SOS Ordi infecté
Résolu/Fermé
goyelle
Messages postés
50
Date d'inscription
mercredi 24 juin 2009
Statut
Membre
Dernière intervention
9 septembre 2014
-
24 juin 2009 à 17:46
goyelle Messages postés 50 Date d'inscription mercredi 24 juin 2009 Statut Membre Dernière intervention 9 septembre 2014 - 2 juil. 2009 à 18:43
goyelle Messages postés 50 Date d'inscription mercredi 24 juin 2009 Statut Membre Dernière intervention 9 septembre 2014 - 2 juil. 2009 à 18:43
A voir également:
- SOS Ordi infecté
- Mon ordi rame que faire - Guide
- Comment reinitialiser un ordi - Guide
- Ordi scrabble - Télécharger - Jeux vidéo
- Ordi ecran noir - Guide
- Ordi bloque - Guide
5 réponses
goyelle
Messages postés
50
Date d'inscription
mercredi 24 juin 2009
Statut
Membre
Dernière intervention
9 septembre 2014
6
2 juil. 2009 à 18:43
2 juil. 2009 à 18:43
Bonjour, après beaucoup d'efforts de patience et de ruse, j'ai enfin réussi à copier tous mes fichiers, puis j'ai lancé la récupération à l'état de sortie d'usine. Voilà, je ne sais pas ce qui clochait, certainement beaucoup pde choses... Merci beaucoup pour vos réponses!
Régis Robert
Messages postés
35
Date d'inscription
mercredi 17 juin 2009
Statut
Membre
Dernière intervention
7 janvier 2011
24 juin 2009 à 17:48
24 juin 2009 à 17:48
Mets tes fichiers dans un périphérique de stockage (genre HDD externe) puis formate ton disque dur interne.
goyelle
Messages postés
50
Date d'inscription
mercredi 24 juin 2009
Statut
Membre
Dernière intervention
9 septembre 2014
6
24 juin 2009 à 18:06
24 juin 2009 à 18:06
Merci pour la réponse aussi rapide! il n'y aurait pas une autre solution avant? j'ai une version vista valide mais je n'ai pas le cd pour réinsaller, je n'ai jamais formater comme ça, j'ai peur de ne rien récupérer... ça se passe comment?
Merci...
Je rajoute les log ComboFix et HiJackThi, j'ai fait une mauvaise manip avant d'ajouter mon message, il était pas fini.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:57:00, on 24/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\amelie\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\Explorer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\IELowutil.exe
F:\HiJackThis.exe
C:\Users\amelie\Desktop\HiJackThis.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\amelie\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--------------------------------------------------------------------------------------------------------------------------
ComboFix 09-06-23.01 - amelie 24/06/2009 14:54.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.1796 [GMT 2:00]
Lancé depuis: c:\users\amelie\Desktop\ComboFix.exe
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1453765893-1662031185-888260578-500
c:\$recycle.bin\S-1-5-21-2701342356-872505987-4113934584-500
c:\$recycle.bin\S-1-5-21-1453765893-1662031185-888260578-500\desktop.ini
c:\$recycle.bin\S-1-5-21-2701342356-872505987-4113934584-500\desktop.ini
c:\windows\system32\AutoRun.inf
c:\windows\system32\KBL.LOG
D:\Desktop.ini
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-24 au 2009-06-24 ))))))))))))))))))))))))))))))))))))
.
2009-06-24 11:50 . 2009-06-24 12:11 -------- d-----w- c:\programdata\SecTaskMan
2009-06-24 11:50 . 2009-06-24 12:14 -------- d-----w- c:\program files\Security Task Manager
2009-06-22 15:17 . 2009-06-22 15:17 -------- d-----w- c:\program files\Rocket Division Software
2009-06-22 15:16 . 2009-06-23 05:12 -------- d-----w- c:\users\amelie\AppData\Roaming\EoRezo
2009-06-22 15:16 . 2009-06-22 15:16 -------- d-----w- c:\program files\EoRezo
2009-06-22 15:04 . 2007-03-18 19:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-06-22 15:04 . 2006-09-29 11:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-06-22 15:04 . 2006-09-29 11:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-06-22 15:04 . 2006-09-29 11:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-06-22 15:04 . 2002-12-10 01:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-06-22 15:04 . 2006-05-20 15:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-06-22 15:04 . 2006-05-11 18:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-06-21 14:09 . 2009-06-21 14:09 -------- d-----w- c:\users\amelie\AppData\Roaming\Megaupload
2009-06-21 11:25 . 2009-03-16 08:00 89104 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090620.025\NAVENG.SYS
2009-06-21 11:25 . 2009-03-16 08:00 876144 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090620.025\NAVEX15.SYS
2009-06-21 11:25 . 2009-03-16 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090620.025\EECTRL.SYS
2009-06-21 11:25 . 2009-03-16 08:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090620.025\CCERASER.DLL
2009-06-21 11:25 . 2009-03-16 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090620.025\NAVENG32.DLL
2009-06-21 11:25 . 2009-03-16 08:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090620.025\NAVEX32A.DLL
2009-06-21 11:25 . 2009-03-16 08:00 101936 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090620.025\ERASER.SYS
2009-06-21 11:25 . 2008-12-17 07:38 750 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090620.025\hub.scr
2009-06-21 11:25 . 2008-12-17 07:38 259368 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090620.025\ECMSVR32.DLL
2009-06-21 06:15 . 2009-06-21 06:15 -------- d-----w- c:\program files\CCleaner
2009-06-20 20:23 . 2009-06-20 20:23 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-20 20:23 . 2009-06-20 20:23 -------- d-----w- c:\program files\DivX
2009-06-15 15:33 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-15 15:33 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-15 15:28 . 2009-06-15 15:28 135680 ----a-w- c:\users\amelie\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
2009-06-15 11:43 . 2009-06-15 11:43 -------- d-----w- c:\users\amelie\AppData\Roaming\Microsoft Web Folders
2009-06-15 11:29 . 2009-06-15 11:29 -------- d-----w- c:\program files\Microsoft Office2
2009-06-15 10:38 . 2009-06-15 10:38 -------- d-----w- c:\windows\Sun
2009-06-13 10:24 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-13 10:24 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-13 10:16 . 2009-06-13 10:16 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb11CD.tmp.exe
2009-06-10 07:56 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 07:56 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-10 07:56 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-05-27 11:52 . 2009-05-27 11:57 167133 ----a-w- c:\windows\hpqins00.dat
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 12:08 . 2009-02-18 19:07 -------- d-----w- c:\programdata\GamesBar
2009-06-24 11:50 . 2008-02-22 22:20 669890 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-24 11:50 . 2008-02-22 22:20 123896 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-24 11:44 . 2008-09-17 11:33 -------- d-----w- c:\program files\Spyware Doctor
2009-06-24 10:44 . 2008-02-22 14:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-24 06:55 . 2009-06-24 06:55 28190 ----a-w- c:\users\amelie\AppData\Roaming\nvModes.dat
2009-06-23 06:44 . 2008-10-23 07:54 -------- d-----w- c:\programdata\HP Product Assistant
2009-06-21 15:21 . 2008-09-17 08:45 -------- d-----w- c:\users\amelie\AppData\Roaming\LimeWire
2009-06-21 14:05 . 2008-02-22 14:23 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-21 11:35 . 2008-10-10 10:57 0 ----a-w- c:\users\amelie\AppData\Roaming\wklnhst.dat
2009-06-15 15:28 . 2008-12-18 13:40 86576 ----a-w- c:\users\amelie\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2009-06-15 15:28 . 2008-12-18 13:40 132672 ----a-w- c:\users\amelie\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2009-06-15 15:28 . 2008-12-18 13:40 392728 ----a-w- c:\users\amelie\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll
2009-06-15 15:28 . 2008-12-18 13:40 0 ----a-r- c:\users\amelie\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
2009-06-15 14:02 . 2008-09-17 09:06 -------- d-----w- c:\users\amelie\AppData\Roaming\HP
2009-06-15 13:42 . 2008-09-16 22:17 80744 ----a-w- c:\users\amelie\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-15 13:08 . 2008-02-22 15:15 -------- d-----w- c:\programdata\Microsoft Help
2009-06-15 08:30 . 2008-03-06 05:17 -------- d-----w- c:\programdata\NVIDIA
2009-06-11 14:58 . 2008-02-22 14:53 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 10:03 . 2009-01-27 15:35 -------- d-----w- c:\program files\BoontyGames
2009-05-28 11:49 . 2008-11-13 17:54 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-14 09:27 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-12 18:19 . 2009-01-27 15:36 -------- d-----w- c:\programdata\PlayFirst
2009-05-12 18:19 . 2009-01-25 17:11 -------- d-----w- c:\users\amelie\AppData\Roaming\PlayFirst
2009-05-11 17:49 . 2008-09-17 11:33 -------- d-----w- c:\program files\Common Files\PC Tools
2009-05-09 18:39 . 2009-05-03 13:32 -------- d-----w- c:\programdata\Earthsim
2009-05-09 18:38 . 2009-05-09 18:38 -------- d-----w- c:\users\amelie\AppData\Roaming\Earthsim
2009-05-04 19:13 . 2008-03-06 05:12 -------- d-----w- c:\programdata\WildTangent
2009-04-13 16:54 . 2008-03-06 04:46 3220235156 ----a-w- c:\windows\DUMP5466.tmp
2009-04-06 17:50 . 2009-04-06 17:50 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-03 09:18 . 2009-05-11 17:40 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-02-22 22:54 . 2008-02-22 22:42 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-03-24 3587120]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
c:\users\amelie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Notification de cadeaux MSN.lnk - c:\users\amelie\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-6-15 135680]
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BC064E70-32DE-4DB1-BF5F-0E8A1F5BB8E9}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{F7FF614E-A0A2-47BB-8B48-0AEEF5D2D326}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{46218270-9523-4EB1-A9B5-C7BC53FDFF8E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{85F3E4A2-15C8-41EC-92BB-340AF7B1161B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B59C9D50-D069-464B-9354-E0E731DB870A}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{1513A1AC-27B3-49DB-90DB-F97B4FDC9EF8}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{92EB7BA7-E84F-4815-8DC3-2CAEA0BBBBBD}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{FDF6BC67-05C3-470D-9E09-430D665671A5}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{7020DCC3-4FBA-4BB2-BBD7-A5BD1427467F}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{A0BB9A7D-A823-4A39-8351-662C08BB8EB0}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule Plus
"UDP Query User{B813CC53-0678-49EE-B558-78D6B057CF88}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule Plus
"{7C7A00BB-3DC4-4161-97CE-B6DCAB77E765}"= Disabled:UDP:c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{EE05F7C7-D962-4D81-B6A8-CF214389495F}"= Disabled:TCP:c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{06BA914A-01F1-408B-8FF1-CB0EC9C7C0D9}"= Disabled:UDP:c:\program files\Hp\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{D7B42772-FA6D-4C98-B532-5E0DB09D28C3}"= Disabled:TCP:c:\program files\Hp\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{996D49AB-1068-48B8-AFC3-235BD7E9F332}"= Disabled:UDP:c:\program files\Hp\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{DEAF9C7A-4DA8-4A32-9FE6-D0CE171FB891}"= Disabled:TCP:c:\program files\Hp\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{EA732E0F-A74C-409E-9997-9D0CB5D6FC1F}"= Disabled:UDP:c:\program files\Hp\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{9C932608-7E33-4F62-9DE5-A20F7A6CC088}"= Disabled:TCP:c:\program files\Hp\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{60561511-51D6-4F4F-9C3D-783DC7DB2A8A}"= Disabled:UDP:c:\program files\Hp\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{CE3AAB4C-8865-477B-AA02-3A6A4AA3CE2C}"= Disabled:TCP:c:\program files\Hp\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{10BA8EAE-03EB-4737-9239-22DBCC5AA9DF}"= Disabled:UDP:c:\program files\Hp\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{C4E9A162-6C5A-44BA-85E6-B4D63DD3E93C}"= Disabled:TCP:c:\program files\Hp\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{C747168C-39B6-437E-BEAF-28BDBF923411}"= Disabled:UDP:c:\program files\Hp\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{1BF4A207-C2DE-4FD7-8A58-C23DD3ABDCC5}"= Disabled:TCP:c:\program files\Hp\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{34C6A1F3-B97B-44CA-8462-36E8EBE09B38}"= Disabled:UDP:c:\program files\Hp\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{F27DA942-6B0A-4FFF-8A86-EC5AB6B165C7}"= Disabled:TCP:c:\program files\Hp\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{0FBBAEA0-861F-4800-B235-5A9C1B9575C9}"= Disabled:UDP:c:\program files\Hp\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{560EB7D6-4D63-4EF8-8440-5F6F625532FB}"= Disabled:TCP:c:\program files\Hp\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{78CA20C4-B4F4-4004-8D89-06121A75DB4C}"= Disabled:UDP:c:\program files\Hp\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{472C517A-1654-40DD-A96B-16E6C7FF4DFA}"= Disabled:TCP:c:\program files\Hp\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{9AB04AB0-6D26-4E32-84E0-1B38929A8D04}"= Disabled:UDP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"{FD509BC8-A344-44AE-A6B9-394FC592E10D}"= Disabled:TCP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"{354E796E-E468-444B-90BA-6506123B0CF9}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{F6A21211-8B97-4E27-9664-F24724ADC845}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{43B0F04C-9E5C-4DDC-B523-AB290EECCD39}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{7AB36EBC-DEF1-4E58-8F69-1D16FA7E6979}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{E51DFCB9-7471-4FAF-9C34-4CB43F538B1B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{58660BE9-E8EA-4098-A27C-5134E20CACB0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5DB833A9-6EB2-433D-B2BF-7E5D0168C9F7}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{EF7D06BE-54B8-4E13-B484-9EF469D650B8}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{37806EAB-2A92-4B25-B3D4-AF40F15E6242}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{F93E7BB3-A935-435D-8AA4-8D6A65252607}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{9988F906-E003-4D84-AAE3-73F334758524}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{1D73784A-7202-4DFF-8F0D-200C59F8C196}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CB7932DC-7C5B-445D-991A-8204692BDECA}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F9CAC756-F117-4064-9E57-67C1FD22F337}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5411B62B-4C49-440E-9054-5FD4C147DC83}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [11/05/2009 19:40 130936]
R1 SbFw;SbFw;c:\windows\System32\drivers\SbFw.sys [31/10/2008 08:09 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\System32\drivers\sbhips.sys [21/06/2008 05:54 66600]
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [18/12/2008 20:10 55264]
R2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31/10/2008 08:24 95528]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [17/09/2008 13:33 348752]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31/10/2008 08:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\System32\drivers\SbFwIm.sys [19/11/2008 20:31 65576]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [06/11/2007 22:22 34064]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'
2009-06-16 c:\windows\Tasks\HPCeeScheduleForamelie.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-02-22 10:58]
2009-06-24 c:\windows\Tasks\User_Feed_Synchronization-{C7F9CE9C-B0F3-4264-AB17-C5BC68B6994B}.job
- c:\windows\system32\msfeedssync.exe [2009-06-15 11:31]
.
.
------- Examen supplémentaire -------
.
mStart Page = hxxp://fr.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath -
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("network.protocol-handler.warn-external.veoh", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 15:24
Windows 6.0.6001 Service Pack 1 NTFS
detected NTDLL code modification:
ZwClose
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\users\amelie\AppData\Local\Temp\CabC995.tmp 28644 bytes
c:\users\amelie\AppData\Local\Temp\TarC996.tmp 65536 bytes
Scan terminé avec succès
Fichiers cachés: 2
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.EXE'(448)
c:\windows\system32\FunDisc.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hp\Digital Imaging\bin\hpqste08.exe
c:\program files\Hp\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Heure de fin: 2009-06-24 15:31 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-24 13:31
Avant-CF: 96 556 748 800 octets libres
Après-CF: 96 222 953 472 octets libres
307 --- E O F --- 2009-06-23 08:35
End of file - 13693 bytes
Merci...
Je rajoute les log ComboFix et HiJackThi, j'ai fait une mauvaise manip avant d'ajouter mon message, il était pas fini.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:57:00, on 24/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\amelie\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Windows\Explorer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe
C:\Program Files\Internet Explorer\IELowutil.exe
F:\HiJackThis.exe
C:\Users\amelie\Desktop\HiJackThis.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Veoh Video Compass - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Notification de cadeaux MSN.lnk = C:\Users\amelie\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader5.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--------------------------------------------------------------------------------------------------------------------------
ComboFix 09-06-23.01 - amelie 24/06/2009 14:54.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.1796 [GMT 2:00]
Lancé depuis: c:\users\amelie\Desktop\ComboFix.exe
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1453765893-1662031185-888260578-500
c:\$recycle.bin\S-1-5-21-2701342356-872505987-4113934584-500
c:\$recycle.bin\S-1-5-21-1453765893-1662031185-888260578-500\desktop.ini
c:\$recycle.bin\S-1-5-21-2701342356-872505987-4113934584-500\desktop.ini
c:\windows\system32\AutoRun.inf
c:\windows\system32\KBL.LOG
D:\Desktop.ini
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Boonty Games
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-24 au 2009-06-24 ))))))))))))))))))))))))))))))))))))
.
2009-06-24 11:50 . 2009-06-24 12:11 -------- d-----w- c:\programdata\SecTaskMan
2009-06-24 11:50 . 2009-06-24 12:14 -------- d-----w- c:\program files\Security Task Manager
2009-06-22 15:17 . 2009-06-22 15:17 -------- d-----w- c:\program files\Rocket Division Software
2009-06-22 15:16 . 2009-06-23 05:12 -------- d-----w- c:\users\amelie\AppData\Roaming\EoRezo
2009-06-22 15:16 . 2009-06-22 15:16 -------- d-----w- c:\program files\EoRezo
2009-06-22 15:04 . 2007-03-18 19:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2009-06-22 15:04 . 2006-09-29 11:26 176165 ----a-w- c:\windows\system32\drv23260.dll
2009-06-22 15:04 . 2006-09-29 11:25 208935 ----a-w- c:\windows\system32\drv33260.dll
2009-06-22 15:04 . 2006-09-29 11:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2009-06-22 15:04 . 2002-12-10 01:20 102439 ----a-w- c:\windows\system32\sipr3260.dll
2009-06-22 15:04 . 2006-05-20 15:16 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-06-22 15:04 . 2006-05-11 18:21 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2009-06-21 14:09 . 2009-06-21 14:09 -------- d-----w- c:\users\amelie\AppData\Roaming\Megaupload
2009-06-21 11:25 . 2009-03-16 08:00 89104 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090620.025\NAVENG.SYS
2009-06-21 11:25 . 2009-03-16 08:00 876144 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090620.025\NAVEX15.SYS
2009-06-21 11:25 . 2009-03-16 08:00 371248 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090620.025\EECTRL.SYS
2009-06-21 11:25 . 2009-03-16 08:00 2414128 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090620.025\CCERASER.DLL
2009-06-21 11:25 . 2009-03-16 08:00 177520 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090620.025\NAVENG32.DLL
2009-06-21 11:25 . 2009-03-16 08:00 1181040 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090620.025\NAVEX32A.DLL
2009-06-21 11:25 . 2009-03-16 08:00 101936 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090620.025\ERASER.SYS
2009-06-21 11:25 . 2008-12-17 07:38 750 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090620.025\hub.scr
2009-06-21 11:25 . 2008-12-17 07:38 259368 ----a-w- c:\programdata\Symantec\Definitions\SymcData\virusdefs-2.5-e\20090620.025\ECMSVR32.DLL
2009-06-21 06:15 . 2009-06-21 06:15 -------- d-----w- c:\program files\CCleaner
2009-06-20 20:23 . 2009-06-20 20:23 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-20 20:23 . 2009-06-20 20:23 -------- d-----w- c:\program files\DivX
2009-06-15 15:33 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-15 15:33 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-15 15:28 . 2009-06-15 15:28 135680 ----a-w- c:\users\amelie\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe
2009-06-15 11:43 . 2009-06-15 11:43 -------- d-----w- c:\users\amelie\AppData\Roaming\Microsoft Web Folders
2009-06-15 11:29 . 2009-06-15 11:29 -------- d-----w- c:\program files\Microsoft Office2
2009-06-15 10:38 . 2009-06-15 10:38 -------- d-----w- c:\windows\Sun
2009-06-13 10:24 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-13 10:24 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-13 10:16 . 2009-06-13 10:16 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb11CD.tmp.exe
2009-06-10 07:56 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-10 07:56 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-10 07:56 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-05-27 11:52 . 2009-05-27 11:57 167133 ----a-w- c:\windows\hpqins00.dat
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-24 12:08 . 2009-02-18 19:07 -------- d-----w- c:\programdata\GamesBar
2009-06-24 11:50 . 2008-02-22 22:20 669890 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-24 11:50 . 2008-02-22 22:20 123896 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-24 11:44 . 2008-09-17 11:33 -------- d-----w- c:\program files\Spyware Doctor
2009-06-24 10:44 . 2008-02-22 14:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-24 06:55 . 2009-06-24 06:55 28190 ----a-w- c:\users\amelie\AppData\Roaming\nvModes.dat
2009-06-23 06:44 . 2008-10-23 07:54 -------- d-----w- c:\programdata\HP Product Assistant
2009-06-21 15:21 . 2008-09-17 08:45 -------- d-----w- c:\users\amelie\AppData\Roaming\LimeWire
2009-06-21 14:05 . 2008-02-22 14:23 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-21 11:35 . 2008-10-10 10:57 0 ----a-w- c:\users\amelie\AppData\Roaming\wklnhst.dat
2009-06-15 15:28 . 2008-12-18 13:40 86576 ----a-w- c:\users\amelie\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2009-06-15 15:28 . 2008-12-18 13:40 132672 ----a-w- c:\users\amelie\AppData\Roaming\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2009-06-15 15:28 . 2008-12-18 13:40 392728 ----a-w- c:\users\amelie\AppData\Roaming\Microsoft\Services Windows Live\Services Windows Live.dll
2009-06-15 15:28 . 2008-12-18 13:40 0 ----a-r- c:\users\amelie\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
2009-06-15 14:02 . 2008-09-17 09:06 -------- d-----w- c:\users\amelie\AppData\Roaming\HP
2009-06-15 13:42 . 2008-09-16 22:17 80744 ----a-w- c:\users\amelie\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-15 13:08 . 2008-02-22 15:15 -------- d-----w- c:\programdata\Microsoft Help
2009-06-15 08:30 . 2008-03-06 05:17 -------- d-----w- c:\programdata\NVIDIA
2009-06-11 14:58 . 2008-02-22 14:53 -------- d-----w- c:\program files\Microsoft Works
2009-06-10 10:03 . 2009-01-27 15:35 -------- d-----w- c:\program files\BoontyGames
2009-05-28 11:49 . 2008-11-13 17:54 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-14 09:27 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-12 18:19 . 2009-01-27 15:36 -------- d-----w- c:\programdata\PlayFirst
2009-05-12 18:19 . 2009-01-25 17:11 -------- d-----w- c:\users\amelie\AppData\Roaming\PlayFirst
2009-05-11 17:49 . 2008-09-17 11:33 -------- d-----w- c:\program files\Common Files\PC Tools
2009-05-09 18:39 . 2009-05-03 13:32 -------- d-----w- c:\programdata\Earthsim
2009-05-09 18:38 . 2009-05-09 18:38 -------- d-----w- c:\users\amelie\AppData\Roaming\Earthsim
2009-05-04 19:13 . 2008-03-06 05:12 -------- d-----w- c:\programdata\WildTangent
2009-04-13 16:54 . 2008-03-06 04:46 3220235156 ----a-w- c:\windows\DUMP5466.tmp
2009-04-06 17:50 . 2009-04-06 17:50 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-03 09:18 . 2009-05-11 17:40 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-02-22 22:54 . 2008-02-22 22:42 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-27 39408]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-03-24 3587120]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
c:\users\amelie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Notification de cadeaux MSN.lnk - c:\users\amelie\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-6-15 135680]
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BC064E70-32DE-4DB1-BF5F-0E8A1F5BB8E9}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{F7FF614E-A0A2-47BB-8B48-0AEEF5D2D326}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{46218270-9523-4EB1-A9B5-C7BC53FDFF8E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{85F3E4A2-15C8-41EC-92BB-340AF7B1161B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B59C9D50-D069-464B-9354-E0E731DB870A}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{1513A1AC-27B3-49DB-90DB-F97B4FDC9EF8}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{92EB7BA7-E84F-4815-8DC3-2CAEA0BBBBBD}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{FDF6BC67-05C3-470D-9E09-430D665671A5}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{7020DCC3-4FBA-4BB2-BBD7-A5BD1427467F}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{A0BB9A7D-A823-4A39-8351-662C08BB8EB0}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule Plus
"UDP Query User{B813CC53-0678-49EE-B558-78D6B057CF88}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule Plus
"{7C7A00BB-3DC4-4161-97CE-B6DCAB77E765}"= Disabled:UDP:c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{EE05F7C7-D962-4D81-B6A8-CF214389495F}"= Disabled:TCP:c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{06BA914A-01F1-408B-8FF1-CB0EC9C7C0D9}"= Disabled:UDP:c:\program files\Hp\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{D7B42772-FA6D-4C98-B532-5E0DB09D28C3}"= Disabled:TCP:c:\program files\Hp\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{996D49AB-1068-48B8-AFC3-235BD7E9F332}"= Disabled:UDP:c:\program files\Hp\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{DEAF9C7A-4DA8-4A32-9FE6-D0CE171FB891}"= Disabled:TCP:c:\program files\Hp\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{EA732E0F-A74C-409E-9997-9D0CB5D6FC1F}"= Disabled:UDP:c:\program files\Hp\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{9C932608-7E33-4F62-9DE5-A20F7A6CC088}"= Disabled:TCP:c:\program files\Hp\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{60561511-51D6-4F4F-9C3D-783DC7DB2A8A}"= Disabled:UDP:c:\program files\Hp\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{CE3AAB4C-8865-477B-AA02-3A6A4AA3CE2C}"= Disabled:TCP:c:\program files\Hp\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{10BA8EAE-03EB-4737-9239-22DBCC5AA9DF}"= Disabled:UDP:c:\program files\Hp\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{C4E9A162-6C5A-44BA-85E6-B4D63DD3E93C}"= Disabled:TCP:c:\program files\Hp\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{C747168C-39B6-437E-BEAF-28BDBF923411}"= Disabled:UDP:c:\program files\Hp\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{1BF4A207-C2DE-4FD7-8A58-C23DD3ABDCC5}"= Disabled:TCP:c:\program files\Hp\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{34C6A1F3-B97B-44CA-8462-36E8EBE09B38}"= Disabled:UDP:c:\program files\Hp\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{F27DA942-6B0A-4FFF-8A86-EC5AB6B165C7}"= Disabled:TCP:c:\program files\Hp\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{0FBBAEA0-861F-4800-B235-5A9C1B9575C9}"= Disabled:UDP:c:\program files\Hp\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{560EB7D6-4D63-4EF8-8440-5F6F625532FB}"= Disabled:TCP:c:\program files\Hp\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{78CA20C4-B4F4-4004-8D89-06121A75DB4C}"= Disabled:UDP:c:\program files\Hp\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{472C517A-1654-40DD-A96B-16E6C7FF4DFA}"= Disabled:TCP:c:\program files\Hp\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{9AB04AB0-6D26-4E32-84E0-1B38929A8D04}"= Disabled:UDP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"{FD509BC8-A344-44AE-A6B9-394FC592E10D}"= Disabled:TCP:e:\setup\HPZNUI01.EXE:hpznui01.exe
"{354E796E-E468-444B-90BA-6506123B0CF9}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{F6A21211-8B97-4E27-9664-F24724ADC845}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{43B0F04C-9E5C-4DDC-B523-AB290EECCD39}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{7AB36EBC-DEF1-4E58-8F69-1D16FA7E6979}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{E51DFCB9-7471-4FAF-9C34-4CB43F538B1B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{58660BE9-E8EA-4098-A27C-5134E20CACB0}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{5DB833A9-6EB2-433D-B2BF-7E5D0168C9F7}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{EF7D06BE-54B8-4E13-B484-9EF469D650B8}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{37806EAB-2A92-4B25-B3D4-AF40F15E6242}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{F93E7BB3-A935-435D-8AA4-8D6A65252607}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{9988F906-E003-4D84-AAE3-73F334758524}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{1D73784A-7202-4DFF-8F0D-200C59F8C196}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{CB7932DC-7C5B-445D-991A-8204692BDECA}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F9CAC756-F117-4064-9E57-67C1FD22F337}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5411B62B-4C49-440E-9054-5FD4C147DC83}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [11/05/2009 19:40 130936]
R1 SbFw;SbFw;c:\windows\System32\drivers\SbFw.sys [31/10/2008 08:09 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\System32\drivers\sbhips.sys [21/06/2008 05:54 66600]
R2 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [18/12/2008 20:10 55264]
R2 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31/10/2008 08:24 95528]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [17/09/2008 13:33 348752]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31/10/2008 08:24 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\System32\drivers\SbFwIm.sys [19/11/2008 20:31 65576]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [06/11/2007 22:22 34064]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'
2009-06-16 c:\windows\Tasks\HPCeeScheduleForamelie.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-02-22 10:58]
2009-06-24 c:\windows\Tasks\User_Feed_Synchronization-{C7F9CE9C-B0F3-4264-AB17-C5BC68B6994B}.job
- c:\windows\system32\msfeedssync.exe [2009-06-15 11:31]
.
.
------- Examen supplémentaire -------
.
mStart Page = hxxp://fr.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 5.0\resources\fr-fr\local\search.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath -
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("network.protocol-handler.warn-external.veoh", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-24 15:24
Windows 6.0.6001 Service Pack 1 NTFS
detected NTDLL code modification:
ZwClose
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\users\amelie\AppData\Local\Temp\CabC995.tmp 28644 bytes
c:\users\amelie\AppData\Local\Temp\TarC996.tmp 65536 bytes
Scan terminé avec succès
Fichiers cachés: 2
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'Explorer.EXE'(448)
c:\windows\system32\FunDisc.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Hp\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hp\Digital Imaging\bin\hpqste08.exe
c:\program files\Hp\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Heure de fin: 2009-06-24 15:31 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-24 13:31
Avant-CF: 96 556 748 800 octets libres
Après-CF: 96 222 953 472 octets libres
307 --- E O F --- 2009-06-23 08:35
End of file - 13693 bytes
goyelle
Messages postés
50
Date d'inscription
mercredi 24 juin 2009
Statut
Membre
Dernière intervention
9 septembre 2014
6
25 juin 2009 à 13:39
25 juin 2009 à 13:39
Je n'arrive pas à procéder à la copie de mes documents, l'explorateur windows plante à chaque fois, impossible de créer un dossier, par exemple.
Est-ce que quelqu'un a une idée? Merci d'avance...
Est-ce que quelqu'un a une idée? Merci d'avance...
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question