Sujet Précédent Sujet Suivant

Freedy 65 / 63

Ikaz -  
 Ikaz -
Bonjour,
Je viens de remarquer que j'ai Freedy65 et Freedy63 sur mon pc, est-ce que c'est un virus ?
Merci d'avance pour vos réponses.

36 réponses

Précédent
  • 1
  • 2
Réponse 21 / 36
Ikaz
 
nettoyage de disque en cours, mais quand je le fais d'habitude, mon pc s'éteint tout seul d'un coup, c'est obligé de le faire ou c'est pas nécessaire ?
0
Réponse 22 / 36
Ikaz
 
qu'est-ce que je dois faire une fois terminé ?
0
Réponse 23 / 36
Utilisateur anonyme
 
poste son rapport sur ton prochain message stp
0
Réponse 24 / 36
Ikaz
 
ca m'a ouvert une page, ils mont écrit sur usbfix: envoyez le fichier (nom du fichier compliqué)
et sur la page:

Vous avez utilisé UsbFix, ou on vous a demandé d'utiliser UsbFix.
Pendant son nettoyage, UsbFix a récolté certains fichiers infectieux.
Nous vous demandons de nous les faire parvenir pour des futures mises à jour, ainsi que pour un meilleur traitement des infections.
Nous vous remercions pour votre contribution.

je dois refaire un rapport ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 36
Ikaz
 
############################## | UsbFix V6.034 |

User : Bendjebel (Administrateurs) # PACKARDBELL
Update on 17/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 11:58:57 | 19/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Intel(R) Pentium(R) 4 CPU 1.60GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.11
Windows Firewall Status : Enabled

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local # 9,77 Go (878,29 Mo free) [WindowsXP] # NTFS
D:\ -> Disque fixe local # 46,13 Go (5,21 Go free) [Docs] # NTFS
E:\ -> Disque CD-ROM

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\sYSteM32\SvchOst.eXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

C:\autorun.inf
D:\autorun.inf

################## | Registre # Clés Run infectieuses |

################## | Registre # Mountpoints2 |

################## | ! Fin du rapport # UsbFix V6.034 ! |
0
Réponse 26 / 36
Utilisateur anonyme
 
poste le rapport en copier coller sur ton prochain message
0
Réponse 27 / 36
kevin05 Messages postés 3814 Date d'inscription   Statut Contributeur sécurité Dernière intervention   147
 
Re.

Fais moi ceci :

* Télécharge OtmoveIT (de Old_Timer) sur ton Bureau

(c est le numéro 7 en bas de la page) :

* Double-clique sur OTMoveIt.exe pour le lancer.

* Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.

* Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.

:processes
explorer.exe

:services
XDva214
XDva168
EPLPDX01

:reg

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"sysldtray"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"sysfbtray"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"system tool"=-

:files
c:\WINDOWS\rdr_1253207025.exe
C:\WINDOWS\sber17.exe
c:\windows\ld14.exe
c:\windows\freddy65.exe
c:\windows\sysguard.exe
C:\autorun.inf
D:\autorun.inf

:Commands
[emptytemp]
[purity]
[start explorer]
[Reboot]

# clique sur MoveIt! pour lancer la suppression.

# Le résultat apparaitra dans le cadre "Results".

# Clique sur Exit pour fermer.

# Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

# Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

0
Réponse 28 / 36
Ikaz
 
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========

Service\Driver XDva214 deleted successfully.

Service\Driver XDva168 deleted successfully.

Service\Driver EPLPDX01 deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersio­n\Run not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysfbtray deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\system tool deleted successfully.
========== FILES ==========
c:\WINDOWS\rdr_1253207025.exe moved successfully.
C:\WINDOWS\sber17.exe moved successfully.
File/Folder c:\windows\ld14.exe not found.
File/Folder c:\windows\freddy65.exe not found.
File/Folder c:\windows\sysguard.exe not found.
C:\autorun.inf moved successfully.
Folder move failed. D:\autorun.inf scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 9381888 bytes
->Temporary Internet Files folder emptied: 120130 bytes

User: All Users

User: Bendjebel
->Temp folder emptied: 214287 bytes
->Temporary Internet Files folder emptied: 25279119 bytes
->Java cache emptied: 53095635 bytes
->FireFox cache emptied: 43628720 bytes
->Apple Safari cache emptied: 91547361 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Les Bendjebels
->Temp folder emptied: 49666 bytes
->Temporary Internet Files folder emptied: 205815 bytes

User: LocalService
->Temp folder emptied: 115616 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 14984 bytes
->Temporary Internet Files folder emptied: 65686633 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\048298C9A4D3490B9FF9AB023A9238F3.TMP folder deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 1504185 bytes
%systemroot%\System32 .tmp files removed: 1110016 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 278,49 mb

OTM by OldTimer - Version 3.0.0.6 log created on 09192009_120806

Files moved on Reboot...
Folder move failed. D:\autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...
0
Réponse 29 / 36
kevin05 Messages postés 3814 Date d'inscription   Statut Contributeur sécurité Dernière intervention   147
 
Nickel :)

Poste un nouveau rapport rsit stp.
0
Réponse 30 / 36
Ikaz
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by Bendjebel at 2009-09-19 12:29:29
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 1 GB (12%) free of 10 GB
Total RAM: 383 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:58, on 19/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\sYSteM32\SvchOst.eXE
C:\WINDOWS\notepad.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Bendjebel\Bureau\RSIT.exe
C:\Program Files\trend micro\Bendjebel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.avast.com/store?verb=register-home&lang=fre
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BearFlix] "D:\Program Files\BearFlix\BearFlix.exe" /pause
O4 - HKLM\..\Run: [TrayServer] D:\Program Files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
O4 - HKLM\..\Run: [Virtual PDF Printer] D:\Program Files\Virtual PDF Printer\VirtualPDFPrinter.exe
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld14.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [iMeshInstall] C:\DOCUME~1\BENDJE~1\LOCALS~1\Temp\iMeshInstallLauncher.exe /Launch='"C:\DOCUME~1\BENDJE~1\LOCALS~1\Temp\NSC1B0~1.EXE" /N'
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless G USB Adapter Client Utility.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Bendjebel\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {33DFB28A-9792-4AFC-B594-D589365DF67D} (Bahu Photo Uploader) - https://bahu.com/BahuPhotoUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {76EE578D-314B-4755-8365-6E1722C001A2} (Bahu Photo Uploader) - https://bahu.com/BahuPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://workplace.quintiles.com/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - D:\Nouveau dossier\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
0
Réponse 31 / 36
kevin05 Messages postés 3814 Date d'inscription   Statut Contributeur sécurité Dernière intervention   147
 
Arf..


/!\ Désactive tous tes logiciels de protection /!\

• Télécharge ComboFix (de sUBs) sur ton Bureau.
• Fais un clic-droit sur ComboFix.exe ( pour vista : choisis "Exécuter en temps qu'administrateur".
Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Tutoriel officiel de Combofix
0
Réponse 32 / 36
Ikaz
 
ComboFix 09-09-18.02 - Bendjebel 19/09/2009 12:58.1.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.383.115 [GMT 2:00]
Lancé depuis: c:\documents and settings\Bendjebel\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DDnsFilter
c:\program files\DDnsFilter\DDnsFilter.dll
c:\windows\010112010146101105.rx
c:\windows\010112010146116101.xe
c:\windows\0101120101465050.xe
c:\windows\0101120101465249.xe
c:\windows\0101120101465254.xe
c:\windows\0101120101465349.xe
c:\windows\0101120101465354.xe
c:\windows\0101120101465549.xe
c:\windows\bf23567.dat
c:\windows\Installer\100660.msi
c:\windows\Installer\1030c8a.msi
c:\windows\Installer\112e43.msi
c:\windows\Installer\11e9d4.msi
c:\windows\Installer\11ec69.msi
c:\windows\Installer\11ef8b.msi
c:\windows\Installer\14a625e.msp
c:\windows\Installer\14be2f3.msi
c:\windows\Installer\1594269.msp
c:\windows\Installer\16b9ad3.msi
c:\windows\Installer\1855d17.msi
c:\windows\Installer\1a29dad.msi
c:\windows\Installer\1c73a7.msi
c:\windows\Installer\1ebe0db.msi
c:\windows\Installer\20d13d1.msi
c:\windows\Installer\253e3ea.msi
c:\windows\Installer\253e3f0.msi
c:\windows\Installer\253e3f7.msi
c:\windows\Installer\253e3fe.msi
c:\windows\Installer\253e404.msi
c:\windows\Installer\253e40a.msi
c:\windows\Installer\253e410.msi
c:\windows\Installer\253e416.msi
c:\windows\Installer\253e41d.msi
c:\windows\Installer\253e424.msi
c:\windows\Installer\253e42b.msi
c:\windows\Installer\253e431.msi
c:\windows\Installer\253e438.msi
c:\windows\Installer\253e43f.msi
c:\windows\Installer\253e446.msi
c:\windows\Installer\253e44d.msi
c:\windows\Installer\253e466.msi
c:\windows\Installer\25b50de.msi
c:\windows\Installer\264d9d.msp
c:\windows\Installer\26aa08.msp
c:\windows\Installer\27065f5.msi
c:\windows\Installer\2a38f6f.msp
c:\windows\Installer\2a38f83.msp
c:\windows\Installer\2a38f8a.msi
c:\windows\Installer\30f2f8b.msp
c:\windows\Installer\316bdb3.msi
c:\windows\Installer\31fd5d1.msp
c:\windows\Installer\31fd5d2.msp
c:\windows\Installer\31fd5d3.msp
c:\windows\Installer\31fd5d4.msp
c:\windows\Installer\31fd5d5.msp
c:\windows\Installer\31fd5d6.msp
c:\windows\Installer\31fd5d7.msp
c:\windows\Installer\31fd5d8.msp
c:\windows\Installer\31fd5d9.msp
c:\windows\Installer\3427bf1.msi
c:\windows\Installer\3624c55.msp
c:\windows\Installer\377d30.msi
c:\windows\Installer\377d36.msi
c:\windows\Installer\377d3d.msp
c:\windows\Installer\3950241.msi
c:\windows\Installer\3eb201.msp
c:\windows\Installer\3eb211.msp
c:\windows\Installer\3eb23d.msp
c:\windows\Installer\40aa4d0.msp
c:\windows\Installer\40f743d.msi
c:\windows\Installer\40f7443.msi
c:\windows\Installer\4221eb0.msp
c:\windows\Installer\4e8038.msi
c:\windows\Installer\4f83a6.msi
c:\windows\Installer\5581fc.msi
c:\windows\Installer\5d57f.msi
c:\windows\Installer\5fcfc.msp
c:\windows\Installer\61bd80.msi
c:\windows\Installer\62a789.msi
c:\windows\Installer\65833d9.msp
c:\windows\Installer\6754ae.msi
c:\windows\Installer\6754af.msp
c:\windows\Installer\6754b0.msp
c:\windows\Installer\6754b1.msp
c:\windows\Installer\6754b2.msp
c:\windows\Installer\6754b3.msp
c:\windows\Installer\6754b4.msp
c:\windows\Installer\6754b5.msp
c:\windows\Installer\6754b6.msp
c:\windows\Installer\6754b7.msp
c:\windows\Installer\68b11ff.msp
c:\windows\Installer\68b1200.msp
c:\windows\Installer\68b1201.msp
c:\windows\Installer\68b1202.msp
c:\windows\Installer\68b1203.msp
c:\windows\Installer\68b1204.msp
c:\windows\Installer\68b1205.msp
c:\windows\Installer\68b1206.msp
c:\windows\Installer\68b1207.msp
c:\windows\Installer\72f3ea.msi
c:\windows\Installer\72f3eb.msp
c:\windows\Installer\72f3ec.msp
c:\windows\Installer\72f3ed.msp
c:\windows\Installer\72f3ee.msp
c:\windows\Installer\72f3ef.msp
c:\windows\Installer\72f3f0.msp
c:\windows\Installer\72f3f1.msp
c:\windows\Installer\72f3f2.msp
c:\windows\Installer\72f3f3.msp
c:\windows\Installer\72f3f4.msp
c:\windows\Installer\743ad2b.msi
c:\windows\Installer\77421e.msi
c:\windows\Installer\77422d.msp
c:\windows\Installer\774238.msp
c:\windows\Installer\774244.msp
c:\windows\Installer\7ecf1.msp
c:\windows\Installer\814e0.msi
c:\windows\Installer\814e6.msi
c:\windows\Installer\814f2.msi
c:\windows\Installer\814fe.msi
c:\windows\Installer\81526.msi
c:\windows\Installer\88ddd64.msi
c:\windows\Installer\88ddd75.msi
c:\windows\Installer\88ddd87.msi
c:\windows\Installer\88ddd90.msi
c:\windows\Installer\88dddb6.msi
c:\windows\Installer\88dddd6.msi
c:\windows\Installer\907172.msi
c:\windows\Installer\907173.msp
c:\windows\Installer\907174.msp
c:\windows\Installer\907175.msp
c:\windows\Installer\907176.msp
c:\windows\Installer\907177.msp
c:\windows\Installer\90718b.msi
c:\windows\Installer\90718c.msp
c:\windows\Installer\90718d.msp
c:\windows\Installer\90718e.msp
c:\windows\Installer\90718f.msp
c:\windows\Installer\907190.msp
c:\windows\Installer\907191.msp
c:\windows\Installer\907192.msp
c:\windows\Installer\907199.msi
c:\windows\Installer\9f86408.msi
c:\windows\Installer\a25c8c.msi
c:\windows\Installer\c1d3b.msp
c:\windows\Installer\c40123.msp
c:\windows\Installer\c4012c.msp
c:\windows\Installer\ca2c2.msi
c:\windows\Installer\d94c7fd.msi
c:\windows\Installer\eb8ccd.msi
c:\windows\Installer\ed38d.msi
c:\windows\Installer\ed552b.msi
c:\windows\zaponce52597.dat
c:\windows\zaponce52689.dat

c:\windows\system32\proquota.exe était absent
Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DDNSFILTER
-------\Legacy_PODMENA
-------\Legacy_PODMENADRV
-------\Service_ddnsfilter
-------\Service_podmena
-------\Service_SfX

((((((((((((((((((((((((((((( Fichiers créés du 2009-08-19 au 2009-09-19 ))))))))))))))))))))))))))))))))))))
.

2009-09-19 10:08 . 2009-09-19 10:08 -------- dc----w- C:\_OTM
2009-09-19 09:03 . 2009-09-19 10:00 -------- dc----w- C:\UsbFix
2009-09-19 08:30 . 2009-09-19 10:29 -------- dc----w- c:\program files\trend micro
2009-09-19 08:29 . 2009-09-19 08:30 -------- dc----w- C:\rsit
2009-09-17 17:04 . 2009-09-17 17:04 37504 -c--a-w- c:\windows\system32\drivers\FILTER.sys
2009-09-17 17:03 . 2009-09-17 17:03 1 -c-h--w- c:\windows\nlmark2.dat
2009-09-17 17:03 . 2009-09-17 17:03 1 -c-h--w- c:\windows\hpm2.dat
2009-09-17 17:03 . 2009-09-17 17:03 1 -c-h--w- c:\windows\bk23567.dat
2009-09-17 17:03 . 2009-09-17 17:03 1 -c-h--w- c:\windows\mmsmark2.dat
2009-09-17 17:03 . 2009-09-17 17:03 1 -c-h--w- c:\windows\bx4657.dat
2009-09-10 01:14 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-08-27 11:44 . 2009-08-27 11:50 -------- dc----w- c:\documents and settings\Bendjebel\Application Data\gtk-2.0
2009-08-27 11:38 . 2009-08-27 11:38 -------- dc----w- c:\documents and settings\Bendjebel\.fontconfig
2009-08-27 11:38 . 2009-08-27 13:59 -------- dc----w- c:\documents and settings\Bendjebel\.gimp-2.6

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 17:12 . 2009-06-16 02:52 -------- dc----w- c:\program files\Microsoft Silverlight
2009-09-10 16:56 . 2008-11-13 12:11 -------- dc----w- c:\documents and settings\Bendjebel\Application Data\Free Download Manager
2009-09-10 15:06 . 2009-05-14 20:12 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-31 19:29 . 2009-08-04 18:40 -------- dc----w- c:\documents and settings\Bendjebel\Application Data\FileZilla
2009-08-27 14:59 . 2008-08-04 01:13 -------- dc----w- c:\program files\InterActual
2009-08-27 08:36 . 2009-01-23 19:54 -------- dc----w- c:\documents and settings\Bendjebel\Application Data\Skype
2009-08-12 15:22 . 2009-01-23 19:57 -------- dc----w- c:\documents and settings\Bendjebel\Application Data\skypePM
2009-08-10 00:40 . 2009-08-10 00:40 64444 -c-ha-w- c:\windows\system32\mlfcache.dat
2009-08-08 20:25 . 2008-11-17 00:06 -------- dc----w- c:\documents and settings\Bendjebel\Application Data\Apple Computer
2009-08-08 15:54 . 2009-08-08 15:52 -------- dc----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-08 15:53 . 2009-08-08 15:53 -------- dc----w- c:\program files\iPod
2009-08-08 15:53 . 2008-12-27 13:05 -------- dc----w- c:\program files\Fichiers communs\Apple
2009-08-08 15:43 . 2008-12-27 13:05 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-07 08:23 . 2009-01-26 22:11 -------- dc----w- c:\program files\Fichiers communs\Symantec Shared
2009-08-07 08:23 . 2007-09-27 18:22 -------- dc----w- c:\program files\Windows Desktop Search
2009-08-07 00:42 . 2001-08-28 12:00 85644 ----a-w- c:\windows\system32\perfc00C.dat
2009-08-07 00:42 . 2001-08-28 12:00 513498 ----a-w- c:\windows\system32\perfh00C.dat
2009-08-05 09:00 . 2001-08-28 12:00 205312 -c--a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:03 . 2001-08-28 12:00 58880 -c--a-w- c:\windows\system32\atl.dll
2009-07-13 21:43 . 2004-08-10 23:45 286208 -c--a-w- c:\windows\system32\wmpdxm.dll
2009-07-11 09:22 . 2008-02-13 12:43 92704 -c--a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-07-09 10:16 . 2009-04-11 16:21 39424 -c--a-w- c:\windows\system32\drivers\usbaapl.sys
2009-07-09 10:16 . 2009-04-11 16:21 2060288 -c--a-w- c:\windows\system32\usbaaplrc.dll
2009-07-03 10:13 . 2009-06-05 18:03 21035 -c--a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-29 15:57 . 2004-08-23 17:16 827392 -c--a-w- c:\windows\system32\wininet.dll
2009-06-29 15:57 . 2009-06-16 12:38 78336 -c--a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:57 . 2001-08-28 12:00 17408 -c--a-w- c:\windows\system32\corpol.dll
2009-06-25 08:26 . 2001-08-28 12:00 736768 -c--a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:26 . 2001-08-28 12:00 56832 -c--a-w- c:\windows\system32\secur32.dll
2009-06-25 08:26 . 2001-08-28 12:00 54272 -c--a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:26 . 2001-08-28 12:00 147456 -c--a-w- c:\windows\system32\schannel.dll
2009-06-25 08:26 . 2001-08-28 12:00 136192 -c--a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:26 . 2001-08-28 12:00 301568 -c--a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2001-08-28 12:00 92928 -c--a-w- c:\windows\system32\drivers\ksecdd.sys
2009-04-15 20:24 . 2009-04-15 20:24 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Belkin Wireless G USB Adapter Client Utility.lnk - c:\program files\Belkin\F5D7050v5\Belkinwcui.exe [2009-7-3 1564672]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:ddnsfilter

R3 fbxusb;FreeBox USB Network Adapter;c:\windows\system32\DRIVERS\fbxusb.sys [2003-12-31 18848]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\DRIVERS\rt2870.sys [2008-04-21 564480]
S1 Filter;Filter;c:\windows\system32\drivers\Filter.sys [2009-09-17 37504]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\DRIVERS\EAPPkt.sys [2006-11-15 38144]
S3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\DRIVERS\BLKWGU.sys [2007-06-01 238848]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ddnsfilter REG_MULTI_SZ ddnsfilter
.
Contenu du dossier 'Tâches planifiées'

2009-09-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Examen supplémentaire -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.avast.com/go.php?verb=register-home&lang=fre
uInternet Settings,ProxyOverride = *.local
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xporter vers Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Bendjebel\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
DPF: {33DFB28A-9792-4AFC-B594-D589365DF67D} - hxxp://www.bahu.com/BahuPhotoUploader.cab
DPF: {76EE578D-314B-4755-8365-6E1722C001A2} - hxxp://www.bahu.com/BahuPhotoUploader.cab
FF - ProfilePath - c:\documents and settings\Bendjebel\Application Data\Mozilla\Firefox\Profiles\6lpewvkd.default\
FF - prefs.js: browser.startup.homepage - www.google.fr
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdrmv2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwmsdrm.dll
FF - plugin: d:\acrobat 6.0\Reader\browser\nppdf32.dll
FF - plugin: d:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: d:\program files\DivX\DivX Web Player\npdivx32.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-BearFlix - d:\program files\BearFlix\BearFlix.exe
HKLM-Run-TrayServer - d:\program files\MAGIX\Video_deluxe_2008_e-version\TrayServer.exe
HKLM-Run-Virtual PDF Printer - d:\program files\Virtual PDF Printer\VirtualPDFPrinter.exe
HKLM-Run-Logitech Hardware Abstraction Layer - KHALMNPR.EXE
ShellExecuteHooks-{56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
AddRemove-HaaliMkx - d:\program files\Mirage-Team Encoder Pack\filtres\haali\uninstall.exe
AddRemove-{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE} - c:\program files\InstallShield Installation Information\{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}\setup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-19 13:19
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"?????????????????"=multi:"?\02?????????????? ??\00\00\00\00\00\00\00\00\00\00\00??System.ServiceModel.Internal.TransactionBridge\00SP.??? ????\00\00è?\01\00\00\00?ž??\03\00?Û?\00??\0e\00\00\00\1c\00^\00\\A\0e\00???????o??System.ServiceModel.Internal.TransactionBridge\00\00\01\00??? ????\00\008?\00\00\00\00????\03\00?Û?\00??\00\00\00\00\1c\00Â\00ft\07\00???0X?Microsoft.Transactions.Bridge, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a\00D??System.ServiceModel.Internal.TransactionBridge\00oso??? ????\00\00?\04\01\00\00\00????\01\00?è?\00??\1c\00\00\00\00\006\00eb&\00???????????????????0??? ????\00\00??\00\00\00\00????\02\00?Û?\00??\00\00\00\00\1c\008\00DO\0e\00???????o??c:\\WINDOWS\\system32\\evr.dll\00P.??? ????\00\00?\02\00\00\00\00????\01\00?æ?\00??\00\00\00\00\0a\00N\00?\00\07\00??????{63CE6D27-426A-41F9-8E51-549C1132DAE2}\00308??? ????\00\00?\04\02\00\00\00?é??\02\00?Ü?\00??\1c\00\00\00\0a\00N\00?\00&\00???????????????????N??? ????\00\00??\00\00\00\00????\02\00?Û?\00??\00\00\00\00\1c\00n\00ym\0e\00???????\00??c:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\WPF\\PenIMC.dll\00ame??? ????\00\00?\04\01\00\00\00?ž??\01\00?d?\00??\1c\00\00\00\00\000\00\01\00&\00??????????????????????? ????\00\00??\00\00\00\00????\02\00?Û?\00??\00\00\00\00\1c\008\000.\0e\00???????.??c:\\WINDOWS\\system32\\evr.dll\00vi??? ????\00\00?\02\00\00\00\00????\03\008Û?\00??\00\00\00\00\18\00\"\00??&\00???????????????????c??? ????\00\00?ž\00\00\00\00????\01\00?è?\00??\00\00\00\00\00\00F\00NE\06\00???d???i??????MS.Internal.IO.Packaging.XpsFilter\00\00? ??? ????\00\00?\00\01\00\00\00?å??\01\00?è?\00??\0a\00\00\00\00\00$\00\\M\14\00??????????\\F??? ????\00\00?+\02\00\00\00?Š??\01\00?è?\00?? \00\00\00\00\00\1a\00il&\00???????????????????z??? ????\00\00?\00\00\00\00\00????\01\00?è?\00??\00\00\00\00\00\00,\00??\0e\00??????????? ????\00\00?\00\04\00\00\00?w??\06\00?W?\00??\16\00\00\00 \00`\000.\14\00??????????ne??? ????\00\00??\02\00\00\00?u??\00\00???\00??\08\00\00\00\00\00\00\00??\05\00??l????\01??????? ????\00\00??\01\00\00\00????\00\00???\00??\0e\00\00\00\00\00\00\00AS\04\00??TW???????\01??? ????\00\00??\00\00\00\00????\01\00?è?\00??\00\00\00\00\00\00J\00ce\07\00???d???\01??????\"%WinDir%\\System32\\notepad.exe\" \"%1\"\00???? ????\00\00?\04\02\00\00\00?b??\06\00?é?\00??\16\00\00\00P\00X\00\\v&\00???????????????????u???(\04?\09\00\04\00\01e???????????????????????\1c\12\00??\01\00\01???????????????C???Internal\00c??@c:\\WINDOWS\\system32\\icardres.dll.mui,-4098\00nF??@c:\\WINDOWS\\system32\\icardres.dll.mui,-4097\00\01\00??MF Bit Blt Video Presenter\00Mic??? ????\00\00??\00\00\00\00????\01\00?é?\00??\00\00\00\00\00\00.\00NE\06\00???d??PenIMC.PimcSurrogate.2\00cal??? ????\00\00?\00\01\00\00\00?ž??\01\00?J?\00??\0a\00\00\00\00\00(\00è\00\16\00??????????????? ????\00\00??\00\00\00\00????\01\00?é?\00??\00\00\00\00\00\00N\00ET\05\00??De??{967696C6-354C-4B5C-9CC8-BD9E1C480C77}\00gat??{63CE6D27-426A-41F9-8E51-549C1132DAE2}\00\00C???? ????\00\00?\04\01\00\00\00?Ü??\01\00?é?\00??\1c\00\00\00\00\00&\000.&\00???????????????????s??????ra\08\00o\00?? ??\00\00\00\00\00\00\00\00\00\00\00???\0a\04?\00\00\04\00\01\00???????????\02???????\01???\09\04?\00\00\04\00\01c????et.N???\09\12\00??\01\00\01k????d.50??20090616\00W???\01T\00??\02\00\01????????\0b\1a\00??\01\00\01\\?????er.??WPF_Other_32\00????\0b4\00??\01\00\01???????????https://www.microsoft.com/fr-fr/\00???¹?¹?ž??????????7\\??? &\00??\01\00\01d??????????????????:local.1;:#local.1\00urc???\08\04?\00\00\04\00\01¬??????????????? ????\00\00?´\01\00\00\00????\00\00???\00??\14\00\00\00\00\00\00\00gr \00??????????????????? ????\00\00??\02\00\00\00????\02\00?ž?\00??\0a\00\00\00\1c\00\\\00NT\0a\00?????\00D:??WPF_Other_32.msp\00???? ????\00\00??\00\00\00\00????\01\00???\00??\00\00\00\00\02\00T\00M\00\03\00?t? ??d:\\fc84df9ad43f4219da47811c50\\dotnetfx30\\\00??? ????\00\00??\00\00\00\00????\01\00???\00??\00\00\00\00\06\00\04\0010\05\00??aI???\03\04?;\00\01\00\01??9? ???\0e\\\00??\02\00\01???????????n;1;d:\\fc84df9ad43f4219da47811c50\\dotnetfx30\\\00??? ????\00\00?´\00\00\00\00????\01\00???|??\00\00\00\00\18\00@\00ul \00???????????????????\0c@\00??\01\00\01???????IN??c:\\WINDOWS\\Installer\\72f3f4.msp\0050???\08\04?\00\00\04\00\01???????Microsoft .NET Framework 3.0 Service Pack 2\006D???\0bB\00??\01\00\010?????e6\00??7D7B493552CF5E547BDE21ACF308D36F\00F???\08\04?\00\00\04\00\019???????\07\04??^\04\00\012???n???\02???????????\0a\04?\01\00\04\00\01A?????B\00E???\0e\04??\00\04\00\01D???????B???\01\06\00??\01\00\01????????\0c\04?\00\00\04\00\014??????48???\10\04?\00\00\04\00\011??????????????????????????????? ????\00\00??\00\00\00\00????\01\00???|??\00\00\00\00@\00\02\00?\00 \00??????????????????? \02?\00\00\01\00\010??????????????????? ????\00\00??\02\00\00\00????\02\00?z?|??\0a\00\00\00\1c\00\\\00A5\0a\00?????D0F???\0b\"\00??\01\00\014?????eE8??netfx30a_x86.msi\007??? ????\00\00??\00\00\00\00????\01\00???|??\00\00\00\00\02\00T\0061\03\00?tE8???\01T\00??\02\00\01818BE??d:\\fc84df9ad43f4219da47811c50\\dotnetfx30\\\00???\02???????\01??;1\00124??:\00\00\00\00\00??\06\00?????????\00?\00???????????????????????????????? ???????????? ? ? ???????????????? ???????????????? ?????????? ???\00\00\02\00\01\00\04\00\02\00\02\00\03\00?????????\00?\00????????? ?????????? ? ? ? ???????????????? ???????????????????????????? ??\00\00\00\00\00\00A\00?\00??????????? ?????????? ? ? ? ???????????????? ???????????????????????????? ??\00\00\00\00\00\00A\00?\00??????????????????????? ???????????? ? ? ???????????????? ???????????????? ?????????? ???\00\00\00\00\00\00?????????\00?\00??????? ?????????? ? ? ? ???????????????? ???????????????????????????? ??\00\00\01\00\01\00\02\00\05\00\02\00A\00?\00????????????????????? ?????????? ? ? ? ???????????????? ???????????????? ?????????? ???\00\00\00\00\00\00?\00????\0b\04?\01\00\04\00\01Ž?????W?Ž???\09\04?\07\00\04\00\01Ž????4Ž8Ž???\0a\04?\01\00\04\00\01Ž?????Ž?Ž??group\00???\08\04?\00\00\04\00\01?????\08\00?????\0bX\00??\01\00\01??????????????????\00\00\00\00\00\00\00\00\00\00\00??? ????\00\00??\00\00\00\00????\01\00?é?\00??\00\00\00\00\00\00N\00\\v\10\00??????????{54A05253-96FA-4B98-B8FD-9534D7255914}\00\\Ap??? ????\00\00?\04\01\00\00\00????\01\00?ë?\00??\1c\00\00\00\00\004\00px&\00??????????????????????? ????\00\00??\00\00\00\00????\02\00?å?\00??\00\00\00\00\1c\008\00ET\0e\00???????k???\01??????c:\\WINDOWS\\system32\\evr.dll\00\004??? ????\00\00?+\02\00\00\00?I??\01\00?'?\00?? \00\00\00\00\00\18\00DO&\00???????????????????e??? ????\00\00??\00\00\00\00????\01\00?ë?\00??\00\00\00\00\00\00\06\00\\S\0a\00?????\\Pe???\01??????? ????\00\00?\04\01\00\00\00????\01\00?i?\00??\1c\00\00\00\00\00 \00\01\00&\00???????????????????:??? ????\00\00??\00\00\00\00????\02\00?å?\00??\00\00\00\00\1c\00n\00\01\00\0e\00???????????\01??????c:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\WPF\\PenIMC.dll\00040??? ????\00\00?\04\01\00\00\00????\01\00?÷?\00??\1c\00\00\00\00\00\1e\00??&\00???????????????????c??? ????\00\00??\00\00\00\00????\01\00?÷?\00??\00\00\00\00\00\00N\00IG\05\00??Ds??{14D4CBD9-7490-4F25-BAA6-1C5E22F6B1E3}\00?????? ????\00\00?\04\02\00\00\00?i??\01\00?J?\00??\1c\00\00\00\00\00$\00ra&\00???????????????????n??? ????\00\00??\00\00\00\00????\02\00?å?\00??\00\00\00\00\1c\00n\00??\0e\00???????N???\01??????c:\\WINDOWS\\Microsoft.NET\\Framework\\v3.0\\WPF\\PenIMC.dll\00\00????? ????\00\00??\00\00\00\00????\01\00?û?\00??\00\00\00\00\00\00N\00ro\10\00??????????{54A05253-96FA-4B98-B8FD-9534D7255914}\00\00????? ????\00\00??\00\00\00\00????\01\00?û?\00??\00\00\00\00\00\00\04\00ro\0a\00?????T\\F??? ????\00\00?+\02\00\00\00?T??\01\00?ü?\00?? \00\00\00\00\00\1a\00\00\00&\00??????????????????????? ????\00\00??\00\00\00\00????\01\00?A?\00??\00\00\00\00\00\00N\00ra\10\00??????????{54A05253-96FA-4B98-B8FD-9534D7255914}\00?????Enhanced Video Renderer\00ic??? ????\00\00??\00\00\00\00????\01\00?I?\00??\00\00\00\00\00\00N\00et\10\00??????????{54A05253-96FA-4B98-B8FD-9534D7255914}\00WIN??? ????\00\00??\00\00\00\00????\01\00?i?\00??\00\00\00\00\00\00*\0072\06\00???n??? ????\00\00??\00\00\00\00????\01\00?š?\00??\00\00\00\00\00\00\04\00??\0a\00?????\00C???? ????\00\00??\00\00\00\00????\02\00?å?\00??\00\00\00\00\1c\008\000.\0e\00???????.??c:\\WINDOWS\\system32\\evr.dll\00dm??? ????\00\00??\00\00\00\00????\01\00?T?\00??\00\00\00\00\00\00\04\00??\0a\00?????WIN??? ????\00\00?\00\01\00\00\00????\01\00?W?\00??\0a\00\00\00\00\00F\0072\"\00?????????????????les??? ????\00\00??\00\00\00\00????\01\00?T?\00??\00\00\00\00\00\00N\00\01\00\05\00??????{0B8732A6-AF74-498C-A251-9DC86B0538B0}\00\00\00\00??? ????\00\00?ž\00\00\00\00????\01\00?U?\00??\00\00\00\00\00\00R\00gr\0d\00??????2F??c:\\WINDOWS\\system32\\PresentationHost.exe\00I??? ????\00\00?ž\00\00\00\00????\01\00?u?\00??\00\00\00\00\00\00\04\00??\09\00????tWIN??? ????\00\00?ž\00\00\00\00????\01\00?U?\00??\00\00\00\00\00\00V\0072\10\00??????????\"c:\\WINDOWS\\system32\\PresentationHost.exe\"\00?????? ????\00\00??\00\00\00\00????\01\00?U?\00??\00\00\00\00\00\00N\00Mi\05\00??Df??{CF1BF3B6-7AD0-4410-996B-C78EAFCD3269}\00\00\01d??{A9A9AA2F-CAA7-4A6F-95D2-769C556E325B}\00.AD??????2,0,50727,0\00?R?????????????\00\00\00\00\00\00\00\00\00\00\00??? ????\00\00??\00\00\00\00????\02\00?ß?\00??\00\00\00\00\1c\008\00re\0e\00???????\\??c:\\WINDOWS\\system32\\evr.dll\00ic??? ????\00\00?+\02\00\00\00?û??\01\00+÷?\00?? \00\00\00\00\00\1e\00.5&\00???????????????????\\???\01??????Tearless Window Presenter\00??? ????\00\00?}\00\00\00\00????\01\00?i?|??\00\00\00\00@\00\08\00\08\00 \00??????????????????? ????\00\00?\05\00\00\00\00????\01\00?U?\00??\00\00\00\00\00\00N\00\01\00\11\00??????????????? ????\00\00?\00\02\00\00\00?Ž??\02\00?æ?\00??\16\00\00\00 \00`\00\02?\15\00??????????????? ????\00\00??\01\00\00\00????\00\00???\00??\08\00\00\00\00\00\00\00?\00\05\00??lO??? ????\00\00??\01\00\00\00????\00\00???\00??\0e\00\00\00\00\00\00\00io\04\00??de???\01???>??? ????\00\00??\00\00\00\00????\01\00?U?\00??\00\00\00\00\00\00J\001f\07\00???d???\01??????\"%WinDir%\\System32\\notepad.exe\" \"%1\"\00a??? ????\00\00??\01\00\00\00????\00\00???\00??\0e\00\00\00\00\00\00\00??\04\00??????? ????\00\00??\00\00\00\00????\01\00?u?\00??\00\00\00\00\00\00f\00\\C\07\00???d???\01??????\"c:\\WINDOWS\\system32\\PresentationHost.exe\" \"%1\" %*\003b9??? ????\00\00?\04\04\00\00\00????\01\00???\00?? \00\00\00\00\00(\00do&\00???????????????????5??? ????\00\00??\00\00\00\00????\01\00?u?\00??\00\00\00\00\00\00\04\00??\09\00????t?\00\00????\08\00????? ????\00\00?ž\01\00\00\00????\00\00???\00??L\00\00\00\00\00\00\00??\16\00???????????A??? ????\00\00??\00\00\00\00????\01\00?u?\00??\00\00\00\00\00\00\02\00Si&\00???????????????????s???\01??????? ????\00\00?\00\04\00\00\00?W??\06\00?W?\00??\16\00\00\00 \00`\00.5\0c\00??????x-??? ????\00\00??\00\00\00\00????\01\00?u?\00??\00\00\00\00\00\00N\0007\05\00??D\\\08\00????????{ADBE6DEC-9B04-4A3D-A09C-4BB38EF1351C}\00cro??? ????\00\00?T\00\00\00\00????\02\00?\05?\00??\00\00\00\00\12\00N\00de\15\00??????????ps??{ADBE6DEC-9B04-4A3D-A09C-4BB38EF1351C}\008.0??? ????\00\00??\00\00\00\00????\01\00?u?\00??\00\00\00\00\00\00\04\00yl\09\00????t.50??? ????\00\00?ž\00\00\00\00????\01\00pW?\00??\00\00\00\00\00\00\1a\00?\00\06\00???O??? ????\00\00??\02\00\00\00????\00\00???\00??\08\00\00\00\00\00\00\00io\05\00??le??? ????\00\00??\01\00\00\00????\00\00???\00??\0e\00\00\00\00\00\00\00C8\04\00??T_??? ????\00\00??\00\00\00\00????\01\00?u?\00??\00\00\00\00\00\00J\00de\07\00???d???\01??????\"%WinDir%\\System32\\notepad.exe\" \"%1\"\00???@c:\\WINDOWS\\system32\\PresentationHost.exe,-3301\002.??@c:\\WINDOWS\\system32\\PresentationHost.exe,-3300\00????? ????\00\00?T\00\00\00\00????\02\00?æ?\00??\00\00\00\00\12\00N\00es\14\00??????????mm??{CF1BF3B6-7AD0-4410-996B-C78EAFCD3269}\00\00????? ????\00\00??\00\00\00\00????\01\00?u?\00??\00\00\00\00\00\00\04\00es\09\00????trs ??MS.Internal.IO.Packaging.XpsFilter\00\00D:??XAML Browser Application\00???@c:\\WINDOWS\\system32\\PresentationHost.exe,-3307\00NF???\10`\00??\01\00\01m??????????@c:\\WINDOWS\\system32\\PresentationHost.exe,-3306\00ro??? ????\00\00??\00\00\00\00????\01\00?w?\00??\00\00\00\00\00\00*\00t \06\00???d??Windows.XamlDocument\00 ??? ????\00\00?ž\00\00\00\00????\05\00?z?\00??\00\00\00\00\1c\00²\00\\I\0e\00???????4???\03????????????\01\00\01\00???\0e\16\00?ž\01\00\01????????:?????????????????\00\00\00\00\00\00\00\00\00\00\00??? ????\00\00??\00\00\00\00????\0b\00???|??\00\00\00\00\06\00\06\00re\05\00??as???\03\04?;\00\01\00\01i?0\\I???\03\04?;\00\01\00\01s?186???\03\04?;\00\01\00\01V?20.????????\08\00?????\03\04?;\00\01\00\010?307???\03\04?;\00\01\00\010?456???\03\04?;\00\01\00\01??k?????\03\04?;\00\01\00\010?57.???\03\04?;\00\01\00\01??6\01????\03\04?;\00\01\00\01??L??\08\00?????\03\04?;\00\01\00\01c?8so???????????????????????????\07\06\00??\07\00\01r???s???\0e\\\00??\02\00\01g??????? ??n;1;d:\\fc84df9ad43f4219da47811c50\\dotnetfx30\\\00???3\08\00??\03\00\01k?????????????????????????Lnd???,\08\00??\03\00\01.??????????????????????\00\00???????????<\08\00??\03\00\01???????????????????????????????02??????WA????\08\00??\03\00\01t???????????????????????????????6??????ta???,\08\00??\03\00\016??????????????????????c8??????e1???;\08\00??\03\00\017?????????????????????????????Ll_??????d.???2\08\00??\03\00\014???????????????????????????????????????:\08\00??\03\00\01A?????????????????????????????ers??????de???=\08\00??\03\00\01a??????????????????????????????L_??????b9???6\08\00??\03\00\010???????????????????????????n??????ma???-\08\00??\03\00\015??????????????????????L\00???????????,\08\00??\03\00\01???????????????????????\\F??????rk???6\08\00??\03\00\01\\???????????????????????????\00???????????4\08\00??\03\00\012??????????????????????????ws??????nt???*\08\00??\03\00\01ä?????????????????????ä?ä???0\08\00??\03\00\01ä???????????????????????????????ä???.\08\00??\03\00\01ä???????????????????????ä???????ä???-\08\00??\03\00\01ä???????????????????????ä??????`å???-\08\00??\03\00\01å???????????????????????å???????å???3\08\00??\03\00\01å?????????????????????????L?ç???????ç???8\08\00??\03\00\01ç???????????????????????????????????u???<\08\00??\03\00\01n???????????????????????????????O???????O???9\08\00??\03\00\01????????????????????????????????????????????=\08\00??\03\00\01????????????????????????????????????????????9\08\00??\03\00\01????????????????????????????????????????????;\08\00??\03\00\01??????????????????????????????O?????????????4\08\00??\03\00\01r??????????????????????????ta??????ns??? ????\00\00?}\00\00\00\00????\02\00?S?|??\00\00\00\00@\00j\00\00\00 \00??????????????????? j\00??\01\00\01???????????????????02:\\SOFTWARE\\Microsoft\\DevDiv\\NetFx\\Servicing\\3.5\\SP\00????i???????i???p???1\08\00??\03\00\01.????????????????????????O\00?????????????>\08\00??\03\00\01????????????????????????????????s??????nt???=\08\00??\03\00\01e??????????????????????????????L.??????cr???9\08\00??\03\00\01C????????????????????????????L.10??????_a???5\08\00??\03\00\01n??????????????????????????L4??????d:????????\08\00???????\00\00\00\00\00\00\00\00\00\00\00??MS.Internal.IO.Packaging.XpsFilter\00ent??? ????\00\00??\00\00\00\00????\01\00?z?\00??\00\00\00\00\00\00V\00_p\0b\00?????n0.??c:\\WINDOWS\\system32\\PresentationHost.exe,2\00.94??? ????\00\00??\00\00\00\00????\01\00???\00??\00\00\00\00\00\00V\000.\0b\00?????n\\\00??c:\\WINDOWS\\system32\\PresentationHost.exe,2\00on\\??? ????\00\00??\00\00\00\00????\01\00?W?\00??\00\00\00\00\00\00V\008.\10\00???????????\04??????????????????\"c:\\WINDOWS\\system32\\PresentationHost.exe\"\00man??? ????\00\00??\00\00\00\00????\01\00???\00??\00\00\00\00\00\00V\00ic\0b\00?????nin???\00V\00??\01\00\00t??c:\\WINDOWS\\system32\\PresentationHost.exe,3\00t.V???\00(\00??\01\00\008??Windows Markup File\00.1??? ????\00\00??\01\00\00\00????\00\00???\00??\0e\00\00\00\00\00\00\00.0\04\00??27???\02???6???>??? ????\00\00??\00\00\00\00????\01\00???\00??\00\00\00\00\00\00f\00Ve\07\00???d???\01???????\00f\00??\01\00\00t??\"c:\\WINDOWS\\system32\\PresentationHost.exe\" \"%1\" %*\003b_???????\00(\00??\01\00\00w??Composite Font File\00an???????\10`\00??\01\00\01.??????????@c:\\WINDOWS\\system32\\PresentationHost.exe,-3308\00Si??? ????\00\00??\00\00\00\00????\01\00???\00??\00\00\00\00\00\00R\00CR\0d\00??????29???\00R\00??\02\00\000??c:\\WINDOWS\\system32\\PresentationHost.exe\00.??? ????\00\00?\00\00\00\00\00????\02\00?ç?\00??\00\00\00\00\18\00,\00so\04\00??in???\00&\00??\01\00\00t??XPSViewer.Document\00sta???????\0c,\00??\01\00\01l???4??0.??application/x-jtx+xps\00??? ????\00\00?\00\05\00\00\00?b??\06\00???\00??\16\00\00\00 \00f\0014\14\00??????????an??? ????\00\00??\02\00\00\00????\00\00???\00??L\00\00\00\00\00\00\00??\07\00???????\01???>??? ????\00\00??\00\00\00\00????\01\00???\00??\00\00\00\00\00\00N\00Ve&\00???????????????????a????\08\00?????\00N\00??\01\00\00.??{44121072-A222-48F2-A58A-6D9AD51EBBE9}\00.0.??? ????\00\00?T\00\00\00\00????\03\00?è?\00??\00\00\00\00\12\00N\00if\12\00?????????27.???\09\0c\00??\01\00\01???????????.dwfx\00???????\00\04?0\00\01\00\00????\05N\00??\01\00\01???????{7DDA204B-2097-47C9-8323-C40BB840AE44}\00?????? ????\00\00??\01\00\00\00????\00\00???\00??\08\00\00\00\00\00\00\00??\05\00??? ???\00N\00??\01\00\00????\01??????\"\"\00\00????NULL\00\00\00\00??h?PresentationFramework, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35\00x???\0e\0a\00??\01\00\01???????????Both\00????????\0b\1c\00??\01\00\01\00?????D\00\00???\0b\10\00??\01\00\01??????y?????\05F\00??\01\00\01\00???????\00V\00??\01\00\00???.NETFramework\00???????????\0b\10\00??\01\00\01\00?????Y\00\00??NULL\00\00\00\00\00\00??? ????\00\00?b\01\00\00\00????\00\00???|??\08\00\00\00\00\00\00\00\00\00\04\00??\00\00??? ????\00\00??\00\00\00\00????\02\00?ä?|??\00\00\00\00&\00\04\00\00\00\04\00??\00\00???\01???5???\12\04???\04\00\01\00?????????\00\00\00??? ????\00\00+e\00\00\00\00????\02\00?e?|??\00\00\00\00\16\00\04\00\00\00\09\00????a\00\00\00???\02?e?????????\0b\04???\04\00\01\00?????s\00\00??????? ????\00\00?\00\00\00\00\00????\01\00???|??\00\00\00\00\0e\00\04\00\00\00\05\00??p\00???\07\04???\04\00\01\00???4???????\09\04???\04\00\01\00????a\00\00\00???\01?????????????\00\00\00\00\00\00\00\00\00\00\00??? ????\00\00?\00\01\00\00\00????\00\00???|??\0a\00\00\00\00\00\00\00\00\00)\00????????????????????n\00\00\00??? ????\00\00??\00\00\00\00????\02\00???|??\00\00\00\00\18\00\04\00\00\00\05\00??l\00???\0c\04???\04\00\01\00??????\00\00???\0a\04???\04\00\01\00?????\00\00\00??????\00\00??? ????\00\00?ž\00\00\00\00????\00\00???|??\00\00\00\00\00\00\00\00\00\00\04\00??\00\00???\02?ž?????9???\08\0c\00??\01\00\01\00??????FALSE\00??? ????\00\00??\01\00\00\00????\00\00???\00??\0e\00\00\00\00\00\00\00re\04\00??rs??? ????\00\00??\00\00\00\00????\01\00???\00??\00\00\00\00\00\00l\00ro\07\00???d???\00l\00??\01\00\008??\"c:\\WINDOWS\\system32\\XPSViewer\\XPSViewer.exe\" \"%1\" %*\00??? ????\00\00?T\00\00\00\00????\03\00?è?\00??\00\00\00\00\12\00N\00ic\1e\00???????????????r???\00\04?0\00\01\00\00\\???\09\0a\00??\01\00\01I????nlat??.xps\006???\05N\00??\01\00\01.??Dr??{7DDA204B-2097-47C9-8323-C40BB840AE44}\00.99???\0c>\00??\01\00\019???4??nl??application/vnd.ms-xpsdocument\00\\SO???\00&\00??\01\00\00o??XPSViewer.Document\00ers??? ????\00\00?\04\04\00\00\00?b??\01\00???\00??0\00\00\00\00\00\1a\00ic&\00???????????????????C??? ????\00\00??\00\00\00\00????\01\00???\00??\00\00\00\00\00\00*\00ww\06\00???e???\00*\00??\01\00\00e??XPSViewer.Document.1\000???????\00\1a\00??\01\00\00A??XPS document\00n???????\10f\00??\01\00\01s??????????@c:\\WINDOWS\\system32\\XPSViewer\\XPSViewer.exe,-3300\001e1???\0c\04??\00\03\00\017??????_x???\07f\00??\01\00\012???p??@c:\\WINDOWS\\system32\\XPSViewer\\XPSViewer.exe,-3301\00oft???\00\04?0\00\01\00\00????\09\04?\00\01\03\00\01\\????sySi???\09\04?0\00\01\00\01t????tx86??????????????cr??? ????\00\00?T\00\00\00\00????\03\00?è?\00??\00\00\00\00\12\00N\0050\15\00??????????sa???\05N\00??\01\00\01n??De??{7DDA204B-2097-47C9-8323-C40BB840AE44}\00E\\M???\09\0a\00??\01\00\01n????nCur??.jtx\00s???\00\1a\00??\01\00\00i??XPS document\00s??? ????\00\00?\05\00\00\00\00????\01\00???\00??\00\00\00\00$\00\04\00fc\10\00???????????\03?\05??????????3_x-???\12\04?\00\00\04\00\01\\?????????_ma??????? ????\00\00?\00\02\00\00\00?b??\01\00?u?\00??\0c\00\00\00\00\00\1a\00??\12\00?????????\0002??XPS document\00o??? ????\00\00??\00\00\00\00????\01\00???\00??\00\00\00\00\00\00N\00de\05\00??Da???\00\04?0\00\01\00\00???radio\00??{7DDA204B-2097-47C9-8323-C40BB840AE44}\00_x-??????? ????\00\00??\00\00\00\00????\02\00?é?\00??\00\00\00\00 \00X\00.9\0d\00??????? ???\00\04?0\00\01\00\00????\00X\00??\01\00\00???c:\\WINDOWS\\system32\\XPSViewer\\XPSViewer.exe\00n\\???\10X\00??\01\00\01I??????????c:\\WINDOWS\\system32\\XPSViewer\\XPSViewer.exe\00.0??? ????\00\00?\02\01\00\00\00?é??\01\00???\00??\1c\00\00\00\16\00\06\00ni\0d\00??????e5???\0b\06\00??\01\00\010?????e????????? ????\00\00?\00\00\00\00\00????\02\00?é?\00??\00\00\00\00\18\00&\00so\05\00??xn???\0c&\00??\01\00\01t???4??n\\??model/vnd.dwfx+xps\00ons???????\00&\00??\01\00\00V??XPSViewer.Document\00e3b??? ????\00\00??\00\00\00\00????\01\00???\00??\00\00\00\00\00\00N\00l_\0f\00???????r???\02???????????\00N\00??\01\00\00???{45670FA8-ED97-4F44-BC93-305082590BFB}\00??????\00*\00?b\01\00\00????????????\00&\00?b\01\00\00??????\00\00\00\00\00\00\00\00\00\00\00??Def.3643236F_FC70_11D3_A536_0090278A1BB8\00€\00\00J\05:\00ca_installassemblydef.3643236f_fc70_11d3_a536_0090278a1bb8\00@\01\04\00\00\00À\00æ\08€MZ\00\03\00\00\00\04\00\00\00ÿÿ\00\00¸\00\00\00\00\00\00\00@\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00ø\00\00\00\0e\1fº\0e\00´\09Í!¸\01LÍ!This program cannot be run in DOS mode.\0d\0d\0a$\00\00\00\00\00\00\00›w{ïß\16\15¼ß\16\15¼ß\16\15¼øÐx¼Þ\16\15¼øÐ{¼Þ\16\15¼\1c\19H¼Ò\16\15¼ß\16\14¼|\16\15¼oÓh¼Â\16\15¼oÓx¼v\16\15¼oÓ{¼ã\16\15¼øÐo¼Þ\16\15¼øÐg¼Ñ\16\15"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3396)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Fichiers communs\Logitech\Scrolling\LgMsgHk.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\slserv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Heure de fin: 2009-09-19 13:35 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-09-19 11:34

Avant-CF: 1 128 337 408 octets libres
Après-CF: 872 730 624 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn

368
0
Réponse 33 / 36
kevin05 Messages postés 3814 Date d'inscription   Statut Contributeur sécurité Dernière intervention   147
 
* Double-clique sur OTMoveIt.exe pour le lancer.

* Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.

* Copie la liste qui se trouve en gras dans la citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.


:processes
explorer.exe

:services
ddnsfilter
usbaapl

:files
c:\windows\nlmark2.dat
c:\windows\hpm2.dat
c:\windows\bk23567.dat
c:\windows\mmsmark2.dat
c:\windows\bx4657.dat
c:\windows\system32\dllcache\triedit.d­ll
c:\documents and settings\Bendjebel\.fontconfig
c:\documents and settings\Bendjebel\.gimp-2.6
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
c:\windows\system32\GDIPFONTCACHEV1.DAT
c:\windows\system32\perfh00C.dat
c:\windows\system32\perfc00C.dat
C:\windows\ld14.exe

:Commands
[emptytemp]
[purity]
[start explorer]
[Reboot]

# clique sur MoveIt! pour lancer la suppression.

# Le résultat apparaitra dans le cadre "Results".

# Clique sur Exit pour fermer.

# Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

# Il te sera peut-être demandé de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

0
Réponse 34 / 36
Ikaz
 
All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== SERVICES/DRIVERS ==========
Service\Driver ddnsfilter not found.
Service\Driver ddnsfilter not found.
Service\Driver ddnsfilter not found.
Service\Driver usbaapl deleted successfully.
========== FILES ==========
c:\windows\nlmark2.dat moved successfully.
c:\windows\hpm2.dat moved successfully.
c:\windows\bk23567.dat moved successfully.
c:\windows\mmsmark2.dat moved successfully.
c:\windows\bx4657.dat moved successfully.
File/Folder c:\windows\system32\dllcache\triedit.d­ll not found.
c:\documents and settings\Bendjebel\.fontconfig moved successfully.
c:\documents and settings\Bendjebel\.gimp-2.6\tool-options moved successfully.
c:\documents and settings\Bendjebel\.gimp-2.6\tmp moved successfully.
c:\documents and settings\Bendjebel\.gimp-2.6\themes moved successfully.
c:\documents and settings\Bendjebel\.gimp-2.6\templates moved successfully.
c:\documents and settings\Bendjebel\.gimp-2.6\scripts moved successfully.
c:\documents and settings\Bendjebel\.gimp-2.6\plug-ins moved successfully.
c:\documents and settings\Bendjebel\.gimp-2.6\patterns moved successfully.
c:\documents and settings\Bendjebel\.gimp-2.6\palettes moved successfully.
c:\documents and settings\Bendjebel\.gimp-2.6\modules moved successfully.
c:\documents and settings\Bendjebel\.gimp-2.6\levels moved successfully.
c:\documents and settings\Bendjebel\.gimp-2.6\interpreters moved successfully.
c:\documents and settings\Bendjebel\.gimp-2.6\gradients moved successfully.
c:\documents and settings\Bendjebel\.gimp-2.6\gimpressionist moved successfully.
c:\documents and settings\Bendjebel\.gimp-2.6\gflare moved successfully.
c:\documents and settings\Bendjebel\.gimp-2.6\gfig moved successfully.
c:\documents and settings\Bendjebel\.gimp-2.6\fractalexplorer moved successfully.
c:\documents and settings\Bendjebel\.gimp-2.6\fonts moved successfully.
c:\documents and settings\Bendjebel\.gimp-2.6\environ moved successfully.
c:\documents and settings\Bendjebel\.gimp-2.6\curves moved successfully.
c:\documents and settings\Bendjebel\.gimp-2.6\brushes moved successfully.
c:\documents and settings\Bendjebel\.gimp-2.6 moved successfully.
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86 moved successfully.
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 moved successfully.
c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} moved successfully.
c:\windows\system32\GDIPFONTCACHEV1.DAT moved successfully.
c:\windows\system32\perfh00C.dat moved successfully.
c:\windows\system32\perfc00C.dat moved successfully.
File/Folder C:\windows\ld14.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Bendjebel
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Java cache emptied: 25493350 bytes
->FireFox cache emptied: 28403405 bytes
->Apple Safari cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Les Bendjebels
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 51,48 mb

OTM by OldTimer - Version 3.0.0.6 log created on 09192009_135952

Files moved on Reboot...

Registry entries deleted on Reboot...
0
Réponse 35 / 36
kevin05 Messages postés 3814 Date d'inscription   Statut Contributeur sécurité Dernière intervention   147
 
Très bien...

Poste un nouveau rapport RSIT stp.
0
Réponse 36 / 36
Ikaz
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by Bendjebel at 2009-09-19 16:54:12
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 840 MB (8%) free of 10 GB
Total RAM: 383 MB (19% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:54:39, on 19/09/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Belkin\F5D7050v5\Belkinwcui.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bendjebel\Bureau\RSIT.exe
C:\Program Files\trend micro\Bendjebel.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.avast.com/store?verb=register-home&lang=fre
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Belkin Wireless G USB Adapter Client Utility.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Bendjebel\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clients/5.3.1.0/Rawflow.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {33DFB28A-9792-4AFC-B594-D589365DF67D} (Bahu Photo Uploader) - https://bahu.com/BahuPhotoUploader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {76EE578D-314B-4755-8365-6E1722C001A2} (Bahu Photo Uploader) - https://bahu.com/BahuPhotoUploader.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://workplace.quintiles.com/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (file missing)
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - D:\Nouveau dossier\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
0

Discussions similaires

Voxbone ? qui est-ce ?
fanfan54 -
ntrece13 -

159 réponses
Qui est ce ? +33 9 48 ** ** **
Ours -
ShaktiCor -

14 réponses
Je reçois plein d'appel de 03 67 48 00 XX
MrCorbax -
Blaze57 -

7 réponses
Convertir hexa ascii
ludoo78 -
iliass -

34 réponses
Préfixe 0465
happy43 -
Richter -

14 réponses