 . 2008-12-05 05:29 68,608 --a------ c:\windows\System32\Mpeg2Data.ax
2009-02-16 07:53 . 2008-12-05 05:29 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2009-02-11 08:38 . 2008-03-05 15:56 3,786,760 --a------ c:\windows\System32\D3DX9_37.dll
2009-02-11 08:38 . 2007-07-19 18:14 3,727,720 --a------ c:\windows\System32\d3dx9_35.dll
2009-02-11 08:38 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\System32\d3dx9_34.dll
2009-02-11 07:30 . 2009-02-11 07:30 <REP> d-------- c:\users\NADINE\AppData\Roaming\Leadertech
2009-02-09 20:09 . 2009-02-09 20:09 <REP> d-------- c:\program files\SystemRequirementsLab
2009-02-09 14:21 . 2009-02-09 14:21 <REP> d-------- c:\users\NADINE\AppData\Roaming\Ace
2009-02-09 14:16 . 2009-02-09 14:16 <REP> d-------- c:\program files\THQ
2009-02-08 10:30 . 2009-02-08 10:30 <REP> d-------- c:\program files\Ubi Soft
2009-02-07 20:38 . 2009-02-07 20:43 <REP> d-------- c:\users\All Users\Lea passion Mode
2009-02-07 20:38 . 2009-02-07 20:43 <REP> d-------- c:\programdata\Lea passion Mode
2009-02-07 16:53 . 2009-02-07 16:53 <REP> d-------- c:\users\NADINE\AppData\Roaming\Ahead
2009-02-07 16:49 . 2009-02-07 16:49 <REP> d-------- c:\users\All Users\Nero
2009-02-07 16:49 . 2009-02-07 16:49 <REP> d-------- c:\programdata\Nero
2009-02-07 16:49 . 2009-02-07 16:49 <REP> d-------- c:\program files\Nero
2009-02-06 19:39 . 2009-02-06 19:39 308,600 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\System32\sirenacm.dll
2009-02-06 13:16 . 2009-02-06 13:16 0 --a------ c:\windows\ativpsrm.bin
2009-02-06 13:12 . 2009-02-06 13:12 <REP> d-------- C:\ATI
2009-02-06 08:07 . 2009-02-19 23:26 <REP> d-------- c:\users\All Users\ma-config.com
2009-02-06 08:07 . 2009-02-19 23:26 <REP> d-------- c:\programdata\ma-config.com
2009-02-06 08:07 . 2009-02-19 23:26 <REP> d-------- c:\program files\ma-config.com
2009-02-05 23:29 . 2009-02-05 23:29 <REP> d-------- c:\users\NADINE\AppData\Roaming\Emme
2009-01-28 23:34 . 2009-01-28 23:34 410,984 --a------ c:\windows\System32\deploytk.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-21 22:32 --------- d-----w c:\program files\GamesBar
2009-02-21 13:20 --------- d-----w c:\programdata\Google Updater
2009-02-21 10:15 --------- d-----w c:\program files\Windows Live
2009-02-21 08:48 --------- d-----w c:\users\NADINE\AppData\Roaming\Media Player
2009-02-20 09:35 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-11 11:01 --------- d-----w c:\program files\Windows Mail
2009-02-08 12:21 --------- d-----w c:\program files\Lecteur CANALPLAY
2009-02-07 22:15 --------- d-----w c:\program files\AviSynth 2.5
2009-02-07 16:14 --------- d---a-w c:\programdata\TEMP
2009-02-07 15:50 --------- d-----w c:\programdata\Ahead
2009-02-07 15:50 --------- d-----w c:\program files\Common Files\Ahead
2009-02-03 06:47 --------- d-----w c:\users\NADINE\AppData\Roaming\iWin
2009-01-15 04:16 826,368 ----a-w c:\windows\System32\wininet.dll
2009-01-15 04:16 56,320 ----a-w c:\windows\System32\iesetup.dll
2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-15 04:15 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2009-01-14 07:15 4,235,776 ----a-w c:\windows\system32\drivers\atikmdag.sys
2009-01-14 05:03 425,984 ----a-w c:\windows\System32\ATIDEMGX.dll
2009-01-14 05:02 159,744 ----a-w c:\windows\System32\atitmmxx.dll
2009-01-14 05:01 43,520 ----a-w c:\windows\System32\ati2edxx.dll
2009-01-14 05:01 348,160 ----a-w c:\windows\System32\atipdlxx.dll
2009-01-14 05:01 286,720 ----a-w c:\windows\System32\Ati2evxx.dll
2009-01-14 05:01 274,432 ----a-w c:\windows\System32\Oemdspif.dll
2009-01-14 04:59 729,088 ----a-w c:\windows\System32\Ati2evxx.exe
2009-01-14 04:44 3,963,392 ----a-w c:\windows\System32\atiumdag.dll
2009-01-14 04:22 4,765,696 ----a-w c:\windows\System32\atiumdva.dll
2009-01-14 04:08 50,688 ----a-w c:\windows\System32\amdpcom32.dll
2009-01-14 04:07 122,880 ----a-w c:\windows\System32\atiadlxx.dll
2009-01-14 03:59 11,247,616 ----a-w c:\windows\System32\atioglxx.dll
2009-01-14 03:50 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2009-01-14 02:54 57,344 ----a-w c:\windows\System32\amdcalrt.dll
2009-01-14 02:53 53,248 ----a-w c:\windows\System32\amdcalcl.dll
2009-01-14 02:51 3,239,936 ----a-w c:\windows\System32\amdcaldd.dll
2008-12-29 11:17 --------- d-----w c:\programdata\EmailNotifier
2008-12-27 17:18 --------- d-----w c:\program files\Red Kawa
2008-12-12 10:02 174 --sha-w c:\program files\desktop.ini
2008-10-12 15:37 905 ----a-w c:\program files\uninstal.log
2008-11-16 16:31 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-11-16 16:31 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-11-16 16:31 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" [?]
"?????????"="??????????????e" [?]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-18 68856]
"OrangePlayer"="c:\program files\Orange\Media Player\Media Player.exe" [2008-12-02 319488]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 90112]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-11-23 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 453120]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"F-Secure Manager"="c:\program files\Orange\AntivirusFirewall\Common\FSM32.EXE" [2007-06-13 176177]
"F-Secure TNB"="c:\program files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" [2007-06-13 733184]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NBKeyScan"="c:\program files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe" [2008-02-21 1647912]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-01 c:\windows\RtHDVCpl.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OrangePlayer"="c:\program files\Orange\Media Player\Media Player.exe" [2008-12-02 319488]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-13 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\ACERZO~1\ACERZO~2\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{755DDF93-2A40-464C-8E19-14D57FDFE54C}"= UDP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{9E139F13-729C-48A3-A542-F8D1B9041878}"= TCP:c:\program files\Acer Zone\Acer Zone Main Page\MCE Deluxe Suite.exe:CyberLink MCE Deluxe Suite
"{083C222B-2E43-435E-A4FA-69B43D170DBD}"= UDP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{CCAC3715-6F13-4B05-AFE8-9CB066D07D09}"= TCP:c:\program files\Acer Zone\Acer Picture Slide DVD\Component\CLSLDVD.exe:Cyberlink Picture Slide DVD workprocess
"{7A11D0DC-4B4D-4D6B-9395-1FB0BB02F739}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{CAEDC0A9-FA60-4B8B-8EB7-4679892F69D7}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\ARAWP.exe:Cyberlink Plug and Record ARA workprocess
"{3CF0A38F-BDCA-4850-B9CC-79DA144B0CA6}"= UDP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{801EC1BA-4EA4-4830-8FE6-B53B0271F818}"= TCP:c:\program files\Acer Zone\Acer Plug and Record\Component\DVAX2Process.exe:Cyberlink Plug and Record AVAX workprocess
"{25C8D0F9-7579-488A-9363-C9EC507F3255}"= UDP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"{8C209F36-3196-43EF-AEA2-F7691A219A8D}"= TCP:c:\program files\Acer Zone\Acer Zone SoftDMA\SoftDMA.exe:CyberLink SoftDMA
"TCP Query User{A6B0B88A-F61B-4F64-931E-CD922A791D0A}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{02027374-4E03-4C6E-8F0B-902B6F854324}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{4AF14319-7188-4F48-8034-80726D109AB7}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{AA68DA61-C0FE-4559-8D72-7572FBF4B88F}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
"TCP Query User{EF9F3667-A3AF-4A0F-8FD3-60C32041D636}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{E5A540EC-1495-4C49-9B39-DEC47EB17B10}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{96F1E7DC-5206-46CA-AB72-BFE6CC656092}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{EB2E29E7-E5AB-4541-90EA-CA23137A3CB1}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Volet Windows
"TCP Query User{14838634-59C2-4C14-A0F7-58444261C217}c:\\program files\\ubisoft\\splinter cell pandora tomorrow\\pandora.exe"= UDP:c:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe:pandora
"UDP Query User{5F136960-4BBE-446E-A834-038928D23D0A}c:\\program files\\ubisoft\\splinter cell pandora tomorrow\\pandora.exe"= TCP:c:\program files\ubisoft\splinter cell pandora tomorrow\pandora.exe:pandora
"TCP Query User{760A39E4-7316-40D4-8BBD-C71C3E3224D1}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{BB91D7EB-F20D-4642-B40C-329AFB735F00}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{A3E3F4BF-F174-44AD-80E7-B94B2AFB4982}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{9625BD1C-EAB9-448C-8018-504E527AD8F2}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{341C9A1E-5E2F-4A57-B4EC-2BD7D33274D6}d:\\tv ants\\tvants\\tvants.exe"= UDP:d:\tv ants\tvants\tvants.exe:TVAnts
"UDP Query User{6863F4D6-5295-4A0D-816F-49444F3C66A2}d:\\tv ants\\tvants\\tvants.exe"= TCP:d:\tv ants\tvants\tvants.exe:TVAnts
"TCP Query User{4A358201-FCE9-48FD-9C70-C37C55684E2F}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{1D5403FA-DC1D-47AC-9EC0-912B037083AA}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"{9E02F63E-19DC-4CA1-84DC-9CA2BB87343E}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{A3C6045A-8EA9-4CFA-B960-4D743490F569}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{D22CFAA6-5532-4087-B1ED-2BEC1D89AD42}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{23E96367-86E4-4474-B102-81B7B20EAB73}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{A6FAF2E2-CA90-4171-836E-BA43EE802D25}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 F-Secure HIPS;F-Secure HIPS;c:\program files\Orange\AntivirusFirewall\HIPS\fshs.sys [2008-04-11 41184]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [2008-04-11 28000]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2008-04-11 60064]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsvista.sys [2008-04-11 6144]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Orange\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [2008-04-11 52736]
R3 PAC7302;PAC7302 VGA USB Camera;c:\windows\System32\drivers\PAC7302.SYS [2008-04-11 457856]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\System32\drivers\e4ldr.sys [2008-04-11 69656]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\System32\drivers\e4usbaw.sys [2008-04-11 104344]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [2008-04-11 28224]
S3 Service CANALPLAY;Service CANALPLAY;d:\canal plus player\CanalPlayService.exe [2009-02-08 431776]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Orange\AntivirusFirewall\Anti-Virus\win2k\fsfilter.sys [2008-04-11 33024]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Orange\AntivirusFirewall\Anti-Virus\win2k\fsrec.sys [2008-04-11 18432]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4eddd62f-9c27-11dd-ac45-0019db78bc6b}]
\shell\AutoRun\command - K:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a4b146a-b54a-11dd-bf8f-0019db78bc6b}]
\shell\Auto\command - cmd /C launch.bat
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat
.
Contenu du dossier 'Tâches planifiées'
2009-02-21 c:\windows\Tasks\User_Feed_Synchronization-{C561FCDA-04D5-4A97-AE3F-FF26873B2BAA}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 10:45]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.orange.fr/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
Trusted Zone: canalplay.com
Trusted Zone: canalplusactive.com
Trusted Zone: canalplay.com
Trusted Zone: canalplusactive.com
TCP: {33417D56-5BD1-4033-BD59-4783FF91B01D} = 80.10.246.1,192.168.1.1
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://ma-config.com/activex/hardwaredetection_3_1_1_0.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-21 23:38:10
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(732)
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc.dll
- - - - - - - > 'lsass.exe'(624)
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc.dll
- - - - - - - > 'csrss.exe'(508)
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc.dll
- - - - - - - > 'csrss.exe'(580)
c:\program files\Orange\AntivirusFirewall\FWES\Program\fsdc.dll
.
Heure de fin: 2009-02-21 23:41:07
ComboFix-quarantined-files.txt 2009-02-21 22:41:03
Avant-CF: 50 859 192 320 octets libres
Après-CF: 50,564,890,624 octets libres
242 --- E O F --- 2009-02-19 18:47:49
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
21 févr. 2009 à 23:55
21 févr. 2009 à 23:55
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
_______________
et
colle un scan en ligne de chez bitdefender
http://www.bitdefender.fr/scan_fr/scan8/ie.html
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
_______________
et
colle un scan en ligne de chez bitdefender
http://www.bitdefender.fr/scan_fr/scan8/ie.html
didine21
Messages postés
4
Date d'inscription
samedi 21 février 2009
Statut
Membre
Dernière intervention
22 février 2009
22 févr. 2009 à 00:21
22 févr. 2009 à 00:21
Logfile of random's system information tool 1.05 (written by random/random)
Run by NADINE at 2009-02-22 00:04:00
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 47 GB (65%) free of 73 GB
Total RAM: 894 MB (37% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:04:30, on 22/02/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\PixArt\Pac7302\Monitor.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Orange\Media Player\Media Player.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Users\NADINE\Desktop\RSIT.exe
C:\Program Files\trend micro\NADINE.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OrangePlayer] C:\Program Files\Orange\Media Player\Media Player.exe /systray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [OrangePlayer] C:\Program Files\Orange\Media Player\Media Player.exe /systray (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OrangePlayer] C:\Program Files\Orange\Media Player\Media Player.exe /systray (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O13 - Gopher Prefix:
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://ma-config.com/activex/hardwaredetection_3_1_1_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33417D56-5BD1-4033-BD59-4783FF91B01D}: NameServer = 80.10.246.1,192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{33417D56-5BD1-4033-BD59-4783FF91B01D}: NameServer = 80.10.246.1,192.168.1.1
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Service CANALPLAY - Canal+ Active - D:\canal plus player\CanalPlayService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe
Run by NADINE at 2009-02-22 00:04:00
Microsoft® Windows Vista™ Édition Familiale Premium
System drive C: has 47 GB (65%) free of 73 GB
Total RAM: 894 MB (37% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:04:30, on 22/02/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\PixArt\Pac7302\Monitor.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Orange\Media Player\Media Player.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Orange\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Users\NADINE\Desktop\RSIT.exe
C:\Program Files\trend micro\NADINE.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Orange\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Orange\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OrangePlayer] C:\Program Files\Orange\Media Player\Media Player.exe /systray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [OrangePlayer] C:\Program Files\Orange\Media Player\Media Player.exe /systray (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [OrangePlayer] C:\Program Files\Orange\Media Player\Media Player.exe /systray (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O13 - Gopher Prefix:
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://ma-config.com/activex/hardwaredetection_3_1_1_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33417D56-5BD1-4033-BD59-4783FF91B01D}: NameServer = 80.10.246.1,192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{33417D56-5BD1-4033-BD59-4783FF91B01D}: NameServer = 80.10.246.1,192.168.1.1
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Orange\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Service CANALPLAY - Canal+ Active - D:\canal plus player\CanalPlayService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\Windows\system32\UAService7.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
22 févr. 2009 à 00:27
22 févr. 2009 à 00:27
c'est quoi le disque K?
sinon a la place de bitdefender colle un scan de panda
https://www.pandasecurity.com/fr/homeusers/online-antivirus/
ou un de f secure pour voir
sinon a la place de bitdefender colle un scan de panda
https://www.pandasecurity.com/fr/homeusers/online-antivirus/
ou un de f secure pour voir
didine21
Messages postés
4
Date d'inscription
samedi 21 février 2009
Statut
Membre
Dernière intervention
22 février 2009
22 févr. 2009 à 16:52
22 févr. 2009 à 16:52
salut
désolée de ne pas avoir répondu avant, mais hier soir tout à bloquer et il m'était impossible de me reconnecter sur internet donc impossible de voir ma messagerie.
J'ai été obligée de reformater mon disue dur pour retrouver ma connection internet.
Dons merci quand meme pour ton aide .
désolée de ne pas avoir répondu avant, mais hier soir tout à bloquer et il m'était impossible de me reconnecter sur internet donc impossible de voir ma messagerie.
J'ai été obligée de reformater mon disue dur pour retrouver ma connection internet.
Dons merci quand meme pour ton aide .
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
22 févr. 2009 à 18:36
22 févr. 2009 à 18:36
ok
bonne suite
bonne suite
