9 réponses
Utilisateur anonyme
13 mars 2010 à 19:53
13 mars 2010 à 19:53
Bonsoir,
==> Peux tu retrouver le lien de cette discussion ?
Merci
a+
Quelqu'un avait commencé à m'aider mais j'ignore quand reviendra, alors merci à l'avance si quelqu'un peut m'aider à résoudre ce problème.
==> Peux tu retrouver le lien de cette discussion ?
Merci
a+
Utilisateur anonyme
13 mars 2010 à 20:24
13 mars 2010 à 20:24
Re
truecode est peut-être en week end !!!
Pour avancer:
---> Télécharge OTM (OldTimer) sur ton Bureau :
http: http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :
:files
c:\windows\mplayerplgn.dll
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{376892AE-1825-4E5F-9F85-23F9640051CC}]
:commands
[emptytemp]
[Reboot]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre:
Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt!
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
Colles ensuite un nouveau RSIT stp...
a+
truecode est peut-être en week end !!!
Pour avancer:
---> Télécharge OTM (OldTimer) sur ton Bureau :
http: http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant en gras ci-dessous :
:files
c:\windows\mplayerplgn.dll
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{376892AE-1825-4E5F-9F85-23F9640051CC}]
:commands
[emptytemp]
[Reboot]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre:
Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt!
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
Colles ensuite un nouveau RSIT stp...
a+
Sans doute =)
All processes killed
========== FILES ==========
File/Folder c:\windows\mplayerplgn.dll not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{376892AE-1825-4E5F-9F85-23F9640051CC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 30874 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: All Users
User: Default User
->Temp folder emptied: 30874 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: HP_Administrateur
->Temp folder emptied: 962875623 bytes
->Temporary Internet Files folder emptied: 687779193 bytes
->Java cache emptied: 37877634 bytes
->FireFox cache emptied: 109907254 bytes
->Google Chrome cache emptied: 72222720 bytes
->Flash cache emptied: 41538 bytes
User: LocalService
->Temp folder emptied: 82255 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 21547520 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23002473 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10988420 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 41056775 bytes
Total Files Cleaned = 1 876,00 mb
OTM by OldTimer - Version 3.1.10.0 log created on 03132010_143313
All processes killed
========== FILES ==========
File/Folder c:\windows\mplayerplgn.dll not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{376892AE-1825-4E5F-9F85-23F9640051CC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{376892AE-1825-4E5F-9F85-23F9640051CC}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 30874 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: All Users
User: Default User
->Temp folder emptied: 30874 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: HP_Administrateur
->Temp folder emptied: 962875623 bytes
->Temporary Internet Files folder emptied: 687779193 bytes
->Java cache emptied: 37877634 bytes
->FireFox cache emptied: 109907254 bytes
->Google Chrome cache emptied: 72222720 bytes
->Flash cache emptied: 41538 bytes
User: LocalService
->Temp folder emptied: 82255 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 21547520 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23002473 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10988420 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 41056775 bytes
Total Files Cleaned = 1 876,00 mb
OTM by OldTimer - Version 3.1.10.0 log created on 03132010_143313
Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrateur at 2010-03-13 14:40:16
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 246 GB (83%) free of 295 GB
Total RAM: 1982 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:20, on 2010-03-13
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\HP_Administrateur\Bureau\DL\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrateur.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Mises à jour de HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - c:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - (no file)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
Run by HP_Administrateur at 2010-03-13 14:40:16
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 246 GB (83%) free of 295 GB
Total RAM: 1982 MB (69% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:20, on 2010-03-13
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\HP_Administrateur\Bureau\DL\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrateur.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Trend Micro Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - (no file)
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PCDrProfiler] "C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" -r
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Mises à jour de HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Télécharger avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Télécharger toutes les vidéos avec BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - c:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - (no file)
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe
Utilisateur anonyme
13 mars 2010 à 20:56
13 mars 2010 à 20:56
Run by HP_Administrateur at 2010-03-13 14:40:16
---------------------------------------------------------------------------
Tu as quelques heures d'avance sur la (France?) (Metropole?)
==> Par simple curiosité ...D'ou postes tu ?
Fais un scan avec cet antispyware :
Malwarebytes + tutoriel
Tu l´installes; mets le a jour...(onglet mise a jour)
Click maintenant sur l´onglet recherche et coche la case :
"Executer un examen rapide".
Puis click sur "rechercher".
Laisses le scanner le pc...
A la fin du scan, clique sur Afficher les résultats
Si des elements on ete trouvés :
> click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "oui".
A la fin un rapport va s´ouvrir;
sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
Copies et colles le rapport stp.
a+
---------------------------------------------------------------------------
Tu as quelques heures d'avance sur la (France?) (Metropole?)
==> Par simple curiosité ...D'ou postes tu ?
Fais un scan avec cet antispyware :
Malwarebytes + tutoriel
Tu l´installes; mets le a jour...(onglet mise a jour)
Click maintenant sur l´onglet recherche et coche la case :
"Executer un examen rapide".
Puis click sur "rechercher".
Laisses le scanner le pc...
A la fin du scan, clique sur Afficher les résultats
Si des elements on ete trouvés :
> click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "oui".
A la fin un rapport va s´ouvrir;
sauvegarde le de maniere a le retrouver en vue de le poster sur le forum.
Copies et colles le rapport stp.
a+
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
2010-03-13 15:12:19
mbam-log-2010-03-13 (15-12-19).txt
Type de recherche: Examen rapide
Eléments examinés: 119337
Temps écoulé: 8 minute(s), 26 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\dnscache.dnscacheobj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dnscache.dnscacheobj.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Version de la base de données: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
2010-03-13 15:12:19
mbam-log-2010-03-13 (15-12-19).txt
Type de recherche: Examen rapide
Eléments examinés: 119337
Temps écoulé: 8 minute(s), 26 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\dnscache.dnscacheobj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dnscache.dnscacheobj.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{376892ae-1825-4e5f-9f85-23f9640051cc} (Trojan.BHO) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
13 mars 2010 à 21:37
13 mars 2010 à 21:37
Ralances MBAM
Vas ds l'onglet "Quarantaine" et supprimes tout
------------------------------------------------------------
Ou alors ton pc n'est pas du toit à l'heure ?
--------------------------------------------------------------
Lances maintenant un scan Bitdefender et colles moi le rapport stp ....
a+
Vas ds l'onglet "Quarantaine" et supprimes tout
------------------------------------------------------------
Tu as quelques heures d'avance sur la (France?) (Metropole?) ==> Par simple curiosité ...D'ou postes tu ?
Ou alors ton pc n'est pas du toit à l'heure ?
--------------------------------------------------------------
Lances maintenant un scan Bitdefender et colles moi le rapport stp ....
a+
voici le log de BitDefender
Backdoor.Generic.179684 est toujours en quarantaine
Product: BitDefender Total Security 2010
Version: BitDefender Antivirus Scanner
Scanning task: System Scan
Log date: 2010-03-13 15:50:14
Log path: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\full_scan\1268513414_1_00.xml
Scan paths:
Path 0000: C:\
Path 0001: D:\
Scan Level:
Scan for viruses: Yes
Scan for adware: Yes
Scan for spyware: Yes
Scan for applications: Yes
Scan for dialers: Yes
Scan for rootkits: No
Scan for keyloggers: Yes
Virus Scanning Options:
Scan registry keys: Yes
Scan cookies: Yes
Scan boot sectors: Yes
Scan memory processes: Yes
Scan archives: No
Scan runtime packers: Yes
Scan e-mails: Yes
Scan all files: Yes
Heuristic Scan: Yes
Scanned extensions: not configured
Excluded extensions: not configured
Target Processing:
Default first action for infected objects: Disinfect
Default second action for infected objects: None
Default first action for suspect objects : None
Default second action for suspicious objects: None
Default action for hidden objects: None
Default first action for encrypted infected objects: Disinfect
Default second action for encrypted infected objects: None
Default first action for encrypted suspicious objects: None
Default second action for encrypted suspicious objects: None
Default action for password-protected objects: Log only
Scan Engines Summary
Virus signatures: 5445124
Archive plugins: 44
E-mail plugins: 6
Scan plugins: 13
System plugins: 5
Unpack plugins: 8
Basic
Scanned items: 119791
Infected items: 0 (no infected items have been detected)
Suspect items: 0 (no suspected items have been detected)
Hidden items: 0 (the scan options do not include scanning for rootkits)
Resolved items: 0 (no threats have been detected during this scan)
Unresolved items: 0 (no issues remained unresolved)
Advanced
Scan time: 00:43:34
Files per second: 45
Skipped items: 146376
Password-protected items: 0
Over-compressed items: 0
Individual viruses found: 0
Scanned folders: 8000
Scanned boot sectors: 3
Scanned archives: 74
Input-output errors: 51
Scanned processes: 42
Infected processes: 0
Scanned registry keys: 1189
Infected registry keys: 0
Scanned cookies: 49
Infected cookies: 0
Backdoor.Generic.179684 est toujours en quarantaine
Product: BitDefender Total Security 2010
Version: BitDefender Antivirus Scanner
Scanning task: System Scan
Log date: 2010-03-13 15:50:14
Log path: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\full_scan\1268513414_1_00.xml
Scan paths:
Path 0000: C:\
Path 0001: D:\
Scan Level:
Scan for viruses: Yes
Scan for adware: Yes
Scan for spyware: Yes
Scan for applications: Yes
Scan for dialers: Yes
Scan for rootkits: No
Scan for keyloggers: Yes
Virus Scanning Options:
Scan registry keys: Yes
Scan cookies: Yes
Scan boot sectors: Yes
Scan memory processes: Yes
Scan archives: No
Scan runtime packers: Yes
Scan e-mails: Yes
Scan all files: Yes
Heuristic Scan: Yes
Scanned extensions: not configured
Excluded extensions: not configured
Target Processing:
Default first action for infected objects: Disinfect
Default second action for infected objects: None
Default first action for suspect objects : None
Default second action for suspicious objects: None
Default action for hidden objects: None
Default first action for encrypted infected objects: Disinfect
Default second action for encrypted infected objects: None
Default first action for encrypted suspicious objects: None
Default second action for encrypted suspicious objects: None
Default action for password-protected objects: Log only
Scan Engines Summary
Virus signatures: 5445124
Archive plugins: 44
E-mail plugins: 6
Scan plugins: 13
System plugins: 5
Unpack plugins: 8
Basic
Scanned items: 119791
Infected items: 0 (no infected items have been detected)
Suspect items: 0 (no suspected items have been detected)
Hidden items: 0 (the scan options do not include scanning for rootkits)
Resolved items: 0 (no threats have been detected during this scan)
Unresolved items: 0 (no issues remained unresolved)
Advanced
Scan time: 00:43:34
Files per second: 45
Skipped items: 146376
Password-protected items: 0
Over-compressed items: 0
Individual viruses found: 0
Scanned folders: 8000
Scanned boot sectors: 3
Scanned archives: 74
Input-output errors: 51
Scanned processes: 42
Infected processes: 0
Scanned registry keys: 1189
Infected registry keys: 0
Scanned cookies: 49
Infected cookies: 0
dsl j'ai complètement oublié la question xD
en fait mon pc est à l'heure, je vis au Québec. =)
J'ai effacé ce qui était en quarantaine dans MBAM et je suis en train de faire un scan avec bitdefender. Je le posterai quand il sera complété.
en fait mon pc est à l'heure, je vis au Québec. =)
J'ai effacé ce qui était en quarantaine dans MBAM et je suis en train de faire un scan avec bitdefender. Je le posterai quand il sera complété.
Utilisateur anonyme
13 mars 2010 à 22:16
13 mars 2010 à 22:16
Trè s bien ...
à plus...
à plus...
Voici le résultat
Par contre Backdoor.Generic.179684 se trouve toujours en quarantaine de BitDefender
Product: BitDefender Total Security 2010
Version: BitDefender Antivirus Scanner
Scanning task: System Scan
Log date: 2010-03-13 15:50:14
Log path: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\full_scan\1268513414_1_00.xml
Scan paths:
Path 0000: C:\
Path 0001: D:\
Scan Level:
Scan for viruses: Yes
Scan for adware: Yes
Scan for spyware: Yes
Scan for applications: Yes
Scan for dialers: Yes
Scan for rootkits: No
Scan for keyloggers: Yes
Virus Scanning Options:
Scan registry keys: Yes
Scan cookies: Yes
Scan boot sectors: Yes
Scan memory processes: Yes
Scan archives: No
Scan runtime packers: Yes
Scan e-mails: Yes
Scan all files: Yes
Heuristic Scan: Yes
Scanned extensions: not configured
Excluded extensions: not configured
Target Processing:
Default first action for infected objects: Disinfect
Default second action for infected objects: None
Default first action for suspect objects : None
Default second action for suspicious objects: None
Default action for hidden objects: None
Default first action for encrypted infected objects: Disinfect
Default second action for encrypted infected objects: None
Default first action for encrypted suspicious objects: None
Default second action for encrypted suspicious objects: None
Default action for password-protected objects: Log only
Scan Engines Summary
Virus signatures: 5445124
Archive plugins: 44
E-mail plugins: 6
Scan plugins: 13
System plugins: 5
Unpack plugins: 8
Basic
Scanned items: 119791
Infected items: 0 (no infected items have been detected)
Suspect items: 0 (no suspected items have been detected)
Hidden items: 0 (the scan options do not include scanning for rootkits)
Resolved items: 0 (no threats have been detected during this scan)
Unresolved items: 0 (no issues remained unresolved)
Advanced
Scan time: 00:43:34
Files per second: 45
Skipped items: 146376
Password-protected items: 0
Over-compressed items: 0
Individual viruses found: 0
Scanned folders: 8000
Scanned boot sectors: 3
Scanned archives: 74
Input-output errors: 51
Scanned processes: 42
Infected processes: 0
Scanned registry keys: 1189
Infected registry keys: 0
Scanned cookies: 49
Infected cookies: 0
Par contre Backdoor.Generic.179684 se trouve toujours en quarantaine de BitDefender
Product: BitDefender Total Security 2010
Version: BitDefender Antivirus Scanner
Scanning task: System Scan
Log date: 2010-03-13 15:50:14
Log path: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\full_scan\1268513414_1_00.xml
Scan paths:
Path 0000: C:\
Path 0001: D:\
Scan Level:
Scan for viruses: Yes
Scan for adware: Yes
Scan for spyware: Yes
Scan for applications: Yes
Scan for dialers: Yes
Scan for rootkits: No
Scan for keyloggers: Yes
Virus Scanning Options:
Scan registry keys: Yes
Scan cookies: Yes
Scan boot sectors: Yes
Scan memory processes: Yes
Scan archives: No
Scan runtime packers: Yes
Scan e-mails: Yes
Scan all files: Yes
Heuristic Scan: Yes
Scanned extensions: not configured
Excluded extensions: not configured
Target Processing:
Default first action for infected objects: Disinfect
Default second action for infected objects: None
Default first action for suspect objects : None
Default second action for suspicious objects: None
Default action for hidden objects: None
Default first action for encrypted infected objects: Disinfect
Default second action for encrypted infected objects: None
Default first action for encrypted suspicious objects: None
Default second action for encrypted suspicious objects: None
Default action for password-protected objects: Log only
Scan Engines Summary
Virus signatures: 5445124
Archive plugins: 44
E-mail plugins: 6
Scan plugins: 13
System plugins: 5
Unpack plugins: 8
Basic
Scanned items: 119791
Infected items: 0 (no infected items have been detected)
Suspect items: 0 (no suspected items have been detected)
Hidden items: 0 (the scan options do not include scanning for rootkits)
Resolved items: 0 (no threats have been detected during this scan)
Unresolved items: 0 (no issues remained unresolved)
Advanced
Scan time: 00:43:34
Files per second: 45
Skipped items: 146376
Password-protected items: 0
Over-compressed items: 0
Individual viruses found: 0
Scanned folders: 8000
Scanned boot sectors: 3
Scanned archives: 74
Input-output errors: 51
Scanned processes: 42
Infected processes: 0
Scanned registry keys: 1189
Infected registry keys: 0
Scanned cookies: 49
Infected cookies: 0
Voici le log de BitDefender
Backdoor.Generic.179684 est toujours en quarantaine
Product: BitDefender Total Security 2010
Version: BitDefender Antivirus Scanner
Scanning task: System Scan
Log date: 2010-03-13 15:50:14
Log path: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\full_scan\1268513414_1_00.xml
Scan paths:
Path 0000: C:\
Path 0001: D:\
Scan Level:
Scan for viruses: Yes
Scan for adware: Yes
Scan for spyware: Yes
Scan for applications: Yes
Scan for dialers: Yes
Scan for rootkits: No
Scan for keyloggers: Yes
Virus Scanning Options:
Scan registry keys: Yes
Scan cookies: Yes
Scan boot sectors: Yes
Scan memory processes: Yes
Scan archives: No
Scan runtime packers: Yes
Scan e-mails: Yes
Scan all files: Yes
Heuristic Scan: Yes
Scanned extensions: not configured
Excluded extensions: not configured
Target Processing:
Default first action for infected objects: Disinfect
Default second action for infected objects: None
Default first action for suspect objects : None
Default second action for suspicious objects: None
Default action for hidden objects: None
Default first action for encrypted infected objects: Disinfect
Default second action for encrypted infected objects: None
Default first action for encrypted suspicious objects: None
Default second action for encrypted suspicious objects: None
Default action for password-protected objects: Log only
Scan Engines Summary
Virus signatures: 5445124
Archive plugins: 44
E-mail plugins: 6
Scan plugins: 13
System plugins: 5
Unpack plugins: 8
Basic
Scanned items: 119791
Infected items: 0 (no infected items have been detected)
Suspect items: 0 (no suspected items have been detected)
Hidden items: 0 (the scan options do not include scanning for rootkits)
Resolved items: 0 (no threats have been detected during this scan)
Unresolved items: 0 (no issues remained unresolved)
Advanced
Scan time: 00:43:34
Files per second: 45
Skipped items: 146376
Password-protected items: 0
Over-compressed items: 0
Individual viruses found: 0
Scanned folders: 8000
Scanned boot sectors: 3
Scanned archives: 74
Input-output errors: 51
Scanned processes: 42
Infected processes: 0
Scanned registry keys: 1189
Infected registry keys: 0
Scanned cookies: 49
Infected cookies: 0
Backdoor.Generic.179684 est toujours en quarantaine
Product: BitDefender Total Security 2010
Version: BitDefender Antivirus Scanner
Scanning task: System Scan
Log date: 2010-03-13 15:50:14
Log path: C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\full_scan\1268513414_1_00.xml
Scan paths:
Path 0000: C:\
Path 0001: D:\
Scan Level:
Scan for viruses: Yes
Scan for adware: Yes
Scan for spyware: Yes
Scan for applications: Yes
Scan for dialers: Yes
Scan for rootkits: No
Scan for keyloggers: Yes
Virus Scanning Options:
Scan registry keys: Yes
Scan cookies: Yes
Scan boot sectors: Yes
Scan memory processes: Yes
Scan archives: No
Scan runtime packers: Yes
Scan e-mails: Yes
Scan all files: Yes
Heuristic Scan: Yes
Scanned extensions: not configured
Excluded extensions: not configured
Target Processing:
Default first action for infected objects: Disinfect
Default second action for infected objects: None
Default first action for suspect objects : None
Default second action for suspicious objects: None
Default action for hidden objects: None
Default first action for encrypted infected objects: Disinfect
Default second action for encrypted infected objects: None
Default first action for encrypted suspicious objects: None
Default second action for encrypted suspicious objects: None
Default action for password-protected objects: Log only
Scan Engines Summary
Virus signatures: 5445124
Archive plugins: 44
E-mail plugins: 6
Scan plugins: 13
System plugins: 5
Unpack plugins: 8
Basic
Scanned items: 119791
Infected items: 0 (no infected items have been detected)
Suspect items: 0 (no suspected items have been detected)
Hidden items: 0 (the scan options do not include scanning for rootkits)
Resolved items: 0 (no threats have been detected during this scan)
Unresolved items: 0 (no issues remained unresolved)
Advanced
Scan time: 00:43:34
Files per second: 45
Skipped items: 146376
Password-protected items: 0
Over-compressed items: 0
Individual viruses found: 0
Scanned folders: 8000
Scanned boot sectors: 3
Scanned archives: 74
Input-output errors: 51
Scanned processes: 42
Infected processes: 0
Scanned registry keys: 1189
Infected registry keys: 0
Scanned cookies: 49
Infected cookies: 0
Utilisateur anonyme
14 mars 2010 à 01:04
14 mars 2010 à 01:04
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
a+
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
a+
ComboFix 10-03-13.01 - HP_Administrateur 2010-03-13 19:41:14.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.1982.1180 [GMT -5:00]
Lancé depuis: c:\documents and settings\HP_Administrateur\Bureau\DL\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\patchw.dll
c:\windows\system32\13568921.dll
c:\windows\system32\5734064.dll
c:\windows\system32\service
c:\windows\system32\service\02122009_TIS17_SfFniAU.log
c:\windows\system32\service\30112009_TIS17_SfFniAU.log
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-14 au 2010-03-14 ))))))))))))))))))))))))))))))))))))
.
2010-03-14 00:38 . 2010-03-14 00:38 -------- d-----w- c:\windows\LastGood
2010-03-13 19:59 . 2010-03-13 19:59 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Malwarebytes
2010-03-13 19:59 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-13 19:59 . 2010-03-13 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-13 19:59 . 2010-03-13 19:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-13 19:59 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-13 19:33 . 2010-03-13 19:33 -------- d-----w- C:\_OTM
2010-03-12 22:12 . 2010-03-12 22:12 -------- d-----w- C:\rsit
2010-03-12 01:12 . 2010-03-12 01:12 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-03-12 00:05 . 2010-03-14 00:38 -------- d-----w- c:\documents and settings\Administrateur\Application Data\BitDefender
2010-03-12 00:04 . 2010-03-12 00:04 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2010-03-10 22:42 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-01 06:28 . 2010-03-01 06:28 -------- d-----w- c:\windows\Sun
2010-02-28 07:22 . 2010-02-28 07:29 -------- d-----w- c:\program files\eMule
2010-02-28 00:02 . 2010-02-28 00:02 -------- d-----w- c:\program files\Fichiers communs\DirectX
2010-02-27 23:17 . 2010-01-13 21:48 230752 ----a-w- c:\windows\patchw32.dll
2010-02-27 23:10 . 2010-02-27 23:10 -------- d-----w- c:\program files\Outspark
2010-02-27 19:23 . 2010-02-27 19:23 -------- d-----w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Blizzard Entertainment
2010-02-27 19:17 . 2010-03-10 12:48 -------- d-----w- c:\program files\Fichiers communs\Blizzard Entertainment
2010-02-27 01:58 . 2010-02-27 01:58 -------- d-----w- c:\program files\Common Files
2010-02-27 01:57 . 2005-01-04 18:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2010-02-27 01:28 . 2010-02-27 01:28 -------- d-----w- c:\program files\Gpotato
2010-02-26 01:31 . 2010-02-26 01:31 239417 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\Sony Online Entertainment\npsoeact.dll
2010-02-26 01:31 . 2010-02-26 01:34 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Sony Online Entertainment
2010-02-26 01:31 . 2010-02-26 01:31 -------- d-----w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\SCE
2010-02-26 01:31 . 2010-02-26 01:31 -------- d-----w- c:\program files\Sony Online Entertainment
2010-02-25 21:23 . 2010-02-25 21:23 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Electronic Arts
2010-02-25 03:23 . 2010-02-25 03:23 -------- d-----w- c:\program files\Electronic Arts
2010-02-25 03:23 . 2010-02-25 03:23 -------- d-----w- c:\windows\Logs
2010-02-21 22:36 . 2010-02-22 04:41 -------- d-----w- c:\program files\Quintessential Media Player
2010-02-21 01:54 . 2010-02-21 01:54 -------- d-sh--w- c:\documents and settings\HP_Administrateur\PrivacIE
2010-02-20 06:26 . 2010-02-20 06:26 -------- d-----w- c:\program files\Gravity
2010-02-18 23:07 . 2010-02-18 23:07 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-18 23:06 . 2010-02-18 23:06 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Windows Search
2010-02-18 23:03 . 2010-02-18 23:03 -------- d-sh--w- c:\documents and settings\HP_Administrateur\IETldCache
2010-02-18 22:14 . 2009-12-11 08:38 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-02-18 22:13 . 2010-02-24 21:20 -------- d-----w- c:\windows\ie8updates
2010-02-18 22:13 . 2009-12-21 19:07 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-02-18 22:13 . 2009-12-21 19:06 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-18 22:11 . 2010-02-18 22:13 -------- dc-h--w- c:\windows\ie8
2010-02-18 22:03 . 2010-02-18 22:03 -------- d-----w- c:\windows\system32\XPSViewer
2010-02-18 21:58 . 2010-02-18 21:58 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Windows Desktop Search
2010-02-18 21:58 . 2010-02-19 08:23 -------- d-----w- c:\program files\Windows Desktop Search
2010-02-18 21:58 . 2010-02-18 21:58 -------- d-----w- c:\windows\system32\GroupPolicy
2010-02-18 21:57 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2010-02-18 21:57 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2010-02-18 21:57 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2010-02-18 21:56 . 2010-02-18 21:56 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-18 21:54 . 2010-02-18 21:55 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-02-17 23:28 . 2008-04-14 02:33 82432 ---h-tw- c:\windows\system32\1f74f050.dll
2010-02-14 21:04 . 2008-04-14 02:33 82432 ---h-tw- c:\windows\system32\3f9dd84.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 00:39 . 2010-01-13 20:36 -------- d-----w- c:\program files\BitDefender
2010-03-14 00:39 . 2010-01-13 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-03-14 00:39 . 2010-01-13 20:25 -------- d-----w- c:\program files\Fichiers communs\BitDefender
2010-03-13 18:00 . 2009-12-05 18:48 1 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-12 00:14 . 2005-10-19 00:47 94482 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-12 00:14 . 2005-10-19 00:47 534708 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-10 12:49 . 2009-11-29 22:04 -------- d-----w- c:\program files\Pando Networks
2010-03-10 11:34 . 2009-11-30 05:18 -------- d-----w- c:\program files\BitComet
2010-02-27 23:10 . 2007-06-27 19:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-19 15:11 . 2009-11-30 05:38 57464 ----a-w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-18 22:03 . 2010-02-18 22:03 -------- d-----w- c:\program files\MSBuild
2010-02-18 22:03 . 2010-02-18 22:03 -------- d-----w- c:\program files\Reference Assemblies
2010-02-08 06:49 . 2005-10-19 00:40 92667 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-06 16:24 . 2010-01-13 21:57 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2010-01-13 20:49 . 2010-01-13 20:49 0 ----a-w- c:\windows\system32\wsbl.dat
2010-01-13 20:49 . 2010-01-13 20:49 0 ----a-w- c:\windows\system32\ph_white.dat
2010-01-13 20:49 . 2010-01-13 20:49 0 ----a-w- c:\windows\system32\ph_summ.dat
2010-01-13 20:49 . 2010-01-13 20:49 0 ----a-w- c:\windows\system32\ph_black.dat
2010-01-13 20:49 . 2010-01-13 20:49 0 ----a-w- c:\windows\system32\pcwords2.dat
2010-01-13 20:49 . 2010-01-13 20:49 0 ----a-w- c:\windows\system32\pcwords.dat
2010-01-13 20:30 . 2009-11-30 20:51 -------- d-----w- c:\program files\Trend Micro
2009-12-31 16:50 . 2004-08-10 18:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:07 . 2004-08-10 18:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:41 . 2004-08-10 18:00 347648 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:09 . 2004-08-10 18:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"ftutil2"="ftutil2.dll" [2004-06-08 106496]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-05 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-12-20 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Mises … jour de HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2007-6-27 36903]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-12-01 21:58 135664 ----atw- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-06-27 19:33 180269 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21788:TCP"= 21788:TCP:BitComet 21788 TCP
"21788:UDP"= 21788:UDP:BitComet 21788 UDP
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]
S3 XDva300;XDva300;\??\c:\windows\system32\XDva300.sys --> c:\windows\system32\XDva300.sys [?]
S3 XDva310;XDva310;\??\c:\windows\system32\XDva310.sys --> c:\windows\system32\XDva310.sys [?]
S3 XDva337;XDva337;\??\c:\windows\system32\XDva337.sys --> c:\windows\system32\XDva337.sys [?]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - 34272BA8
*NewlyCreated* - C3FBE080
*Deregistered* - 34272ba8
*Deregistered* - c3fbe080
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenu du dossier 'Tâches planifiées'
2010-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4111794797-3899229693-2488109045-1008Core.job
- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-01 21:58]
2010-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4111794797-3899229693-2488109045-1008UA.job
- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-01 21:58]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_CA&c=63&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_CA&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_CA&c=63&bd=PAVILION&pf=desktop
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
FF - ProfilePath - c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\kavy3if2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.onemanga.com/
FF - component: c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\kavy3if2.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\kavy3if2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-PCDrProfiler - c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe
**************************************************************************
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Heure de fin: 2010-03-13 19:45:47
ComboFix-quarantined-files.txt 2010-03-14 00:45
Avant-CF: 258 404 671 488 octets libres
Après-CF: 258 362 912 768 octets libres
- - End Of File - - 127ABC7E721334E224C19B9E8FE3A7D9
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.1982.1180 [GMT -5:00]
Lancé depuis: c:\documents and settings\HP_Administrateur\Bureau\DL\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\patchw.dll
c:\windows\system32\13568921.dll
c:\windows\system32\5734064.dll
c:\windows\system32\service
c:\windows\system32\service\02122009_TIS17_SfFniAU.log
c:\windows\system32\service\30112009_TIS17_SfFniAU.log
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-14 au 2010-03-14 ))))))))))))))))))))))))))))))))))))
.
2010-03-14 00:38 . 2010-03-14 00:38 -------- d-----w- c:\windows\LastGood
2010-03-13 19:59 . 2010-03-13 19:59 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Malwarebytes
2010-03-13 19:59 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-13 19:59 . 2010-03-13 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-13 19:59 . 2010-03-13 19:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-13 19:59 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-13 19:33 . 2010-03-13 19:33 -------- d-----w- C:\_OTM
2010-03-12 22:12 . 2010-03-12 22:12 -------- d-----w- C:\rsit
2010-03-12 01:12 . 2010-03-12 01:12 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-03-12 00:05 . 2010-03-14 00:38 -------- d-----w- c:\documents and settings\Administrateur\Application Data\BitDefender
2010-03-12 00:04 . 2010-03-12 00:04 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2010-03-10 22:42 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-01 06:28 . 2010-03-01 06:28 -------- d-----w- c:\windows\Sun
2010-02-28 07:22 . 2010-02-28 07:29 -------- d-----w- c:\program files\eMule
2010-02-28 00:02 . 2010-02-28 00:02 -------- d-----w- c:\program files\Fichiers communs\DirectX
2010-02-27 23:17 . 2010-01-13 21:48 230752 ----a-w- c:\windows\patchw32.dll
2010-02-27 23:10 . 2010-02-27 23:10 -------- d-----w- c:\program files\Outspark
2010-02-27 19:23 . 2010-02-27 19:23 -------- d-----w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Blizzard Entertainment
2010-02-27 19:17 . 2010-03-10 12:48 -------- d-----w- c:\program files\Fichiers communs\Blizzard Entertainment
2010-02-27 01:58 . 2010-02-27 01:58 -------- d-----w- c:\program files\Common Files
2010-02-27 01:57 . 2005-01-04 18:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2010-02-27 01:28 . 2010-02-27 01:28 -------- d-----w- c:\program files\Gpotato
2010-02-26 01:31 . 2010-02-26 01:31 239417 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\Sony Online Entertainment\npsoeact.dll
2010-02-26 01:31 . 2010-02-26 01:34 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Sony Online Entertainment
2010-02-26 01:31 . 2010-02-26 01:31 -------- d-----w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\SCE
2010-02-26 01:31 . 2010-02-26 01:31 -------- d-----w- c:\program files\Sony Online Entertainment
2010-02-25 21:23 . 2010-02-25 21:23 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Electronic Arts
2010-02-25 03:23 . 2010-02-25 03:23 -------- d-----w- c:\program files\Electronic Arts
2010-02-25 03:23 . 2010-02-25 03:23 -------- d-----w- c:\windows\Logs
2010-02-21 22:36 . 2010-02-22 04:41 -------- d-----w- c:\program files\Quintessential Media Player
2010-02-21 01:54 . 2010-02-21 01:54 -------- d-sh--w- c:\documents and settings\HP_Administrateur\PrivacIE
2010-02-20 06:26 . 2010-02-20 06:26 -------- d-----w- c:\program files\Gravity
2010-02-18 23:07 . 2010-02-18 23:07 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-18 23:06 . 2010-02-18 23:06 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Windows Search
2010-02-18 23:03 . 2010-02-18 23:03 -------- d-sh--w- c:\documents and settings\HP_Administrateur\IETldCache
2010-02-18 22:14 . 2009-12-11 08:38 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-02-18 22:13 . 2010-02-24 21:20 -------- d-----w- c:\windows\ie8updates
2010-02-18 22:13 . 2009-12-21 19:07 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-02-18 22:13 . 2009-12-21 19:06 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-18 22:11 . 2010-02-18 22:13 -------- dc-h--w- c:\windows\ie8
2010-02-18 22:03 . 2010-02-18 22:03 -------- d-----w- c:\windows\system32\XPSViewer
2010-02-18 21:58 . 2010-02-18 21:58 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Windows Desktop Search
2010-02-18 21:58 . 2010-02-19 08:23 -------- d-----w- c:\program files\Windows Desktop Search
2010-02-18 21:58 . 2010-02-18 21:58 -------- d-----w- c:\windows\system32\GroupPolicy
2010-02-18 21:57 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2010-02-18 21:57 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2010-02-18 21:57 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2010-02-18 21:56 . 2010-02-18 21:56 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-18 21:54 . 2010-02-18 21:55 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-02-17 23:28 . 2008-04-14 02:33 82432 ---h-tw- c:\windows\system32\1f74f050.dll
2010-02-14 21:04 . 2008-04-14 02:33 82432 ---h-tw- c:\windows\system32\3f9dd84.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 00:39 . 2010-01-13 20:36 -------- d-----w- c:\program files\BitDefender
2010-03-14 00:39 . 2010-01-13 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-03-14 00:39 . 2010-01-13 20:25 -------- d-----w- c:\program files\Fichiers communs\BitDefender
2010-03-13 18:00 . 2009-12-05 18:48 1 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-12 00:14 . 2005-10-19 00:47 94482 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-12 00:14 . 2005-10-19 00:47 534708 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-10 12:49 . 2009-11-29 22:04 -------- d-----w- c:\program files\Pando Networks
2010-03-10 11:34 . 2009-11-30 05:18 -------- d-----w- c:\program files\BitComet
2010-02-27 23:10 . 2007-06-27 19:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-19 15:11 . 2009-11-30 05:38 57464 ----a-w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-18 22:03 . 2010-02-18 22:03 -------- d-----w- c:\program files\MSBuild
2010-02-18 22:03 . 2010-02-18 22:03 -------- d-----w- c:\program files\Reference Assemblies
2010-02-08 06:49 . 2005-10-19 00:40 92667 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-06 16:24 . 2010-01-13 21:57 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2010-01-13 20:49 . 2010-01-13 20:49 0 ----a-w- c:\windows\system32\wsbl.dat
2010-01-13 20:49 . 2010-01-13 20:49 0 ----a-w- c:\windows\system32\ph_white.dat
2010-01-13 20:49 . 2010-01-13 20:49 0 ----a-w- c:\windows\system32\ph_summ.dat
2010-01-13 20:49 . 2010-01-13 20:49 0 ----a-w- c:\windows\system32\ph_black.dat
2010-01-13 20:49 . 2010-01-13 20:49 0 ----a-w- c:\windows\system32\pcwords2.dat
2010-01-13 20:49 . 2010-01-13 20:49 0 ----a-w- c:\windows\system32\pcwords.dat
2010-01-13 20:30 . 2009-11-30 20:51 -------- d-----w- c:\program files\Trend Micro
2009-12-31 16:50 . 2004-08-10 18:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:07 . 2004-08-10 18:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:41 . 2004-08-10 18:00 347648 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:09 . 2004-08-10 18:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"ftutil2"="ftutil2.dll" [2004-06-08 106496]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-05 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-12-20 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Mises … jour de HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2007-6-27 36903]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-12-01 21:58 135664 ----atw- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-06-27 19:33 180269 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21788:TCP"= 21788:TCP:BitComet 21788 TCP
"21788:UDP"= 21788:UDP:BitComet 21788 UDP
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]
S3 XDva300;XDva300;\??\c:\windows\system32\XDva300.sys --> c:\windows\system32\XDva300.sys [?]
S3 XDva310;XDva310;\??\c:\windows\system32\XDva310.sys --> c:\windows\system32\XDva310.sys [?]
S3 XDva337;XDva337;\??\c:\windows\system32\XDva337.sys --> c:\windows\system32\XDva337.sys [?]
--- Autres Services/Pilotes en mémoire ---
*NewlyCreated* - 34272BA8
*NewlyCreated* - C3FBE080
*Deregistered* - 34272ba8
*Deregistered* - c3fbe080
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenu du dossier 'Tâches planifiées'
2010-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4111794797-3899229693-2488109045-1008Core.job
- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-01 21:58]
2010-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4111794797-3899229693-2488109045-1008UA.job
- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-01 21:58]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_CA&c=63&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_CA&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_CA&c=63&bd=PAVILION&pf=desktop
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
FF - ProfilePath - c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\kavy3if2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.onemanga.com/
FF - component: c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\kavy3if2.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\kavy3if2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-PCDrProfiler - c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe
**************************************************************************
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés:
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
Heure de fin: 2010-03-13 19:45:47
ComboFix-quarantined-files.txt 2010-03-14 00:45
Avant-CF: 258 404 671 488 octets libres
Après-CF: 258 362 912 768 octets libres
- - End Of File - - 127ABC7E721334E224C19B9E8FE3A7D9
Utilisateur anonyme
14 mars 2010 à 11:25
14 mars 2010 à 11:25
> Avec Combofix :
Toujours avec toutes les protections désactivées, fais ceci :
• Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
• Copie/colle dans le bloc-notes ce qui est en gras ci dessous :
KillAll::
Reg::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
Services::
npggsvc
- Enregistre ce fichier sous le nom CFScript (Type du fichier : tous les fichiers)
- Ferme tous tes navigateurs web (donc copie ou imprime les instructions suivantes avant si besoin est).
- Désactive ton antivirus et tes autres protections résidentes (ex : Spybot) si tu en as (c'est important).
- Fait un glisser/déposer de ce fichier CFScript sur le programme ComboFix.exe comme sur cette image :
http://img517.imageshack.us/img517/8662/cfscript10uc2.gif
(Explications du glisser/coller : Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relâche alors le bouton de la souris).
- Combofix va démarrer puis une fenêtre bleue va apparaître. Au message qui s'affiche (Type 1 to continue, or 2 to abort) : tape 1 puis valide.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal !
- Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter !
- Une fois le scan achevé, un rapport va s'afficher: poste le stp.
PS : Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt
a+
Toujours avec toutes les protections désactivées, fais ceci :
• Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
• Copie/colle dans le bloc-notes ce qui est en gras ci dessous :
KillAll::
Reg::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
Services::
npggsvc
- Enregistre ce fichier sous le nom CFScript (Type du fichier : tous les fichiers)
- Ferme tous tes navigateurs web (donc copie ou imprime les instructions suivantes avant si besoin est).
- Désactive ton antivirus et tes autres protections résidentes (ex : Spybot) si tu en as (c'est important).
- Fait un glisser/déposer de ce fichier CFScript sur le programme ComboFix.exe comme sur cette image :
http://img517.imageshack.us/img517/8662/cfscript10uc2.gif
(Explications du glisser/coller : Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relâche alors le bouton de la souris).
- Combofix va démarrer puis une fenêtre bleue va apparaître. Au message qui s'affiche (Type 1 to continue, or 2 to abort) : tape 1 puis valide.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal !
- Ne touche à rien tant que le scan n'est pas terminé sinon le PC peut planter !
- Une fois le scan achevé, un rapport va s'afficher: poste le stp.
PS : Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt
a+
ComboFix 10-03-13.01 - HP_Administrateur 2010-03-14 10:32:53.2.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.1982.1551 [GMT -4:00]
Lancé depuis: c:\documents and settings\HP_Administrateur\Bureau\DL\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\HP_Administrateur\Bureau\CFScript.txt
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-14 au 2010-03-14 ))))))))))))))))))))))))))))))))))))
.
2010-03-13 19:59 . 2010-03-13 19:59 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Malwarebytes
2010-03-13 19:59 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-13 19:59 . 2010-03-13 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-13 19:59 . 2010-03-13 19:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-13 19:59 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-13 19:33 . 2010-03-13 19:33 -------- d-----w- C:\_OTM
2010-03-12 22:12 . 2010-03-12 22:12 -------- d-----w- C:\rsit
2010-03-12 01:12 . 2010-03-12 01:12 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-03-12 00:05 . 2010-03-14 00:38 -------- d-----w- c:\documents and settings\Administrateur\Application Data\BitDefender
2010-03-12 00:04 . 2010-03-12 00:04 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2010-03-10 22:42 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-01 06:28 . 2010-03-01 06:28 -------- d-----w- c:\windows\Sun
2010-02-28 07:22 . 2010-02-28 07:29 -------- d-----w- c:\program files\eMule
2010-02-28 00:02 . 2010-02-28 00:02 -------- d-----w- c:\program files\Fichiers communs\DirectX
2010-02-27 23:17 . 2010-01-13 21:48 230752 ----a-w- c:\windows\patchw32.dll
2010-02-27 23:10 . 2010-02-27 23:10 -------- d-----w- c:\program files\Outspark
2010-02-27 19:23 . 2010-02-27 19:23 -------- d-----w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Blizzard Entertainment
2010-02-27 19:17 . 2010-03-10 12:48 -------- d-----w- c:\program files\Fichiers communs\Blizzard Entertainment
2010-02-27 01:58 . 2010-02-27 01:58 -------- d-----w- c:\program files\Common Files
2010-02-27 01:57 . 2005-01-04 18:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2010-02-27 01:28 . 2010-02-27 01:28 -------- d-----w- c:\program files\Gpotato
2010-02-26 01:31 . 2010-02-26 01:31 239417 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\Sony Online Entertainment\npsoeact.dll
2010-02-26 01:31 . 2010-02-26 01:34 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Sony Online Entertainment
2010-02-26 01:31 . 2010-02-26 01:31 -------- d-----w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\SCE
2010-02-26 01:31 . 2010-02-26 01:31 -------- d-----w- c:\program files\Sony Online Entertainment
2010-02-25 21:23 . 2010-02-25 21:23 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Electronic Arts
2010-02-25 03:23 . 2010-02-25 03:23 -------- d-----w- c:\program files\Electronic Arts
2010-02-25 03:23 . 2010-02-25 03:23 -------- d-----w- c:\windows\Logs
2010-02-21 22:36 . 2010-02-22 04:41 -------- d-----w- c:\program files\Quintessential Media Player
2010-02-21 01:54 . 2010-02-21 01:54 -------- d-sh--w- c:\documents and settings\HP_Administrateur\PrivacIE
2010-02-20 06:26 . 2010-02-20 06:26 -------- d-----w- c:\program files\Gravity
2010-02-18 23:07 . 2010-02-18 23:07 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-18 23:06 . 2010-02-18 23:06 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Windows Search
2010-02-18 23:03 . 2010-02-18 23:03 -------- d-sh--w- c:\documents and settings\HP_Administrateur\IETldCache
2010-02-18 22:14 . 2009-12-11 08:38 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-02-18 22:13 . 2010-02-24 21:20 -------- d-----w- c:\windows\ie8updates
2010-02-18 22:13 . 2009-12-21 19:07 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-02-18 22:13 . 2009-12-21 19:06 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-18 22:11 . 2010-02-18 22:13 -------- dc-h--w- c:\windows\ie8
2010-02-18 22:03 . 2010-02-18 22:03 -------- d-----w- c:\windows\system32\XPSViewer
2010-02-18 21:58 . 2010-02-18 21:58 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Windows Desktop Search
2010-02-18 21:58 . 2010-02-19 08:23 -------- d-----w- c:\program files\Windows Desktop Search
2010-02-18 21:58 . 2010-02-18 21:58 -------- d-----w- c:\windows\system32\GroupPolicy
2010-02-18 21:57 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2010-02-18 21:57 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2010-02-18 21:57 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2010-02-18 21:56 . 2010-02-18 21:56 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-18 21:54 . 2010-02-18 21:55 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-02-17 23:28 . 2008-04-14 02:33 82432 ---h-tw- c:\windows\system32\1f74f050.dll
2010-02-14 21:04 . 2008-04-14 02:33 82432 ---h-tw- c:\windows\system32\3f9dd84.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 14:34 . 2005-10-19 00:47 94482 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-14 14:34 . 2005-10-19 00:47 534708 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-14 14:27 . 2010-01-13 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-03-14 14:27 . 2010-01-13 20:25 -------- d-----w- c:\program files\Fichiers communs\BitDefender
2010-03-14 01:21 . 2010-01-13 21:57 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2010-03-14 00:55 . 2010-01-13 20:36 -------- d-----w- c:\program files\BitDefender
2010-03-13 18:00 . 2009-12-05 18:48 1 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-10 12:49 . 2009-11-29 22:04 -------- d-----w- c:\program files\Pando Networks
2010-03-10 11:34 . 2009-11-30 05:18 -------- d-----w- c:\program files\BitComet
2010-02-27 23:10 . 2007-06-27 19:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-19 15:11 . 2009-11-30 05:38 57464 ----a-w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-18 22:03 . 2010-02-18 22:03 -------- d-----w- c:\program files\MSBuild
2010-02-18 22:03 . 2010-02-18 22:03 -------- d-----w- c:\program files\Reference Assemblies
2010-02-08 06:49 . 2005-10-19 00:40 92667 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-13 20:49 . 2010-01-13 20:49 0 ----a-w- c:\windows\system32\wsbl.dat
2010-01-13 20:49 . 2010-01-13 20:49 0 ----a-w- c:\windows\system32\ph_white.dat
2010-01-13 20:49 . 2010-01-13 20:49 0 ----a-w- c:\windows\system32\ph_summ.dat
2010-01-13 20:49 . 2010-01-13 20:49 0 ----a-w- c:\windows\system32\ph_black.dat
2010-01-13 20:49 . 2010-01-13 20:49 0 ----a-w- c:\windows\system32\pcwords2.dat
2010-01-13 20:49 . 2010-01-13 20:49 0 ----a-w- c:\windows\system32\pcwords.dat
2010-01-13 20:30 . 2009-11-30 20:51 -------- d-----w- c:\program files\Trend Micro
2009-12-31 16:50 . 2004-08-10 18:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:07 . 2004-08-10 18:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:41 . 2004-08-10 18:00 347648 ----a-w- c:\windows\system32\mspaint.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"ftutil2"="ftutil2.dll" [2004-06-08 106496]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-05 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-12-20 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Mises … jour de HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2007-6-27 36903]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-12-01 21:58 135664 ----atw- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-06-27 19:33 180269 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21788:TCP"= 21788:TCP:BitComet 21788 TCP
"21788:UDP"= 21788:UDP:BitComet 21788 UDP
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]
S3 XDva300;XDva300;\??\c:\windows\system32\XDva300.sys --> c:\windows\system32\XDva300.sys [?]
S3 XDva310;XDva310;\??\c:\windows\system32\XDva310.sys --> c:\windows\system32\XDva310.sys [?]
S3 XDva337;XDva337;\??\c:\windows\system32\XDva337.sys --> c:\windows\system32\XDva337.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenu du dossier 'Tâches planifiées'
2010-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4111794797-3899229693-2488109045-1008Core.job
- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-01 21:58]
2010-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4111794797-3899229693-2488109045-1008UA.job
- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-01 21:58]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_CA&c=63&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_CA&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_CA&c=63&bd=PAVILION&pf=desktop
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
FF - ProfilePath - c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\kavy3if2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.onemanga.com/
FF - plugin: c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\kavy3if2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 10:39
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(2444)
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\fr-fr\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Heure de fin: 2010-03-14 10:42:44 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-03-14 14:42
ComboFix2.txt 2010-03-14 00:45
Avant-CF: 257 782 075 392 octets libres
Après-CF: 257 880 526 848 octets libres
- - End Of File - - 710036AE12414CF05621BC92D5F90B99
Microsoft Windows XP Professionnel 5.1.2600.3.1252.2.1036.18.1982.1551 [GMT -4:00]
Lancé depuis: c:\documents and settings\HP_Administrateur\Bureau\DL\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\HP_Administrateur\Bureau\CFScript.txt
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-02-14 au 2010-03-14 ))))))))))))))))))))))))))))))))))))
.
2010-03-13 19:59 . 2010-03-13 19:59 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Malwarebytes
2010-03-13 19:59 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-13 19:59 . 2010-03-13 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-13 19:59 . 2010-03-13 19:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-13 19:59 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-13 19:33 . 2010-03-13 19:33 -------- d-----w- C:\_OTM
2010-03-12 22:12 . 2010-03-12 22:12 -------- d-----w- C:\rsit
2010-03-12 01:12 . 2010-03-12 01:12 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-03-12 00:05 . 2010-03-14 00:38 -------- d-----w- c:\documents and settings\Administrateur\Application Data\BitDefender
2010-03-12 00:04 . 2010-03-12 00:04 -------- d-sh--w- c:\documents and settings\Administrateur\IETldCache
2010-03-10 22:42 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-01 06:28 . 2010-03-01 06:28 -------- d-----w- c:\windows\Sun
2010-02-28 07:22 . 2010-02-28 07:29 -------- d-----w- c:\program files\eMule
2010-02-28 00:02 . 2010-02-28 00:02 -------- d-----w- c:\program files\Fichiers communs\DirectX
2010-02-27 23:17 . 2010-01-13 21:48 230752 ----a-w- c:\windows\patchw32.dll
2010-02-27 23:10 . 2010-02-27 23:10 -------- d-----w- c:\program files\Outspark
2010-02-27 19:23 . 2010-02-27 19:23 -------- d-----w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Blizzard Entertainment
2010-02-27 19:17 . 2010-03-10 12:48 -------- d-----w- c:\program files\Fichiers communs\Blizzard Entertainment
2010-02-27 01:58 . 2010-02-27 01:58 -------- d-----w- c:\program files\Common Files
2010-02-27 01:57 . 2005-01-04 18:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
2010-02-27 01:28 . 2010-02-27 01:28 -------- d-----w- c:\program files\Gpotato
2010-02-26 01:31 . 2010-02-26 01:31 239417 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\Sony Online Entertainment\npsoeact.dll
2010-02-26 01:31 . 2010-02-26 01:34 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Sony Online Entertainment
2010-02-26 01:31 . 2010-02-26 01:31 -------- d-----w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\SCE
2010-02-26 01:31 . 2010-02-26 01:31 -------- d-----w- c:\program files\Sony Online Entertainment
2010-02-25 21:23 . 2010-02-25 21:23 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Electronic Arts
2010-02-25 03:23 . 2010-02-25 03:23 -------- d-----w- c:\program files\Electronic Arts
2010-02-25 03:23 . 2010-02-25 03:23 -------- d-----w- c:\windows\Logs
2010-02-21 22:36 . 2010-02-22 04:41 -------- d-----w- c:\program files\Quintessential Media Player
2010-02-21 01:54 . 2010-02-21 01:54 -------- d-sh--w- c:\documents and settings\HP_Administrateur\PrivacIE
2010-02-20 06:26 . 2010-02-20 06:26 -------- d-----w- c:\program files\Gravity
2010-02-18 23:07 . 2010-02-18 23:07 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-02-18 23:06 . 2010-02-18 23:06 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Windows Search
2010-02-18 23:03 . 2010-02-18 23:03 -------- d-sh--w- c:\documents and settings\HP_Administrateur\IETldCache
2010-02-18 22:14 . 2009-12-11 08:38 69120 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-02-18 22:13 . 2010-02-24 21:20 -------- d-----w- c:\windows\ie8updates
2010-02-18 22:13 . 2009-12-21 19:07 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-02-18 22:13 . 2009-12-21 19:06 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-18 22:11 . 2010-02-18 22:13 -------- dc-h--w- c:\windows\ie8
2010-02-18 22:03 . 2010-02-18 22:03 -------- d-----w- c:\windows\system32\XPSViewer
2010-02-18 21:58 . 2010-02-18 21:58 -------- d-----w- c:\documents and settings\HP_Administrateur\Application Data\Windows Desktop Search
2010-02-18 21:58 . 2010-02-19 08:23 -------- d-----w- c:\program files\Windows Desktop Search
2010-02-18 21:58 . 2010-02-18 21:58 -------- d-----w- c:\windows\system32\GroupPolicy
2010-02-18 21:57 . 2008-03-07 17:02 98304 ------w- c:\windows\system32\dllcache\nlhtml.dll
2010-02-18 21:57 . 2008-03-07 17:02 29696 ------w- c:\windows\system32\dllcache\mimefilt.dll
2010-02-18 21:57 . 2008-03-07 17:02 192000 ------w- c:\windows\system32\dllcache\offfilt.dll
2010-02-18 21:56 . 2010-02-18 21:56 -------- d-----w- c:\program files\Windows Media Connect 2
2010-02-18 21:54 . 2010-02-18 21:55 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-02-17 23:28 . 2008-04-14 02:33 82432 ---h-tw- c:\windows\system32\1f74f050.dll
2010-02-14 21:04 . 2008-04-14 02:33 82432 ---h-tw- c:\windows\system32\3f9dd84.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 14:34 . 2005-10-19 00:47 94482 ----a-w- c:\windows\system32\perfc00C.dat
2010-03-14 14:34 . 2005-10-19 00:47 534708 ----a-w- c:\windows\system32\perfh00C.dat
2010-03-14 14:27 . 2010-01-13 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-03-14 14:27 . 2010-01-13 20:25 -------- d-----w- c:\program files\Fichiers communs\BitDefender
2010-03-14 01:21 . 2010-01-13 21:57 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2010-03-14 00:55 . 2010-01-13 20:36 -------- d-----w- c:\program files\BitDefender
2010-03-13 18:00 . 2009-12-05 18:48 1 ----a-w- c:\documents and settings\HP_Administrateur\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-03-10 12:49 . 2009-11-29 22:04 -------- d-----w- c:\program files\Pando Networks
2010-03-10 11:34 . 2009-11-30 05:18 -------- d-----w- c:\program files\BitComet
2010-02-27 23:10 . 2007-06-27 19:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-19 15:11 . 2009-11-30 05:38 57464 ----a-w- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-18 22:03 . 2010-02-18 22:03 -------- d-----w- c:\program files\MSBuild
2010-02-18 22:03 . 2010-02-18 22:03 -------- d-----w- c:\program files\Reference Assemblies
2010-02-08 06:49 . 2005-10-19 00:40 92667 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-13 20:49 . 2010-01-13 20:49 0 ----a-w- c:\windows\system32\wsbl.dat
2010-01-13 20:49 . 2010-01-13 20:49 0 ----a-w- c:\windows\system32\ph_white.dat
2010-01-13 20:49 . 2010-01-13 20:49 0 ----a-w- c:\windows\system32\ph_summ.dat
2010-01-13 20:49 . 2010-01-13 20:49 0 ----a-w- c:\windows\system32\ph_black.dat
2010-01-13 20:49 . 2010-01-13 20:49 0 ----a-w- c:\windows\system32\pcwords2.dat
2010-01-13 20:49 . 2010-01-13 20:49 0 ----a-w- c:\windows\system32\pcwords.dat
2010-01-13 20:30 . 2009-11-30 20:51 -------- d-----w- c:\program files\Trend Micro
2009-12-31 16:50 . 2004-08-10 18:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:07 . 2004-08-10 18:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:41 . 2004-08-10 18:00 347648 ----a-w- c:\windows\system32\mspaint.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"ftutil2"="ftutil2.dll" [2004-06-08 106496]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-14 663552]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-05 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-12-20 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
Mises … jour de HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2007-6-27 36903]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-12-01 21:58 135664 ----atw- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-06-27 19:33 180269 ----a-w- c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21788:TCP"= 21788:TCP:BitComet 21788 TCP
"21788:UDP"= 21788:UDP:BitComet 21788 UDP
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]
S3 XDva300;XDva300;\??\c:\windows\system32\XDva300.sys --> c:\windows\system32\XDva300.sys [?]
S3 XDva310;XDva310;\??\c:\windows\system32\XDva310.sys --> c:\windows\system32\XDva310.sys [?]
S3 XDva337;XDva337;\??\c:\windows\system32\XDva337.sys --> c:\windows\system32\XDva337.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contenu du dossier 'Tâches planifiées'
2010-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4111794797-3899229693-2488109045-1008Core.job
- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-01 21:58]
2010-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4111794797-3899229693-2488109045-1008UA.job
- c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-01 21:58]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_CA&c=63&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_CA&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_CA&c=63&bd=PAVILION&pf=desktop
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
FF - ProfilePath - c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\kavy3if2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.onemanga.com/
FF - plugin: c:\documents and settings\HP_Administrateur\Application Data\Mozilla\Firefox\Profiles\kavy3if2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\HP_Administrateur\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "https://www.mozilla.org/en-US/firefox/new/?redirect_source=firefox-com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 10:39
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(2444)
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\fr-fr\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\arservice.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\ARPWRMSG.EXE
c:\windows\eHome\ehmsas.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Heure de fin: 2010-03-14 10:42:44 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-03-14 14:42
ComboFix2.txt 2010-03-14 00:45
Avant-CF: 257 782 075 392 octets libres
Après-CF: 257 880 526 848 octets libres
- - End Of File - - 710036AE12414CF05621BC92D5F90B99
