Anayse log Hijack this

Salade007 Messages postés 80 Statut Membre -  
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,

J'ai quelques problèmes de lenteur et de toolsbars sur mon pc
j'ai fait un log avec hijack this que je joint ci-dessous
merci à toute personne qui pourrait m'aider à analyser ce log
merci d'avance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:26, on 25/03/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\khooker.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\CardDetector\ICON225\CardDetector.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\EmoticonMail\OESmileLoader.exe
C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\one\OrangeInside.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\AVAST Software\Avast\setup\avast.setup

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_IE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Orange
R3 - URLSearchHook: WiseConvert 1.5 Toolbar - {19803860-b306-423c-bbb5-f60a7d82cde5} - C:\Program Files\WiseConvert_1.5\prxtbWis2.dll
O2 - BHO: WiseConvert 1.5 - {19803860-b306-423c-bbb5-f60a7d82cde5} - C:\Program Files\WiseConvert_1.5\prxtbWis2.dll
O2 - BHO: ToolbarOrange.InitToolbarBHO - {1d970ed5-3eda-438d-bffd-715931e2775b} - mscoree.dll (file missing)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
O3 - Toolbar: barre d'outils Orange - {c9a6357b-25cc-4bcf-96c1-78736985d412} - mscoree.dll (file missing)
O3 - Toolbar: WiseConvert 1.5 Toolbar - {19803860-b306-423c-bbb5-f60a7d82cde5} - C:\Program Files\WiseConvert_1.5\prxtbWis2.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CardDetectorICON225] C:\Program Files\CardDetector\ICON225\CardDetector.exe
O4 - HKLM\..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [System Driver Component] "C:\WINDOWS\system32\"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [High Definition Audio Component] "C:\Program Files\Fichiers communs\WinA"
O4 - HKLM\..\Run: [Vbc] \Vbc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Vcr] C:\WINDOWS\system32\Vcr.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [emoticonMail] C:\Program Files\EmoticonMail\OESmileLoader.exe
O4 - HKLM\..\Run: [AgentMonitor] C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Java Update Checker] C:\#$KF87J#T\JavaUpdate.jar
O4 - HKCU\..\Run: [orangeinside] C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\one\OrangeInside.exe
O4 - HKLM\..\Policies\Explorer\Run: [Vcry] C:\DOCUME~1\LEGRAND\LOCALS~1\Temp\Vcry.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] c:\dir\install\install\dl32.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] c:\dir\install\install\dl32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\src\addfavorites_html\addfavorites.html
O8 - Extra context menu item: envoyer le texte sélectionné par sms - C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html
O8 - Extra context menu item: envoyer par sms - C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\src\sendsms_html\sendsms.html
O8 - Extra context menu item: envoyer un mail - C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\src\sendmail_html\sendmail.html
O8 - Extra context menu item: orange.fr - C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\src\orange_html\orange.html
O8 - Extra context menu item: rechercher le texte sélectionné - C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html
O8 - Extra context menu item: Rechercher sur le Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O8 - Extra context menu item: traduire la page - C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\src\translate_html\translate.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\src\translateSelectedText_html\translateSelectedText.html
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O15 - Trusted Zone: https://applications-et-logiciels.orange.fr/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193150301575
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Orange update Core Service - France Telecom SA - C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10751 bytes

7 réponses

  1. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Hello

    Un petit "bonjour", "bonne lecture", etc ferait pas de mal, je ne suis pas un robot

    =====================================


    __________________________________________________
    =>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
    =>il est fort déconseillé de le transposer sur un autre ordinateur !<=
    ----------------------------------------------------------------------------


    Toujours avec toutes les protections désactivées, fais ceci :

    ▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
    ▶ Copie/colle dans le bloc-notes ce qui est entre les lignes ci dessous (sans les lignes) :

    ----------------------------------------------------------
    KillAll::

    ClearJavaCache::

    File::
    c:\windows\system32\Vcr.exe

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "System Driver Component"=-
    "Vcr"=-
    [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{83EE35F3-B718-7BFD-6E36-23744C4686E3}]


    ------------------------------------------------------------------

    ▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
    ▶ Quitte le Bloc Notes

    ▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix comme ceci : Illustration

    ▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
    ▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    ▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

    A+
    1
  2. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Salut,

    ▶ Télécharge ici : RogueKiller
    ▶ Enregistre et ferme tous les programmes en cours
    ▶ Lance RogueKiller et attend que le Prescan ait fini
    ▶ Accepte l'EULA puis clique sur Scan.
    ▶ Une fois terminé, clique sur Rapport et copie/colle le rapport dans ta prochaine réponse.

    A+
    0
  3. Salade007 Messages postés 80 Statut Membre 4
     
    Bonsoir
    sur le lien j'ai du télécharger un autre programme
    voici la nouvelle version
    merci encore pour votre aide

    ogueKiller V8.5.4 [Mar 18 2013] par Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Remontees : https://www.luanagames.com/index.fr.html
    Site Web : https://www.luanagames.com/index.fr.html
    Blog : http://tigzyrk.blogspot.com/

    Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
    Demarrage : Mode normal
    Utilisateur : LEGRAND [Droits d'admin]
    Mode : Recherche -- Date : 25/03/2013 20:01:36
    | ARK || FAK || MBR |

    ¤¤¤ Processus malicieux : 0 ¤¤¤

    ¤¤¤ Entrees de registre : 3 ¤¤¤
    [RUN][SUSP PATH] HKLM\[...]\Policies\Explorer\Run : Vcry (C:\Documents and Settings\LEGRAND\Local Settings\Temp\Vcry.exe) [-] -> TROUVÉ
    [HJ] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ

    ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

    ¤¤¤ Driver : [CHARGE] ¤¤¤

    ¤¤¤ Fichier HOSTS: ¤¤¤
    --> C:\WINDOWS\system32\drivers\etc\hosts

    ¤¤¤ MBR Verif: ¤¤¤

    +++++ PhysicalDrive0: IC25N040ATMR04-0 +++++
    --- User ---
    [MBR] 976a2530abaf959705e63b7352ee630a
    [BSP] f962f4e7c4331d1b724a5bfa86d5ac8f : Windows XP MBR Code
    Partition table:
    0
  4. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Ok on passe à la vitesse supérieure alors :)


    ▶ Fais un clic droit et "Enregistrer la cible (du lien sous) -> tonprenom.exe -> destination ton bureau (ET PAS AILLEURS) sur le lien suivant : ComboFix

    Ferme les fenêtres de tous les programmes en cours.
    Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.


    si tu as XP => double clique
    si tu as Vista ou windows 7 => clic droit "executer en tant que...."


    sur combofix renommé

    Si tu es sur Windows XP, laisse-le installer la console de récupération.

    ▶ Ne touche à rien durant le scan

    ComboFix devrait redémarrer ton PC.

    ▶ n'oublie pas de réactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    ▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    ▶▶▶ Si, après le redémarrage de votre pc par combofix, vous avez des erreurs "Clé marquée pour suppression" ou des soucis de connexion internet, redémarrez à nouveau votre ordinateur
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Salade007 Messages postés 80 Statut Membre 4
     
    ComboFix 13-03-25.01 - LEGRAND 26/03/2013 11:33:15.1.1 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.702.332 [GMT 1:00]
    Lancé depuis: c:\documents and settings\LEGRAND\Bureau\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\#$KF87J#T
    c:\#$kf87j#t\civil.dll
    c:\#$kf87j#t\data.HRF
    c:\#$kf87j#t\data\data.SSF
    c:\#$kf87j#t\data\icon.png
    c:\#$kf87j#t\data\loop.bat
    c:\#$kf87j#t\data\wsod.jpg
    c:\#$kf87j#t\h.bat
    c:\#$kf87j#t\HookTest.dll
    c:\#$kf87j#t\JavaUpdate.jar
    c:\#$kf87j#t\jdshow.dll
    c:\#$kf87j#t\jrc-server.xapp
    c:\#$kf87j#t\lib\cleanMe.jar
    c:\#$kf87j#t\lib\core.jar
    c:\#$kf87j#t\lib\Filters.jar
    c:\#$kf87j#t\lib\fmj.jar
    c:\#$kf87j#t\lib\java-remote-control.jar
    c:\#$kf87j#t\lib\JavaRegisrtyWrapper.jar
    c:\#$kf87j#t\lib\jl1.0.1.jar
    c:\#$kf87j#t\lib\lti-civil-no_s_w_t.jar
    c:\#$kf87j#t\lib\mail.jar
    c:\#$kf87j#t\lib\open-forum.jar
    c:\#$kf87j#t\Server.jar
    C:\dir
    c:\dir\install\install\server.exe
    c:\dir\install\install\test.exe
    c:\dir\install\install\Vcrypt.exe
    c:\documents and settings\Administrateur.REYNALDPORTABLE\WINDOWS
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\LEGRAND\Application Data\logs.dat
    c:\documents and settings\LEGRAND\Application Data\Microsoft\THE CLEANER 2011.exe
    c:\documents and settings\LEGRAND\Application Data\OfferBox
    c:\documents and settings\LEGRAND\Application Data\OfferBox\config.dat
    c:\documents and settings\LEGRAND\Application Data\OfferBox\config.xml
    c:\documents and settings\LEGRAND\Application Data\PriceGong
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\1.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\10015.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\10959.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\10960.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\10963.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\11197.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\11214.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\11276.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\12241.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\12358.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\12550.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\12639.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\14.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\16989.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\1707.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\1740.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\17781.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\216.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\2168.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\2229.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\2259.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\23221.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\2984.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\3080.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\3081.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\3095.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\3593.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\3884.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\4227.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\4436.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\4489.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\4519.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\4522.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\4703.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\5003.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\5271.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\5273.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\5768.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\6062.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\7251.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\920.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\a.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\b.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\c.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\d.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\e.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\f.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\g.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\h.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\i.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\j.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\k.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\l.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\m.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\n.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\o.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\p.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\q.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\r.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\s.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\t.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\u.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\v.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\w.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\wlu.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\x.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\y.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\z.txt
    c:\documents and settings\LEGRAND\Application Data\WinSec.exe
    c:\documents and settings\LEGRAND\Application Data\ZiNixZ.txt
    c:\documents and settings\LEGRAND\mail.dat
    c:\documents and settings\LEGRAND\mess.dat
    c:\documents and settings\LEGRAND\WINDOWS
    c:\program files\Internet Explorer\minftnet.exe
    c:\program files\Internet Explorer\minftnet.ini
    c:\program files\OfferBox
    c:\program files\OfferBox\OfferBox.exe
    c:\program files\OfferBox\OfferBoxChromeExtension.crx
    c:\program files\OfferBox\OfferBoxEngine.dll
    c:\program files\OfferBox\offerboxffx@offerbox.com\chrome.manifest
    c:\program files\OfferBox\offerboxffx@offerbox.com\chrome\content\events.js
    c:\program files\OfferBox\offerboxffx@offerbox.com\chrome\content\overlay.xul
    c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll
    c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.xpt
    c:\program files\OfferBox\offerboxffx@offerbox.com\install.rdf
    c:\program files\OfferBox\OfferBoxLauncher.exe
    c:\program files\OfferBox\res\language.xml
    c:\program files\OfferBox\res\loader.gif
    c:\program files\OfferBox\uninst.exe
    c:\windows\My.ini
    c:\windows\ST6UNST.000
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\drivers\etc\hosts.ics
    c:\windows\system32\msssc.dll
    c:\windows\system32\roboot.exe
    c:\windows\system32\TDSScmao.dll
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    c:\windows\system32\winspool.dll
    c:\windows\w32dasm8.ini
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_Asapi
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2013-02-26 au 2013-03-26 ))))))))))))))))))))))))))))))))))))
    .
    .
    2013-03-25 17:17 . 2013-03-25 18:13 -------- dc----w- c:\documents and settings\LEGRAND\Application Data\ShieldApps
    2013-02-28 06:09 . 2013-02-28 06:09 -------- dc----w- C:\bin
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-12 00:32 . 2008-01-16 18:50 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
    2013-02-12 00:32 . 2004-08-16 16:41 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2013-02-05 19:56 . 2004-08-16 16:41 916480 ----a-w- c:\windows\system32\wininet.dll
    2013-02-05 19:56 . 2004-08-16 16:40 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-02-05 19:56 . 2004-08-16 16:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-02-05 05:54 . 2004-08-16 16:40 385024 ----a-w- c:\windows\system32\html.iec
    2013-01-26 03:55 . 2004-08-16 16:40 552448 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-07 07:24 . 2004-08-03 23:48 2071808 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-07 07:24 . 2004-08-16 16:40 2195072 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-04 10:09 . 2004-08-16 16:41 1867392 ----a-w- c:\windows\system32\win32k.sys
    2013-01-02 06:49 . 2004-08-16 16:40 1298432 ----a-w- c:\windows\system32\quartz.dll
    2013-01-02 06:49 . 2004-08-16 16:40 148992 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-08-18 17:28 . 2011-08-18 17:28 2562560 -c-h--w- c:\program files\Fichiers communs\WinA
    2011-08-17 16:48 . 2011-08-17 16:48 198656 -c-h--w- c:\program files\Fichiers communs\Winq
    2011-08-17 16:46 . 2011-08-17 16:46 204800 -c-h--w- c:\program files\Fichiers communs\Wink5N6
    2011-08-17 16:45 . 2011-08-17 16:45 204800 -c-h--w- c:\program files\Fichiers communs\Winq3
    2011-08-17 16:43 . 2011-08-17 16:43 204800 -c-h--w- c:\program files\Fichiers communs\Winf
    2011-08-17 16:25 . 2011-08-17 16:25 203776 -c-h--w- c:\program files\Fichiers communs\Wint6T9
    2007-10-23 17:15 . 2007-10-23 17:15 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{19803860-b306-423c-bbb5-f60a7d82cde5}"= "c:\program files\WiseConvert_1.5\prxtbWis2.dll" [2012-11-06 183112]
    .
    [HKEY_CLASSES_ROOT\clsid\{19803860-b306-423c-bbb5-f60a7d82cde5}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{19803860-b306-423c-bbb5-f60a7d82cde5}]
    2012-11-06 13:01 183112 -c--a-w- c:\program files\WiseConvert_1.5\prxtbWis2.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{19803860-b306-423c-bbb5-f60a7d82cde5}"= "c:\program files\WiseConvert_1.5\prxtbWis2.dll" [2012-11-06 183112]
    .
    [HKEY_CLASSES_ROOT\clsid\{19803860-b306-423c-bbb5-f60a7d82cde5}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{19803860-B306-423C-BBB5-F60A7D82CDE5}"= "c:\program files\WiseConvert_1.5\prxtbWis2.dll" [2012-11-06 183112]
    .
    [HKEY_CLASSES_ROOT\clsid\{19803860-b306-423c-bbb5-f60a7d82cde5}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 22:50 121528 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]
    "orangeinside"="c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\one\OrangeInside.exe" [2012-09-06 1511424]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "System Driver Component"="c:\windows\system32" [X]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "SiS KHooker"="c:\windows\system32\khooker.exe" [2003-05-29 294912]
    "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2011-01-07 253672]
    "CardDetectorICON225"="c:\program files\CardDetector\ICON225\CardDetector.exe" [2007-11-13 278528]
    "BEWINTERNET-FR-DMGP-V2SessionManager"="c:\program files\Orange\IEWInternet\SessionManager\SessionManager.exe" [2008-02-13 102400]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    "Vcr"="c:\windows\system32\Vcr.exe" [2011-10-14 1172472]
    "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-01-19 114992]
    "emoticonMail"="c:\program files\EmoticonMail\OESmileLoader.exe" [2008-11-20 449536]
    "AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2011-12-13 357800]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
    "APSDaemon"="c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
    Démarrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
    Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
    WiFi Station.lnk - c:\program files\Hercules\WiFi Station\WifiStation.exe [2008-9-5 626176]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
    2008-03-28 15:33 1743808 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Orange\\IEWInternet\\Connectivity\\ConnectivityManager.exe"=
    "c:\\Program Files\\NetMeeting\\conf.exe"=
    "c:\\Documents and Settings\\LEGRAND\\Application Data\\CVHZLTJ5EV.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Orange\\OrangeUpdate\\Service\\OUCore.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\VTech\\DownloadManager\\System\\AgentMonitor.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28/07/2011 13:42 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28/07/2011 13:42 361032]
    R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [28/01/2011 17:10 387072]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28/07/2011 13:42 21256]
    S2 Orange update Core Service;Orange update Core Service;c:\program files\Orange\OrangeUpdate\Service\OUCore.exe [18/09/2012 15:33 1082016]
    S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\LEGRAND\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\LEGRAND\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
    S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [17/08/2008 08:01 95744]
    S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [17/08/2008 08:01 51968]
    S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [20/06/2005 10:12 215040]
    .
    --- Autres Services/Pilotes en mémoire ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{83EE35F3-B718-7BFD-6E36-23744C4686E3}]
    2011-10-14 04:51 1172472 ----a-w- c:\windows\system32\Vcr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-03-15 15:56 1629648 -c--a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2013-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
    .
    2013-03-26 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-22 22:50]
    .
    2013-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-02 04:53]
    .
    2013-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-02 04:53]
    .
    2007-10-23 c:\windows\Tasks\Symantec NetDetect.job
    - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-16 12:39]
    .
    2013-03-26 c:\windows\Tasks\User_Feed_Synchronization-{C4224D49-A1DC-411D-8A9D-91C58CE583AE}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_IE
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: ajouter cette page à vos favoris Orange - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\addfavorites_html\addfavorites.html
    IE: envoyer le texte sélectionné par sms - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html
    IE: envoyer par sms - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\sendsms_html\sendsms.html
    IE: envoyer un mail - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\sendmail_html\sendmail.html
    IE: orange.fr - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\orange_html\orange.html
    IE: rechercher le texte sélectionné - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html
    IE: Rechercher sur le Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
    IE: traduire la page - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\translate_html\translate.html
    IE: traduire le texte sélectionné - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\translateSelectedText_html\translateSelectedText.html
    Trusted Zone: orange.fr\logicielsgratuits
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    .
    - - - - ORPHELINS SUPPRIMES - - - -
    .
    Toolbar-Locked - (no file)
    HKCU-Run-Java Update Checker - c:\#$kf87j#t\JavaUpdate.jar
    HKLM-Run-Vbc - \Vbc.exe
    MSConfigStartUp-Adobe Acrobat - c:\documents and settings\LEGRAND\Application Data\Microsoft\System\Services\Adobe Acrobat.exe
    MSConfigStartUp-Vcry - c:\docume~1\LEGRAND\LOCALS~1\Temp\Vcry.exe
    HKLM_ActiveSetup-{599A9804-5E8F-0DDB-7F83-126F39593ECF} - \Vbc.exe
    HKLM_ActiveSetup-{DBFC07AA-CAF5-5FC8-B6C1-7B2F93EBA6EA} - c:\docume~1\LEGRAND\LOCALS~1\Temp\Vcry.exe
    AddRemove-OfferBox Browser - c:\program files\OfferBox\uninst.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-03-26 12:09
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Vbc = \Vbc.exe?S\system32\Vbc.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    Vcr = c:\windows\system32\Vcr.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySqlInventime]
    "ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'explorer.exe'(3124)
    c:\program files\EmoticonMail\OESmileHook.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\eappprxy.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\HPZipm12.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    c:\progra~1\MI3AA1~1\rapimgr.exe
    c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
    c:\program files\Fichiers communs\Java\Java Update\jucheck.exe
    .
    **************************************************************************
    .
    Heure de fin: 2013-03-26 12:20:13 - La machine a redémarré
    ComboFix-quarantined-files.txt 2013-03-26 11:20
    .
    Avant-CF: 9 368 174 592 octets libres
    Après-CF: 9 649 328 128 octets libres
    .
    - - End Of File - - 83D2FECBFD5CB31EB2A939006BAC8B00
    0
  7. Salade007 Messages postés 80 Statut Membre 4
     
    Bonjour
    milles excuses mais j ai du faire le coller sur ma phrase de présentation,
    ce n'est pas mon style, la coutoisie sur le net j'aime qu'elle soit appliquée et je l'applique.
    Ci-desous le nouveau rapport
    encore merci d'avance pour votre aide.
    bonne journée
    ComboFix 13-03-25.01 - LEGRAND 27/03/2013 7:00.2.1 - x86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.702.363 [GMT 1:00]
    Lancé depuis: c:\documents and settings\LEGRAND\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\LEGRAND\Bureau\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    FILE ::
    "c:\windows\system32\Vcr.exe"
    .
    .
    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\LEGRAND\Application Data\PriceGong
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\1.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\a.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\b.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\c.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\d.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\e.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\f.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\g.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\h.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\i.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\j.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\k.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\l.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\m.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\n.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\o.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\p.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\q.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\r.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\s.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\t.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\u.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\v.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\w.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\wlu.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\x.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\y.txt
    c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\z.txt
    .
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2013-02-27 au 2013-03-27 ))))))))))))))))))))))))))))))))))))
    .
    .
    2013-03-25 17:17 . 2013-03-25 18:13 -------- dc----w- c:\documents and settings\LEGRAND\Application Data\ShieldApps
    2013-02-28 06:09 . 2013-02-28 06:09 -------- dc----w- C:\bin
    .
    .
    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-12 00:32 . 2008-01-16 18:50 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
    2013-02-12 00:32 . 2004-08-16 16:41 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2013-02-05 19:56 . 2004-08-16 16:41 916480 ----a-w- c:\windows\system32\wininet.dll
    2013-02-05 19:56 . 2004-08-16 16:40 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2013-02-05 19:56 . 2004-08-16 16:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-02-05 05:54 . 2004-08-16 16:40 385024 ----a-w- c:\windows\system32\html.iec
    2013-01-26 03:55 . 2004-08-16 16:40 552448 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-07 07:24 . 2004-08-03 23:48 2071808 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-07 07:24 . 2004-08-16 16:40 2195072 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-04 10:09 . 2004-08-16 16:41 1867392 ----a-w- c:\windows\system32\win32k.sys
    2013-01-02 06:49 . 2004-08-16 16:40 1298432 ----a-w- c:\windows\system32\quartz.dll
    2013-01-02 06:49 . 2004-08-16 16:40 148992 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-08-18 17:28 . 2011-08-18 17:28 2562560 -c-h--w- c:\program files\Fichiers communs\WinA
    2011-08-17 16:48 . 2011-08-17 16:48 198656 -c-h--w- c:\program files\Fichiers communs\Winq
    2011-08-17 16:46 . 2011-08-17 16:46 204800 -c-h--w- c:\program files\Fichiers communs\Wink5N6
    2011-08-17 16:45 . 2011-08-17 16:45 204800 -c-h--w- c:\program files\Fichiers communs\Winq3
    2011-08-17 16:43 . 2011-08-17 16:43 204800 -c-h--w- c:\program files\Fichiers communs\Winf
    2011-08-17 16:25 . 2011-08-17 16:25 203776 -c-h--w- c:\program files\Fichiers communs\Wint6T9
    2007-10-23 17:15 . 2007-10-23 17:15 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
    .
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{19803860-b306-423c-bbb5-f60a7d82cde5}"= "c:\program files\WiseConvert_1.5\prxtbWis2.dll" [2012-11-06 183112]
    .
    [HKEY_CLASSES_ROOT\clsid\{19803860-b306-423c-bbb5-f60a7d82cde5}]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{19803860-b306-423c-bbb5-f60a7d82cde5}]
    2012-11-06 13:01 183112 -c--a-w- c:\program files\WiseConvert_1.5\prxtbWis2.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{19803860-b306-423c-bbb5-f60a7d82cde5}"= "c:\program files\WiseConvert_1.5\prxtbWis2.dll" [2012-11-06 183112]
    .
    [HKEY_CLASSES_ROOT\clsid\{19803860-b306-423c-bbb5-f60a7d82cde5}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{19803860-B306-423C-BBB5-F60A7D82CDE5}"= "c:\program files\WiseConvert_1.5\prxtbWis2.dll" [2012-11-06 183112]
    .
    [HKEY_CLASSES_ROOT\clsid\{19803860-b306-423c-bbb5-f60a7d82cde5}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 22:50 121528 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]
    "orangeinside"="c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\one\OrangeInside.exe" [2012-09-06 1511424]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
    "SiS KHooker"="c:\windows\system32\khooker.exe" [2003-05-29 294912]
    "SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2011-01-07 253672]
    "CardDetectorICON225"="c:\program files\CardDetector\ICON225\CardDetector.exe" [2007-11-13 278528]
    "BEWINTERNET-FR-DMGP-V2SessionManager"="c:\program files\Orange\IEWInternet\SessionManager\SessionManager.exe" [2008-02-13 102400]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-01-19 114992]
    "emoticonMail"="c:\program files\EmoticonMail\OESmileLoader.exe" [2008-11-20 449536]
    "AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2011-12-13 357800]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
    "APSDaemon"="c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    .
    c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
    Démarrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
    Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
    WiFi Station.lnk - c:\program files\Hercules\WiFi Station\WifiStation.exe [2008-9-5 626176]
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
    2008-03-28 15:33 1743808 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "c:\\Program Files\\Orange\\IEWInternet\\Connectivity\\ConnectivityManager.exe"=
    "c:\\Program Files\\NetMeeting\\conf.exe"=
    "c:\\Documents and Settings\\LEGRAND\\Application Data\\CVHZLTJ5EV.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Orange\\OrangeUpdate\\Service\\OUCore.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\VTech\\DownloadManager\\System\\AgentMonitor.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28/07/2011 13:42 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28/07/2011 13:42 361032]
    R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [28/01/2011 17:10 387072]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28/07/2011 13:42 21256]
    S2 Orange update Core Service;Orange update Core Service;c:\program files\Orange\OrangeUpdate\Service\OUCore.exe [18/09/2012 15:33 1082016]
    S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\LEGRAND\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\LEGRAND\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
    S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [17/08/2008 08:01 95744]
    S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [17/08/2008 08:01 51968]
    S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [20/06/2005 10:12 215040]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-03-15 15:56 1629648 -c--a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
    .
    Contenu du dossier 'Tâches planifiées'
    .
    2013-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
    .
    2013-03-27 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-22 22:50]
    .
    2013-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-02 04:53]
    .
    2013-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-02 04:53]
    .
    2007-10-23 c:\windows\Tasks\Symantec NetDetect.job
    - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-16 12:39]
    .
    2013-03-27 c:\windows\Tasks\User_Feed_Synchronization-{C4224D49-A1DC-411D-8A9D-91C58CE583AE}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
    .
    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_IE
    uInternet Settings,ProxyOverride = <local>
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: ajouter cette page à vos favoris Orange - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\addfavorites_html\addfavorites.html
    IE: envoyer le texte sélectionné par sms - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html
    IE: envoyer par sms - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\sendsms_html\sendsms.html
    IE: envoyer un mail - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\sendmail_html\sendmail.html
    IE: orange.fr - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\orange_html\orange.html
    IE: rechercher le texte sélectionné - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html
    IE: Rechercher sur le Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
    IE: traduire la page - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\translate_html\translate.html
    IE: traduire le texte sélectionné - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\translateSelectedText_html\translateSelectedText.html
    Trusted Zone: orange.fr\logicielsgratuits
    TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-03-27 07:35
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    Recherche de processus cachés ...
    .
    Recherche d'éléments en démarrage automatique cachés ...
    .
    Recherche de fichiers cachés ...
    .
    Scan terminé avec succès
    Fichiers cachés: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySqlInventime]
    "ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------
    .
    - - - - - - - > 'explorer.exe'(4040)
    c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
    c:\program files\EmoticonMail\OESmileHook.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\eappprxy.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\HPZipm12.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\progra~1\MI3AA1~1\rapimgr.exe
    c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
    c:\program files\Fichiers communs\Java\Java Update\jucheck.exe
    .
    **************************************************************************
    .
    Heure de fin: 2013-03-27 07:44:48 - La machine a redémarré
    ComboFix-quarantined-files.txt 2013-03-27 06:44
    ComboFix2.txt 2013-03-26 11:20
    .
    Avant-CF: 9 220 075 520 octets libres
    Après-CF: 9 417 498 624 octets libres
    .
    - - End Of File - - 9C7A74B2833677B5CC0D3269F4303E9C
    0
  8. juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
     
    Hello ! :)

    Eh bien on a déjà bien avancé.
    Il reste des publiciels.

    Pour info on a viré un stealer (voleur de mots de passes) donc t'auras intérêt à les changer TOUS (sans exception) à la fin de la désinfection.

    Télécharge sur cette page: AdwCleaner (de Xplode)

    ▶ Lance-le

    clique sur Suppression et patiente le temps du nettoyage.

    ▶ Poste le contenu du rapport que tu trouveras dans ton disque dur c:\ADwcleaner[Sx].txt ou son contenu s'il s'ouvre.
    0