Probleme avec cheval de troie
Résolu
alban33
-
alban33 -
alban33 -
Bonjour,
ayant téléchargé un fichier sur internet, il s' est avéré par la suite que c' était un virus que m' a signalé avast. Je l' ai tout de suite supprimer. Mais le problème réside dans le message que m' envoie avast lorsque je lance une fenêtre d' internet en me disant qu' un cheval de troie a été repéré et en me laissant un seul et unique choix : abandonner la connexion. Je clique sur ce choix mais le message d' avast réapparaît systématiquement lors d' une nouvelle recherche. De plus certaines fenêtres intempestives apparaissent mais mon principal problème reste quand même ce message d' avast. Mon pc est devenu plus lent qu' avant et surtout je ne peux plus lire les vidéos sur youtube ...
En espérant avoir une réponse à mon problème, merci .
ayant téléchargé un fichier sur internet, il s' est avéré par la suite que c' était un virus que m' a signalé avast. Je l' ai tout de suite supprimer. Mais le problème réside dans le message que m' envoie avast lorsque je lance une fenêtre d' internet en me disant qu' un cheval de troie a été repéré et en me laissant un seul et unique choix : abandonner la connexion. Je clique sur ce choix mais le message d' avast réapparaît systématiquement lors d' une nouvelle recherche. De plus certaines fenêtres intempestives apparaissent mais mon principal problème reste quand même ce message d' avast. Mon pc est devenu plus lent qu' avant et surtout je ne peux plus lire les vidéos sur youtube ...
En espérant avoir une réponse à mon problème, merci .
A voir également:
- Probleme avec cheval de troie
- Comment supprimer cheval de troie gratuitement - Télécharger - Antivirus & Antimalwares
- Ordinateur bloqué cheval de troie - Accueil - Arnaque
- Cheval de troie virus - Accueil - Virus
- Jeux de petit chevaux gratuit à télécharger - Télécharger - Jeux vidéo
- Skyrim retrouver son cheval - Forum Jeux PC
13 réponses
Bonjour alban33
*Telecharges HijackThis sur le bureau
*Tu le lances, clic sur " do a scann system and save log file
*A la fin, le bloc notes doit s'ouvrir, tu fais un copier/coller de ce rapport dans un prochain message ci dessous.
A+
*Telecharges HijackThis sur le bureau
*Tu le lances, clic sur " do a scann system and save log file
*A la fin, le bloc notes doit s'ouvrir, tu fais un copier/coller de ce rapport dans un prochain message ci dessous.
A+
Ah très bien c' est bien ce qu' il me semblait :D. Je veux bien de ton aide Destrio5 s' il te plaît .
RE
Tu as une toolBar d'infectee deja.
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
Lance l'installation du programme en exécutant le fichier téléchargé.
Double-clique maintenant sur le raccourci de Toolbar-S&D.
Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
Poste le rapport généré. (C:\TB.txt)
A+
Tu as une toolBar d'infectee deja.
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
Lance l'installation du programme en exécutant le fichier téléchargé.
Double-clique maintenant sur le raccourci de Toolbar-S&D.
Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
Poste le rapport généré. (C:\TB.txt)
A+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
J' ai fait ce que tu m' as dit et voici le rapport :
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : HP_Administrateur ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1169 [VPS 090625-0] 4.8.1169 (Activated)
C:\ (Local Disk) - NTFS - Total:226 Go (Free:88 Go)
D:\ (Local Disk) - FAT32 - Total:6 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 25/06/2009|23:47 )
-----------\\ Recherche de Fichiers / Dossiers ...
[Service] ASKService
[Service] ASKUpgrade
C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Cache
C:\Program Files\AskBarDis\bar\History
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\AskSplash.exe
C:\Program Files\AskBarDis\bar\bin\AskTBApp.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\Cache\26F198BC
C:\Program Files\AskBarDis\bar\Cache\26F19C27.bin
C:\Program Files\AskBarDis\bar\Cache\26F19DBD.bin
C:\Program Files\AskBarDis\bar\Cache\26F1A109.bin
C:\Program Files\AskBarDis\bar\Cache\26F1A55E.bin
C:\Program Files\AskBarDis\bar\Cache\26F1A85C.bin
C:\Program Files\AskBarDis\bar\Cache\26F1AA11.bin
C:\Program Files\AskBarDis\bar\Cache\26F1AB79.bin
C:\Program Files\AskBarDis\bar\Cache\files.ini
C:\Program Files\AskBarDis\bar\History\search
C:\Program Files\AskBarDis\bar\Settings\AskLogo.ico
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
C:\Program Files\AskBarDis\bar\Settings\prevcfg.htm
C:\Program Files\AskBarDis\bar\Settings\prevCfg2.htm
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@mywebsearch[2].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@try.starware[2].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@hosted.zango[1].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.zango[1].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@zango[2].txt
C:\WINDOWS\iun6002.exe
-----------\\ Extensions
(HP_Administrateur) - {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} => flashgot
(HP_Administrateur) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.vizzeo.fr/meteo"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Default_Page_URL"="https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF"
"Default_Search_URL"="https://fr.search.yahoo.com/?fr=cb-hp06"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q="
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF"
"Search Bar"="https://fr.search.yahoo.com/?fr=cb-hp06"
--------------------\\ Recherche d'autres infections
C:\DOCUME~1\HP_ADM~1\LOCALS~1\APPLIC~1\vpdkapl_navfx.dat
[b]==> EGDACCESS <==/b
--------------------\\ KoobFace !
C:\WINDOWS\fmark2.dat
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Incomplete\T-290852-top spin 3 + crack by SND.zip
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Incomplete\T-399894-Crack for top spin 3 from ASTALAVISTA.exe
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Saved\Eminem Feat Dr. Dre & 50 Cent - Crack A Bottle.mp3
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Saved\mise a jour ipod touch 2.1_Crack.zip
1 - "C:\ToolBar SD\TB_1.txt" - 25/06/2009|23:51 - Option : [1]
-----------\\ Fin du rapport a 23:51:00,51
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : HP_Administrateur ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1169 [VPS 090625-0] 4.8.1169 (Activated)
C:\ (Local Disk) - NTFS - Total:226 Go (Free:88 Go)
D:\ (Local Disk) - FAT32 - Total:6 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 25/06/2009|23:47 )
-----------\\ Recherche de Fichiers / Dossiers ...
[Service] ASKService
[Service] ASKUpgrade
C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Cache
C:\Program Files\AskBarDis\bar\History
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\AskSplash.exe
C:\Program Files\AskBarDis\bar\bin\AskTBApp.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\Cache\26F198BC
C:\Program Files\AskBarDis\bar\Cache\26F19C27.bin
C:\Program Files\AskBarDis\bar\Cache\26F19DBD.bin
C:\Program Files\AskBarDis\bar\Cache\26F1A109.bin
C:\Program Files\AskBarDis\bar\Cache\26F1A55E.bin
C:\Program Files\AskBarDis\bar\Cache\26F1A85C.bin
C:\Program Files\AskBarDis\bar\Cache\26F1AA11.bin
C:\Program Files\AskBarDis\bar\Cache\26F1AB79.bin
C:\Program Files\AskBarDis\bar\Cache\files.ini
C:\Program Files\AskBarDis\bar\History\search
C:\Program Files\AskBarDis\bar\Settings\AskLogo.ico
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
C:\Program Files\AskBarDis\bar\Settings\prevcfg.htm
C:\Program Files\AskBarDis\bar\Settings\prevCfg2.htm
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@mywebsearch[2].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@try.starware[2].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@hosted.zango[1].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.zango[1].txt
C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@zango[2].txt
C:\WINDOWS\iun6002.exe
-----------\\ Extensions
(HP_Administrateur) - {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} => flashgot
(HP_Administrateur) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.vizzeo.fr/meteo"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Default_Page_URL"="https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF"
"Default_Search_URL"="https://fr.search.yahoo.com/?fr=cb-hp06"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q="
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF"
"Search Bar"="https://fr.search.yahoo.com/?fr=cb-hp06"
--------------------\\ Recherche d'autres infections
C:\DOCUME~1\HP_ADM~1\LOCALS~1\APPLIC~1\vpdkapl_navfx.dat
[b]==> EGDACCESS <==/b
--------------------\\ KoobFace !
C:\WINDOWS\fmark2.dat
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Incomplete\T-290852-top spin 3 + crack by SND.zip
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Incomplete\T-399894-Crack for top spin 3 from ASTALAVISTA.exe
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Saved\Eminem Feat Dr. Dre & 50 Cent - Crack A Bottle.mp3
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Saved\mise a jour ipod touch 2.1_Crack.zip
1 - "C:\ToolBar SD\TB_1.txt" - 25/06/2009|23:51 - Option : [1]
-----------\\ Fin du rapport a 23:51:00,51
Après avoir éxécuté l' option 2 voici le rapport:
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : HP_Administrateur ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1169 [VPS 090625-0] 4.8.1169 (Activated)
C:\ (Local Disk) - NTFS - Total:226 Go (Free:88 Go)
D:\ (Local Disk) - FAT32 - Total:6 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 26/06/2009| 0:09 )
-----------\\ SUPPRESSION
Supprime! - [Service] ASKService
Supprime! - [Service] ASKUpgrade
Supprime! - C:\Program Files\AskBarDis\bar
Supprime! - C:\Program Files\AskBarDis\unins000.dat
Supprime! - C:\Program Files\AskBarDis\unins000.exe
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@mywebsearch[2].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@try.starware[2].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@hosted.zango[1].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.zango[1].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@zango[2].txt
Supprime! - C:\WINDOWS\iun6002.exe
Supprime! - C:\Program Files\AskBarDis
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(HP_Administrateur) - {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} => flashgot
(HP_Administrateur) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.vizzeo.fr/meteo"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Default_Page_URL"="https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF"
"Default_Search_URL"="https://fr.search.yahoo.com/?fr=cb-hp06"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q="
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Bar"="https://fr.search.yahoo.com/?fr=cb-hp06"
--------------------\\ Recherche d'autres infections
C:\DOCUME~1\HP_ADM~1\LOCALS~1\APPLIC~1\vpdkapl_navfx.dat
[b]==> EGDACCESS <==/b
--------------------\\ KoobFace !
C:\WINDOWS\fmark2.dat
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Incomplete\T-290852-top spin 3 + crack by SND.zip
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Incomplete\T-399894-Crack for top spin 3 from ASTALAVISTA.exe
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Saved\Eminem Feat Dr. Dre & 50 Cent - Crack A Bottle.mp3
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Saved\mise a jour ipod touch 2.1_Crack.zip
1 - "C:\ToolBar SD\TB_1.txt" - 25/06/2009|23:51 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 26/06/2009| 0:14 - Option : [2]
-----------\\ Fin du rapport a 0:14:37,77
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.80GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : HP_Administrateur ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1169 [VPS 090625-0] 4.8.1169 (Activated)
C:\ (Local Disk) - NTFS - Total:226 Go (Free:88 Go)
D:\ (Local Disk) - FAT32 - Total:6 Go (Free:0 Go)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 26/06/2009| 0:09 )
-----------\\ SUPPRESSION
Supprime! - [Service] ASKService
Supprime! - [Service] ASKUpgrade
Supprime! - C:\Program Files\AskBarDis\bar
Supprime! - C:\Program Files\AskBarDis\unins000.dat
Supprime! - C:\Program Files\AskBarDis\unins000.exe
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@mywebsearch[2].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@try.starware[2].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@hosted.zango[1].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@www.zango[1].txt
Supprime! - C:\DOCUME~1\HP_ADM~1\Cookies\hp_administrateur@zango[2].txt
Supprime! - C:\WINDOWS\iun6002.exe
Supprime! - C:\Program Files\AskBarDis
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(HP_Administrateur) - {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} => flashgot
(HP_Administrateur) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.vizzeo.fr/meteo"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Default_Page_URL"="https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF"
"Default_Search_URL"="https://fr.search.yahoo.com/?fr=cb-hp06"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q="
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.msn.com/fr-fr/"
"Search Bar"="https://fr.search.yahoo.com/?fr=cb-hp06"
--------------------\\ Recherche d'autres infections
C:\DOCUME~1\HP_ADM~1\LOCALS~1\APPLIC~1\vpdkapl_navfx.dat
[b]==> EGDACCESS <==/b
--------------------\\ KoobFace !
C:\WINDOWS\fmark2.dat
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Incomplete\T-290852-top spin 3 + crack by SND.zip
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Incomplete\T-399894-Crack for top spin 3 from ASTALAVISTA.exe
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Saved\Eminem Feat Dr. Dre & 50 Cent - Crack A Bottle.mp3
C:\DOCUME~1\HP_ADM~1\Mes documents\LimeWire\Saved\mise a jour ipod touch 2.1_Crack.zip
1 - "C:\ToolBar SD\TB_1.txt" - 25/06/2009|23:51 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 26/06/2009| 0:14 - Option : [2]
-----------\\ Fin du rapport a 0:14:37,77
RE
*Telecharges Malwarebytes' Anti-Malware sur le bureau.
*Tu le lances, fais la mise a jour et un examen rapide.
*A la fin, clic sur Afficher les resultats et supprimer la selection, redemarres si c'est demande.
*Fais un copier/coller du rapport. S'il ne s'affiche pas tout seul, il est dans l'onglet Rapport/Log
A+
*Telecharges Malwarebytes' Anti-Malware sur le bureau.
*Tu le lances, fais la mise a jour et un examen rapide.
*A la fin, clic sur Afficher les resultats et supprimer la selection, redemarres si c'est demande.
*Fais un copier/coller du rapport. S'il ne s'affiche pas tout seul, il est dans l'onglet Rapport/Log
A+
Voici le rapport qe tu m' as précédemment demandé :
Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2335
Windows 5.1.2600 Service Pack 2
26/06/2009 00:54:31
mbam-log-2009-06-26 (00-54-31).txt
Type de recherche: Examen rapide
Eléments examinés: 116772
Temps écoulé: 21 minute(s), 51 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 15
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\x123.x123mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\x123.x123mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4ce93951-2a8f-4ee0-a4b1-c3f342536a5d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IGB (Rogue.Residue) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www.iesearch.com/) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\WINDOWS\system32\393340 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86 (Worm.Archive) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
c:\WINDOWS\system32\systemx86\189.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\systemx86\189.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\systemx86\190.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\systemx86\190.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\systemx86\191.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\systemx86\191.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\systemx86\192.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\systemx86\192.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\systemx86\193.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\systemx86\194.music.mp3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\systemx86\195.music2.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\systemx86\196.music.snd.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\fmark2.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\winrar_winrar_3.62_francais_anglais_9632.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\f49f4daa.dat (Worm.Koobface) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2335
Windows 5.1.2600 Service Pack 2
26/06/2009 00:54:31
mbam-log-2009-06-26 (00-54-31).txt
Type de recherche: Examen rapide
Eléments examinés: 116772
Temps écoulé: 21 minute(s), 51 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 15
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\x123.x123mgr (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\x123.x123mgr.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f7d09218-46d7-4d3d-9b7f-315204cd0836} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4ce93951-2a8f-4ee0-a4b1-c3f342536a5d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e63648f7-3933-440e-b4f6-a8584dd7b7eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IGB (Rogue.Residue) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\Local Page (Hijack.Search) -> Bad: (http://www.iesearch.com/) Good: (https://www.google.com/?gws_rd=ssl -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\WINDOWS\system32\393340 (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SystemX86 (Worm.Archive) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
c:\WINDOWS\system32\systemx86\189.crack.zip (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\systemx86\189.crack.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\systemx86\190.keygen.zip (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\systemx86\190.keygen.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\systemx86\191.serial.zip (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\systemx86\191.serial.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\systemx86\192.setup.zip (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\systemx86\192.setup.zip.kwd (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\systemx86\193.music.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\systemx86\194.music.mp3.kwd (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\systemx86\195.music2.au.kwd (Worm.Archive) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\systemx86\196.music.snd.kwd (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\fmark2.dat (Malware.Trace) -> Quarantined and deleted successfully.
c:\winrar_winrar_3.62_francais_anglais_9632.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\f49f4daa.dat (Worm.Koobface) -> Quarantined and deleted successfully.
RE
# Télécharges ComboFix (par sUBs) sur le Bureau.
# Désactives tes logiciels de protection avant de lancer Combofix.
# Double-cliques sur ComboFix.exe pour le lancer
# A l'apparition du message d'alerte, acceptez les conditions d'utilisation puis suivez les instructions.
# Il est vivement recommandé d'installer la Console de récupération ! (Sous XP)
# Le rapport sera créé dans : C:/Combofix.txt. Tu me fais un Copier/Coller de ce rapport dans un prochain message ci dessous.
# Réactives tes logiciels de protection.
---------------------------------------
Un Tuto a lire
A+
# Télécharges ComboFix (par sUBs) sur le Bureau.
# Désactives tes logiciels de protection avant de lancer Combofix.
# Double-cliques sur ComboFix.exe pour le lancer
# A l'apparition du message d'alerte, acceptez les conditions d'utilisation puis suivez les instructions.
# Il est vivement recommandé d'installer la Console de récupération ! (Sous XP)
# Le rapport sera créé dans : C:/Combofix.txt. Tu me fais un Copier/Coller de ce rapport dans un prochain message ci dessous.
# Réactives tes logiciels de protection.
---------------------------------------
Un Tuto a lire
A+
Le rapport de ComboFix :
ComboFix 09-06-25.01 - HP_Administrateur 26/06/2009 1:16.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1022.546 [GMT 2:00]
Lancé depuis: c:\program files\ComboFix.exe
AV: avast! antivirus 4.8.1169 [VPS 090625-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\1E9.tmp
c:\documents and settings\Administrateur\Application Data\0200000009ede4dd623C.manifest
c:\documents and settings\Administrateur\Application Data\0200000009ede4dd623O.manifest
c:\documents and settings\Administrateur\Application Data\0200000009ede4dd623P.manifest
c:\documents and settings\Administrateur\Application Data\0200000009ede4dd623S.manifest
c:\documents and settings\HP_Administrateur\Application Data\0200000009ede4dd623C.manifest
c:\documents and settings\HP_Administrateur\Application Data\0200000009ede4dd623O.manifest
c:\documents and settings\HP_Administrateur\Application Data\0200000009ede4dd623P.manifest
c:\documents and settings\HP_Administrateur\Application Data\0200000009ede4dd623S.manifest
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\vpdkapl_navfx.dat
c:\documents and settings\HP_Administrateur\Local Settings\Temp\1E9.tmp
c:\windows\kb913800.exe
c:\windows\system32\fxsroute32.dll
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\Microsoft\backup.ftp
c:\windows\system32\Microsoft\backup.tftp
c:\windows\system32\Process.exe
c:\windows\system32\YZeKy1ambt5Fhsk.vbs
D:\Autorun.inf
D:\Desktop.ini
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-25 au 2009-06-25 ))))))))))))))))))))))))))))))))))))
.
2009-06-25 23:14 . 2009-06-25 23:11 3041460 ----a-r- c:\program files\ComboFix.exe
2009-06-25 22:31 . 2009-06-25 22:31 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Malwarebytes
2009-06-25 22:31 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-25 22:31 . 2009-06-25 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-25 22:31 . 2009-06-25 22:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-25 22:31 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-25 21:47 . 2009-06-25 22:14 -------- d-----w- C:\ToolBar SD
2009-06-25 14:19 . 2009-06-25 14:19 -------- d-----w- c:\program files\iPod
2009-06-25 14:19 . 2009-06-25 14:20 -------- d-----w- c:\program files\iTunes
2009-06-25 14:17 . 2009-06-25 14:18 -------- d-----w- c:\program files\QuickTime
2009-06-24 14:32 . 2009-06-25 16:36 -------- d-----w- c:\program files\LimeWire
2009-06-18 13:55 . 2009-06-18 13:55 -------- d-----w- c:\program files\AskSearch
2009-06-13 13:54 . 2009-06-23 19:46 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\ppstream
2009-06-13 13:54 . 2009-06-25 23:53 -------- d-----w- c:\program files\PPStream
2009-06-05 11:57 . 2009-06-05 11:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-29 16:58 . 2009-05-29 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 16:34 . 2007-08-08 16:23 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\LimeWire
2009-06-25 14:19 . 2007-08-08 09:13 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-06-24 18:59 . 2008-03-09 16:58 -------- d-----w- c:\program files\Navilog1
2009-06-18 14:04 . 2007-08-25 14:54 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Azureus
2009-06-18 13:56 . 2007-09-23 17:01 7114736 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\Azureus\plugins\azemp\azmplay.exe
2009-06-18 13:55 . 2007-09-04 21:11 -------- d-----w- c:\program files\Azureus
2009-06-11 20:00 . 2008-05-17 10:19 -------- d-----w- c:\program files\Windows Live Safety Center
2009-05-29 16:58 . 2007-12-08 14:08 -------- d-----w- c:\program files\TVUPlayer
2009-05-22 13:05 . 2006-09-14 03:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-13 11:14 . 2008-04-09 10:45 -------- d-----w- c:\program files\Safari
2009-05-08 06:52 . 2009-05-08 06:52 2082104 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\1bk84eyy.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-05-07 15:43 . 2004-08-10 11:00 347136 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:31 . 2004-08-10 11:00 672256 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:31 . 2004-08-10 11:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-26 09:55 . 2009-04-26 09:55 3107690 ----a-w- c:\program files\eCarteBleue-BanquePopulaire.exe
2009-04-19 20:54 . 2007-01-15 18:10 1532 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\wklnhst.dat
2009-04-19 20:09 . 2004-08-10 11:00 1846784 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 01:16 . 2005-10-10 11:39 77908 ----a-w- c:\windows\system32\perfc00C.dat
2009-04-16 01:16 . 2005-10-10 11:39 475866 ----a-w- c:\windows\system32\perfh00C.dat
2009-04-15 15:17 . 2004-08-10 11:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2008-11-10 19:11 . 2008-11-10 19:11 251155156 ----a-r- c:\program files\iPod1,1_2.1_5F137_Restore.ipsw
2008-06-14 15:36 . 2008-06-14 15:36 545096 ----a-w- c:\program files\sharepod_sharepod_3.7_anglais_11207.zip
2008-05-14 11:22 . 2008-05-14 11:22 1577850 ----a-w- c:\program files\paint.net_3.31_francais_14651.zip
2008-05-01 13:06 . 2008-05-14 11:22 1602840 ----a-w- c:\program files\Paint.NET.3.31.exe
2008-03-12 11:44 . 2008-03-06 22:18 12202 ----a-w- c:\program files\hijackthis.log
2008-03-12 08:32 . 2008-03-12 08:32 311100 ----a-w- c:\program files\Lopxpsetup.exe
2008-03-06 22:17 . 2008-03-06 22:17 318369 ----a-w- c:\program files\HiJackThis.zip
2008-03-06 10:14 . 2008-03-06 10:14 13142699 ----a-w- c:\program files\FIFAManager08v1.0NoDVDFixedexeEng.rar
2008-03-05 20:32 . 2008-03-05 20:32 1512856 ----a-w- c:\program files\daemon408-x86.exe
2008-03-04 11:52 . 2008-03-04 11:51 21858 ----a-w- c:\program files\Fifa_Manager_08__PC-DVD___Multi6_[1].TPB.torrent
2008-02-20 11:51 . 2008-02-20 11:51 27251 ----a-w- c:\program files\Inside[1].Man.FRENCH.DVDSCR.XviD-LAST.avi [mininova].torrent
2008-02-14 18:15 . 2008-02-14 18:15 14281 ----a-w- c:\program files\Le[1].Labyrinthe.de.Pan.FRENCH.DVDRiP.REPACK.1CD.XviD-ELiTE.avi [mininova].torrent
2008-02-09 12:02 . 2008-02-09 12:02 366801 ----a-w- c:\program files\radio.blog.3.1.9.zip
2008-01-29 19:10 . 2008-01-29 19:10 3331072 ----a-w- c:\program files\AudioVideo_To_Exe(English).exe
2008-01-28 20:47 . 2008-01-28 20:47 14499 ----a-w- c:\program files\Oceans[1].Thirteen.13.FRENCH.DVDRip [mininova].torrent
2008-01-03 18:51 . 2008-01-03 18:51 1339608 ----a-w- c:\program files\virtualdub_virtualdub_1.7.6_anglais_10126.zip
2007-12-21 18:00 . 2007-12-21 18:00 31100 ----a-w- c:\program files\La_Vengeance_dans_la_peau_2007_DVDRIP_avi[www[1].btmon.com].torrent
2007-12-16 12:46 . 2007-12-16 12:46 112640 ----a-w- c:\program files\Expo Arch[1]...doc
2007-12-08 14:26 . 2007-12-08 14:26 3330963 ----a-w- c:\program files\SopCast-2.0.2.zip
2007-12-08 14:15 . 2007-12-08 14:15 2873464 ----a-w- c:\program files\TvantsSetup.exe
2007-09-08 15:55 . 2007-09-08 15:55 642796 ----a-w- c:\program files\XviD-1[1].1.3-28062007.exe
2007-09-04 21:11 . 2007-09-04 21:11 5435392 ----a-w- c:\program files\azureus_azureus_3.0.1.6_francais_11926.exe
2007-08-24 19:14 . 2007-08-24 19:14 2451968 ----a-w- c:\program files\USB50_WinXP.exe
2007-08-08 16:23 . 2007-08-08 16:23 3378848 ----a-w- c:\program files\LimeWireWin.exe
2007-06-28 13:36 . 2008-03-06 22:17 401720 ----a-w- c:\program files\HijackThis.exe
2007-04-27 14:36 . 2007-10-03 10:59 781 ----a-w- c:\program files\Readme.txt
2007-03-02 13:01 . 2007-03-02 13:00 13446648 ----a-w- c:\program files\avast_avast_4.7.942_francais_anglais_11113.exe
2006-06-26 01:19 . 2007-10-03 10:59 2388176 ----a-w- c:\program files\d3dx9_30.dll
2006-11-21 01:16 . 2006-12-06 16:12 22 --sha-w- c:\windows\SMINST\HPCD.SYS
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da30eff8-ccc6-4162-a20d-67402a26a215}]
2009-05-22 12:32 2094616 ----a-w- c:\program files\Best_Security_Tips\tbBes0.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-22 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-21 7622656]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"AOLSAV"="c:\progra~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-03-15 73728]
"AOLDialer"="c:\program files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 70952]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]
"HostManager"="c:\program files\Fichiers communs\AOL\1167515347\ee\AOLSoftware.exe" [2006-11-17 50736]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-02-13 35328]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-04-07 877568]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"VX6000"="c:\windows\vVX6000.exe" [2006-10-13 994096]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-10 136600]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2008-05-27 26112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-07-21 16261632]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-21 1519616]
c:\documents and settings\HP_Administrateur\Menu D‚marrer\Programmes\D‚marrage\
PPS.lnk - c:\program files\PPStream\PPStream.exe [2009-6-1 2512760]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
AOL 9.0 Ic“ne AOL.lnk - c:\program files\AOL 9.0a\aoltray.exe [2007-7-1 156784]
AOL Compagnon.lnk - c:\program files\AOL Compagnon\companion.exe [2006-12-30 255088]
e-Carte Bleue Banque Populaire.lnk - c:\program files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe [2009-4-26 278528]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
"c:\\Program Files\\AOL 9.0a\\waol.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\1167515347\\ee\\aolsoftware.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18164:TCP"= 18164:TCP:BitComet 18164 TCP
"18164:UDP"= 18164:UDP:BitComet 18164 UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04/05/2008 14:44 75856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/05/2008 14:44 20560]
R3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [01/07/2007 21:04 36256]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [30/06/2006 01:56 2383152]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - ATWPKT2
*Deregistered* - ATWPKT2
.
Contenu du dossier 'Tâches planifiées'
2009-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-06-25 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 16:36]
2009-06-25 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-ICQ - c:\program files\ICQ6.5\ICQ.exe
HKLM-Run-TkBellExe - c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
HKLM-Run-PCDrProfiler - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.vizzeo.fr/meteo
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
mWindow Title =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 01:53
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AOLSAV = c:\progra~1\TECHCI~1\AOLSAV\AOLAgent.exe?exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(2408)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSFR.DLL
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\wanmpsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Java\jre6\bin\jucheck.exe
c:\hp\KBD\kbd.exe
c:\windows\system\hpsysdrv.exe
.
**************************************************************************
.
Heure de fin: 2009-06-25 2:03 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-26 00:03
Avant-CF: 94 797 647 872 octets libres
Après-CF: 95 615 959 040 octets libres
276 --- E O F --- 2009-06-25 15:47
ComboFix 09-06-25.01 - HP_Administrateur 26/06/2009 1:16.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1022.546 [GMT 2:00]
Lancé depuis: c:\program files\ComboFix.exe
AV: avast! antivirus 4.8.1169 [VPS 090625-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\1E9.tmp
c:\documents and settings\Administrateur\Application Data\0200000009ede4dd623C.manifest
c:\documents and settings\Administrateur\Application Data\0200000009ede4dd623O.manifest
c:\documents and settings\Administrateur\Application Data\0200000009ede4dd623P.manifest
c:\documents and settings\Administrateur\Application Data\0200000009ede4dd623S.manifest
c:\documents and settings\HP_Administrateur\Application Data\0200000009ede4dd623C.manifest
c:\documents and settings\HP_Administrateur\Application Data\0200000009ede4dd623O.manifest
c:\documents and settings\HP_Administrateur\Application Data\0200000009ede4dd623P.manifest
c:\documents and settings\HP_Administrateur\Application Data\0200000009ede4dd623S.manifest
c:\documents and settings\HP_Administrateur\Local Settings\Application Data\vpdkapl_navfx.dat
c:\documents and settings\HP_Administrateur\Local Settings\Temp\1E9.tmp
c:\windows\kb913800.exe
c:\windows\system32\fxsroute32.dll
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\Microsoft\backup.ftp
c:\windows\system32\Microsoft\backup.tftp
c:\windows\system32\Process.exe
c:\windows\system32\YZeKy1ambt5Fhsk.vbs
D:\Autorun.inf
D:\Desktop.ini
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-25 au 2009-06-25 ))))))))))))))))))))))))))))))))))))
.
2009-06-25 23:14 . 2009-06-25 23:11 3041460 ----a-r- c:\program files\ComboFix.exe
2009-06-25 22:31 . 2009-06-25 22:31 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Malwarebytes
2009-06-25 22:31 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-25 22:31 . 2009-06-25 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-25 22:31 . 2009-06-25 22:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-25 22:31 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-25 21:47 . 2009-06-25 22:14 -------- d-----w- C:\ToolBar SD
2009-06-25 14:19 . 2009-06-25 14:19 -------- d-----w- c:\program files\iPod
2009-06-25 14:19 . 2009-06-25 14:20 -------- d-----w- c:\program files\iTunes
2009-06-25 14:17 . 2009-06-25 14:18 -------- d-----w- c:\program files\QuickTime
2009-06-24 14:32 . 2009-06-25 16:36 -------- d-----w- c:\program files\LimeWire
2009-06-18 13:55 . 2009-06-18 13:55 -------- d-----w- c:\program files\AskSearch
2009-06-13 13:54 . 2009-06-23 19:46 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\ppstream
2009-06-13 13:54 . 2009-06-25 23:53 -------- d-----w- c:\program files\PPStream
2009-06-05 11:57 . 2009-06-05 11:57 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-29 16:58 . 2009-05-29 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\TVU Networks
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 16:34 . 2007-08-08 16:23 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\LimeWire
2009-06-25 14:19 . 2007-08-08 09:13 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-06-24 18:59 . 2008-03-09 16:58 -------- d-----w- c:\program files\Navilog1
2009-06-18 14:04 . 2007-08-25 14:54 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Azureus
2009-06-18 13:56 . 2007-09-23 17:01 7114736 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\Azureus\plugins\azemp\azmplay.exe
2009-06-18 13:55 . 2007-09-04 21:11 -------- d-----w- c:\program files\Azureus
2009-06-11 20:00 . 2008-05-17 10:19 -------- d-----w- c:\program files\Windows Live Safety Center
2009-05-29 16:58 . 2007-12-08 14:08 -------- d-----w- c:\program files\TVUPlayer
2009-05-22 13:05 . 2006-09-14 03:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-13 11:14 . 2008-04-09 10:45 -------- d-----w- c:\program files\Safari
2009-05-08 06:52 . 2009-05-08 06:52 2082104 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\1bk84eyy.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-05-07 15:43 . 2004-08-10 11:00 347136 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:31 . 2004-08-10 11:00 672256 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:31 . 2004-08-10 11:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-26 09:55 . 2009-04-26 09:55 3107690 ----a-w- c:\program files\eCarteBleue-BanquePopulaire.exe
2009-04-19 20:54 . 2007-01-15 18:10 1532 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\wklnhst.dat
2009-04-19 20:09 . 2004-08-10 11:00 1846784 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 01:16 . 2005-10-10 11:39 77908 ----a-w- c:\windows\system32\perfc00C.dat
2009-04-16 01:16 . 2005-10-10 11:39 475866 ----a-w- c:\windows\system32\perfh00C.dat
2009-04-15 15:17 . 2004-08-10 11:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2008-11-10 19:11 . 2008-11-10 19:11 251155156 ----a-r- c:\program files\iPod1,1_2.1_5F137_Restore.ipsw
2008-06-14 15:36 . 2008-06-14 15:36 545096 ----a-w- c:\program files\sharepod_sharepod_3.7_anglais_11207.zip
2008-05-14 11:22 . 2008-05-14 11:22 1577850 ----a-w- c:\program files\paint.net_3.31_francais_14651.zip
2008-05-01 13:06 . 2008-05-14 11:22 1602840 ----a-w- c:\program files\Paint.NET.3.31.exe
2008-03-12 11:44 . 2008-03-06 22:18 12202 ----a-w- c:\program files\hijackthis.log
2008-03-12 08:32 . 2008-03-12 08:32 311100 ----a-w- c:\program files\Lopxpsetup.exe
2008-03-06 22:17 . 2008-03-06 22:17 318369 ----a-w- c:\program files\HiJackThis.zip
2008-03-06 10:14 . 2008-03-06 10:14 13142699 ----a-w- c:\program files\FIFAManager08v1.0NoDVDFixedexeEng.rar
2008-03-05 20:32 . 2008-03-05 20:32 1512856 ----a-w- c:\program files\daemon408-x86.exe
2008-03-04 11:52 . 2008-03-04 11:51 21858 ----a-w- c:\program files\Fifa_Manager_08__PC-DVD___Multi6_[1].TPB.torrent
2008-02-20 11:51 . 2008-02-20 11:51 27251 ----a-w- c:\program files\Inside[1].Man.FRENCH.DVDSCR.XviD-LAST.avi [mininova].torrent
2008-02-14 18:15 . 2008-02-14 18:15 14281 ----a-w- c:\program files\Le[1].Labyrinthe.de.Pan.FRENCH.DVDRiP.REPACK.1CD.XviD-ELiTE.avi [mininova].torrent
2008-02-09 12:02 . 2008-02-09 12:02 366801 ----a-w- c:\program files\radio.blog.3.1.9.zip
2008-01-29 19:10 . 2008-01-29 19:10 3331072 ----a-w- c:\program files\AudioVideo_To_Exe(English).exe
2008-01-28 20:47 . 2008-01-28 20:47 14499 ----a-w- c:\program files\Oceans[1].Thirteen.13.FRENCH.DVDRip [mininova].torrent
2008-01-03 18:51 . 2008-01-03 18:51 1339608 ----a-w- c:\program files\virtualdub_virtualdub_1.7.6_anglais_10126.zip
2007-12-21 18:00 . 2007-12-21 18:00 31100 ----a-w- c:\program files\La_Vengeance_dans_la_peau_2007_DVDRIP_avi[www[1].btmon.com].torrent
2007-12-16 12:46 . 2007-12-16 12:46 112640 ----a-w- c:\program files\Expo Arch[1]...doc
2007-12-08 14:26 . 2007-12-08 14:26 3330963 ----a-w- c:\program files\SopCast-2.0.2.zip
2007-12-08 14:15 . 2007-12-08 14:15 2873464 ----a-w- c:\program files\TvantsSetup.exe
2007-09-08 15:55 . 2007-09-08 15:55 642796 ----a-w- c:\program files\XviD-1[1].1.3-28062007.exe
2007-09-04 21:11 . 2007-09-04 21:11 5435392 ----a-w- c:\program files\azureus_azureus_3.0.1.6_francais_11926.exe
2007-08-24 19:14 . 2007-08-24 19:14 2451968 ----a-w- c:\program files\USB50_WinXP.exe
2007-08-08 16:23 . 2007-08-08 16:23 3378848 ----a-w- c:\program files\LimeWireWin.exe
2007-06-28 13:36 . 2008-03-06 22:17 401720 ----a-w- c:\program files\HijackThis.exe
2007-04-27 14:36 . 2007-10-03 10:59 781 ----a-w- c:\program files\Readme.txt
2007-03-02 13:01 . 2007-03-02 13:00 13446648 ----a-w- c:\program files\avast_avast_4.7.942_francais_anglais_11113.exe
2006-06-26 01:19 . 2007-10-03 10:59 2388176 ----a-w- c:\program files\d3dx9_30.dll
2006-11-21 01:16 . 2006-12-06 16:12 22 --sha-w- c:\windows\SMINST\HPCD.SYS
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da30eff8-ccc6-4162-a20d-67402a26a215}]
2009-05-22 12:32 2094616 ----a-w- c:\program files\Best_Security_Tips\tbBes0.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-03 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-22 143360]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-21 7622656]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"AOLSAV"="c:\progra~1\TECHCI~1\AOLSAV\AOLAgent.exe" [2004-03-15 73728]
"AOLDialer"="c:\program files\Fichiers communs\AOL\ACS\AOLDial.exe" [2007-06-21 70952]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]
"HostManager"="c:\program files\Fichiers communs\AOL\1167515347\ee\AOLSoftware.exe" [2006-11-17 50736]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-02-13 35328]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-04-07 877568]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"VX6000"="c:\windows\vVX6000.exe" [2006-10-13 994096]
"AppleSyncNotifier"="c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-10 136600]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2008-05-27 26112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-07-21 16261632]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-06-21 1519616]
c:\documents and settings\HP_Administrateur\Menu D‚marrer\Programmes\D‚marrage\
PPS.lnk - c:\program files\PPStream\PPStream.exe [2009-6-1 2512760]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
AOL 9.0 Ic“ne AOL.lnk - c:\program files\AOL 9.0a\aoltray.exe [2007-7-1 156784]
AOL Compagnon.lnk - c:\program files\AOL Compagnon\companion.exe [2006-12-30 255088]
e-Carte Bleue Banque Populaire.lnk - c:\program files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe [2009-4-26 278528]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
"c:\\Program Files\\AOL 9.0a\\waol.exe"=
"c:\\Program Files\\Fichiers communs\\AOL\\1167515347\\ee\\aolsoftware.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18164:TCP"= 18164:TCP:BitComet 18164 TCP
"18164:UDP"= 18164:UDP:BitComet 18164 UDP
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [04/05/2008 14:44 75856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [04/05/2008 14:44 20560]
R3 alcan5ln;SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);c:\windows\system32\drivers\alcan5ln.sys [01/07/2007 21:04 36256]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [30/06/2006 01:56 2383152]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe --> c:\program files\NOS\bin\getPlus_HelperSvc.exe [?]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - ATWPKT2
*Deregistered* - ATWPKT2
.
Contenu du dossier 'Tâches planifiées'
2009-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2009-06-25 c:\windows\Tasks\HPpromotions journeysoftware.job
- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 16:36]
2009-06-25 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-ICQ - c:\program files\ICQ6.5\ICQ.exe
HKLM-Run-TkBellExe - c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
HKLM-Run-PCDrProfiler - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.vizzeo.fr/meteo
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=64&bd=PAVILION&pf=desktop
mWindow Title =
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Recherche AOL Toolbar - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-26 01:53
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AOLSAV = c:\progra~1\TECHCI~1\AOLSAV\AOLAgent.exe?exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(2408)
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSFR.DLL
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\wanmpsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\ELService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\Java\jre6\bin\jucheck.exe
c:\hp\KBD\kbd.exe
c:\windows\system\hpsysdrv.exe
.
**************************************************************************
.
Heure de fin: 2009-06-25 2:03 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-06-26 00:03
Avant-CF: 94 797 647 872 octets libres
Après-CF: 95 615 959 040 octets libres
276 --- E O F --- 2009-06-25 15:47
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:41:20, on 25/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\AOL\1167515347\ee\AOLSoftware.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AOL 9.0a\aoltray.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AOL Compagnon\companion.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrateur\Local Settings\Temporary Internet Files\Content.IE5\IDYFQN0P\HiJackThis[1].exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vizzeo.fr/meteo
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=10611&gct=&gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBes0.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBes0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBes0.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1167515347\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: PPS.lnk = C:\Program Files\PPStream\PPStream.exe
O4 - Global Startup: AOL 9.0 Icône AOL.lnk = C:\Program Files\AOL 9.0a\aoltray.exe
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: e-Carte Bleue Banque Populaire.lnk = C:\Program Files\e-Carte Bleue Banque Populaire\ecbl-nxbp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\fxsroute32.dll
O20 - Winlogon Notify: 7c3786623 - C:\WINDOWS\System32\fxsroute32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: getPlus(R) Helper - Unknown owner - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCamSvc - Unknown owner - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe