A voir également:
- Pc s'eteint tout seul
- Benchmark pc - Guide
- Ecran noir pc - Guide
- Dans le texte, un seul mot a réellement été écrit en lettres capitales (majuscules). quel est ce mot ? ✓ - Forum Word
- Reinitialiser pc - Guide
- Pc lent - Guide
5 réponses
Bonsoir pollux89,
Pour voir cela:
Télécharge RSIT (de random/random) sur le bureau :
- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur "Continue" dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenu de log.txt plus info.txt (réduit ds la barre de taches) à la fin de l’analyse .
Les rapports sont dans le dossier ici C:\rsit
a+
Pour voir cela:
Télécharge RSIT (de random/random) sur le bureau :
- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur "Continue" dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenu de log.txt plus info.txt (réduit ds la barre de taches) à la fin de l’analyse .
Les rapports sont dans le dossier ici C:\rsit
a+
Voici le rapport. J'ai pas tout capté. C'est bien ça que tu veux??? Merci
Logfile of random's system information tool 1.06 (written by random/random)
Run by Jean-luc at 2009-11-28 21:11:02
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 16 GB (53%) free of 31 GB
Total RAM: 511 MB (20% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:11:03, on 28/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jean-luc\Bureau\RSIT.exe
C:\Program Files\trend micro\Jean-luc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail?kw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\MEDIADICO\MDToolbar\MdToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] "C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)" -"https://www.king.com/"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} (VoxsyncCtrl Class) - https://login.orange.fr/captcha?return_url=https%3A%2F%2Fmescontacts.orange.fr
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2
Logfile of random's system information tool 1.06 (written by random/random)
Run by Jean-luc at 2009-11-28 21:11:02
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 16 GB (53%) free of 31 GB
Total RAM: 511 MB (20% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:11:03, on 28/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jean-luc\Bureau\RSIT.exe
C:\Program Files\trend micro\Jean-luc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.orange.fr/portail?kw=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\MEDIADICO\MDToolbar\MdToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] "C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)" -"https://www.king.com/"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://ushousecall02.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} (VoxsyncCtrl Class) - https://login.orange.fr/captcha?return_url=https%3A%2F%2Fmescontacts.orange.fr
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} (isInstalled Class) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6-windows-i586.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2
Voici le rapport. J'ai pas tout capté. C'est bien ça que tu veux??? Merci
==> Oui...
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
a+
Voila le résultat: Par contre je n'ai pas installé la console de récupération. Je ne savais pas si il fallait ou pas.
ComboFix 09-11-27.07 - Jean-luc 28/11/2009 21:59.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.264 [GMT 1:00]
Lancé depuis: c:\documents and settings\Jean-luc\Bureau\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Jean-luc\LOCALS~1\Temp\IadHide4.dll
c:\documents and settings\Jean-luc\Local Settings\Temp\IadHide4.dll
F:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-28 au 2009-11-28 ))))))))))))))))))))))))))))))))))))
.
2009-11-28 20:01 . 2009-11-28 20:18 -------- d-----w- c:\program files\trend micro
2009-11-28 20:01 . 2009-11-28 20:01 -------- d-----w- C:\rsit
2009-11-28 13:49 . 2009-11-28 13:49 -------- d-----w- c:\documents and settings\LocalService\Bureau
2009-11-28 13:45 . 2009-11-28 13:45 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-28 13:29 . 2009-11-28 13:29 -------- dc----w- c:\windows\system32\DRVSTORE
2009-11-28 13:29 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-28 13:27 . 2009-11-28 13:27 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-28 13:27 . 2009-11-28 13:27 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-28 13:27 . 2009-11-28 13:27 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-28 13:27 . 2009-11-28 13:27 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-11-28 13:27 . 2009-11-28 13:27 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-28 13:26 . 2009-11-28 13:26 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-28 13:26 . 2009-11-28 13:26 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-28 13:26 . 2009-11-28 13:26 1638640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-28 13:26 . 2009-11-28 13:26 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-28 13:26 . 2009-11-28 13:26 1184912 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-28 13:22 . 2009-11-28 13:23 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-28 13:22 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-28 13:22 . 2009-11-28 13:22 -------- d-----w- c:\program files\Lavasoft
2009-11-28 13:22 . 2009-11-28 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-28 12:55 . 2009-11-28 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-11-28 12:55 . 2009-11-28 12:55 -------- d-----w- c:\documents and settings\Jean-luc\Application Data\Yahoo!
2009-11-28 12:55 . 2009-11-28 12:55 -------- d-----w- c:\program files\Yahoo!
2009-11-28 12:55 . 2009-11-28 12:55 -------- d-----w- c:\program files\CCleaner
2009-11-28 11:44 . 2008-03-30 18:55 1213784 ----a-w- c:\documents and settings\Jean-luc\Application Data\HouseCall 6.6\vsapi32.dll
2009-11-28 11:44 . 2006-11-22 16:48 91744 ----a-w- c:\documents and settings\Jean-luc\Application Data\HouseCall 6.6\BPMNT.dll
2009-11-28 11:44 . 2007-12-24 16:37 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-28 11:44 . 2007-12-24 16:37 138384 ----a-w- c:\documents and settings\Jean-luc\Application Data\HouseCall 6.6\tmcomm.sys
2009-11-28 11:44 . 2006-07-07 15:29 1197584 ----a-w- c:\documents and settings\Jean-luc\Application Data\HouseCall 6.6\ssapi32.dll
2009-11-28 11:44 . 2009-03-27 16:38 366344 ----a-w- c:\documents and settings\Jean-luc\Application Data\HouseCall 6.6\tsc.exe
2009-11-28 10:13 . 2009-11-28 11:56 -------- d-----w- c:\documents and settings\Jean-luc\Application Data\HouseCall 6.6
2009-11-28 10:13 . 2009-11-28 10:13 -------- d-----w- c:\windows\system32\HouseCall 6.6
2009-11-27 21:10 . 2005-01-31 10:19 7104 ----a-r- c:\windows\system32\drivers\lv302af.sys
2009-11-27 21:09 . 2005-01-31 10:12 22016 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys
2009-11-27 21:09 . 2005-01-31 10:00 106496 ----a-r- c:\windows\system32\lvcoinst.dll
2009-11-27 21:09 . 2005-01-31 10:18 372736 ----a-r- c:\windows\system32\LVUI2RC.dll
2009-11-27 21:09 . 2005-01-31 10:10 204800 ----a-r- c:\windows\system32\LVUI2.dll
2009-11-27 21:09 . 2005-01-31 10:08 204800 ----a-r- c:\windows\system32\lvcodec2.dll
2009-11-27 21:09 . 2005-01-31 10:26 912768 ----a-r- c:\windows\system32\drivers\LV302AV.SYS
2009-11-27 21:09 . 2005-01-31 10:04 2180096 ----a-r- c:\windows\system32\drivers\LVSVF2.sys
2009-11-27 19:14 . 2009-11-28 09:55 -------- d-----w- c:\windows\system32\NtmsData
2009-11-27 17:45 . 2009-11-27 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-11-27 17:32 . 2009-11-27 17:32 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-26 21:50 . 2009-11-26 21:50 -------- d-----w- c:\documents and settings\Jean-luc\Local Settings\Application Data\Logitech-LS
2009-11-26 21:43 . 2009-11-26 21:43 -------- d-----w- c:\documents and settings\Jean-luc\Application Data\FotoWire
2009-11-26 21:43 . 2009-11-26 21:43 -------- d-----w- c:\program files\Fichiers communs\FotoWire
2009-11-26 21:41 . 2009-11-26 21:41 81920 ------r- c:\windows\bwUnin-6.1.4.68-8876480L.exe
2009-11-26 21:07 . 2009-11-26 21:43 -------- d-----w- c:\program files\Logitech
2009-11-18 09:32 . 2009-11-18 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-11-05 07:40 . 2009-11-05 07:40 152576 ----a-w- c:\documents and settings\Jean-luc\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-03 16:18 . 2009-11-03 16:18 -------- d-----w- c:\documents and settings\Jean-luc\Application Data\MSN6
2009-11-03 16:18 . 2009-11-03 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2009-11-03 15:12 . 2009-11-03 15:12 -------- d-----w- c:\program files\Encyclopédie Médicale Française
2009-10-29 21:49 . 2009-11-27 17:35 -------- d-----w- c:\documents and settings\Jean-luc\Local Settings\Application Data\Temp
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-28 20:55 . 2009-02-03 15:15 -------- d-----w- c:\program files\Fichiers communs\Softwin
2009-11-28 20:55 . 2009-02-03 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-11-28 20:54 . 2009-02-03 15:21 81984 ----a-w- c:\windows\system32\bdod.bin
2009-11-27 18:31 . 2009-07-24 22:09 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-11-27 17:52 . 2009-02-03 20:42 -------- d-----w- c:\program files\Google
2009-11-26 21:41 . 2009-02-03 14:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-26 21:09 . 2009-03-12 08:16 -------- d-----w- c:\program files\Fichiers communs\logishrd
2009-11-26 21:08 . 2009-11-26 21:08 -------- d-----w- c:\program files\Fichiers communs\Logitech
2009-11-22 22:25 . 2009-11-22 22:25 4968 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-11-22 22:25 . 2002-08-30 12:00 85990 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-22 22:25 . 2002-08-30 12:00 514114 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-14 19:02 . 2009-03-07 22:07 -------- d-----w- c:\documents and settings\Jean-luc\Application Data\dvdcss
2009-11-05 07:42 . 2009-06-10 20:43 -------- d-----w- c:\program files\Java
2009-10-18 20:47 . 2009-06-28 09:05 -------- d-----w- c:\program files\e-Carte Bleue La Banque Postale
2009-10-11 03:17 . 2009-06-10 20:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 13:57 . 2008-07-29 18:59 614400 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 13:57 . 2002-08-30 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-08 13:57 . 2002-08-30 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-01 20:28 . 2009-10-01 20:28 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-10-01 20:28 . 2009-02-03 21:18 -------- d-----w- c:\program files\Windows Live
2009-10-01 20:26 . 2009-02-03 21:18 -------- d-----w- c:\program files\Microsoft
2009-09-30 08:57 . 2009-09-30 08:57 -------- d-----w- c:\program files\MEDIADICO
2009-09-11 14:18 . 2002-08-30 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2002-08-30 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-10 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2009-11-27 20480]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe " [X]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe " [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 335872]
"EPSON Stylus CX3200"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-07-01 74752]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2008-06-10 107248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-11-26 450560]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\eMule\\emule.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [28/11/2009 14:29 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12:17 1184912]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE [30/03/2009 15:28 1533808]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/10/2009 22:49 133104]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - HTTPFILTER
.
Contenu du dossier 'Tâches planifiées'
2009-11-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:26]
2009-11-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-09 17:45]
2009-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-29 21:49]
2009-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-29 21:49]
2009-11-28 c:\windows\Tasks\User_Feed_Synchronization-{B496833B-8335-4934-8DFC-9FEDC45D6848}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = www.orange.fr
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} - hxxp://contacts.orange.fr/wfr_webab/VoxsyncX.cab
DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab
.
- - - - ORPHELINS SUPPRIMES - - - -
AddRemove-Ad-Aware - c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-LifeGlobe Goldfish Aquarium_is1 - c:\program files\Prolific Publishing
AddRemove-LifeGlobe Sharks, Terrors of the Deep_is1 - c:\program files\Prolific Publishing
AddRemove-Objectif Tarot - c:\windows\system32\SpoonUninstall.exe <uninstall>c:\windows\system32\SpoonUninstall-Objectif Tarot.dat
AddRemove-QcDrv - c:\program files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE UNINSTALL REMOVEPROMPT
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-28 22:06
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(344)
c:\docume~1\Jean-luc\LOCALS~1\Temp\IadHide4.dll
c:\program files\Google\Quick Search Box\bin\1.2.1150.162\qsb.dll
c:\program files\OrangeHSS\Launcher\Inactivity.Dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\program files\OrangeHSS\Launcher\Launcher.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\OrangeHSS\systray\systrayapp.exe
c:\program files\OrangeHSS\Deskboard\deskboard.exe
c:\program files\OrangeHSS\connectivity\connectivitymanager.exe
c:\program files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
c:\program files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Heure de fin: 2009-11-28 22:13 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-11-28 21:13
Avant-CF: 17 017 307 136 octets libres
Après-CF: 17 760 272 384 octets libres
- - End Of File - - 517298AEBEB01A656F911F3FA895DEA0
ComboFix 09-11-27.07 - Jean-luc 28/11/2009 21:59.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.264 [GMT 1:00]
Lancé depuis: c:\documents and settings\Jean-luc\Bureau\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Jean-luc\LOCALS~1\Temp\IadHide4.dll
c:\documents and settings\Jean-luc\Local Settings\Temp\IadHide4.dll
F:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-10-28 au 2009-11-28 ))))))))))))))))))))))))))))))))))))
.
2009-11-28 20:01 . 2009-11-28 20:18 -------- d-----w- c:\program files\trend micro
2009-11-28 20:01 . 2009-11-28 20:01 -------- d-----w- C:\rsit
2009-11-28 13:49 . 2009-11-28 13:49 -------- d-----w- c:\documents and settings\LocalService\Bureau
2009-11-28 13:45 . 2009-11-28 13:45 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-11-28 13:29 . 2009-11-28 13:29 -------- dc----w- c:\windows\system32\DRVSTORE
2009-11-28 13:29 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-11-28 13:27 . 2009-11-28 13:27 5908024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-11-28 13:27 . 2009-11-28 13:27 327000 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-11-28 13:27 . 2009-11-28 13:27 87496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-11-28 13:27 . 2009-11-28 13:27 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-11-28 13:27 . 2009-11-28 13:27 641632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-28 13:26 . 2009-11-28 13:26 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-11-28 13:26 . 2009-11-28 13:26 822904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-11-28 13:26 . 2009-11-28 13:26 1638640 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-11-28 13:26 . 2009-11-28 13:26 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-11-28 13:26 . 2009-11-28 13:26 1184912 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-11-28 13:22 . 2009-11-28 13:23 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-28 13:22 . 2009-10-03 08:15 2924848 -c--a-w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe
2009-11-28 13:22 . 2009-11-28 13:22 -------- d-----w- c:\program files\Lavasoft
2009-11-28 13:22 . 2009-11-28 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-28 12:55 . 2009-11-28 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-11-28 12:55 . 2009-11-28 12:55 -------- d-----w- c:\documents and settings\Jean-luc\Application Data\Yahoo!
2009-11-28 12:55 . 2009-11-28 12:55 -------- d-----w- c:\program files\Yahoo!
2009-11-28 12:55 . 2009-11-28 12:55 -------- d-----w- c:\program files\CCleaner
2009-11-28 11:44 . 2008-03-30 18:55 1213784 ----a-w- c:\documents and settings\Jean-luc\Application Data\HouseCall 6.6\vsapi32.dll
2009-11-28 11:44 . 2006-11-22 16:48 91744 ----a-w- c:\documents and settings\Jean-luc\Application Data\HouseCall 6.6\BPMNT.dll
2009-11-28 11:44 . 2007-12-24 16:37 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-11-28 11:44 . 2007-12-24 16:37 138384 ----a-w- c:\documents and settings\Jean-luc\Application Data\HouseCall 6.6\tmcomm.sys
2009-11-28 11:44 . 2006-07-07 15:29 1197584 ----a-w- c:\documents and settings\Jean-luc\Application Data\HouseCall 6.6\ssapi32.dll
2009-11-28 11:44 . 2009-03-27 16:38 366344 ----a-w- c:\documents and settings\Jean-luc\Application Data\HouseCall 6.6\tsc.exe
2009-11-28 10:13 . 2009-11-28 11:56 -------- d-----w- c:\documents and settings\Jean-luc\Application Data\HouseCall 6.6
2009-11-28 10:13 . 2009-11-28 10:13 -------- d-----w- c:\windows\system32\HouseCall 6.6
2009-11-27 21:10 . 2005-01-31 10:19 7104 ----a-r- c:\windows\system32\drivers\lv302af.sys
2009-11-27 21:09 . 2005-01-31 10:12 22016 ----a-r- c:\windows\system32\drivers\LVUSBSta.sys
2009-11-27 21:09 . 2005-01-31 10:00 106496 ----a-r- c:\windows\system32\lvcoinst.dll
2009-11-27 21:09 . 2005-01-31 10:18 372736 ----a-r- c:\windows\system32\LVUI2RC.dll
2009-11-27 21:09 . 2005-01-31 10:10 204800 ----a-r- c:\windows\system32\LVUI2.dll
2009-11-27 21:09 . 2005-01-31 10:08 204800 ----a-r- c:\windows\system32\lvcodec2.dll
2009-11-27 21:09 . 2005-01-31 10:26 912768 ----a-r- c:\windows\system32\drivers\LV302AV.SYS
2009-11-27 21:09 . 2005-01-31 10:04 2180096 ----a-r- c:\windows\system32\drivers\LVSVF2.sys
2009-11-27 19:14 . 2009-11-28 09:55 -------- d-----w- c:\windows\system32\NtmsData
2009-11-27 17:45 . 2009-11-27 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-11-27 17:32 . 2009-11-27 17:32 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-26 21:50 . 2009-11-26 21:50 -------- d-----w- c:\documents and settings\Jean-luc\Local Settings\Application Data\Logitech-LS
2009-11-26 21:43 . 2009-11-26 21:43 -------- d-----w- c:\documents and settings\Jean-luc\Application Data\FotoWire
2009-11-26 21:43 . 2009-11-26 21:43 -------- d-----w- c:\program files\Fichiers communs\FotoWire
2009-11-26 21:41 . 2009-11-26 21:41 81920 ------r- c:\windows\bwUnin-6.1.4.68-8876480L.exe
2009-11-26 21:07 . 2009-11-26 21:43 -------- d-----w- c:\program files\Logitech
2009-11-18 09:32 . 2009-11-18 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-11-05 07:40 . 2009-11-05 07:40 152576 ----a-w- c:\documents and settings\Jean-luc\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-03 16:18 . 2009-11-03 16:18 -------- d-----w- c:\documents and settings\Jean-luc\Application Data\MSN6
2009-11-03 16:18 . 2009-11-03 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2009-11-03 15:12 . 2009-11-03 15:12 -------- d-----w- c:\program files\Encyclopédie Médicale Française
2009-10-29 21:49 . 2009-11-27 17:35 -------- d-----w- c:\documents and settings\Jean-luc\Local Settings\Application Data\Temp
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-28 20:55 . 2009-02-03 15:15 -------- d-----w- c:\program files\Fichiers communs\Softwin
2009-11-28 20:55 . 2009-02-03 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-11-28 20:54 . 2009-02-03 15:21 81984 ----a-w- c:\windows\system32\bdod.bin
2009-11-27 18:31 . 2009-07-24 22:09 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-11-27 17:52 . 2009-02-03 20:42 -------- d-----w- c:\program files\Google
2009-11-26 21:41 . 2009-02-03 14:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-26 21:09 . 2009-03-12 08:16 -------- d-----w- c:\program files\Fichiers communs\logishrd
2009-11-26 21:08 . 2009-11-26 21:08 -------- d-----w- c:\program files\Fichiers communs\Logitech
2009-11-22 22:25 . 2009-11-22 22:25 4968 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-11-22 22:25 . 2002-08-30 12:00 85990 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-22 22:25 . 2002-08-30 12:00 514114 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-14 19:02 . 2009-03-07 22:07 -------- d-----w- c:\documents and settings\Jean-luc\Application Data\dvdcss
2009-11-05 07:42 . 2009-06-10 20:43 -------- d-----w- c:\program files\Java
2009-10-18 20:47 . 2009-06-28 09:05 -------- d-----w- c:\program files\e-Carte Bleue La Banque Postale
2009-10-11 03:17 . 2009-06-10 20:43 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-08 13:57 . 2008-07-29 18:59 614400 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 13:57 . 2002-08-30 12:00 22528 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-08 13:57 . 2002-08-30 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-01 20:28 . 2009-10-01 20:28 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-10-01 20:28 . 2009-02-03 21:18 -------- d-----w- c:\program files\Windows Live
2009-10-01 20:26 . 2009-02-03 21:18 -------- d-----w- c:\program files\Microsoft
2009-09-30 08:57 . 2009-09-30 08:57 -------- d-----w- c:\program files\MEDIADICO
2009-09-11 14:18 . 2002-08-30 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:04 . 2002-08-30 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-10 39408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2009-11-27 20480]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe " [X]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe " [X]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-25 335872]
"EPSON Stylus CX3200"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-07-01 74752]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"ORAHSSSessionManager"="c:\program files\OrangeHSS\SessionManager\SessionManager.exe" [2008-06-10 107248]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-04 28672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-11-26 450560]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\eMule\\emule.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [28/11/2009 14:29 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12:17 1184912]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSVC.EXE [30/03/2009 15:28 1533808]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/10/2009 22:49 133104]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - HTTPFILTER
.
Contenu du dossier 'Tâches planifiées'
2009-11-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:26]
2009-11-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-09 17:45]
2009-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-29 21:49]
2009-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-29 21:49]
2009-11-28 c:\windows\Tasks\User_Feed_Synchronization-{B496833B-8335-4934-8DFC-9FEDC45D6848}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = www.orange.fr
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3E82BB3F-ABE4-458D-9281-0187286A4E51} - hxxp://contacts.orange.fr/wfr_webab/VoxsyncX.cab
DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-2.0.cab
.
- - - - ORPHELINS SUPPRIMES - - - -
AddRemove-Ad-Aware - c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}\Ad-AwareInstallation.exe REMOVE=TRUE MODIFY=FALSE
AddRemove-LifeGlobe Goldfish Aquarium_is1 - c:\program files\Prolific Publishing
AddRemove-LifeGlobe Sharks, Terrors of the Deep_is1 - c:\program files\Prolific Publishing
AddRemove-Objectif Tarot - c:\windows\system32\SpoonUninstall.exe <uninstall>c:\windows\system32\SpoonUninstall-Objectif Tarot.dat
AddRemove-QcDrv - c:\program files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE UNINSTALL REMOVEPROMPT
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-28 22:06
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(344)
c:\docume~1\Jean-luc\LOCALS~1\Temp\IadHide4.dll
c:\program files\Google\Quick Search Box\bin\1.2.1150.162\qsb.dll
c:\program files\OrangeHSS\Launcher\Inactivity.Dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\program files\OrangeHSS\Launcher\Launcher.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\OrangeHSS\systray\systrayapp.exe
c:\program files\OrangeHSS\Deskboard\deskboard.exe
c:\program files\OrangeHSS\connectivity\connectivitymanager.exe
c:\program files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
c:\program files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Heure de fin: 2009-11-28 22:13 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-11-28 21:13
Avant-CF: 17 017 307 136 octets libres
Après-CF: 17 760 272 384 octets libres
- - End Of File - - 517298AEBEB01A656F911F3FA895DEA0
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Fais un scan avec cet antispyware :
Malwarebytes + tutoriel
Tu l´installes; mets le a jour...(onglet mise a jour)
Click maintenant sur l´onglet recherche et coche la case :
"Executer un examen rapide".
Puis click sur "rechercher".
Laisses le scanner le pc...
Si des elements on ete trouvés :
> click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "oui".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
Copies et colles le rapport stp.
a+
Malwarebytes + tutoriel
Tu l´installes; mets le a jour...(onglet mise a jour)
Click maintenant sur l´onglet recherche et coche la case :
"Executer un examen rapide".
Puis click sur "rechercher".
Laisses le scanner le pc...
Si des elements on ete trouvés :
> click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "oui".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
Copies et colles le rapport stp.
a+