Uc trop importante
fernadez
-
fernadez -
fernadez -
Bonjour, depuis quelque temps l'utilisation de uc est trop importante , celle ci monte vite fait a 100% sans que
je fasse quelque chose de particulier. tout juste si j'ouvreub site sur le net.
Je vous donne ci joint un scan de hijacthys et un autre ce combofix , qui lui m'a enlevé apparemment quelques
fichiers ? Je suis sur XP3 et IE6
Merci, si quelqu'un pouvait me trouver la solution se serait sympa de sa part ...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47, on 2009-06-01
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8118;gopher=localhost:8118;http=localhost:8118;https=localhost:8118;socks=localhost:9050
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost ; 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Documents and Settings\qttask.exe" -atboottime
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_0_0.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.orderingmemory.com/controls/cpcScanner.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - D:\Documents and Settings\maconfservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6841 bytes
Voici le scan de combofix
ComboFix 09-05-31.05 - alphonse 2009-06-01 14:09.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1557 [GMT 2:00]
Lancé depuis: d:\documents and settings\alphonse\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090529-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Kaspersky Internet Security 6.0 *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: ZoneAlarm Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: Kaspersky Internet Security 6.0 *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\patch.exe
c:\windows\system32\lo2.txtt
d:\documents and settings\alphonse\Application Data\inst.exe
d:\documents and settings\alphonse\Application Data\Install.dat
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-01 au 2009-06-01 ))))))))))))))))))))))))))))))))))))
.
2009-05-28 21:14 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-05-28 21:14 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-05-28 21:14 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-05-28 21:14 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-05-28 21:14 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-05-28 21:14 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-05-28 21:14 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-05-28 21:14 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-05-28 21:13 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-05-28 19:58 . 2004-08-10 20:52 20480 ----a-w- c:\windows\system32\wmpcore.dll
2009-05-28 18:32 . 2009-05-28 18:32 -------- d-----w- d:\documents and settings\LocalService.AUTORITE NT.018\Local Settings\Application Data\Microsoft
2009-05-28 18:32 . 2009-05-28 18:32 -------- d-sh--w- d:\documents and settings\LocalService.AUTORITE NT.018
2009-05-28 18:31 . 2009-05-28 18:32 -------- d-----w- d:\documents and settings\NetworkService.AUTORITE NT.018\Local Settings\Application Data\Microsoft
2009-05-28 18:31 . 2009-05-28 18:31 -------- d-sh--w- d:\documents and settings\NetworkService.AUTORITE NT.018
2009-05-28 18:30 . 2009-05-28 18:30 -------- d-----w- c:\windows\system32\wbem\Repository
2009-05-28 18:30 . 2009-05-28 18:30 -------- d-----w- d:\documents and settings\All Users\Application Data\Viewpoint
2009-05-28 18:30 . 2009-05-28 18:30 -------- d-----w- c:\program files\Multi_Media_France
2009-05-28 18:30 . 2009-05-28 18:30 -------- d-----w- c:\program files\Viewpoint
2009-05-28 18:30 . 2009-05-28 18:30 -------- d-----w- c:\program files\Torrent-Search
2009-05-25 18:55 . 2009-05-25 18:55 -------- d-----r- d:\documents and settings\LocalService.AUTORITE NT.016\Favoris
2009-05-24 12:58 . 2009-05-27 17:38 -------- d-----w- d:\documents and settings\alphonse\Local Settings\Application Data\WinAVI
2009-05-24 12:18 . 2009-05-24 12:18 -------- d-----w- C:\divx
2009-05-21 16:32 . 2004-09-28 09:13 526184 ----a-w- c:\windows\system32\XceedCry.dll
2009-05-21 16:32 . 2004-08-11 13:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2009-05-21 10:46 . 2009-05-21 10:46 -------- d-----w- c:\program files\Driver-Soft
2009-05-20 23:09 . 2009-05-20 23:09 -------- d-----w- d:\documents and settings\alphonse\Local Settings\Application Data\Thinstall
2009-05-20 23:09 . 2009-05-20 23:09 -------- d-----w- d:\documents and settings\alphonse\Application Data\Thinstall
2009-05-20 21:59 . 2005-01-12 09:19 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
2009-05-17 22:59 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-05-17 22:54 . 2009-05-17 22:59 -------- d-----w- c:\windows\system32\XPSViewer
2009-05-17 22:54 . 2009-05-17 22:54 -------- d-----w- c:\program files\MSBuild
2009-05-17 22:54 . 2009-05-17 22:54 -------- d-----w- c:\program files\Reference Assemblies
2009-05-17 22:53 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-17 22:53 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-05-17 22:53 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-17 22:53 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-05-17 22:53 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-05-17 22:53 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-05-17 22:53 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-15 23:50 . 2009-05-15 23:50 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-15 23:50 . 2009-05-15 23:50 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-05-14 13:20 . 2009-05-14 13:20 25600 ----a-w- d:\documents and settings\Drivers\driverhardwarev2ia64.sys
2009-05-14 13:20 . 2009-05-14 13:20 15872 ----a-w- d:\documents and settings\Drivers\driverhardwarev2x64.sys
2009-05-14 13:20 . 2009-05-14 13:20 14336 ----a-w- d:\documents and settings\Drivers\driverhardwarev2.sys
2009-05-14 13:20 . 2009-05-14 13:20 427376 ----a-w- d:\documents and settings\mcsettings.exe
2009-05-14 12:56 . 2009-05-14 12:56 402800 ----a-w- d:\documents and settings\nphardwaredetection.dll
2009-05-13 16:25 . 2009-05-13 16:25 968048 ----a-w- d:\documents and settings\mcnoyau.dll
2009-05-13 12:37 . 2009-05-13 12:37 562544 ----a-w- d:\documents and settings\mcrypt.dll
2009-05-13 12:37 . 2009-05-13 12:37 111984 ----a-w- d:\documents and settings\MCBCL.dll
2009-05-13 12:37 . 2009-05-13 12:37 234864 ----a-w- d:\documents and settings\maconfservice.exe
2009-05-12 14:36 . 2009-05-12 14:36 592360 ----a-w- d:\documents and settings\CPUID\cpuidsdk.dll
2009-05-12 13:46 . 2009-05-12 13:46 27504 ----a-w- d:\documents and settings\Langues\LangueMC_fr.dll
2009-05-12 13:46 . 2009-05-12 13:46 26992 ----a-w- d:\documents and settings\Langues\LangueMC_en.dll
2009-05-09 17:11 . 2003-07-24 17:01 606720 ----a-w- c:\temp\SFDNWIN.exe
2009-05-09 17:11 . 2008-01-24 10:37 2097152 ----a-w- c:\temp\autorun.bin
2009-05-06 08:32 . 2009-05-06 08:32 -------- d-----w- d:\documents and settings\NetworkService.AUTORITE NT.016\Local Settings\Application Data\Apple
2009-05-04 19:39 . 2009-05-15 19:42 -------- d-----w- d:\documents and settings\alphonse\Application Data\AdSigner
2009-05-03 22:14 . 2009-05-03 22:39 -------- d-----w- d:\documents and settings\alphonse\Application Data\SolidDocuments
2009-05-03 22:12 . 2009-05-03 22:12 -------- d-----w- d:\documents and settings\All Users\Application Data\SolidDocuments
2009-05-02 14:47 . 2009-05-02 14:47 -------- d-----w- d:\documents and settings\Administrateur\Local Settings\Application Data\Ahead
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 12:16 . 2008-03-01 16:54 589112864 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-01 10:06 . 2008-12-06 17:06 -------- d-----w- d:\documents and settings\All Users\Application Data\Spyware Terminator
2009-06-01 10:06 . 2008-12-06 17:06 -------- d-----w- c:\program files\Spyware Terminator
2009-06-01 10:04 . 2008-12-06 17:06 -------- d-----w- d:\documents and settings\alphonse\Application Data\Spyware Terminator
2009-05-31 22:57 . 2008-03-01 16:54 7886624 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-05-31 22:44 . 2009-04-04 13:03 -------- d-----w- c:\program files\LogMeIn
2009-05-30 21:03 . 2008-03-09 13:37 -------- d-----w- d:\documents and settings\alphonse\Application Data\uTorrent
2009-05-30 20:40 . 2009-01-13 12:41 -------- d-----w- c:\program files\WinClamAVShield
2009-05-29 20:54 . 2008-03-03 18:49 -------- d-----w- d:\documents and settings\alphonse\Application Data\Vso
2009-05-29 11:08 . 2008-12-08 15:49 -------- d-----w- d:\documents and settings\lidie\Application Data\Spyware Terminator
2009-05-28 20:34 . 2007-11-29 22:25 -------- d-----w- c:\program files\Alwil Software
2009-05-28 18:30 . 2008-02-08 18:22 -------- d-----w- d:\documents and settings\alphonse\Application Data\Shareaza
2009-05-28 18:29 . 2007-11-29 18:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-28 17:08 . 2008-07-07 11:36 4548 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-05-26 20:18 . 2008-10-10 12:09 -------- d-----w- d:\documents and settings\lidie\Application Data\LimeWire
2009-05-24 12:17 . 2008-02-27 17:38 -------- d-----w- d:\documents and settings\alphonse\Application Data\DivX
2009-05-20 10:49 . 2008-04-19 22:42 -------- d-----w- c:\program files\Fichiers communs\LightScribe
2009-05-18 22:49 . 2007-11-29 19:10 77984 ----a-w- d:\documents and settings\alphonse\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 20:34 . 2008-04-14 22:15 -------- d-----w- c:\program files\Fichiers communs\SureThing Shared
2009-05-16 20:34 . 2007-08-11 18:10 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-16 20:32 . 2008-12-14 10:53 -------- d-----w- d:\documents and settings\alphonse\Application Data\Samsung
2009-05-15 23:50 . 2008-10-26 17:18 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-07 11:29 . 2008-03-09 20:33 -------- d-----w- c:\program files\eMule
2009-04-26 14:00 . 2009-01-05 17:43 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-04-26 11:13 . 2009-04-26 11:13 -------- d-----w- c:\program files\Fichiers communs\Micro Application Shared
2009-04-19 21:23 . 2009-04-19 21:23 687104 ----a-w- c:\windows\is-5DHCD.exe
2009-04-16 11:03 . 2008-02-22 10:50 77984 ----a-w- d:\documents and settings\lidie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-14 17:07 . 2009-03-24 19:50 -------- d-----w- d:\documents and settings\alphonse\Application Data\reflectionweb
2009-04-13 21:59 . 2007-12-15 11:11 -------- d-----w- d:\documents and settings\alphonse\Application Data\U3
2009-04-13 15:23 . 2007-11-29 19:50 -------- d-----w- c:\program files\Wanadoo
2009-04-11 19:02 . 2009-04-11 19:02 -------- d-----w- c:\program files\Orange
2009-04-07 22:16 . 2007-12-01 13:08 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-04-06 16:45 . 2009-04-06 16:45 -------- d-----w- c:\program files\Securitoo
2009-04-06 13:32 . 2008-11-19 12:42 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2008-11-19 12:42 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-04 19:08 . 2009-04-04 19:08 -------- d-----w- d:\documents and settings\alphonse\Application Data\LEA
2009-04-04 15:29 . 2009-04-04 15:29 -------- d-----w- d:\documents and settings\alphonse\Application Data\SoftPlug
2009-04-04 15:29 . 2009-04-04 15:29 -------- d-----w- c:\program files\LEA
2009-04-04 15:29 . 2009-04-04 15:29 -------- d-----w- c:\program files\WinPcap
2009-04-04 13:34 . 2009-04-04 13:34 -------- d-----w- c:\program files\Mbox Control Center
2009-04-04 13:04 . 2009-04-04 13:04 -------- d-----w- d:\documents and settings\All Users\Application Data\LogMeIn
2009-04-03 15:18 . 2008-12-28 21:56 -------- d-----w- c:\program files\LimeWire
2009-04-02 22:27 . 2009-04-02 20:04 -------- d-----w- d:\documents and settings\alphonse\Application Data\tor
2009-04-02 20:08 . 2009-04-02 19:49 -------- d-----w- d:\documents and settings\alphonse\Application Data\Vidalia
2009-03-25 18:38 . 2009-03-25 18:37 13317640 ----a-w- d:\documents and settings\alphonse\kGnkzd.exe
2009-03-25 18:37 . 2009-03-25 18:36 13317640 ----a-w- d:\documents and settings\alphonse\xTJNwHRdU.exe
2009-03-25 18:36 . 2009-03-25 18:35 13317640 ----a-w- d:\documents and settings\alphonse\avCYFc.exe
2009-03-06 14:20 . 2004-08-16 16:40 286720 ----a-w- c:\windows\system32\pdh.dll
2009-02-12 17:47 . 2009-02-12 17:47 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-12-06 2957824]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="d:\documents and settings\qttask.exe" [2008-09-06 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 18:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\LEA\\SoftPlug\\V3.1\\SoftPlug.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-05-28 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-12-06 138752]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-05-28 20560]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-04-04 47640]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2007-11-29 799744]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]
S0 axozodjh;axozodjh;c:\windows\system32\drivers\ihwbxrmb.dat --> c:\windows\system32\drivers\ihwbxrmb.dat [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; [x]
S3 maconfservice;Ma-Config Service;d:\documents and settings\maconfservice.exe [2009-05-13 234864]
S3 MBAMDrvService;MBAMDrvService;c:\windows\system32\drivers\mbam.sys [2008-11-19 15504]
S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-29 42512]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - PROCEXP113
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'
2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-05-31 c:\windows\Tasks\HDReg.job
- c:\apps\HDReg\HDRegRem.exe [2007-11-29 09:14]
2009-06-01 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-21 11:14]
2009-05-30 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Administrateur.job
- d:\documents and settings\alphonse\Mes documents\Malwarebytes' Anti-Malware\mbam.exe [2008-11-19 13:32]
2009-05-30 c:\windows\Tasks\Malwarebytes' Scheduled Update for Administrateur.job
- d:\documents and settings\alphonse\Mes documents\Malwarebytes' Anti-Malware\mbam.exe [2008-11-19 13:32]
.
- - - - ORPHELINS SUPPRIMES - - - -
SafeBoot-procexp90.Sys
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.orange.fr/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = ftp=localhost:8118;gopher=localhost:8118;http=localhost:8118;https=localhost:8118;socks=localhost:9050
uInternet Settings,ProxyOverride = localhost ; 127.0.0.1
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: { - c:\program files\Messenger\msmsgs.exe
Trusted Zone: secuser.com\www
DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 14:15
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet015\Services\axozodjh]
"ImagePath"="system32\drivers\ihwbxrmb.dat"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\LocalService\Software\Skype\Phone\UI]
@DACL=(02 0000)
@SACL=
"Installed"=dword:00000001
[HKEY_USERS\S-1-5-21-1943714537-2143793309-3944931570-1006\Identities\{46CA5865-21A8-4647-AFDD-033033299677}\Software\Microsoft\Outlook Express\5.0\Recent Stationery List]
@DACL=(02 0000)
@SACL=
"File0"="Belle journée.htm"
"File1"="Nature.htm"
"File2"="Céramique.htm"
"File3"="Tournesol.htm"
"File4"="Punch aux agrumes.htm"
"File5"="Vierge.htm"
"File6"="Feuilles.htm"
[HKEY_USERS\S-1-5-21-1943714537-2143793309-3944931570-1006\Identities\{46CA5865-21A8-4647-AFDD-033033299677}\Software\Microsoft\Outlook Express\5.0\Shared Settings]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\13fe\[u]0/u7000776142E155B]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\ATI Technologies Inc.\Pilotes ATI]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\RealJukebox\1.0\Preferences\DisplayName]
@DACL=(02 0000)
@SACL=
@="RealPlayer"
[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\RealJukebox\1.0\Preferences\MainApp]
@DACL=(02 0000)
@SACL=
@="c:\\Program Files\\Real\\RealPlayer\\realjbox.exe"
[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\Free:6.0\File38\ACCESSPOINT]
@DACL=(02 0000)
@SACL=
@="QUICKLAUNCH"
[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\Free:6.0\File39\ACCESSPOINT]
@DACL=(02 0000)
@SACL=
@="DESKTOP"
[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\gtoolbar:6.2\File0\OCX]
@DACL=(02 0000)
@SACL=
@=""
[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\gtoolbar:6.2\File0\Version]
@DACL=(02 0000)
@SACL=
@="1.0.0.8"
[HKEY_LOCAL_MACHINE\software\Clients\Mail\AOL\Protocols]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Clients\Mail\AOL\shell]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\aol.exe\DefaultIcon]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\aol.exe\InstallInfo]
@DACL=(02 0000)
@SACL=
"ReinstallCommand"="c:\\PROGRA~1\\AOL9~1.0\\accdef.exe -rb"
"HideIconsCommand"="c:\\PROGRA~1\\AOL9~1.0\\accdef.exe -hb"
"ShowIconsCommand"="c:\\PROGRA~1\\AOL9~1.0\\accdef.exe -sb"
"IconsVisible"=dword:00000001
"OEMShowIcons"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\aol.exe\shell]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Inventime\1.00.0000]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDevices]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS]
@DACL=(02 0000)
@SACL=
"ProgID"="MsScp.SCPTRANS.1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\WMDMCESP]
@DACL=(02 0000)
@SACL=
"ProgID"="WMDMCESP.WMDMCESP"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\WPDSp]
@DACL=(02 0000)
@SACL=
"PnPAware"=dword:00000001
"ProgID"="WPDSp.WPDServiceProvider"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\HotFix\KB835221WXP]
@DACL=(02 0000)
@SACL=
"Installed"=dword:00000001
"Comments"="High Definition Audio Driver - KB835221"
"Backup Dir"=""
"Fix Description"="High Definition Audio Driver - KB835221"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:0000000a
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\HotFix\KB951978]
@DACL=(02 0000)
"Installed"=dword:00000001
"Comments"="Mise à jour pour Windows XP (KB951978)"
"Backup Dir"=""
"Fix Description"="Mise à jour pour Windows XP (KB951978)"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000004
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\OpenGLDrivers]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\MSN]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\MSN\USNSVC]
@DACL=(02 0000)
"LogSessionName"=expand:"stdout"
"Active"=dword:00000001
"ControlFlags"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\OE]
@DACL=(02 0000)
"LogSessionName"=expand:"stdout"
"Active"=dword:00000001
"ControlFlags"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Tracing\WDF API DLL]
@DACL=(02 0000)
@SACL=
"LogSessionName"=expand:"stdout"
"Active"=dword:00000001
"ControlFlags"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
@DACL=(02 0000)
@SACL=
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\software\Xing Technology Corp.\SharedDlls]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1476)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'lsass.exe'(1616)
c:\windows\system32\relog_ap.dll
.
Heure de fin: 2009-06-01 14:18
ComboFix-quarantined-files.txt 2009-06-01 12:18
ComboFix2.txt 2008-03-01 17:25
Avant-CF: 15,776,440,320 octets libres
Après-CF: 15,758,397,440 octets libres
Current=15 Default=15 Failed=14 LastKnownGood=16 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
394 --- E O F --- 2009-05-18 20:43
Merci d'avance pour votre aide.
je fasse quelque chose de particulier. tout juste si j'ouvreub site sur le net.
Je vous donne ci joint un scan de hijacthys et un autre ce combofix , qui lui m'a enlevé apparemment quelques
fichiers ? Je suis sur XP3 et IE6
Merci, si quelqu'un pouvait me trouver la solution se serait sympa de sa part ...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:47, on 2009-06-01
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8118;gopher=localhost:8118;http=localhost:8118;https=localhost:8118;socks=localhost:9050
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost ; 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Documents and Settings\qttask.exe" -atboottime
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_0_0.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.orderingmemory.com/controls/cpcScanner.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - D:\Documents and Settings\maconfservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 6841 bytes
Voici le scan de combofix
ComboFix 09-05-31.05 - alphonse 2009-06-01 14:09.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1557 [GMT 2:00]
Lancé depuis: d:\documents and settings\alphonse\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090529-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Kaspersky Internet Security 6.0 *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: ZoneAlarm Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: Kaspersky Internet Security 6.0 *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\patch.exe
c:\windows\system32\lo2.txtt
d:\documents and settings\alphonse\Application Data\inst.exe
d:\documents and settings\alphonse\Application Data\Install.dat
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-01 au 2009-06-01 ))))))))))))))))))))))))))))))))))))
.
2009-05-28 21:14 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-05-28 21:14 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-05-28 21:14 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-05-28 21:14 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-05-28 21:14 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-05-28 21:14 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-05-28 21:14 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-05-28 21:14 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-05-28 21:13 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-05-28 19:58 . 2004-08-10 20:52 20480 ----a-w- c:\windows\system32\wmpcore.dll
2009-05-28 18:32 . 2009-05-28 18:32 -------- d-----w- d:\documents and settings\LocalService.AUTORITE NT.018\Local Settings\Application Data\Microsoft
2009-05-28 18:32 . 2009-05-28 18:32 -------- d-sh--w- d:\documents and settings\LocalService.AUTORITE NT.018
2009-05-28 18:31 . 2009-05-28 18:32 -------- d-----w- d:\documents and settings\NetworkService.AUTORITE NT.018\Local Settings\Application Data\Microsoft
2009-05-28 18:31 . 2009-05-28 18:31 -------- d-sh--w- d:\documents and settings\NetworkService.AUTORITE NT.018
2009-05-28 18:30 . 2009-05-28 18:30 -------- d-----w- c:\windows\system32\wbem\Repository
2009-05-28 18:30 . 2009-05-28 18:30 -------- d-----w- d:\documents and settings\All Users\Application Data\Viewpoint
2009-05-28 18:30 . 2009-05-28 18:30 -------- d-----w- c:\program files\Multi_Media_France
2009-05-28 18:30 . 2009-05-28 18:30 -------- d-----w- c:\program files\Viewpoint
2009-05-28 18:30 . 2009-05-28 18:30 -------- d-----w- c:\program files\Torrent-Search
2009-05-25 18:55 . 2009-05-25 18:55 -------- d-----r- d:\documents and settings\LocalService.AUTORITE NT.016\Favoris
2009-05-24 12:58 . 2009-05-27 17:38 -------- d-----w- d:\documents and settings\alphonse\Local Settings\Application Data\WinAVI
2009-05-24 12:18 . 2009-05-24 12:18 -------- d-----w- C:\divx
2009-05-21 16:32 . 2004-09-28 09:13 526184 ----a-w- c:\windows\system32\XceedCry.dll
2009-05-21 16:32 . 2004-08-11 13:55 110602 ----a-w- c:\windows\system32\xcdsfx32.bin
2009-05-21 10:46 . 2009-05-21 10:46 -------- d-----w- c:\program files\Driver-Soft
2009-05-20 23:09 . 2009-05-20 23:09 -------- d-----w- d:\documents and settings\alphonse\Local Settings\Application Data\Thinstall
2009-05-20 23:09 . 2009-05-20 23:09 -------- d-----w- d:\documents and settings\alphonse\Application Data\Thinstall
2009-05-20 21:59 . 2005-01-12 09:19 456536 ----a-w- c:\windows\system32\XCEEDZIP.DLL
2009-05-17 22:59 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll
2009-05-17 22:54 . 2009-05-17 22:59 -------- d-----w- c:\windows\system32\XPSViewer
2009-05-17 22:54 . 2009-05-17 22:54 -------- d-----w- c:\program files\MSBuild
2009-05-17 22:54 . 2009-05-17 22:54 -------- d-----w- c:\program files\Reference Assemblies
2009-05-17 22:53 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-17 22:53 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-05-17 22:53 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-17 22:53 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-05-17 22:53 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2009-05-17 22:53 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-05-17 22:53 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-15 23:50 . 2009-05-15 23:50 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-15 23:50 . 2009-05-15 23:50 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-05-14 13:20 . 2009-05-14 13:20 25600 ----a-w- d:\documents and settings\Drivers\driverhardwarev2ia64.sys
2009-05-14 13:20 . 2009-05-14 13:20 15872 ----a-w- d:\documents and settings\Drivers\driverhardwarev2x64.sys
2009-05-14 13:20 . 2009-05-14 13:20 14336 ----a-w- d:\documents and settings\Drivers\driverhardwarev2.sys
2009-05-14 13:20 . 2009-05-14 13:20 427376 ----a-w- d:\documents and settings\mcsettings.exe
2009-05-14 12:56 . 2009-05-14 12:56 402800 ----a-w- d:\documents and settings\nphardwaredetection.dll
2009-05-13 16:25 . 2009-05-13 16:25 968048 ----a-w- d:\documents and settings\mcnoyau.dll
2009-05-13 12:37 . 2009-05-13 12:37 562544 ----a-w- d:\documents and settings\mcrypt.dll
2009-05-13 12:37 . 2009-05-13 12:37 111984 ----a-w- d:\documents and settings\MCBCL.dll
2009-05-13 12:37 . 2009-05-13 12:37 234864 ----a-w- d:\documents and settings\maconfservice.exe
2009-05-12 14:36 . 2009-05-12 14:36 592360 ----a-w- d:\documents and settings\CPUID\cpuidsdk.dll
2009-05-12 13:46 . 2009-05-12 13:46 27504 ----a-w- d:\documents and settings\Langues\LangueMC_fr.dll
2009-05-12 13:46 . 2009-05-12 13:46 26992 ----a-w- d:\documents and settings\Langues\LangueMC_en.dll
2009-05-09 17:11 . 2003-07-24 17:01 606720 ----a-w- c:\temp\SFDNWIN.exe
2009-05-09 17:11 . 2008-01-24 10:37 2097152 ----a-w- c:\temp\autorun.bin
2009-05-06 08:32 . 2009-05-06 08:32 -------- d-----w- d:\documents and settings\NetworkService.AUTORITE NT.016\Local Settings\Application Data\Apple
2009-05-04 19:39 . 2009-05-15 19:42 -------- d-----w- d:\documents and settings\alphonse\Application Data\AdSigner
2009-05-03 22:14 . 2009-05-03 22:39 -------- d-----w- d:\documents and settings\alphonse\Application Data\SolidDocuments
2009-05-03 22:12 . 2009-05-03 22:12 -------- d-----w- d:\documents and settings\All Users\Application Data\SolidDocuments
2009-05-02 14:47 . 2009-05-02 14:47 -------- d-----w- d:\documents and settings\Administrateur\Local Settings\Application Data\Ahead
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 12:16 . 2008-03-01 16:54 589112864 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-06-01 10:06 . 2008-12-06 17:06 -------- d-----w- d:\documents and settings\All Users\Application Data\Spyware Terminator
2009-06-01 10:06 . 2008-12-06 17:06 -------- d-----w- c:\program files\Spyware Terminator
2009-06-01 10:04 . 2008-12-06 17:06 -------- d-----w- d:\documents and settings\alphonse\Application Data\Spyware Terminator
2009-05-31 22:57 . 2008-03-01 16:54 7886624 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-05-31 22:44 . 2009-04-04 13:03 -------- d-----w- c:\program files\LogMeIn
2009-05-30 21:03 . 2008-03-09 13:37 -------- d-----w- d:\documents and settings\alphonse\Application Data\uTorrent
2009-05-30 20:40 . 2009-01-13 12:41 -------- d-----w- c:\program files\WinClamAVShield
2009-05-29 20:54 . 2008-03-03 18:49 -------- d-----w- d:\documents and settings\alphonse\Application Data\Vso
2009-05-29 11:08 . 2008-12-08 15:49 -------- d-----w- d:\documents and settings\lidie\Application Data\Spyware Terminator
2009-05-28 20:34 . 2007-11-29 22:25 -------- d-----w- c:\program files\Alwil Software
2009-05-28 18:30 . 2008-02-08 18:22 -------- d-----w- d:\documents and settings\alphonse\Application Data\Shareaza
2009-05-28 18:29 . 2007-11-29 18:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-28 17:08 . 2008-07-07 11:36 4548 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-05-26 20:18 . 2008-10-10 12:09 -------- d-----w- d:\documents and settings\lidie\Application Data\LimeWire
2009-05-24 12:17 . 2008-02-27 17:38 -------- d-----w- d:\documents and settings\alphonse\Application Data\DivX
2009-05-20 10:49 . 2008-04-19 22:42 -------- d-----w- c:\program files\Fichiers communs\LightScribe
2009-05-18 22:49 . 2007-11-29 19:10 77984 ----a-w- d:\documents and settings\alphonse\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 20:34 . 2008-04-14 22:15 -------- d-----w- c:\program files\Fichiers communs\SureThing Shared
2009-05-16 20:34 . 2007-08-11 18:10 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-16 20:32 . 2008-12-14 10:53 -------- d-----w- d:\documents and settings\alphonse\Application Data\Samsung
2009-05-15 23:50 . 2008-10-26 17:18 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-07 11:29 . 2008-03-09 20:33 -------- d-----w- c:\program files\eMule
2009-04-26 14:00 . 2009-01-05 17:43 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-04-26 11:13 . 2009-04-26 11:13 -------- d-----w- c:\program files\Fichiers communs\Micro Application Shared
2009-04-19 21:23 . 2009-04-19 21:23 687104 ----a-w- c:\windows\is-5DHCD.exe
2009-04-16 11:03 . 2008-02-22 10:50 77984 ----a-w- d:\documents and settings\lidie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-14 17:07 . 2009-03-24 19:50 -------- d-----w- d:\documents and settings\alphonse\Application Data\reflectionweb
2009-04-13 21:59 . 2007-12-15 11:11 -------- d-----w- d:\documents and settings\alphonse\Application Data\U3
2009-04-13 15:23 . 2007-11-29 19:50 -------- d-----w- c:\program files\Wanadoo
2009-04-11 19:02 . 2009-04-11 19:02 -------- d-----w- c:\program files\Orange
2009-04-07 22:16 . 2007-12-01 13:08 -------- d-----w- c:\program files\Fichiers communs\Adobe
2009-04-06 16:45 . 2009-04-06 16:45 -------- d-----w- c:\program files\Securitoo
2009-04-06 13:32 . 2008-11-19 12:42 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 13:32 . 2008-11-19 12:42 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-04-04 19:08 . 2009-04-04 19:08 -------- d-----w- d:\documents and settings\alphonse\Application Data\LEA
2009-04-04 15:29 . 2009-04-04 15:29 -------- d-----w- d:\documents and settings\alphonse\Application Data\SoftPlug
2009-04-04 15:29 . 2009-04-04 15:29 -------- d-----w- c:\program files\LEA
2009-04-04 15:29 . 2009-04-04 15:29 -------- d-----w- c:\program files\WinPcap
2009-04-04 13:34 . 2009-04-04 13:34 -------- d-----w- c:\program files\Mbox Control Center
2009-04-04 13:04 . 2009-04-04 13:04 -------- d-----w- d:\documents and settings\All Users\Application Data\LogMeIn
2009-04-03 15:18 . 2008-12-28 21:56 -------- d-----w- c:\program files\LimeWire
2009-04-02 22:27 . 2009-04-02 20:04 -------- d-----w- d:\documents and settings\alphonse\Application Data\tor
2009-04-02 20:08 . 2009-04-02 19:49 -------- d-----w- d:\documents and settings\alphonse\Application Data\Vidalia
2009-03-25 18:38 . 2009-03-25 18:37 13317640 ----a-w- d:\documents and settings\alphonse\kGnkzd.exe
2009-03-25 18:37 . 2009-03-25 18:36 13317640 ----a-w- d:\documents and settings\alphonse\xTJNwHRdU.exe
2009-03-25 18:36 . 2009-03-25 18:35 13317640 ----a-w- d:\documents and settings\alphonse\avCYFc.exe
2009-03-06 14:20 . 2004-08-16 16:40 286720 ----a-w- c:\windows\system32\pdh.dll
2009-02-12 17:47 . 2009-02-12 17:47 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-12-06 2957824]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="d:\documents and settings\qttask.exe" [2008-09-06 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 18:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\LEA\\SoftPlug\\V3.1\\SoftPlug.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-05-28 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2008-12-06 138752]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-05-28 20560]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2008-07-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-04-04 47640]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [2007-11-29 799744]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2007-12-13 24592]
S0 axozodjh;axozodjh;c:\windows\system32\drivers\ihwbxrmb.dat --> c:\windows\system32\drivers\ihwbxrmb.dat [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; [x]
S3 maconfservice;Ma-Config Service;d:\documents and settings\maconfservice.exe [2009-05-13 234864]
S3 MBAMDrvService;MBAMDrvService;c:\windows\system32\drivers\mbam.sys [2008-11-19 15504]
S3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-06-29 42512]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - PROCEXP113
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'
2009-05-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-05-31 c:\windows\Tasks\HDReg.job
- c:\apps\HDReg\HDRegRem.exe [2007-11-29 09:14]
2009-06-01 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-21 11:14]
2009-05-30 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Administrateur.job
- d:\documents and settings\alphonse\Mes documents\Malwarebytes' Anti-Malware\mbam.exe [2008-11-19 13:32]
2009-05-30 c:\windows\Tasks\Malwarebytes' Scheduled Update for Administrateur.job
- d:\documents and settings\alphonse\Mes documents\Malwarebytes' Anti-Malware\mbam.exe [2008-11-19 13:32]
.
- - - - ORPHELINS SUPPRIMES - - - -
SafeBoot-procexp90.Sys
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.orange.fr/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = ftp=localhost:8118;gopher=localhost:8118;http=localhost:8118;https=localhost:8118;socks=localhost:9050
uInternet Settings,ProxyOverride = localhost ; 127.0.0.1
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: { - c:\program files\Messenger\msmsgs.exe
Trusted Zone: secuser.com\www
DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 14:15
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet015\Services\axozodjh]
"ImagePath"="system32\drivers\ihwbxrmb.dat"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_USERS\LocalService\Software\Skype\Phone\UI]
@DACL=(02 0000)
@SACL=
"Installed"=dword:00000001
[HKEY_USERS\S-1-5-21-1943714537-2143793309-3944931570-1006\Identities\{46CA5865-21A8-4647-AFDD-033033299677}\Software\Microsoft\Outlook Express\5.0\Recent Stationery List]
@DACL=(02 0000)
@SACL=
"File0"="Belle journée.htm"
"File1"="Nature.htm"
"File2"="Céramique.htm"
"File3"="Tournesol.htm"
"File4"="Punch aux agrumes.htm"
"File5"="Vierge.htm"
"File6"="Feuilles.htm"
[HKEY_USERS\S-1-5-21-1943714537-2143793309-3944931570-1006\Identities\{46CA5865-21A8-4647-AFDD-033033299677}\Software\Microsoft\Outlook Express\5.0\Shared Settings]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\13fe\[u]0/u7000776142E155B]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\ATI Technologies Inc.\Pilotes ATI]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\RealJukebox\1.0\Preferences\DisplayName]
@DACL=(02 0000)
@SACL=
@="RealPlayer"
[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\RealJukebox\1.0\Preferences\MainApp]
@DACL=(02 0000)
@SACL=
@="c:\\Program Files\\Real\\RealPlayer\\realjbox.exe"
[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\Free:6.0\File38\ACCESSPOINT]
@DACL=(02 0000)
@SACL=
@="QUICKLAUNCH"
[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\Free:6.0\File39\ACCESSPOINT]
@DACL=(02 0000)
@SACL=
@="DESKTOP"
[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\gtoolbar:6.2\File0\OCX]
@DACL=(02 0000)
@SACL=
@=""
[HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\gtoolbar:6.2\File0\Version]
@DACL=(02 0000)
@SACL=
@="1.0.0.8"
[HKEY_LOCAL_MACHINE\software\Clients\Mail\AOL\Protocols]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Clients\Mail\AOL\shell]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\aol.exe\DefaultIcon]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\aol.exe\InstallInfo]
@DACL=(02 0000)
@SACL=
"ReinstallCommand"="c:\\PROGRA~1\\AOL9~1.0\\accdef.exe -rb"
"HideIconsCommand"="c:\\PROGRA~1\\AOL9~1.0\\accdef.exe -hb"
"ShowIconsCommand"="c:\\PROGRA~1\\AOL9~1.0\\accdef.exe -sb"
"IconsVisible"=dword:00000001
"OEMShowIcons"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\aol.exe\shell]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Inventime\1.00.0000]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDevices]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS]
@DACL=(02 0000)
@SACL=
"ProgID"="MsScp.SCPTRANS.1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\WMDMCESP]
@DACL=(02 0000)
@SACL=
"ProgID"="WMDMCESP.WMDMCESP"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\WPDSp]
@DACL=(02 0000)
@SACL=
"PnPAware"=dword:00000001
"ProgID"="WPDSp.WPDServiceProvider"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\HotFix\KB835221WXP]
@DACL=(02 0000)
@SACL=
"Installed"=dword:00000001
"Comments"="High Definition Audio Driver - KB835221"
"Backup Dir"=""
"Fix Description"="High Definition Audio Driver - KB835221"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:0000000a
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\HotFix\KB951978]
@DACL=(02 0000)
"Installed"=dword:00000001
"Comments"="Mise à jour pour Windows XP (KB951978)"
"Backup Dir"=""
"Fix Description"="Mise à jour pour Windows XP (KB951978)"
"Installed By"=""
"Installed On"=""
"Service Pack"=dword:00000004
"Valid"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\OpenGLDrivers]
@DACL=(02 0000)
@SACL=
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\MSN]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\MSN\USNSVC]
@DACL=(02 0000)
"LogSessionName"=expand:"stdout"
"Active"=dword:00000001
"ControlFlags"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\OE]
@DACL=(02 0000)
"LogSessionName"=expand:"stdout"
"Active"=dword:00000001
"ControlFlags"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Tracing\WDF API DLL]
@DACL=(02 0000)
@SACL=
"LogSessionName"=expand:"stdout"
"Active"=dword:00000001
"ControlFlags"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
@DACL=(02 0000)
@SACL=
"DLLName"="Ati2evxx.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000001
"Lock"="AtiLockEvent"
"Logoff"="AtiLogoffEvent"
"Logon"="AtiLogonEvent"
"Disconnect"="AtiDisConnectEvent"
"Reconnect"="AtiReConnectEvent"
"Safe"=dword:00000000
"Shutdown"="AtiShutdownEvent"
"StartScreenSaver"="AtiStartScreenSaverEvent"
"StartShell"="AtiStartShellEvent"
"Startup"="AtiStartupEvent"
"StopScreenSaver"="AtiStopScreenSaverEvent"
"Unlock"="AtiUnLockEvent"
[HKEY_LOCAL_MACHINE\software\Xing Technology Corp.\SharedDlls]
@DACL=(02 0000)
@SACL=
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(1476)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'lsass.exe'(1616)
c:\windows\system32\relog_ap.dll
.
Heure de fin: 2009-06-01 14:18
ComboFix-quarantined-files.txt 2009-06-01 12:18
ComboFix2.txt 2008-03-01 17:25
Avant-CF: 15,776,440,320 octets libres
Après-CF: 15,758,397,440 octets libres
Current=15 Default=15 Failed=14 LastKnownGood=16 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16
394 --- E O F --- 2009-05-18 20:43
Merci d'avance pour votre aide.
Configuration: Windows XP Internet Explorer 6.0
A voir également:
- Uc trop importante
- Uc browser - Télécharger - Navigateurs
- Uc browser pc 32 bit - Télécharger - Navigateurs
- Uc torrent - Télécharger - Téléchargement & Transfert
- Acheter uc pubg mobile - Forum jeux en ligne
- Ventilation de l'UC - Forum Refroidissement
1 réponse
Bonsoir , personne dans ce forum , peut me déchiffrer un scan hijacthys et combofix que j'ai posté hier.
Je le retransmet ci dessous. Merci d'avance.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:51, on 2009-06-02
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8118;gopher=localhost:8118;http=localhost:8118;https=localhost:8118;socks=localhost:9050
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost ; 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Documents and Settings\qttask.exe" -atboottime
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_0_0.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.orderingmemory.com/controls/cpcScanner.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - D:\Documents and Settings\maconfservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Je le retransmet ci dessous. Merci d'avance.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:51, on 2009-06-02
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=localhost:8118;gopher=localhost:8118;http=localhost:8118;https=localhost:8118;socks=localhost:9050
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost ; 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Documents and Settings\qttask.exe" -atboottime
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/maconfig/MaConfig_3_5_0_0.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.orderingmemory.com/controls/cpcScanner.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - D:\Documents and Settings\maconfservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
