Suis-je infecter???
Fermé
informaticologue
Messages postés
332
Date d'inscription
lundi 14 juillet 2008
Statut
Membre
Dernière intervention
26 février 2011
-
28 févr. 2009 à 21:32
informaticologue Messages postés 332 Date d'inscription lundi 14 juillet 2008 Statut Membre Dernière intervention 26 février 2011 - 3 mars 2009 à 16:19
informaticologue Messages postés 332 Date d'inscription lundi 14 juillet 2008 Statut Membre Dernière intervention 26 février 2011 - 3 mars 2009 à 16:19
A voir également:
- Suis-je infecter???
- Salut comme vous l'avez peut-être remarqué, je vous ai envoyé un e-mail depuis votre compte de messagerie. cela signifie que j'ai un accès complet à votre compte de messagerie. je t'observe depuis quelques mois maintenant. le fait est que vous avez été infecté par un cheval de troie via un site pour adultes que vous avez visité. si vous n'êtes pas familier avec cela, je vais vous expliquer. ✓ - Forum Consommation et internet
- Infecter?? - Forum Virus / Sécurité
- Quelles actions sont susceptibles d'infecter un ordinateur pix - Forum Actualités High-Tech
- Suis je infecté - Forum Virus / Sécurité
- Je suis infecter mais malwarebytes et bitdefender ne trouve rien - Forum Virus / Sécurité
30 réponses
informaticologue
Messages postés
332
Date d'inscription
lundi 14 juillet 2008
Statut
Membre
Dernière intervention
26 février 2011
10
1 mars 2009 à 19:21
1 mars 2009 à 19:21
RSIT ????
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
1 mars 2009 à 19:24
1 mars 2009 à 19:24
- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
- Double-clique sur RSIT.exe afin de lancer le programme.
- Clique sur Continue à l'écran Disclaimer.
- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
- Double-clique sur RSIT.exe afin de lancer le programme.
- Clique sur Continue à l'écran Disclaimer.
- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Note : Les rapports sont sauvegardés dans le dossier C:\rsit.
informaticologue
Messages postés
332
Date d'inscription
lundi 14 juillet 2008
Statut
Membre
Dernière intervention
26 février 2011
10
1 mars 2009 à 19:34
1 mars 2009 à 19:34
voila le rapport
Logfile of random's system information tool 1.05 (written by random/random)
Run by Jules at 2009-03-01 19:26:06
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 195 GB (41%) free of 469 GB
Total RAM: 2046 MB (43% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:17, on 01/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\systray\systrayapp.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Windows\System32\mobsync.exe
C:\Windows\explorer.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\msfeedssync.exe
C:\Users\Jules\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jules.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [AGCoreCleanup] CMD /C RD /S /Q "C:/Program Files/AGI"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE RÉSEAU')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{940BE514-C863-41EE-94FE-5B6E28A8ED8A}: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.133,85.255.112.195
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
Logfile of random's system information tool 1.05 (written by random/random)
Run by Jules at 2009-03-01 19:26:06
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 195 GB (41%) free of 469 GB
Total RAM: 2046 MB (43% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:17, on 01/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\systray\systrayapp.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Windows\System32\mobsync.exe
C:\Windows\explorer.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\msfeedssync.exe
C:\Users\Jules\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Jules.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [AGCoreCleanup] CMD /C RD /S /Q "C:/Program Files/AGI"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE RÉSEAU')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{940BE514-C863-41EE-94FE-5B6E28A8ED8A}: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.133,85.255.112.195
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.133,85.255.112.195
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
informaticologue
Messages postés
332
Date d'inscription
lundi 14 juillet 2008
Statut
Membre
Dernière intervention
26 février 2011
10
2 mars 2009 à 18:53
2 mars 2009 à 18:53
Destrio je n'arrive pas a le télécharger j'ai une page Erreur de chargement de la page
Nouveau symptôme je dois cliquer deux fois pour me rendre sur un site a partir de google la premiere j'ai une page qui me dit de télécharger E-mule
Nouveau symptôme je dois cliquer deux fois pour me rendre sur un site a partir de google la premiere j'ai une page qui me dit de télécharger E-mule
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
2 mars 2009 à 19:49
2 mars 2009 à 19:49
--> Désactive l'UAC le temps de la désinfection.
/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\
--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur afin de le lancer.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\
--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur afin de le lancer.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
informaticologue
Messages postés
332
Date d'inscription
lundi 14 juillet 2008
Statut
Membre
Dernière intervention
26 février 2011
10
3 mars 2009 à 15:40
3 mars 2009 à 15:40
Voil&a le rapport
ComboFix 09-03-02.01 - Jules 2009-03-02 20:36:31.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2046.1134 [GMT 1:00]
Lancé depuis: c:\users\Jules\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\recycler\S-0-9-40-100000880-100004925-100011867-8555.com
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\gaopdxrqptwncr.sys
c:\windows\system32\gaopdxtgryfsii.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gaopdxserv.sys
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-02 au 2009-03-02 ))))))))))))))))))))))))))))))))))))
.
2009-03-02 19:54 . 2009-03-02 20:03 262,144 --a------ c:\windows\SPInstall.etl
2009-03-01 19:26 . 2009-03-01 19:26 <REP> d-------- C:\rsit
2009-03-01 18:58 . 2009-03-01 19:22 <REP> d-------- c:\program files\Ad-remover
2009-03-01 15:08 . 2009-03-01 15:08 <REP> d-------- c:\program files\MoviesPlay
2009-03-01 14:30 . 2009-03-01 14:30 <REP> d-------- c:\users\Colin\AppData\Roaming\agi
2009-02-28 21:39 . 2009-03-01 11:50 <REP> d-------- c:\program files\Navilog1
2009-02-28 11:22 . 2008-04-26 09:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2009-02-28 11:22 . 2008-04-12 04:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2009-02-28 11:22 . 2008-04-05 02:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2009-02-28 11:22 . 2008-04-05 04:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2009-02-27 22:39 . 2009-02-27 23:24 <REP> d-------- C:\perflogs
2009-02-24 19:52 . 2009-02-24 19:52 <REP> d-------- c:\program files\Kiwee Toolbar
2009-02-24 19:51 . 2009-02-24 19:51 2,117,632 --a------ c:\windows\System32\python25.dll
2009-02-24 19:51 . 2008-09-16 17:26 1,332,197 --a------ c:\windows\System32\pythondll.zip
2009-02-24 19:51 . 2009-02-24 19:51 339,968 --a------ c:\windows\System32\pythoncom25.dll
2009-02-24 19:51 . 2009-02-24 19:51 114,688 --a------ c:\windows\System32\pywintypes25.dll
2009-02-21 12:23 . 2009-02-21 12:23 <REP> d-------- c:\program files\Microsoft Sync Framework
2009-02-19 21:08 . 2009-02-19 21:08 <REP> d-------- c:\program files\Microsoft Visual Studio 8
2009-02-15 15:15 . 2009-02-15 15:16 <REP> d-------- c:\program files\GameSpy Arcade
2009-02-15 15:11 . 2009-02-15 15:11 <REP> d-------- c:\program files\LucasArts
2009-02-15 12:24 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-15 12:24 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 12:24 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 12:24 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 12:24 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-13 12:16 . 2009-03-01 14:29 <REP> d-------- c:\users\Colin\Tracing
2009-02-13 12:14 . 2009-02-13 12:14 <REP> d-------- c:\users\Colin\Program Files
2009-02-13 12:14 . 2009-03-01 15:49 <REP> d-------- c:\users\Colin\AppData\Roaming\DNA
2009-02-11 19:43 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 19:43 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-09 13:02 . 2009-03-01 19:23 <REP> d-------- c:\program files\Dofus
2009-02-08 20:42 . 2009-03-02 20:26 <REP> d-------- c:\users\Jules\Tracing
2009-02-08 20:39 . 2009-02-08 20:39 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-02-08 20:35 . 2009-02-08 20:39 <REP> d-------- c:\program files\Microsoft
2009-02-08 20:33 . 2009-02-08 20:33 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-08 20:29 . 2009-02-08 20:29 <REP> d-------- c:\program files\Common Files\Windows Live
2009-02-08 09:48 . 2009-02-08 09:48 <REP> dr-h----- c:\users\Jules\AppData\Roaming\SecuROM
2009-02-08 09:41 . 2009-02-08 09:41 <REP> d-------- c:\program files\Zone Labs
2009-02-07 19:20 . 2009-02-07 19:20 <REP> d-------- c:\program files\Trend Micro
2009-02-07 17:49 . 2009-02-13 12:55 <REP> d-------- c:\programdata\Electronic Arts
2009-02-07 17:49 . 2009-02-07 17:49 7,760 --a------ c:\windows\System32\ealregsnapshot1.reg
2009-02-07 17:21 . 2009-02-07 17:21 <REP> d--h----- c:\windows\msdownld.tmp
2009-02-07 12:05 . 2009-02-07 12:05 43,520 --a------ c:\windows\System32\CmdLineExt03.dll
2009-02-07 11:55 . 2009-02-07 11:55 <REP> d-------- c:\program files\THQ
2009-02-07 11:55 . 2009-02-07 11:55 <REP> d-------- C:\Extras
2009-02-07 11:55 . 2009-02-07 11:55 <REP> d-------- C:\Autorun
2009-02-07 10:25 . 2009-02-08 15:51 139,264 --a------ c:\windows\War3Unin.exe
2009-02-07 10:25 . 2009-02-08 16:00 87,963 --a------ c:\windows\War3Unin.dat
2009-02-07 10:25 . 2009-02-08 15:51 2,829 --a------ c:\windows\War3Unin.pif
2009-02-07 10:22 . 2009-02-17 12:09 <REP> d-------- c:\program files\Warcraft III
2009-02-06 19:39 . 2009-02-06 19:39 308,600 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\System32\sirenacm.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 19:22 --------- d-----w c:\programdata\avg8
2009-03-01 18:23 --------- d-----w c:\program files\Packard Bell
2009-03-01 14:50 --------- d-----w c:\users\Colin\AppData\Roaming\Azureus
2009-03-01 13:52 --------- d-----w c:\users\Colin\AppData\Roaming\LimeWire
2009-03-01 13:30 --------- d-----w c:\program files\Steam
2009-03-01 10:51 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-28 20:46 --------- d-----w c:\users\Jules\AppData\Roaming\Azureus
2009-02-28 18:09 --------- d-----w c:\users\Jules\AppData\Roaming\BraCa_Soft
2009-02-28 16:19 --------- d---a-w c:\programdata\Sports Interactive
2009-02-28 10:12 174 --sha-w c:\program files\desktop.ini
2009-02-27 22:27 --------- d-----w c:\program files\Windows Sidebar
2009-02-27 22:27 --------- d-----w c:\program files\Windows Photo Gallery
2009-02-27 22:27 --------- d-----w c:\program files\Windows Mail
2009-02-27 22:27 --------- d-----w c:\program files\Windows Journal
2009-02-27 22:27 --------- d-----w c:\program files\Windows Defender
2009-02-27 22:27 --------- d-----w c:\program files\Windows Collaboration
2009-02-27 22:27 --------- d-----w c:\program files\Windows Calendar
2009-02-27 21:59 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-02-27 21:59 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-02-27 17:06 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-24 15:53 1,128 ----a-w c:\users\Jules\AppData\Roaming\wklnhst.dat
2009-02-21 11:24 --------- d-----w c:\program files\Windows Live
2009-02-21 08:58 --------- d-----w c:\programdata\Microsoft Help
2009-02-19 20:14 --------- d-----w c:\program files\MSBuild
2009-02-19 17:32 --------- d-----w c:\users\Jules\AppData\Roaming\LimeWire
2009-02-08 08:26 --------- d-----w c:\programdata\Symantec
2009-02-08 08:26 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-08 08:25 --------- d-----w c:\program files\Norton 360
2009-02-08 08:24 --------- d-----w c:\program files\Symantec
2009-02-08 08:14 --------- d-----w c:\program files\AVS4YOU
2009-02-07 18:26 --------- d-----w c:\users\Jules\AppData\Roaming\DNA
2009-02-07 16:49 --------- d-----w c:\program files\Electronic Arts
2009-02-06 21:01 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-28 16:07 --------- d-----w c:\users\Jules\AppData\Roaming\uTorrent
2009-01-24 17:16 --------- d-----w c:\program files\Common Files\Steam
2009-01-21 18:11 --------- d-----w c:\users\Jules\AppData\Roaming\Pro Cycling Manager 2008
2009-01-18 13:40 --------- d-----w c:\users\Jules\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2009-01-18 10:59 --------- d-----w c:\users\Colin\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2009-01-16 18:33 --------- d-----w c:\users\Jules\AppData\Roaming\La Bataille pour la Terre du Milieu ™ II
2009-01-15 17:46 --------- d-----w c:\program files\eMule
2009-01-11 15:07 --------- d-----w c:\users\Jules\AppData\Roaming\Xilisoft Corporation
2009-01-11 15:06 --------- d-----w c:\program files\Xilisoft
2009-01-11 11:14 --------- d-----w c:\users\Colin\AppData\Roaming\La Bataille pour la Terre du Milieu ™ II
2009-01-08 17:46 --------- d-----w c:\users\Colin\AppData\Roaming\La Bataille pour la Terre du Milieu
2009-01-02 17:16 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-02 17:15 103,736 ----a-w c:\windows\System32\PnkBstrB.exe
2008-11-09 12:53 1,222 ----a-w c:\users\Colin\AppData\Roaming\wklnhst.dat
2007-12-25 08:34 22,328 ----a-w c:\users\Colin\AppData\Roaming\PnkBstrK.sys
2002-08-26 17:54 327,680 ----a-r c:\users\Colin\AppData\Roaming\MafiaSetup.exe
2007-09-13 06:33 157,184 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-06 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-06 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 c:\windows\RtHDVCpl.exe]
c:\users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SmpcSys"=c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe
"PcSync"=c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2E127600-40B6-404B-BC6F-10505B667627}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6716BF2E-4290-428B-8AAA-B2576E0CB495}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4AF04E4F-50E4-4488-AF37-01BF2BDC6B73}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1CC8D575-55F2-4036-8F62-5AEBD69E6C3F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{B5921348-B33A-4036-A387-457D5DB5C309}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{94063043-830F-45ED-9EAA-CE45E379F78F}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{34E21BBA-C6F8-4561-BF2A-03593CCA0B90}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{8C838E28-6A3B-4BE1-B27A-50EDAE841FF8}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"{D27EAE27-2056-45A0-901A-EC8C6A8BB36D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{8BC378B9-DDB9-4644-8AB2-56CFF3966D43}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{1880BC6B-AD2A-4F3A-96BB-9FCBDB2A310F}"= UDP:c:\program files\Steam\steamapps\common\football manager 2009\fm.exe:Football Manager 2009
"{7320722E-D587-4A42-BDDF-B214C6E67777}"= TCP:c:\program files\Steam\steamapps\common\football manager 2009\fm.exe:Football Manager 2009
"{A34346D3-32C6-4715-8998-D9F42015074D}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{5C2B0933-D818-4922-8E4D-31FFF7F80023}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{A74B1AA0-0238-4B55-811A-F91A7A4BBA48}"= Disabled:UDP:c:\users\Colin\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{499627AA-0B81-445B-8800-6C418FD9A1AC}"= Disabled:TCP:c:\users\Colin\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{AEA400C1-E10B-45C6-8B77-ABB4B937DE76}"= Disabled:UDP:c:\users\Jules\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{035722A8-4F5D-4523-9A63-93808CD7872D}"= Disabled:TCP:c:\users\Jules\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{AC3311A6-A3D8-4345-9715-8A22299A04FA}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{A55680A5-C8E4-4507-9C9D-B19A463B603B}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{04A11CF4-F9E0-4794-B0F8-0774FA81F7DD}"= UDP:c:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{50226B5A-ED69-4D18-BD54-973A674300F4}"= TCP:c:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{773C09EA-6A63-47D4-9318-0F5A85972948}"= UDP:c:\program files\LucasArts\Star Wars Battlefront\GameData\battlefront.exe:Star Wars(TM): Battlefront(TM)
"{E6B7ABC6-2EDF-49B5-A4F4-728AEE108CD3}"= TCP:c:\program files\LucasArts\Star Wars Battlefront\GameData\battlefront.exe:Star Wars(TM): Battlefront(TM)
"{51681AAB-FA43-4EA2-B91D-84FF805BA778}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9C3A9E7D-00C8-473C-AD7A-15811C7D022F}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{43AF5FAC-725E-47F6-BFA8-5F35EE4ED0B5}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{056117F4-FFC3-4DA9-9824-1B63BAFECAB3}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E3B23184-B673-45F1-A2F0-4EDE428290BD}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0729F1AD-9560-4812-94FF-EA0308E76280}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= c:\program files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 appdrv01;Application Driver (01);c:\windows\System32\drivers\appdrv01.sys [2008-09-06 2915944]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [2008-01-16 28224]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bbb503c0-f03e-11dc-8971-001c252f6b0c}]
\shell\AutoRun\command - L:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f2c9ec-773a-11dd-a897-001c252f6b0c}]
\shell\AutoRun\command - i:\setup\rsrc\Autorun.exe
\shell\dinstall\command - i:\directx\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f2c9f3-773a-11dd-a897-001c252f6b0c}]
\shell\AutoRun\command - J:\SETUP.EXE
\shell\configure\command - J:\SETUP.EXE
\shell\install\command - J:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e32111ca-bc7d-11dc-bca7-001c252f6b0c}]
\shell\AutoRun\command - I:\OblivionLauncher.exe
.
Contenu du dossier 'Tâches planifiées'
2009-03-02 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 17:38]
2009-02-20 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-16 13:28]
2009-03-02 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21 17:34]
2009-03-02 c:\windows\Tasks\User_Feed_Synchronization-{76461DD1-B6E6-4076-BBA9-EF584055E07F}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
2009-03-02 c:\windows\Tasks\User_Feed_Synchronization-{E9994E27-B913-4BBB-A62C-60E7B671623C}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\DAEMON Tools Toolbar\DTToolbar.dll
.
------- Examen supplémentaire -------
.
mWindow Title =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: orange.fr\www
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\users\Jules\AppData\Roaming\Mozilla\Firefox\Profiles\3b3eh5kn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MICJE8&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Jules\Program Files\DNA\plugins\npbtdna.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 20:43:37
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés:
**************************************************************************
.
Heure de fin: 2009-03-02 20:45:33
ComboFix-quarantined-files.txt 2009-03-02 19:45:32
Avant-CF: 199,862,468,608 octets libres
Après-CF: 199,871,180,800 octets libres
270 --- E O F --- 2009-03-01 02:20:56
ComboFix 09-03-02.01 - Jules 2009-03-02 20:36:31.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2046.1134 [GMT 1:00]
Lancé depuis: c:\users\Jules\Downloads\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
c:\recycler\S-0-9-40-100000880-100004925-100011867-8555.com
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\gaopdxrqptwncr.sys
c:\windows\system32\gaopdxtgryfsii.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gaopdxserv.sys
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-02 au 2009-03-02 ))))))))))))))))))))))))))))))))))))
.
2009-03-02 19:54 . 2009-03-02 20:03 262,144 --a------ c:\windows\SPInstall.etl
2009-03-01 19:26 . 2009-03-01 19:26 <REP> d-------- C:\rsit
2009-03-01 18:58 . 2009-03-01 19:22 <REP> d-------- c:\program files\Ad-remover
2009-03-01 15:08 . 2009-03-01 15:08 <REP> d-------- c:\program files\MoviesPlay
2009-03-01 14:30 . 2009-03-01 14:30 <REP> d-------- c:\users\Colin\AppData\Roaming\agi
2009-02-28 21:39 . 2009-03-01 11:50 <REP> d-------- c:\program files\Navilog1
2009-02-28 11:22 . 2008-04-26 09:26 891,448 --a------ c:\windows\System32\drivers\tcpip.sys
2009-02-28 11:22 . 2008-04-12 04:32 784,896 --a------ c:\windows\System32\rpcrt4.dll
2009-02-28 11:22 . 2008-04-05 02:21 72,192 --a------ c:\windows\System32\drivers\pacer.sys
2009-02-28 11:22 . 2008-04-05 04:34 15,360 --a------ c:\windows\System32\pacerprf.dll
2009-02-27 22:39 . 2009-02-27 23:24 <REP> d-------- C:\perflogs
2009-02-24 19:52 . 2009-02-24 19:52 <REP> d-------- c:\program files\Kiwee Toolbar
2009-02-24 19:51 . 2009-02-24 19:51 2,117,632 --a------ c:\windows\System32\python25.dll
2009-02-24 19:51 . 2008-09-16 17:26 1,332,197 --a------ c:\windows\System32\pythondll.zip
2009-02-24 19:51 . 2009-02-24 19:51 339,968 --a------ c:\windows\System32\pythoncom25.dll
2009-02-24 19:51 . 2009-02-24 19:51 114,688 --a------ c:\windows\System32\pywintypes25.dll
2009-02-21 12:23 . 2009-02-21 12:23 <REP> d-------- c:\program files\Microsoft Sync Framework
2009-02-19 21:08 . 2009-02-19 21:08 <REP> d-------- c:\program files\Microsoft Visual Studio 8
2009-02-15 15:15 . 2009-02-15 15:16 <REP> d-------- c:\program files\GameSpy Arcade
2009-02-15 15:11 . 2009-02-15 15:11 <REP> d-------- c:\program files\LucasArts
2009-02-15 12:24 . 2008-12-05 05:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-15 12:24 . 2008-12-05 05:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 12:24 . 2008-12-05 05:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 12:24 . 2008-12-05 05:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 12:24 . 2008-12-05 05:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-13 12:16 . 2009-03-01 14:29 <REP> d-------- c:\users\Colin\Tracing
2009-02-13 12:14 . 2009-02-13 12:14 <REP> d-------- c:\users\Colin\Program Files
2009-02-13 12:14 . 2009-03-01 15:49 <REP> d-------- c:\users\Colin\AppData\Roaming\DNA
2009-02-11 19:43 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 19:43 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-09 13:02 . 2009-03-01 19:23 <REP> d-------- c:\program files\Dofus
2009-02-08 20:42 . 2009-03-02 20:26 <REP> d-------- c:\users\Jules\Tracing
2009-02-08 20:39 . 2009-02-08 20:39 <REP> d-------- c:\program files\Windows Live SkyDrive
2009-02-08 20:35 . 2009-02-08 20:39 <REP> d-------- c:\program files\Microsoft
2009-02-08 20:33 . 2009-02-08 20:33 <REP> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-02-08 20:29 . 2009-02-08 20:29 <REP> d-------- c:\program files\Common Files\Windows Live
2009-02-08 09:48 . 2009-02-08 09:48 <REP> dr-h----- c:\users\Jules\AppData\Roaming\SecuROM
2009-02-08 09:41 . 2009-02-08 09:41 <REP> d-------- c:\program files\Zone Labs
2009-02-07 19:20 . 2009-02-07 19:20 <REP> d-------- c:\program files\Trend Micro
2009-02-07 17:49 . 2009-02-13 12:55 <REP> d-------- c:\programdata\Electronic Arts
2009-02-07 17:49 . 2009-02-07 17:49 7,760 --a------ c:\windows\System32\ealregsnapshot1.reg
2009-02-07 17:21 . 2009-02-07 17:21 <REP> d--h----- c:\windows\msdownld.tmp
2009-02-07 12:05 . 2009-02-07 12:05 43,520 --a------ c:\windows\System32\CmdLineExt03.dll
2009-02-07 11:55 . 2009-02-07 11:55 <REP> d-------- c:\program files\THQ
2009-02-07 11:55 . 2009-02-07 11:55 <REP> d-------- C:\Extras
2009-02-07 11:55 . 2009-02-07 11:55 <REP> d-------- C:\Autorun
2009-02-07 10:25 . 2009-02-08 15:51 139,264 --a------ c:\windows\War3Unin.exe
2009-02-07 10:25 . 2009-02-08 16:00 87,963 --a------ c:\windows\War3Unin.dat
2009-02-07 10:25 . 2009-02-08 15:51 2,829 --a------ c:\windows\War3Unin.pif
2009-02-07 10:22 . 2009-02-17 12:09 <REP> d-------- c:\program files\Warcraft III
2009-02-06 19:39 . 2009-02-06 19:39 308,600 --a------ c:\windows\WLXPGSS.SCR
2009-02-06 18:52 . 2009-02-06 18:52 49,504 --a------ c:\windows\System32\sirenacm.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-02 19:22 --------- d-----w c:\programdata\avg8
2009-03-01 18:23 --------- d-----w c:\program files\Packard Bell
2009-03-01 14:50 --------- d-----w c:\users\Colin\AppData\Roaming\Azureus
2009-03-01 13:52 --------- d-----w c:\users\Colin\AppData\Roaming\LimeWire
2009-03-01 13:30 --------- d-----w c:\program files\Steam
2009-03-01 10:51 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-28 20:46 --------- d-----w c:\users\Jules\AppData\Roaming\Azureus
2009-02-28 18:09 --------- d-----w c:\users\Jules\AppData\Roaming\BraCa_Soft
2009-02-28 16:19 --------- d---a-w c:\programdata\Sports Interactive
2009-02-28 10:12 174 --sha-w c:\program files\desktop.ini
2009-02-27 22:27 --------- d-----w c:\program files\Windows Sidebar
2009-02-27 22:27 --------- d-----w c:\program files\Windows Photo Gallery
2009-02-27 22:27 --------- d-----w c:\program files\Windows Mail
2009-02-27 22:27 --------- d-----w c:\program files\Windows Journal
2009-02-27 22:27 --------- d-----w c:\program files\Windows Defender
2009-02-27 22:27 --------- d-----w c:\program files\Windows Collaboration
2009-02-27 22:27 --------- d-----w c:\program files\Windows Calendar
2009-02-27 21:59 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-02-27 21:59 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-02-27 17:06 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-24 15:53 1,128 ----a-w c:\users\Jules\AppData\Roaming\wklnhst.dat
2009-02-21 11:24 --------- d-----w c:\program files\Windows Live
2009-02-21 08:58 --------- d-----w c:\programdata\Microsoft Help
2009-02-19 20:14 --------- d-----w c:\program files\MSBuild
2009-02-19 17:32 --------- d-----w c:\users\Jules\AppData\Roaming\LimeWire
2009-02-08 08:26 --------- d-----w c:\programdata\Symantec
2009-02-08 08:26 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-08 08:25 --------- d-----w c:\program files\Norton 360
2009-02-08 08:24 --------- d-----w c:\program files\Symantec
2009-02-08 08:14 --------- d-----w c:\program files\AVS4YOU
2009-02-07 18:26 --------- d-----w c:\users\Jules\AppData\Roaming\DNA
2009-02-07 16:49 --------- d-----w c:\program files\Electronic Arts
2009-02-06 21:01 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-28 16:07 --------- d-----w c:\users\Jules\AppData\Roaming\uTorrent
2009-01-24 17:16 --------- d-----w c:\program files\Common Files\Steam
2009-01-21 18:11 --------- d-----w c:\users\Jules\AppData\Roaming\Pro Cycling Manager 2008
2009-01-18 13:40 --------- d-----w c:\users\Jules\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2009-01-18 10:59 --------- d-----w c:\users\Colin\AppData\Roaming\My Battle for Middle-earth(tm) II Files
2009-01-16 18:33 --------- d-----w c:\users\Jules\AppData\Roaming\La Bataille pour la Terre du Milieu ™ II
2009-01-15 17:46 --------- d-----w c:\program files\eMule
2009-01-11 15:07 --------- d-----w c:\users\Jules\AppData\Roaming\Xilisoft Corporation
2009-01-11 15:06 --------- d-----w c:\program files\Xilisoft
2009-01-11 11:14 --------- d-----w c:\users\Colin\AppData\Roaming\La Bataille pour la Terre du Milieu ™ II
2009-01-08 17:46 --------- d-----w c:\users\Colin\AppData\Roaming\La Bataille pour la Terre du Milieu
2009-01-02 17:16 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-02 17:15 103,736 ----a-w c:\windows\System32\PnkBstrB.exe
2008-11-09 12:53 1,222 ----a-w c:\users\Colin\AppData\Roaming\wklnhst.dat
2007-12-25 08:34 22,328 ----a-w c:\users\Colin\AppData\Roaming\PnkBstrK.sys
2002-08-26 17:54 327,680 ----a-r c:\users\Colin\AppData\Roaming\MafiaSetup.exe
2007-09-13 06:33 157,184 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-06 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-06 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 c:\windows\RtHDVCpl.exe]
c:\users\Colin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SmpcSys"=c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe
"PcSync"=c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2E127600-40B6-404B-BC6F-10505B667627}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6716BF2E-4290-428B-8AAA-B2576E0CB495}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{4AF04E4F-50E4-4488-AF37-01BF2BDC6B73}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{1CC8D575-55F2-4036-8F62-5AEBD69E6C3F}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{B5921348-B33A-4036-A387-457D5DB5C309}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{94063043-830F-45ED-9EAA-CE45E379F78F}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{34E21BBA-C6F8-4561-BF2A-03593CCA0B90}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{8C838E28-6A3B-4BE1-B27A-50EDAE841FF8}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"{D27EAE27-2056-45A0-901A-EC8C6A8BB36D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{8BC378B9-DDB9-4644-8AB2-56CFF3966D43}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{1880BC6B-AD2A-4F3A-96BB-9FCBDB2A310F}"= UDP:c:\program files\Steam\steamapps\common\football manager 2009\fm.exe:Football Manager 2009
"{7320722E-D587-4A42-BDDF-B214C6E67777}"= TCP:c:\program files\Steam\steamapps\common\football manager 2009\fm.exe:Football Manager 2009
"{A34346D3-32C6-4715-8998-D9F42015074D}"= UDP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{5C2B0933-D818-4922-8E4D-31FFF7F80023}"= TCP:c:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{A74B1AA0-0238-4B55-811A-F91A7A4BBA48}"= Disabled:UDP:c:\users\Colin\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{499627AA-0B81-445B-8800-6C418FD9A1AC}"= Disabled:TCP:c:\users\Colin\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{AEA400C1-E10B-45C6-8B77-ABB4B937DE76}"= Disabled:UDP:c:\users\Jules\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{035722A8-4F5D-4523-9A63-93808CD7872D}"= Disabled:TCP:c:\users\Jules\AppData\Local\Temp\ImInstaller\incredimail_installer.exe:IncrediMail Installer
"{AC3311A6-A3D8-4345-9715-8A22299A04FA}"= UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{A55680A5-C8E4-4507-9C9D-B19A463B603B}"= TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{04A11CF4-F9E0-4794-B0F8-0774FA81F7DD}"= UDP:c:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{50226B5A-ED69-4D18-BD54-973A674300F4}"= TCP:c:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{773C09EA-6A63-47D4-9318-0F5A85972948}"= UDP:c:\program files\LucasArts\Star Wars Battlefront\GameData\battlefront.exe:Star Wars(TM): Battlefront(TM)
"{E6B7ABC6-2EDF-49B5-A4F4-728AEE108CD3}"= TCP:c:\program files\LucasArts\Star Wars Battlefront\GameData\battlefront.exe:Star Wars(TM): Battlefront(TM)
"{51681AAB-FA43-4EA2-B91D-84FF805BA778}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{9C3A9E7D-00C8-473C-AD7A-15811C7D022F}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{43AF5FAC-725E-47F6-BFA8-5F35EE4ED0B5}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{056117F4-FFC3-4DA9-9824-1B63BAFECAB3}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E3B23184-B673-45F1-A2F0-4EDE428290BD}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0729F1AD-9560-4812-94FF-EA0308E76280}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"= c:\program files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 appdrv01;Application Driver (01);c:\windows\System32\drivers\appdrv01.sys [2008-09-06 2915944]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;c:\windows\System32\drivers\PCAMp50.sys [2008-01-16 28224]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bbb503c0-f03e-11dc-8971-001c252f6b0c}]
\shell\AutoRun\command - L:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f2c9ec-773a-11dd-a897-001c252f6b0c}]
\shell\AutoRun\command - i:\setup\rsrc\Autorun.exe
\shell\dinstall\command - i:\directx\dxsetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8f2c9f3-773a-11dd-a897-001c252f6b0c}]
\shell\AutoRun\command - J:\SETUP.EXE
\shell\configure\command - J:\SETUP.EXE
\shell\install\command - J:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e32111ca-bc7d-11dc-bca7-001c252f6b0c}]
\shell\AutoRun\command - I:\OblivionLauncher.exe
.
Contenu du dossier 'Tâches planifiées'
2009-03-02 c:\windows\Tasks\Extension de garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21 17:38]
2009-02-20 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-16 13:28]
2009-03-02 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21 17:34]
2009-03-02 c:\windows\Tasks\User_Feed_Synchronization-{76461DD1-B6E6-4076-BBA9-EF584055E07F}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
2009-03-02 c:\windows\Tasks\User_Feed_Synchronization-{E9994E27-B913-4BBB-A62C-60E7B671623C}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 08:33]
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\DAEMON Tools Toolbar\DTToolbar.dll
.
------- Examen supplémentaire -------
.
mWindow Title =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: orange.fr\www
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\users\Jules\AppData\Roaming\Mozilla\Firefox\Profiles\3b3eh5kn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://fr.msn.com/
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MICJE8&q=
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Jules\Program Files\DNA\plugins\npbtdna.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 20:43:37
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés:
**************************************************************************
.
Heure de fin: 2009-03-02 20:45:33
ComboFix-quarantined-files.txt 2009-03-02 19:45:32
Avant-CF: 199,862,468,608 octets libres
Après-CF: 199,871,180,800 octets libres
270 --- E O F --- 2009-03-01 02:20:56
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
3 mars 2009 à 15:41
3 mars 2009 à 15:41
Maintenant, tu peux installer le SP1.
informaticologue
Messages postés
332
Date d'inscription
lundi 14 juillet 2008
Statut
Membre
Dernière intervention
26 février 2011
10
3 mars 2009 à 16:13
3 mars 2009 à 16:13
dESTRIO LE sp1 EST Déja installer SUR MON pc
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
3 mars 2009 à 16:15
3 mars 2009 à 16:15
---> Relance RSIT et poste le rapport log.
informaticologue
Messages postés
332
Date d'inscription
lundi 14 juillet 2008
Statut
Membre
Dernière intervention
26 février 2011
10
3 mars 2009 à 16:19
3 mars 2009 à 16:19
Logfile of random's system information tool 1.05 (written by random/random)
Run by Jules at 2009-03-03 16:18:39
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 189 GB (40%) free of 469 GB
Total RAM: 2046 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:48, on 03/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jules\Downloads\RSIT(2).exe
C:\Program Files\Trend Micro\HijackThis\Jules.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
Run by Jules at 2009-03-03 16:18:39
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 189 GB (40%) free of 469 GB
Total RAM: 2046 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:18:48, on 03/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jules\Downloads\RSIT(2).exe
C:\Program Files\Trend Micro\HijackThis\Jules.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\Windows\System32\appdrvrem01.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe