ROOTKIT WIN32/CRYPTOR Please help !
Fermé
charlypolka
Messages postés
95
Date d'inscription
mercredi 16 septembre 2009
Statut
Membre
Dernière intervention
14 avril 2016
-
16 sept. 2009 à 22:30
charlypolka Messages postés 95 Date d'inscription mercredi 16 septembre 2009 Statut Membre Dernière intervention 14 avril 2016 - 3 oct. 2009 à 09:40
charlypolka Messages postés 95 Date d'inscription mercredi 16 septembre 2009 Statut Membre Dernière intervention 14 avril 2016 - 3 oct. 2009 à 09:40
A voir également:
- ROOTKIT WIN32/CRYPTOR Please help !
- Win32:malware-gen ✓ - Forum Virus
- Trojan win32 - Forum Virus
- Win32 pup gen ✓ - Forum Linux / Unix
- Puadimanager win32 ✓ - Forum Virus
- Télécharger win32 valide pour windows 7 gratuit - Forum Windows
20 réponses
Narco!4
Messages postés
2385
Date d'inscription
dimanche 25 janvier 2009
Statut
Contributeur
Dernière intervention
25 octobre 2012
467
16 sept. 2009 à 22:32
16 sept. 2009 à 22:32
Bonjour,
télécharge GenProc http://www.genproc.com/GenProc.exe
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
télécharge GenProc http://www.genproc.com/GenProc.exe
double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
Narco!4
Messages postés
2385
Date d'inscription
dimanche 25 janvier 2009
Statut
Contributeur
Dernière intervention
25 octobre 2012
467
17 sept. 2009 à 00:01
17 sept. 2009 à 00:01
Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
C:\Program Files\EsetOnlineScanner\log.txt
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
C:\Program Files\EsetOnlineScanner\log.txt
charlypolka
Messages postés
95
Date d'inscription
mercredi 16 septembre 2009
Statut
Membre
Dernière intervention
14 avril 2016
17 sept. 2009 à 21:03
17 sept. 2009 à 21:03
Salut Narco,
wow long le scan...voici le log :
ESETSmartInstaller@High as downloader log:
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=d2d84ebaafa5df41a025f284beaa6aac
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-09-16 09:52:28
# local_time=2009-09-16 11:52:28 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1036
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1026 21 83 100 11337910312500
# scanned=275
# found=0
# cleaned=0
# scan_time=33
# version=6
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=d2d84ebaafa5df41a025f284beaa6aac
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-09-17 06:38:52
# local_time=2009-09-17 08:38:52 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1036
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1026 21 83 100 12085755156250
# scanned=96533
# found=2
# cleaned=2
# scan_time=7969
C:\Documents and Settings\florent\Local Settings\Temp\UACff22.tmp Win32/Olmarik.LT virus (supprimé - mis en quarantaine) 00000000000000000000000000000000 C
C:\Program Files\xeron\player.php JS/TrojanDownloader.Agent.NED cheval de troie (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
Plutôt étrange qu'il met trouvé un autre virus. Je ne l'avais jamais vu lors des différents scans.
wow long le scan...voici le log :
ESETSmartInstaller@High as downloader log:
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=d2d84ebaafa5df41a025f284beaa6aac
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-09-16 09:52:28
# local_time=2009-09-16 11:52:28 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1036
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1026 21 83 100 11337910312500
# scanned=275
# found=0
# cleaned=0
# scan_time=33
# version=6
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=d2d84ebaafa5df41a025f284beaa6aac
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-09-17 06:38:52
# local_time=2009-09-17 08:38:52 (+0100, Paris, Madrid (heure d'été))
# country="France"
# lang=1036
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=1026 21 83 100 12085755156250
# scanned=96533
# found=2
# cleaned=2
# scan_time=7969
C:\Documents and Settings\florent\Local Settings\Temp\UACff22.tmp Win32/Olmarik.LT virus (supprimé - mis en quarantaine) 00000000000000000000000000000000 C
C:\Program Files\xeron\player.php JS/TrojanDownloader.Agent.NED cheval de troie (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
Plutôt étrange qu'il met trouvé un autre virus. Je ne l'avais jamais vu lors des différents scans.
Narco!4
Messages postés
2385
Date d'inscription
dimanche 25 janvier 2009
Statut
Contributeur
Dernière intervention
25 octobre 2012
467
18 sept. 2009 à 10:16
18 sept. 2009 à 10:16
des soucis?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
charlypolka
Messages postés
95
Date d'inscription
mercredi 16 septembre 2009
Statut
Membre
Dernière intervention
14 avril 2016
18 sept. 2009 à 10:45
18 sept. 2009 à 10:45
Salut,
oui j'ai toujours la même page de démarrage noire PHOENIX TRUSTED CORE avec un affichage me précisant que les BIOS sont cachés, que la mémoire vive est touchée et que l'ordi est corrompu...
Comment virer cette page de démarrage s'il te plaît, je ne sais que faire...
Merci :)
oui j'ai toujours la même page de démarrage noire PHOENIX TRUSTED CORE avec un affichage me précisant que les BIOS sont cachés, que la mémoire vive est touchée et que l'ordi est corrompu...
Comment virer cette page de démarrage s'il te plaît, je ne sais que faire...
Merci :)
Narco!4
Messages postés
2385
Date d'inscription
dimanche 25 janvier 2009
Statut
Contributeur
Dernière intervention
25 octobre 2012
467
18 sept. 2009 à 10:52
18 sept. 2009 à 10:52
[*] Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
[*] Double clique combofix.exe et suis les instructions.
[*] Installe la console de récupération si proposé et continue.
[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
[*] Double clique combofix.exe et suis les instructions.
[*] Installe la console de récupération si proposé et continue.
[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
charlypolka
Messages postés
95
Date d'inscription
mercredi 16 septembre 2009
Statut
Membre
Dernière intervention
14 avril 2016
18 sept. 2009 à 10:53
18 sept. 2009 à 10:53
OK, merci je te l'envoie ce soir car là je suis au boulot...
Bonne journée.
Bonne journée.
charlypolka
Messages postés
95
Date d'inscription
mercredi 16 septembre 2009
Statut
Membre
Dernière intervention
14 avril 2016
18 sept. 2009 à 18:24
18 sept. 2009 à 18:24
Salut Narco !
<Combofix me demande de désactiver AVG, je l'ai fait via "msconfig " dans les exécutables, puis j'ai redémarrer mais apparement le scan est toujours opérationnel, je ne voudrais pas prendre de risque comme le précise le logiciel.
As-tu une soluce stp ?
Merci.
ps : ds les options des démarrage de msconfig certains fichiers cochés type DLL et win 32 semblent bizarres, est-ce normal ?
<Combofix me demande de désactiver AVG, je l'ai fait via "msconfig " dans les exécutables, puis j'ai redémarrer mais apparement le scan est toujours opérationnel, je ne voudrais pas prendre de risque comme le précise le logiciel.
As-tu une soluce stp ?
Merci.
ps : ds les options des démarrage de msconfig certains fichiers cochés type DLL et win 32 semblent bizarres, est-ce normal ?
Narco!4
Messages postés
2385
Date d'inscription
dimanche 25 janvier 2009
Statut
Contributeur
Dernière intervention
25 octobre 2012
467
18 sept. 2009 à 18:27
18 sept. 2009 à 18:27
au message de combofix, clique sur ok
charlypolka
Messages postés
95
Date d'inscription
mercredi 16 septembre 2009
Statut
Membre
Dernière intervention
14 avril 2016
18 sept. 2009 à 18:42
18 sept. 2009 à 18:42
re :
voici le log :
ComboFix 09-09-17.04 - florent 18/09/2009 18:32.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2046.1440 [GMT 2:00]
Lancé depuis: c:\documents and settings\florent\Bureau\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrateur\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
c:\windows\Installer\aec79d.msp
c:\windows\kb913800.exe
c:\windows\system32\inf
c:\windows\system32\inf\MA_CMIDI.INF
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-18 au 2009-09-18 ))))))))))))))))))))))))))))))))))))
.
2009-09-17 16:17 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-09-17 16:17 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-16 19:15 . 2009-09-16 19:15 -------- d-----w- C:\GenProc
2009-09-16 17:11 . 2009-09-17 19:13 -------- d-----w- c:\documents and settings\florent\Tracing
2009-09-16 17:08 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-09-16 17:08 . 2009-09-16 17:08 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-16 17:04 . 2009-09-16 17:04 -------- d-----w- c:\program files\Microsoft
2009-09-16 17:04 . 2009-09-16 17:04 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-16 17:03 . 2009-09-16 17:08 -------- d-----w- c:\program files\Windows Live
2009-09-16 16:58 . 2009-09-16 16:58 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-09-15 20:23 . 2009-09-15 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-15 17:26 . 2009-09-18 16:36 801155168 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-15 17:17 . 2009-09-15 17:17 -------- d-----w- c:\documents and settings\florent\Application Data\Malwarebytes
2009-09-15 16:53 . 2009-09-15 16:53 -------- d-----w- c:\program files\Malwarebytes
2009-09-15 16:36 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-15 16:36 . 2009-09-15 17:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-15 16:36 . 2009-09-15 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-15 16:36 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-15 16:01 . 2009-09-16 16:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-14 21:59 . 2009-09-14 21:59 -------- d-s---w- c:\documents and settings\florent\UserData
2009-09-14 16:13 . 2009-06-21 22:06 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-09 10:00 . 2009-09-16 18:28 -------- d-----w- C:\$AVG8.VAULT$
2009-09-03 18:59 . 2009-09-03 18:59 -------- d-----w- c:\documents and settings\florent\Local Settings\Application Data\AVG Security Toolbar
2009-09-03 18:56 . 2009-09-03 18:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-03 18:56 . 2009-09-03 18:56 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-03 18:56 . 2009-09-03 18:56 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-03 18:56 . 2009-09-03 18:56 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-03 18:55 . 2009-09-18 15:59 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-03 18:55 . 2009-09-12 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-03 18:55 . 2009-09-03 18:55 -------- d-----w- c:\program files\AVG
2009-09-03 18:55 . 2009-09-03 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-30 09:26 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\04019243.sys
2009-08-28 19:10 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\93643346.sys
2009-08-22 15:44 . 2007-02-27 01:15 61984 ----a-w- c:\windows\system32\drivers\xusb21.sys
2009-08-22 15:44 . 2007-02-27 01:15 1421216 ----a-w- c:\windows\system32\WdfCoInstaller01001.dll
2009-08-22 15:43 . 2009-08-22 15:43 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2009-08-22 15:43 . 2006-09-28 14:04 68888 ----a-w- c:\windows\system32\xinput1_3.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-18 16:15 . 2009-09-15 17:26 9352916 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-17 22:14 . 2007-01-05 13:46 -------- d-----w- c:\program files\xeron
2009-09-16 17:10 . 2006-10-29 01:05 69384 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-15 20:23 . 2006-10-29 01:36 -------- d-----w- c:\program files\Google
2009-09-15 16:05 . 2006-10-29 01:38 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-15 16:05 . 2006-10-29 01:38 -------- d-----w- c:\program files\NetWaiting
2009-09-15 16:05 . 2006-10-29 01:28 -------- d-----w- c:\program files\Microsoft Works
2009-09-15 16:05 . 2007-03-15 15:00 -------- d-----w- c:\program files\LimeWire
2009-09-15 16:05 . 2006-10-29 01:26 -------- d-----w- c:\program files\FrenchOtto
2009-09-15 16:05 . 2008-08-01 18:57 -------- d-----w- c:\program files\DivX
2009-09-15 16:00 . 2007-09-16 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-14 21:11 . 2006-10-29 01:26 -------- d-----w- c:\program files\GemMasterFrench
2009-09-09 21:47 . 2006-12-16 19:14 90112 ----a-w- c:\windows\DUMP901a.tmp
2009-09-09 18:38 . 2007-01-31 15:14 1464 ----a-w- c:\documents and settings\florent\Application Data\wklnhst.dat
2009-08-23 22:03 . 2008-10-14 17:23 -------- d-----w- c:\documents and settings\florent\Application Data\uTorrent
2009-08-22 15:45 . 2009-08-22 15:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-08-22 15:45 . 2009-08-22 15:45 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2009-08-14 12:46 . 2009-08-14 12:46 -------- d-----w- c:\program files\ConvertHelper
2009-08-05 09:06 . 2006-03-25 04:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 18:56 . 2006-03-25 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 08:08 . 2006-03-25 04:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 11:01 . 2009-07-10 11:01 307560 ----a-w- c:\windows\WLXPGSS.SCR
2009-07-08 16:06 . 2009-07-08 16:04 127 ----a-w- c:\documents and settings\TEMP\Local Settings\Application Data\fusioncache.dat
2009-06-26 16:01 . 2006-03-25 04:00 672256 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:01 . 2006-03-25 04:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 18:36 . 2006-03-25 04:00 95744 ----a-w- c:\windows\system32\mqsec.dll
voici le log :
ComboFix 09-09-17.04 - florent 18/09/2009 18:32.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2046.1440 [GMT 2:00]
Lancé depuis: c:\documents and settings\florent\Bureau\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrateur\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
c:\windows\Installer\aec79d.msp
c:\windows\kb913800.exe
c:\windows\system32\inf
c:\windows\system32\inf\MA_CMIDI.INF
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-18 au 2009-09-18 ))))))))))))))))))))))))))))))))))))
.
2009-09-17 16:17 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-09-17 16:17 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-16 19:15 . 2009-09-16 19:15 -------- d-----w- C:\GenProc
2009-09-16 17:11 . 2009-09-17 19:13 -------- d-----w- c:\documents and settings\florent\Tracing
2009-09-16 17:08 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-09-16 17:08 . 2009-09-16 17:08 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-16 17:04 . 2009-09-16 17:04 -------- d-----w- c:\program files\Microsoft
2009-09-16 17:04 . 2009-09-16 17:04 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-16 17:03 . 2009-09-16 17:08 -------- d-----w- c:\program files\Windows Live
2009-09-16 16:58 . 2009-09-16 16:58 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-09-15 20:23 . 2009-09-15 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-15 17:26 . 2009-09-18 16:36 801155168 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-15 17:17 . 2009-09-15 17:17 -------- d-----w- c:\documents and settings\florent\Application Data\Malwarebytes
2009-09-15 16:53 . 2009-09-15 16:53 -------- d-----w- c:\program files\Malwarebytes
2009-09-15 16:36 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-15 16:36 . 2009-09-15 17:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-15 16:36 . 2009-09-15 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-15 16:36 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-15 16:01 . 2009-09-16 16:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-14 21:59 . 2009-09-14 21:59 -------- d-s---w- c:\documents and settings\florent\UserData
2009-09-14 16:13 . 2009-06-21 22:06 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-09 10:00 . 2009-09-16 18:28 -------- d-----w- C:\$AVG8.VAULT$
2009-09-03 18:59 . 2009-09-03 18:59 -------- d-----w- c:\documents and settings\florent\Local Settings\Application Data\AVG Security Toolbar
2009-09-03 18:56 . 2009-09-03 18:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-03 18:56 . 2009-09-03 18:56 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-03 18:56 . 2009-09-03 18:56 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-03 18:56 . 2009-09-03 18:56 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-03 18:55 . 2009-09-18 15:59 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-03 18:55 . 2009-09-12 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-03 18:55 . 2009-09-03 18:55 -------- d-----w- c:\program files\AVG
2009-09-03 18:55 . 2009-09-03 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-30 09:26 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\04019243.sys
2009-08-28 19:10 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\93643346.sys
2009-08-22 15:44 . 2007-02-27 01:15 61984 ----a-w- c:\windows\system32\drivers\xusb21.sys
2009-08-22 15:44 . 2007-02-27 01:15 1421216 ----a-w- c:\windows\system32\WdfCoInstaller01001.dll
2009-08-22 15:43 . 2009-08-22 15:43 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2009-08-22 15:43 . 2006-09-28 14:04 68888 ----a-w- c:\windows\system32\xinput1_3.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-18 16:15 . 2009-09-15 17:26 9352916 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-17 22:14 . 2007-01-05 13:46 -------- d-----w- c:\program files\xeron
2009-09-16 17:10 . 2006-10-29 01:05 69384 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-15 20:23 . 2006-10-29 01:36 -------- d-----w- c:\program files\Google
2009-09-15 16:05 . 2006-10-29 01:38 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-15 16:05 . 2006-10-29 01:38 -------- d-----w- c:\program files\NetWaiting
2009-09-15 16:05 . 2006-10-29 01:28 -------- d-----w- c:\program files\Microsoft Works
2009-09-15 16:05 . 2007-03-15 15:00 -------- d-----w- c:\program files\LimeWire
2009-09-15 16:05 . 2006-10-29 01:26 -------- d-----w- c:\program files\FrenchOtto
2009-09-15 16:05 . 2008-08-01 18:57 -------- d-----w- c:\program files\DivX
2009-09-15 16:00 . 2007-09-16 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-14 21:11 . 2006-10-29 01:26 -------- d-----w- c:\program files\GemMasterFrench
2009-09-09 21:47 . 2006-12-16 19:14 90112 ----a-w- c:\windows\DUMP901a.tmp
2009-09-09 18:38 . 2007-01-31 15:14 1464 ----a-w- c:\documents and settings\florent\Application Data\wklnhst.dat
2009-08-23 22:03 . 2008-10-14 17:23 -------- d-----w- c:\documents and settings\florent\Application Data\uTorrent
2009-08-22 15:45 . 2009-08-22 15:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-08-22 15:45 . 2009-08-22 15:45 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2009-08-14 12:46 . 2009-08-14 12:46 -------- d-----w- c:\program files\ConvertHelper
2009-08-05 09:06 . 2006-03-25 04:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 18:56 . 2006-03-25 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 08:08 . 2006-03-25 04:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 11:01 . 2009-07-10 11:01 307560 ----a-w- c:\windows\WLXPGSS.SCR
2009-07-08 16:06 . 2009-07-08 16:04 127 ----a-w- c:\documents and settings\TEMP\Local Settings\Application Data\fusioncache.dat
2009-06-26 16:01 . 2006-03-25 04:00 672256 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:01 . 2006-03-25 04:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 18:36 . 2006-03-25 04:00 95744 ----a-w- c:\windows\system32\mqsec.dll
charlypolka
Messages postés
95
Date d'inscription
mercredi 16 septembre 2009
Statut
Membre
Dernière intervention
14 avril 2016
18 sept. 2009 à 19:35
18 sept. 2009 à 19:35
Je viens de redémarrer, j'ai toujours le même pb...
Pour info vers la fin du scan, il y a eu une tentative de blocage.
Aussi j'ai un blocage récurrent du double clic sur le pavé du portable .
AU secccuuuuuuurrrrsss :) stp
Pour info vers la fin du scan, il y a eu une tentative de blocage.
Aussi j'ai un blocage récurrent du double clic sur le pavé du portable .
AU secccuuuuuuurrrrsss :) stp
Narco!4
Messages postés
2385
Date d'inscription
dimanche 25 janvier 2009
Statut
Contributeur
Dernière intervention
25 octobre 2012
467
18 sept. 2009 à 20:56
18 sept. 2009 à 20:56
Rapport incomplet
charlypolka
Messages postés
95
Date d'inscription
mercredi 16 septembre 2009
Statut
Membre
Dernière intervention
14 avril 2016
19 sept. 2009 à 19:09
19 sept. 2009 à 19:09
La suite :
ComboFix 09-09-17.04 - florent 18/09/2009 18:32.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2046.1440 [GMT 2:00]
Lancé depuis: c:\documents and settings\florent\Bureau\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrateur\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
c:\windows\Installer\aec79d.msp
c:\windows\kb913800.exe
c:\windows\system32\inf
c:\windows\system32\inf\MA_CMIDI.INF
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-18 au 2009-09-18 ))))))))))))))))))))))))))))))))))))
.
2009-09-17 16:17 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-09-17 16:17 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-16 19:15 . 2009-09-16 19:15 -------- d-----w- C:\GenProc
2009-09-16 17:11 . 2009-09-17 19:13 -------- d-----w- c:\documents and settings\florent\Tracing
2009-09-16 17:08 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-09-16 17:08 . 2009-09-16 17:08 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-16 17:04 . 2009-09-16 17:04 -------- d-----w- c:\program files\Microsoft
2009-09-16 17:04 . 2009-09-16 17:04 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-16 17:03 . 2009-09-16 17:08 -------- d-----w- c:\program files\Windows Live
2009-09-16 16:58 . 2009-09-16 16:58 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-09-15 20:23 . 2009-09-15 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-15 17:26 . 2009-09-18 16:36 801155168 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-15 17:17 . 2009-09-15 17:17 -------- d-----w- c:\documents and settings\florent\Application Data\Malwarebytes
2009-09-15 16:53 . 2009-09-15 16:53 -------- d-----w- c:\program files\Malwarebytes
2009-09-15 16:36 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-15 16:36 . 2009-09-15 17:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-15 16:36 . 2009-09-15 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-15 16:36 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-15 16:01 . 2009-09-16 16:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-14 21:59 . 2009-09-14 21:59 -------- d-s---w- c:\documents and settings\florent\UserData
2009-09-14 16:13 . 2009-06-21 22:06 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-09 10:00 . 2009-09-16 18:28 -------- d-----w- C:\$AVG8.VAULT$
2009-09-03 18:59 . 2009-09-03 18:59 -------- d-----w- c:\documents and settings\florent\Local Settings\Application Data\AVG Security Toolbar
2009-09-03 18:56 . 2009-09-03 18:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-03 18:56 . 2009-09-03 18:56 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-03 18:56 . 2009-09-03 18:56 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-03 18:56 . 2009-09-03 18:56 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-03 18:55 . 2009-09-18 15:59 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-03 18:55 . 2009-09-12 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-03 18:55 . 2009-09-03 18:55 -------- d-----w- c:\program files\AVG
2009-09-03 18:55 . 2009-09-03 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-30 09:26 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\04019243.sys
2009-08-28 19:10 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\93643346.sys
2009-08-22 15:44 . 2007-02-27 01:15 61984 ----a-w- c:\windows\system32\drivers\xusb21.sys
2009-08-22 15:44 . 2007-02-27 01:15 1421216 ----a-w- c:\windows\system32\WdfCoInstaller01001.dll
2009-08-22 15:43 . 2009-08-22 15:43 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2009-08-22 15:43 . 2006-09-28 14:04 68888 ----a-w- c:\windows\system32\xinput1_3.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-18 16:15 . 2009-09-15 17:26 9352916 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-17 22:14 . 2007-01-05 13:46 -------- d-----w- c:\program files\xeron
2009-09-16 17:10 . 2006-10-29 01:05 69384 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-15 20:23 . 2006-10-29 01:36 -------- d-----w- c:\program files\Google
2009-09-15 16:05 . 2006-10-29 01:38 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-15 16:05 . 2006-10-29 01:38 -------- d-----w- c:\program files\NetWaiting
2009-09-15 16:05 . 2006-10-29 01:28 -------- d-----w- c:\program files\Microsoft Works
2009-09-15 16:05 . 2007-03-15 15:00 -------- d-----w- c:\program files\LimeWire
2009-09-15 16:05 . 2006-10-29 01:26 -------- d-----w- c:\program files\FrenchOtto
2009-09-15 16:05 . 2008-08-01 18:57 -------- d-----w- c:\program files\DivX
2009-09-15 16:00 . 2007-09-16 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-14 21:11 . 2006-10-29 01:26 -------- d-----w- c:\program files\GemMasterFrench
2009-09-09 21:47 . 2006-12-16 19:14 90112 ----a-w- c:\windows\DUMP901a.tmp
2009-09-09 18:38 . 2007-01-31 15:14 1464 ----a-w- c:\documents and settings\florent\Application Data\wklnhst.dat
2009-08-23 22:03 . 2008-10-14 17:23 -------- d-----w- c:\documents and settings\florent\Application Data\uTorrent
2009-08-22 15:45 . 2009-08-22 15:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-08-22 15:45 . 2009-08-22 15:45 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2009-08-14 12:46 . 2009-08-14 12:46 -------- d-----w- c:\program files\ConvertHelper
2009-08-05 09:06 . 2006-03-25 04:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 18:56 . 2006-03-25 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 08:08 . 2006-03-25 04:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 11:01 . 2009-07-10 11:01 307560 ----a-w- c:\windows\WLXPGSS.SCR
2009-07-08 16:06 . 2009-07-08 16:04 127 ----a-w- c:\documents and settings\TEMP\Local Settings\Application Data\fusioncache.dat
2009-06-26 16:01 . 2006-03-25 04:00 672256 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:01 . 2006-03-25 04:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 18:36 . 2006-03-25 04:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2006-03-25 04:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2006-03-25 04:00 527360 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2006-03-25 04:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2006-03-25 04:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2006-03-25 04:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2006-03-25 04:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2006-03-25 04:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 18:36 . 2006-03-25 04:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2006-03-25 04:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2006-03-25 04:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2006-03-25 04:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 08:18 . 2006-03-25 04:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:18 . 2006-03-25 04:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:18 . 2006-03-25 04:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:18 . 2006-03-25 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:18 . 2006-03-25 04:00 736256 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:18 . 2006-03-25 04:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-22 11:49 . 2006-03-25 04:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2006-03-25 04:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2006-03-25 04:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2006-03-25 04:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:35 . 2006-03-25 04:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 07:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-04 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-02-13 734624]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\malware.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-20 1519616]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-02 61952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-25 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
hpoddt01.exe.lnk - c:\program files\HP\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Ralink Wireless Utility.lnk - c:\windows\RaUI.exe [2007-7-10 598016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-03 18:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
"midi2"=ma_cmidn.dll
[HKLM\~\startupfolder\C:^Documents and Settings^florent^Menu Démarrer^Programmes^Démarrage^YesMessenger.lnk]
path=c:\documents and settings\florent\Menu Démarrer\Programmes\Démarrage\YesMessenger.lnk
backup=c:\windows\pss\YesMessenger.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Soulseek-Test\\slsk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/09/2009 20:56 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/09/2009 20:56 108552]
R1 is-90E2Odrv;is-90E2Odrv;c:\windows\system32\drivers\93643346.sys [28/08/2009 21:10 148496]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/09/2009 20:55 297752]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [06/06/2006 22:39 61952]
S1 is-F5L4Jdrv;is-F5L4Jdrv;c:\windows\system32\drivers\04019243.sys [30/08/2009 11:26 148496]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/01/2007 19:31 42000]
.
Contenu du dossier 'Tâches planifiées'
2009-09-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
2009-09-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 20:23]
.
.
------- Examen supplémentaire -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.fr/
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://fr.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\florent\Application Data\Mozilla\Firefox\Profiles\i2q854v8.default\
FF - prefs.js: browser.search.selectedEngine - GoogleCOM
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - prefs.js: keyword.URL - hxxp://www.ffgoo.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
FF - user.js: browser.search.selectedEngine - GoogleCOM
FF - user.js: keyword.URL - hxxp://www.ffgoo.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-IMC - c:\program files\FriendFinder\FriendFinder Messenger 30\imc.exe
HKLM-Run-YeppStudioAgent - c:\program files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
AddRemove-HijackThis - c:\genproc\outil\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-18 18:36
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????\??????`?@?????L?@
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-09-18 18:38
ComboFix-quarantined-files.txt 2009-09-18 16:38
Avant-CF: 19 603 582 976 octets libres
Après-CF: 29 036 097 536 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
250 --- E O F --- 2009-09-17 22:22
ComboFix 09-09-17.04 - florent 18/09/2009 18:32.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2046.1440 [GMT 2:00]
Lancé depuis: c:\documents and settings\florent\Bureau\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrateur\Application Data\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
c:\windows\Installer\aec79d.msp
c:\windows\kb913800.exe
c:\windows\system32\inf
c:\windows\system32\inf\MA_CMIDI.INF
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-08-18 au 2009-09-18 ))))))))))))))))))))))))))))))))))))
.
2009-09-17 16:17 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-09-17 16:17 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-16 19:15 . 2009-09-16 19:15 -------- d-----w- C:\GenProc
2009-09-16 17:11 . 2009-09-17 19:13 -------- d-----w- c:\documents and settings\florent\Tracing
2009-09-16 17:08 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-09-16 17:08 . 2009-09-16 17:08 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-09-16 17:04 . 2009-09-16 17:04 -------- d-----w- c:\program files\Microsoft
2009-09-16 17:04 . 2009-09-16 17:04 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-16 17:03 . 2009-09-16 17:08 -------- d-----w- c:\program files\Windows Live
2009-09-16 16:58 . 2009-09-16 16:58 -------- d-----w- c:\program files\Fichiers communs\Windows Live
2009-09-15 20:23 . 2009-09-15 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-15 17:26 . 2009-09-18 16:36 801155168 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-15 17:17 . 2009-09-15 17:17 -------- d-----w- c:\documents and settings\florent\Application Data\Malwarebytes
2009-09-15 16:53 . 2009-09-15 16:53 -------- d-----w- c:\program files\Malwarebytes
2009-09-15 16:36 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-15 16:36 . 2009-09-15 17:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-15 16:36 . 2009-09-15 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-15 16:36 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-15 16:01 . 2009-09-16 16:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-14 21:59 . 2009-09-14 21:59 -------- d-s---w- c:\documents and settings\florent\UserData
2009-09-14 16:13 . 2009-06-21 22:06 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-09 10:00 . 2009-09-16 18:28 -------- d-----w- C:\$AVG8.VAULT$
2009-09-03 18:59 . 2009-09-03 18:59 -------- d-----w- c:\documents and settings\florent\Local Settings\Application Data\AVG Security Toolbar
2009-09-03 18:56 . 2009-09-03 18:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-03 18:56 . 2009-09-03 18:56 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-03 18:56 . 2009-09-03 18:56 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-03 18:56 . 2009-09-03 18:56 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-03 18:55 . 2009-09-18 15:59 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-03 18:55 . 2009-09-12 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-03 18:55 . 2009-09-03 18:55 -------- d-----w- c:\program files\AVG
2009-09-03 18:55 . 2009-09-03 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-30 09:26 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\04019243.sys
2009-08-28 19:10 . 2008-07-08 12:54 148496 ----a-w- c:\windows\system32\drivers\93643346.sys
2009-08-22 15:44 . 2007-02-27 01:15 61984 ----a-w- c:\windows\system32\drivers\xusb21.sys
2009-08-22 15:44 . 2007-02-27 01:15 1421216 ----a-w- c:\windows\system32\WdfCoInstaller01001.dll
2009-08-22 15:43 . 2009-08-22 15:43 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2009-08-22 15:43 . 2006-09-28 14:04 68888 ----a-w- c:\windows\system32\xinput1_3.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-18 16:15 . 2009-09-15 17:26 9352916 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-17 22:14 . 2007-01-05 13:46 -------- d-----w- c:\program files\xeron
2009-09-16 17:10 . 2006-10-29 01:05 69384 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-15 20:23 . 2006-10-29 01:36 -------- d-----w- c:\program files\Google
2009-09-15 16:05 . 2006-10-29 01:38 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-15 16:05 . 2006-10-29 01:38 -------- d-----w- c:\program files\NetWaiting
2009-09-15 16:05 . 2006-10-29 01:28 -------- d-----w- c:\program files\Microsoft Works
2009-09-15 16:05 . 2007-03-15 15:00 -------- d-----w- c:\program files\LimeWire
2009-09-15 16:05 . 2006-10-29 01:26 -------- d-----w- c:\program files\FrenchOtto
2009-09-15 16:05 . 2008-08-01 18:57 -------- d-----w- c:\program files\DivX
2009-09-15 16:00 . 2007-09-16 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-09-14 21:11 . 2006-10-29 01:26 -------- d-----w- c:\program files\GemMasterFrench
2009-09-09 21:47 . 2006-12-16 19:14 90112 ----a-w- c:\windows\DUMP901a.tmp
2009-09-09 18:38 . 2007-01-31 15:14 1464 ----a-w- c:\documents and settings\florent\Application Data\wklnhst.dat
2009-08-23 22:03 . 2008-10-14 17:23 -------- d-----w- c:\documents and settings\florent\Application Data\uTorrent
2009-08-22 15:45 . 2009-08-22 15:45 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-08-22 15:45 . 2009-08-22 15:45 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2009-08-14 12:46 . 2009-08-14 12:46 -------- d-----w- c:\program files\ConvertHelper
2009-08-05 09:06 . 2006-03-25 04:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-26 14:44 . 2009-07-26 14:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 18:56 . 2006-03-25 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 08:08 . 2006-03-25 04:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 11:01 . 2009-07-10 11:01 307560 ----a-w- c:\windows\WLXPGSS.SCR
2009-07-08 16:06 . 2009-07-08 16:04 127 ----a-w- c:\documents and settings\TEMP\Local Settings\Application Data\fusioncache.dat
2009-06-26 16:01 . 2006-03-25 04:00 672256 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:01 . 2006-03-25 04:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-25 18:36 . 2006-03-25 04:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2006-03-25 04:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2006-03-25 04:00 527360 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2006-03-25 04:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2006-03-25 04:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2006-03-25 04:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2006-03-25 04:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2006-03-25 04:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 18:36 . 2006-03-25 04:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2006-03-25 04:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2006-03-25 04:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2006-03-25 04:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 08:18 . 2006-03-25 04:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:18 . 2006-03-25 04:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:18 . 2006-03-25 04:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:18 . 2006-03-25 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:18 . 2006-03-25 04:00 736256 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:18 . 2006-03-25 04:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-22 11:49 . 2006-03-25 04:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2006-03-25 04:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2006-03-25 04:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2006-03-25 04:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:35 . 2006-03-25 04:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 07:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-04 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-07-19 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-23 487424]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-02-13 734624]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\malware.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-07-20 1519616]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2009-06-25 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-02 61952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-25 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
hpoddt01.exe.lnk - c:\program files\HP\Digital Imaging\bin\hpotdd01.exe [2003-4-9 28672]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Ralink Wireless Utility.lnk - c:\windows\RaUI.exe [2007-7-10 598016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-03 18:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
"midi2"=ma_cmidn.dll
[HKLM\~\startupfolder\C:^Documents and Settings^florent^Menu Démarrer^Programmes^Démarrage^YesMessenger.lnk]
path=c:\documents and settings\florent\Menu Démarrer\Programmes\Démarrage\YesMessenger.lnk
backup=c:\windows\pss\YesMessenger.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Soulseek-Test\\slsk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/09/2009 20:56 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/09/2009 20:56 108552]
R1 is-90E2Odrv;is-90E2Odrv;c:\windows\system32\drivers\93643346.sys [28/08/2009 21:10 148496]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/09/2009 20:55 297752]
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\drivers\5U870CAP.sys [06/06/2006 22:39 61952]
S1 is-F5L4Jdrv;is-F5L4Jdrv;c:\windows\system32\drivers\04019243.sys [30/08/2009 11:26 148496]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/01/2007 19:31 42000]
.
Contenu du dossier 'Tâches planifiées'
2009-09-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
2009-09-18 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 20:23]
.
.
------- Examen supplémentaire -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.fr/
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://fr.yahoo.com
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_FR&c=64&bd=pavilion&pf=laptop
uSearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\florent\Application Data\Mozilla\Firefox\Profiles\i2q854v8.default\
FF - prefs.js: browser.search.selectedEngine - GoogleCOM
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - prefs.js: keyword.URL - hxxp://www.ffgoo.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
FF - user.js: browser.search.selectedEngine - GoogleCOM
FF - user.js: keyword.URL - hxxp://www.ffgoo.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-IMC - c:\program files\FriendFinder\FriendFinder Messenger 30\imc.exe
HKLM-Run-YeppStudioAgent - c:\program files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
AddRemove-HijackThis - c:\genproc\outil\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-18 18:36
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????\??????`?@?????L?@
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2009-09-18 18:38
ComboFix-quarantined-files.txt 2009-09-18 16:38
Avant-CF: 19 603 582 976 octets libres
Après-CF: 29 036 097 536 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
250 --- E O F --- 2009-09-17 22:22
charlypolka
Messages postés
95
Date d'inscription
mercredi 16 septembre 2009
Statut
Membre
Dernière intervention
14 avril 2016
28 sept. 2009 à 08:20
28 sept. 2009 à 08:20
Salut Narco !
Qu'en penses-tu ?
Qu'en penses-tu ?
Narco!4
Messages postés
2385
Date d'inscription
dimanche 25 janvier 2009
Statut
Contributeur
Dernière intervention
25 octobre 2012
467
29 sept. 2009 à 21:56
29 sept. 2009 à 21:56
relance genproc
charlypolka
Messages postés
95
Date d'inscription
mercredi 16 septembre 2009
Statut
Membre
Dernière intervention
14 avril 2016
30 sept. 2009 à 18:18
30 sept. 2009 à 18:18
Salut !
voici le rapport :
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\RaUI.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\GenProc\outil\florent_GenProc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\malware.exe" /runcleanupscript
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-90E2O.lnk = C:\Documents and Settings\florent\Bureau\Virus Removal Tool\is-90E2O\startup.exe
O4 - Startup: is-F5L4J.lnk = C:\Documents and Settings\florent\Bureau\Virus Removal Tool1\is-F5L4J\startup.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\WINDOWS\RaUI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
voici le rapport :
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\RaUI.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\GenProc\outil\florent_GenProc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\malware.exe" /runcleanupscript
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-90E2O.lnk = C:\Documents and Settings\florent\Bureau\Virus Removal Tool\is-90E2O\startup.exe
O4 - Startup: is-F5L4J.lnk = C:\Documents and Settings\florent\Bureau\Virus Removal Tool1\is-F5L4J\startup.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\WINDOWS\RaUI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
Narco!4
Messages postés
2385
Date d'inscription
dimanche 25 janvier 2009
Statut
Contributeur
Dernière intervention
25 octobre 2012
467
30 sept. 2009 à 19:37
30 sept. 2009 à 19:37
entier
charlypolka
Messages postés
95
Date d'inscription
mercredi 16 septembre 2009
Statut
Membre
Dernière intervention
14 avril 2016
30 sept. 2009 à 21:01
30 sept. 2009 à 21:01
?
J'ai un deuxième rapport mais c'est le même...
Je dois relancer Nod32 ?
Merci.
J'ai un deuxième rapport mais c'est le même...
Je dois relancer Nod32 ?
Merci.
Narco!4
Messages postés
2385
Date d'inscription
dimanche 25 janvier 2009
Statut
Contributeur
Dernière intervention
25 octobre 2012
467
30 sept. 2009 à 21:05
30 sept. 2009 à 21:05
poste ce rapport https://www.micro-astuce.com/securite/NanoScan-Panda.php
charlypolka
Messages postés
95
Date d'inscription
mercredi 16 septembre 2009
Statut
Membre
Dernière intervention
14 avril 2016
3 oct. 2009 à 09:40
3 oct. 2009 à 09:40
Salut Narco,
j'ai quelques soucis avec ce scan car je n'ai jamais dépassé les 26% et ça dure des heures.
Aurais-tu une autre solution stp ?
Merci.
j'ai quelques soucis avec ce scan car je n'ai jamais dépassé les 26% et ça dure des heures.
Aurais-tu une autre solution stp ?
Merci.
16 sept. 2009 à 22:35
j'ai essayé plusieurs de te poster le rapport mais cela ne fonctionnait pas...
Le voici :
Rapport GenProc 2.627 [1] - 16/09/2009 à 21:15:51
@ Windows XP Service Pack 2 - Mode normal
@ Mozilla Firefox (3.0.14) [Navigateur par défaut]
GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :
Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
C:\Program Files\EsetOnlineScanner\log.txt
~~~~ INFORMATION COMPLEMENTAIRE ~~~~
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:17:02, on 16/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\RaUI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\GenProc\outil\florent_GenProc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr9/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [EdenFlirt] C:\Program Files\Eden Flirt\EdenFlirt.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\malware.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [IMC] C:\Program Files\FriendFinder\FriendFinder Messenger 30\imc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: is-90E2O.lnk = C:\Documents and Settings\florent\Bureau\Virus Removal Tool\is-90E2O\startup.exe
O4 - Startup: is-F5L4J.lnk = C:\Documents and Settings\florent\Bureau\Virus Removal Tool1\is-F5L4J\startup.exe
O4 - Startup: YesMessenger.lnk = C:\Program Files\YesMessenger\YesMessenger.exe
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\WINDOWS\RaUI.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe