Anayse log Hijack this
Salade007
Messages postés
80
Statut
Membre
-
juju666 Messages postés 35446 Date d'inscription Statut Contributeur sécurité Dernière intervention -
juju666 Messages postés 35446 Date d'inscription Statut Contributeur sécurité Dernière intervention -
Bonjour,
J'ai quelques problèmes de lenteur et de toolsbars sur mon pc
j'ai fait un log avec hijack this que je joint ci-dessous
merci à toute personne qui pourrait m'aider à analyser ce log
merci d'avance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:26, on 25/03/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\khooker.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\CardDetector\ICON225\CardDetector.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\EmoticonMail\OESmileLoader.exe
C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\one\OrangeInside.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\AVAST Software\Avast\setup\avast.setup
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_IE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Orange
R3 - URLSearchHook: WiseConvert 1.5 Toolbar - {19803860-b306-423c-bbb5-f60a7d82cde5} - C:\Program Files\WiseConvert_1.5\prxtbWis2.dll
O2 - BHO: WiseConvert 1.5 - {19803860-b306-423c-bbb5-f60a7d82cde5} - C:\Program Files\WiseConvert_1.5\prxtbWis2.dll
O2 - BHO: ToolbarOrange.InitToolbarBHO - {1d970ed5-3eda-438d-bffd-715931e2775b} - mscoree.dll (file missing)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
O3 - Toolbar: barre d'outils Orange - {c9a6357b-25cc-4bcf-96c1-78736985d412} - mscoree.dll (file missing)
O3 - Toolbar: WiseConvert 1.5 Toolbar - {19803860-b306-423c-bbb5-f60a7d82cde5} - C:\Program Files\WiseConvert_1.5\prxtbWis2.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CardDetectorICON225] C:\Program Files\CardDetector\ICON225\CardDetector.exe
O4 - HKLM\..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [System Driver Component] "C:\WINDOWS\system32\"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [High Definition Audio Component] "C:\Program Files\Fichiers communs\WinA"
O4 - HKLM\..\Run: [Vbc] \Vbc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Vcr] C:\WINDOWS\system32\Vcr.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [emoticonMail] C:\Program Files\EmoticonMail\OESmileLoader.exe
O4 - HKLM\..\Run: [AgentMonitor] C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Java Update Checker] C:\#$KF87J#T\JavaUpdate.jar
O4 - HKCU\..\Run: [orangeinside] C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\one\OrangeInside.exe
O4 - HKLM\..\Policies\Explorer\Run: [Vcry] C:\DOCUME~1\LEGRAND\LOCALS~1\Temp\Vcry.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] c:\dir\install\install\dl32.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] c:\dir\install\install\dl32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\src\addfavorites_html\addfavorites.html
O8 - Extra context menu item: envoyer le texte sélectionné par sms - C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html
O8 - Extra context menu item: envoyer par sms - C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\src\sendsms_html\sendsms.html
O8 - Extra context menu item: envoyer un mail - C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\src\sendmail_html\sendmail.html
O8 - Extra context menu item: orange.fr - C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\src\orange_html\orange.html
O8 - Extra context menu item: rechercher le texte sélectionné - C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html
O8 - Extra context menu item: Rechercher sur le Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O8 - Extra context menu item: traduire la page - C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\src\translate_html\translate.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\src\translateSelectedText_html\translateSelectedText.html
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O15 - Trusted Zone: https://applications-et-logiciels.orange.fr/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193150301575
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Orange update Core Service - France Telecom SA - C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
J'ai quelques problèmes de lenteur et de toolsbars sur mon pc
j'ai fait un log avec hijack this que je joint ci-dessous
merci à toute personne qui pourrait m'aider à analyser ce log
merci d'avance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:26, on 25/03/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\khooker.exe
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\CardDetector\ICON225\CardDetector.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\EmoticonMail\OESmileLoader.exe
C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\one\OrangeInside.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\AVAST Software\Avast\setup\avast.setup
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_IE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Orange
R3 - URLSearchHook: WiseConvert 1.5 Toolbar - {19803860-b306-423c-bbb5-f60a7d82cde5} - C:\Program Files\WiseConvert_1.5\prxtbWis2.dll
O2 - BHO: WiseConvert 1.5 - {19803860-b306-423c-bbb5-f60a7d82cde5} - C:\Program Files\WiseConvert_1.5\prxtbWis2.dll
O2 - BHO: ToolbarOrange.InitToolbarBHO - {1d970ed5-3eda-438d-bffd-715931e2775b} - mscoree.dll (file missing)
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
O3 - Toolbar: barre d'outils Orange - {c9a6357b-25cc-4bcf-96c1-78736985d412} - mscoree.dll (file missing)
O3 - Toolbar: WiseConvert 1.5 Toolbar - {19803860-b306-423c-bbb5-f60a7d82cde5} - C:\Program Files\WiseConvert_1.5\prxtbWis2.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CardDetectorICON225] C:\Program Files\CardDetector\ICON225\CardDetector.exe
O4 - HKLM\..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [System Driver Component] "C:\WINDOWS\system32\"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [High Definition Audio Component] "C:\Program Files\Fichiers communs\WinA"
O4 - HKLM\..\Run: [Vbc] \Vbc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Vcr] C:\WINDOWS\system32\Vcr.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [emoticonMail] C:\Program Files\EmoticonMail\OESmileLoader.exe
O4 - HKLM\..\Run: [AgentMonitor] C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Java Update Checker] C:\#$KF87J#T\JavaUpdate.jar
O4 - HKCU\..\Run: [orangeinside] C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\one\OrangeInside.exe
O4 - HKLM\..\Policies\Explorer\Run: [Vcry] C:\DOCUME~1\LEGRAND\LOCALS~1\Temp\Vcry.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] c:\dir\install\install\dl32.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] c:\dir\install\install\dl32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WiFi Station.lnk = ?
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\src\addfavorites_html\addfavorites.html
O8 - Extra context menu item: envoyer le texte sélectionné par sms - C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html
O8 - Extra context menu item: envoyer par sms - C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\src\sendsms_html\sendsms.html
O8 - Extra context menu item: envoyer un mail - C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\src\sendmail_html\sendmail.html
O8 - Extra context menu item: orange.fr - C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\src\orange_html\orange.html
O8 - Extra context menu item: rechercher le texte sélectionné - C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html
O8 - Extra context menu item: Rechercher sur le Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
O8 - Extra context menu item: traduire la page - C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\src\translate_html\translate.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\Documents and Settings\LEGRAND\Application Data\Orange\OrangeInside\src\translateSelectedText_html\translateSelectedText.html
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O15 - Trusted Zone: https://applications-et-logiciels.orange.fr/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1193150301575
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Orange update Core Service - France Telecom SA - C:\Program Files\Orange\OrangeUpdate\Service\OUCore.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
A voir également:
- Anayse log Hijack this
- Hijack this - Télécharger - Antivirus & Antimalwares
- Vpn no log - Guide
- Ti college plus log - Forum calculatrices
- Your browser sent a request that this server could not understand ✓ - Forum Réseaux sociaux
- No server is available to handle this request. - Forum Réseaux sociaux
7 réponses
Hello
Un petit "bonjour", "bonne lecture", etc ferait pas de mal, je ne suis pas un robot
=====================================
__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------
Toujours avec toutes les protections désactivées, fais ceci :
▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui est entre les lignes ci dessous (sans les lignes) :
----------------------------------------------------------
KillAll::
ClearJavaCache::
File::
c:\windows\system32\Vcr.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Driver Component"=-
"Vcr"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{83EE35F3-B718-7BFD-6E36-23744C4686E3}]
------------------------------------------------------------------
▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes
▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix comme ceci : Illustration
▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt
A+
Un petit "bonjour", "bonne lecture", etc ferait pas de mal, je ne suis pas un robot
=====================================
__________________________________________________
=>/!\Le script qui suit a été écrit spécialement cet ordinateur/!\ <=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=
----------------------------------------------------------------------------
Toujours avec toutes les protections désactivées, fais ceci :
▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui est entre les lignes ci dessous (sans les lignes) :
----------------------------------------------------------
KillAll::
ClearJavaCache::
File::
c:\windows\system32\Vcr.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Driver Component"=-
"Vcr"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{83EE35F3-B718-7BFD-6E36-23744C4686E3}]
------------------------------------------------------------------
▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes
▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix comme ceci : Illustration
▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt
A+
Salut,
▶ Télécharge ici : RogueKiller
▶ Enregistre et ferme tous les programmes en cours
▶ Lance RogueKiller et attend que le Prescan ait fini
▶ Accepte l'EULA puis clique sur Scan.
▶ Une fois terminé, clique sur Rapport et copie/colle le rapport dans ta prochaine réponse.
A+
▶ Télécharge ici : RogueKiller
▶ Enregistre et ferme tous les programmes en cours
▶ Lance RogueKiller et attend que le Prescan ait fini
▶ Accepte l'EULA puis clique sur Scan.
▶ Une fois terminé, clique sur Rapport et copie/colle le rapport dans ta prochaine réponse.
A+
Bonsoir
sur le lien j'ai du télécharger un autre programme
voici la nouvelle version
merci encore pour votre aide
ogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur : LEGRAND [Droits d'admin]
Mode : Recherche -- Date : 25/03/2013 20:01:36
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 3 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Policies\Explorer\Run : Vcry (C:\Documents and Settings\LEGRAND\Local Settings\Temp\Vcry.exe) [-] -> TROUVÉ
[HJ] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: IC25N040ATMR04-0 +++++
--- User ---
[MBR] 976a2530abaf959705e63b7352ee630a
[BSP] f962f4e7c4331d1b724a5bfa86d5ac8f : Windows XP MBR Code
Partition table:
sur le lien j'ai du télécharger un autre programme
voici la nouvelle version
merci encore pour votre aide
ogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur : LEGRAND [Droits d'admin]
Mode : Recherche -- Date : 25/03/2013 20:01:36
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 3 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Policies\Explorer\Run : Vcry (C:\Documents and Settings\LEGRAND\Local Settings\Temp\Vcry.exe) [-] -> TROUVÉ
[HJ] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
¤¤¤ Driver : [CHARGE] ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: IC25N040ATMR04-0 +++++
--- User ---
[MBR] 976a2530abaf959705e63b7352ee630a
[BSP] f962f4e7c4331d1b724a5bfa86d5ac8f : Windows XP MBR Code
Partition table:
Ok on passe à la vitesse supérieure alors :)
▶ Fais un clic droit et "Enregistrer la cible (du lien sous) -> tonprenom.exe -> destination ton bureau (ET PAS AILLEURS) sur le lien suivant : ComboFix
▶ Ferme les fenêtres de tous les programmes en cours.
Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur combofix renommé
Si tu es sur Windows XP, laisse-le installer la console de récupération.
▶ Ne touche à rien durant le scan
ComboFix devrait redémarrer ton PC.
▶ n'oublie pas de réactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
▶▶▶ Si, après le redémarrage de votre pc par combofix, vous avez des erreurs "Clé marquée pour suppression" ou des soucis de connexion internet, redémarrez à nouveau votre ordinateur
▶ Fais un clic droit et "Enregistrer la cible (du lien sous) -> tonprenom.exe -> destination ton bureau (ET PAS AILLEURS) sur le lien suivant : ComboFix
▶ Ferme les fenêtres de tous les programmes en cours.
Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
si tu as XP => double clique
si tu as Vista ou windows 7 => clic droit "executer en tant que...."
sur combofix renommé
Si tu es sur Windows XP, laisse-le installer la console de récupération.
▶ Ne touche à rien durant le scan
ComboFix devrait redémarrer ton PC.
▶ n'oublie pas de réactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
▶▶ Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
▶▶▶ Si, après le redémarrage de votre pc par combofix, vous avez des erreurs "Clé marquée pour suppression" ou des soucis de connexion internet, redémarrez à nouveau votre ordinateur
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ComboFix 13-03-25.01 - LEGRAND 26/03/2013 11:33:15.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.702.332 [GMT 1:00]
Lancé depuis: c:\documents and settings\LEGRAND\Bureau\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\#$KF87J#T
c:\#$kf87j#t\civil.dll
c:\#$kf87j#t\data.HRF
c:\#$kf87j#t\data\data.SSF
c:\#$kf87j#t\data\icon.png
c:\#$kf87j#t\data\loop.bat
c:\#$kf87j#t\data\wsod.jpg
c:\#$kf87j#t\h.bat
c:\#$kf87j#t\HookTest.dll
c:\#$kf87j#t\JavaUpdate.jar
c:\#$kf87j#t\jdshow.dll
c:\#$kf87j#t\jrc-server.xapp
c:\#$kf87j#t\lib\cleanMe.jar
c:\#$kf87j#t\lib\core.jar
c:\#$kf87j#t\lib\Filters.jar
c:\#$kf87j#t\lib\fmj.jar
c:\#$kf87j#t\lib\java-remote-control.jar
c:\#$kf87j#t\lib\JavaRegisrtyWrapper.jar
c:\#$kf87j#t\lib\jl1.0.1.jar
c:\#$kf87j#t\lib\lti-civil-no_s_w_t.jar
c:\#$kf87j#t\lib\mail.jar
c:\#$kf87j#t\lib\open-forum.jar
c:\#$kf87j#t\Server.jar
C:\dir
c:\dir\install\install\server.exe
c:\dir\install\install\test.exe
c:\dir\install\install\Vcrypt.exe
c:\documents and settings\Administrateur.REYNALDPORTABLE\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\LEGRAND\Application Data\logs.dat
c:\documents and settings\LEGRAND\Application Data\Microsoft\THE CLEANER 2011.exe
c:\documents and settings\LEGRAND\Application Data\OfferBox
c:\documents and settings\LEGRAND\Application Data\OfferBox\config.dat
c:\documents and settings\LEGRAND\Application Data\OfferBox\config.xml
c:\documents and settings\LEGRAND\Application Data\PriceGong
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\1.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\10015.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\10959.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\10960.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\10963.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\11197.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\11214.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\11276.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\12241.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\12358.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\12550.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\12639.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\14.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\16989.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\1707.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\1740.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\17781.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\216.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\2168.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\2259.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\23221.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\2984.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\3080.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\3081.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\3095.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\3593.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\3884.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\4227.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\4436.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\4489.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\4519.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\4522.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\4703.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\5003.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\5271.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\5273.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\5768.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\6062.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\7251.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\920.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\a.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\b.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\c.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\d.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\e.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\f.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\g.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\h.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\i.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\j.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\k.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\l.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\m.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\n.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\o.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\p.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\q.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\r.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\s.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\t.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\u.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\v.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\w.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\x.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\y.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\z.txt
c:\documents and settings\LEGRAND\Application Data\WinSec.exe
c:\documents and settings\LEGRAND\Application Data\ZiNixZ.txt
c:\documents and settings\LEGRAND\mail.dat
c:\documents and settings\LEGRAND\mess.dat
c:\documents and settings\LEGRAND\WINDOWS
c:\program files\Internet Explorer\minftnet.exe
c:\program files\Internet Explorer\minftnet.ini
c:\program files\OfferBox
c:\program files\OfferBox\OfferBox.exe
c:\program files\OfferBox\OfferBoxChromeExtension.crx
c:\program files\OfferBox\OfferBoxEngine.dll
c:\program files\OfferBox\offerboxffx@offerbox.com\chrome.manifest
c:\program files\OfferBox\offerboxffx@offerbox.com\chrome\content\events.js
c:\program files\OfferBox\offerboxffx@offerbox.com\chrome\content\overlay.xul
c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll
c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.xpt
c:\program files\OfferBox\offerboxffx@offerbox.com\install.rdf
c:\program files\OfferBox\OfferBoxLauncher.exe
c:\program files\OfferBox\res\language.xml
c:\program files\OfferBox\res\loader.gif
c:\program files\OfferBox\uninst.exe
c:\windows\My.ini
c:\windows\ST6UNST.000
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\msssc.dll
c:\windows\system32\roboot.exe
c:\windows\system32\TDSScmao.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\winspool.dll
c:\windows\w32dasm8.ini
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Asapi
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-02-26 au 2013-03-26 ))))))))))))))))))))))))))))))))))))
.
.
2013-03-25 17:17 . 2013-03-25 18:13 -------- dc----w- c:\documents and settings\LEGRAND\Application Data\ShieldApps
2013-02-28 06:09 . 2013-02-28 06:09 -------- dc----w- C:\bin
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-12 00:32 . 2008-01-16 18:50 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-16 16:41 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 19:56 . 2004-08-16 16:41 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 19:56 . 2004-08-16 16:40 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 19:56 . 2004-08-16 16:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:54 . 2004-08-16 16:40 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2004-08-16 16:40 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 07:24 . 2004-08-03 23:48 2071808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-07 07:24 . 2004-08-16 16:40 2195072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 10:09 . 2004-08-16 16:41 1867392 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-16 16:40 1298432 ----a-w- c:\windows\system32\quartz.dll
2013-01-02 06:49 . 2004-08-16 16:40 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2011-08-18 17:28 . 2011-08-18 17:28 2562560 -c-h--w- c:\program files\Fichiers communs\WinA
2011-08-17 16:48 . 2011-08-17 16:48 198656 -c-h--w- c:\program files\Fichiers communs\Winq
2011-08-17 16:46 . 2011-08-17 16:46 204800 -c-h--w- c:\program files\Fichiers communs\Wink5N6
2011-08-17 16:45 . 2011-08-17 16:45 204800 -c-h--w- c:\program files\Fichiers communs\Winq3
2011-08-17 16:43 . 2011-08-17 16:43 204800 -c-h--w- c:\program files\Fichiers communs\Winf
2011-08-17 16:25 . 2011-08-17 16:25 203776 -c-h--w- c:\program files\Fichiers communs\Wint6T9
2007-10-23 17:15 . 2007-10-23 17:15 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{19803860-b306-423c-bbb5-f60a7d82cde5}"= "c:\program files\WiseConvert_1.5\prxtbWis2.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{19803860-b306-423c-bbb5-f60a7d82cde5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{19803860-b306-423c-bbb5-f60a7d82cde5}]
2012-11-06 13:01 183112 -c--a-w- c:\program files\WiseConvert_1.5\prxtbWis2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{19803860-b306-423c-bbb5-f60a7d82cde5}"= "c:\program files\WiseConvert_1.5\prxtbWis2.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{19803860-b306-423c-bbb5-f60a7d82cde5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{19803860-B306-423C-BBB5-F60A7D82CDE5}"= "c:\program files\WiseConvert_1.5\prxtbWis2.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{19803860-b306-423c-bbb5-f60a7d82cde5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]
"orangeinside"="c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\one\OrangeInside.exe" [2012-09-06 1511424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Driver Component"="c:\windows\system32" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"SiS KHooker"="c:\windows\system32\khooker.exe" [2003-05-29 294912]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2011-01-07 253672]
"CardDetectorICON225"="c:\program files\CardDetector\ICON225\CardDetector.exe" [2007-11-13 278528]
"BEWINTERNET-FR-DMGP-V2SessionManager"="c:\program files\Orange\IEWInternet\SessionManager\SessionManager.exe" [2008-02-13 102400]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Vcr"="c:\windows\system32\Vcr.exe" [2011-10-14 1172472]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-01-19 114992]
"emoticonMail"="c:\program files\EmoticonMail\OESmileLoader.exe" [2008-11-20 449536]
"AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2011-12-13 357800]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
"APSDaemon"="c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
Démarrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
WiFi Station.lnk - c:\program files\Hercules\WiFi Station\WifiStation.exe [2008-9-5 626176]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2008-03-28 15:33 1743808 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Orange\\IEWInternet\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Documents and Settings\\LEGRAND\\Application Data\\CVHZLTJ5EV.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Orange\\OrangeUpdate\\Service\\OUCore.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\VTech\\DownloadManager\\System\\AgentMonitor.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28/07/2011 13:42 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28/07/2011 13:42 361032]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [28/01/2011 17:10 387072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28/07/2011 13:42 21256]
S2 Orange update Core Service;Orange update Core Service;c:\program files\Orange\OrangeUpdate\Service\OUCore.exe [18/09/2012 15:33 1082016]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\LEGRAND\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\LEGRAND\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [17/08/2008 08:01 95744]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [17/08/2008 08:01 51968]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [20/06/2005 10:12 215040]
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{83EE35F3-B718-7BFD-6E36-23744C4686E3}]
2011-10-14 04:51 1172472 ----a-w- c:\windows\system32\Vcr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-15 15:56 1629648 -c--a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2013-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2013-03-26 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-22 22:50]
.
2013-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-02 04:53]
.
2013-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-02 04:53]
.
2007-10-23 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-16 12:39]
.
2013-03-26 c:\windows\Tasks\User_Feed_Synchronization-{C4224D49-A1DC-411D-8A9D-91C58CE583AE}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_IE
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: ajouter cette page à vos favoris Orange - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\addfavorites_html\addfavorites.html
IE: envoyer le texte sélectionné par sms - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html
IE: envoyer par sms - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\sendsms_html\sendsms.html
IE: envoyer un mail - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\sendmail_html\sendmail.html
IE: orange.fr - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\orange_html\orange.html
IE: rechercher le texte sélectionné - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html
IE: Rechercher sur le Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: traduire la page - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\translate_html\translate.html
IE: traduire le texte sélectionné - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\translateSelectedText_html\translateSelectedText.html
Trusted Zone: orange.fr\logicielsgratuits
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-Java Update Checker - c:\#$kf87j#t\JavaUpdate.jar
HKLM-Run-Vbc - \Vbc.exe
MSConfigStartUp-Adobe Acrobat - c:\documents and settings\LEGRAND\Application Data\Microsoft\System\Services\Adobe Acrobat.exe
MSConfigStartUp-Vcry - c:\docume~1\LEGRAND\LOCALS~1\Temp\Vcry.exe
HKLM_ActiveSetup-{599A9804-5E8F-0DDB-7F83-126F39593ECF} - \Vbc.exe
HKLM_ActiveSetup-{DBFC07AA-CAF5-5FC8-B6C1-7B2F93EBA6EA} - c:\docume~1\LEGRAND\LOCALS~1\Temp\Vcry.exe
AddRemove-OfferBox Browser - c:\program files\OfferBox\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-26 12:09
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Vbc = \Vbc.exe?S\system32\Vbc.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Vcr = c:\windows\system32\Vcr.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(3124)
c:\program files\EmoticonMail\OESmileHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Fichiers communs\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2013-03-26 12:20:13 - La machine a redémarré
ComboFix-quarantined-files.txt 2013-03-26 11:20
.
Avant-CF: 9 368 174 592 octets libres
Après-CF: 9 649 328 128 octets libres
.
- - End Of File - - 83D2FECBFD5CB31EB2A939006BAC8B00
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.702.332 [GMT 1:00]
Lancé depuis: c:\documents and settings\LEGRAND\Bureau\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\#$KF87J#T
c:\#$kf87j#t\civil.dll
c:\#$kf87j#t\data.HRF
c:\#$kf87j#t\data\data.SSF
c:\#$kf87j#t\data\icon.png
c:\#$kf87j#t\data\loop.bat
c:\#$kf87j#t\data\wsod.jpg
c:\#$kf87j#t\h.bat
c:\#$kf87j#t\HookTest.dll
c:\#$kf87j#t\JavaUpdate.jar
c:\#$kf87j#t\jdshow.dll
c:\#$kf87j#t\jrc-server.xapp
c:\#$kf87j#t\lib\cleanMe.jar
c:\#$kf87j#t\lib\core.jar
c:\#$kf87j#t\lib\Filters.jar
c:\#$kf87j#t\lib\fmj.jar
c:\#$kf87j#t\lib\java-remote-control.jar
c:\#$kf87j#t\lib\JavaRegisrtyWrapper.jar
c:\#$kf87j#t\lib\jl1.0.1.jar
c:\#$kf87j#t\lib\lti-civil-no_s_w_t.jar
c:\#$kf87j#t\lib\mail.jar
c:\#$kf87j#t\lib\open-forum.jar
c:\#$kf87j#t\Server.jar
C:\dir
c:\dir\install\install\server.exe
c:\dir\install\install\test.exe
c:\dir\install\install\Vcrypt.exe
c:\documents and settings\Administrateur.REYNALDPORTABLE\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\LEGRAND\Application Data\logs.dat
c:\documents and settings\LEGRAND\Application Data\Microsoft\THE CLEANER 2011.exe
c:\documents and settings\LEGRAND\Application Data\OfferBox
c:\documents and settings\LEGRAND\Application Data\OfferBox\config.dat
c:\documents and settings\LEGRAND\Application Data\OfferBox\config.xml
c:\documents and settings\LEGRAND\Application Data\PriceGong
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\1.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\10015.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\10959.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\10960.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\10963.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\11197.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\11214.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\11276.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\12241.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\12358.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\12550.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\12639.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\14.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\16989.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\1707.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\1740.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\17781.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\216.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\2168.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\2259.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\23221.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\2984.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\3080.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\3081.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\3095.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\3593.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\3884.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\4227.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\4436.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\4489.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\4519.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\4522.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\4703.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\5003.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\5271.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\5273.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\5768.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\6062.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\7251.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\920.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\a.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\b.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\c.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\d.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\e.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\f.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\g.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\h.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\i.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\j.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\k.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\l.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\m.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\n.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\o.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\p.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\q.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\r.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\s.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\t.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\u.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\v.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\w.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\x.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\y.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\z.txt
c:\documents and settings\LEGRAND\Application Data\WinSec.exe
c:\documents and settings\LEGRAND\Application Data\ZiNixZ.txt
c:\documents and settings\LEGRAND\mail.dat
c:\documents and settings\LEGRAND\mess.dat
c:\documents and settings\LEGRAND\WINDOWS
c:\program files\Internet Explorer\minftnet.exe
c:\program files\Internet Explorer\minftnet.ini
c:\program files\OfferBox
c:\program files\OfferBox\OfferBox.exe
c:\program files\OfferBox\OfferBoxChromeExtension.crx
c:\program files\OfferBox\OfferBoxEngine.dll
c:\program files\OfferBox\offerboxffx@offerbox.com\chrome.manifest
c:\program files\OfferBox\offerboxffx@offerbox.com\chrome\content\events.js
c:\program files\OfferBox\offerboxffx@offerbox.com\chrome\content\overlay.xul
c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll
c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.xpt
c:\program files\OfferBox\offerboxffx@offerbox.com\install.rdf
c:\program files\OfferBox\OfferBoxLauncher.exe
c:\program files\OfferBox\res\language.xml
c:\program files\OfferBox\res\loader.gif
c:\program files\OfferBox\uninst.exe
c:\windows\My.ini
c:\windows\ST6UNST.000
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\msssc.dll
c:\windows\system32\roboot.exe
c:\windows\system32\TDSScmao.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\winspool.dll
c:\windows\w32dasm8.ini
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Asapi
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-02-26 au 2013-03-26 ))))))))))))))))))))))))))))))))))))
.
.
2013-03-25 17:17 . 2013-03-25 18:13 -------- dc----w- c:\documents and settings\LEGRAND\Application Data\ShieldApps
2013-02-28 06:09 . 2013-02-28 06:09 -------- dc----w- C:\bin
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-12 00:32 . 2008-01-16 18:50 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-16 16:41 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 19:56 . 2004-08-16 16:41 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 19:56 . 2004-08-16 16:40 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 19:56 . 2004-08-16 16:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:54 . 2004-08-16 16:40 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2004-08-16 16:40 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 07:24 . 2004-08-03 23:48 2071808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-07 07:24 . 2004-08-16 16:40 2195072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 10:09 . 2004-08-16 16:41 1867392 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-16 16:40 1298432 ----a-w- c:\windows\system32\quartz.dll
2013-01-02 06:49 . 2004-08-16 16:40 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2011-08-18 17:28 . 2011-08-18 17:28 2562560 -c-h--w- c:\program files\Fichiers communs\WinA
2011-08-17 16:48 . 2011-08-17 16:48 198656 -c-h--w- c:\program files\Fichiers communs\Winq
2011-08-17 16:46 . 2011-08-17 16:46 204800 -c-h--w- c:\program files\Fichiers communs\Wink5N6
2011-08-17 16:45 . 2011-08-17 16:45 204800 -c-h--w- c:\program files\Fichiers communs\Winq3
2011-08-17 16:43 . 2011-08-17 16:43 204800 -c-h--w- c:\program files\Fichiers communs\Winf
2011-08-17 16:25 . 2011-08-17 16:25 203776 -c-h--w- c:\program files\Fichiers communs\Wint6T9
2007-10-23 17:15 . 2007-10-23 17:15 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{19803860-b306-423c-bbb5-f60a7d82cde5}"= "c:\program files\WiseConvert_1.5\prxtbWis2.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{19803860-b306-423c-bbb5-f60a7d82cde5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{19803860-b306-423c-bbb5-f60a7d82cde5}]
2012-11-06 13:01 183112 -c--a-w- c:\program files\WiseConvert_1.5\prxtbWis2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{19803860-b306-423c-bbb5-f60a7d82cde5}"= "c:\program files\WiseConvert_1.5\prxtbWis2.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{19803860-b306-423c-bbb5-f60a7d82cde5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{19803860-B306-423C-BBB5-F60A7D82CDE5}"= "c:\program files\WiseConvert_1.5\prxtbWis2.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{19803860-b306-423c-bbb5-f60a7d82cde5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]
"orangeinside"="c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\one\OrangeInside.exe" [2012-09-06 1511424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"System Driver Component"="c:\windows\system32" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"SiS KHooker"="c:\windows\system32\khooker.exe" [2003-05-29 294912]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2011-01-07 253672]
"CardDetectorICON225"="c:\program files\CardDetector\ICON225\CardDetector.exe" [2007-11-13 278528]
"BEWINTERNET-FR-DMGP-V2SessionManager"="c:\program files\Orange\IEWInternet\SessionManager\SessionManager.exe" [2008-02-13 102400]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Vcr"="c:\windows\system32\Vcr.exe" [2011-10-14 1172472]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-01-19 114992]
"emoticonMail"="c:\program files\EmoticonMail\OESmileLoader.exe" [2008-11-20 449536]
"AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2011-12-13 357800]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
"APSDaemon"="c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
Démarrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
WiFi Station.lnk - c:\program files\Hercules\WiFi Station\WifiStation.exe [2008-9-5 626176]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2008-03-28 15:33 1743808 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Orange\\IEWInternet\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Documents and Settings\\LEGRAND\\Application Data\\CVHZLTJ5EV.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Orange\\OrangeUpdate\\Service\\OUCore.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\VTech\\DownloadManager\\System\\AgentMonitor.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28/07/2011 13:42 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28/07/2011 13:42 361032]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [28/01/2011 17:10 387072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28/07/2011 13:42 21256]
S2 Orange update Core Service;Orange update Core Service;c:\program files\Orange\OrangeUpdate\Service\OUCore.exe [18/09/2012 15:33 1082016]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\LEGRAND\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\LEGRAND\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [17/08/2008 08:01 95744]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [17/08/2008 08:01 51968]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [20/06/2005 10:12 215040]
.
--- Autres Services/Pilotes en mémoire ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{83EE35F3-B718-7BFD-6E36-23744C4686E3}]
2011-10-14 04:51 1172472 ----a-w- c:\windows\system32\Vcr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-15 15:56 1629648 -c--a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2013-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2013-03-26 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-22 22:50]
.
2013-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-02 04:53]
.
2013-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-02 04:53]
.
2007-10-23 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-16 12:39]
.
2013-03-26 c:\windows\Tasks\User_Feed_Synchronization-{C4224D49-A1DC-411D-8A9D-91C58CE583AE}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_IE
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: ajouter cette page à vos favoris Orange - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\addfavorites_html\addfavorites.html
IE: envoyer le texte sélectionné par sms - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html
IE: envoyer par sms - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\sendsms_html\sendsms.html
IE: envoyer un mail - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\sendmail_html\sendmail.html
IE: orange.fr - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\orange_html\orange.html
IE: rechercher le texte sélectionné - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html
IE: Rechercher sur le Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: traduire la page - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\translate_html\translate.html
IE: traduire le texte sélectionné - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\translateSelectedText_html\translateSelectedText.html
Trusted Zone: orange.fr\logicielsgratuits
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - ORPHELINS SUPPRIMES - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-Java Update Checker - c:\#$kf87j#t\JavaUpdate.jar
HKLM-Run-Vbc - \Vbc.exe
MSConfigStartUp-Adobe Acrobat - c:\documents and settings\LEGRAND\Application Data\Microsoft\System\Services\Adobe Acrobat.exe
MSConfigStartUp-Vcry - c:\docume~1\LEGRAND\LOCALS~1\Temp\Vcry.exe
HKLM_ActiveSetup-{599A9804-5E8F-0DDB-7F83-126F39593ECF} - \Vbc.exe
HKLM_ActiveSetup-{DBFC07AA-CAF5-5FC8-B6C1-7B2F93EBA6EA} - c:\docume~1\LEGRAND\LOCALS~1\Temp\Vcry.exe
AddRemove-OfferBox Browser - c:\program files\OfferBox\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-26 12:09
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Vbc = \Vbc.exe?S\system32\Vbc.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Vcr = c:\windows\system32\Vcr.exe???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(3124)
c:\program files\EmoticonMail\OESmileHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Fichiers communs\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2013-03-26 12:20:13 - La machine a redémarré
ComboFix-quarantined-files.txt 2013-03-26 11:20
.
Avant-CF: 9 368 174 592 octets libres
Après-CF: 9 649 328 128 octets libres
.
- - End Of File - - 83D2FECBFD5CB31EB2A939006BAC8B00
Bonjour
milles excuses mais j ai du faire le coller sur ma phrase de présentation,
ce n'est pas mon style, la coutoisie sur le net j'aime qu'elle soit appliquée et je l'applique.
Ci-desous le nouveau rapport
encore merci d'avance pour votre aide.
bonne journée
ComboFix 13-03-25.01 - LEGRAND 27/03/2013 7:00.2.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.702.363 [GMT 1:00]
Lancé depuis: c:\documents and settings\LEGRAND\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\LEGRAND\Bureau\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\system32\Vcr.exe"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LEGRAND\Application Data\PriceGong
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\1.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\a.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\b.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\c.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\d.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\e.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\f.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\g.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\h.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\i.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\j.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\k.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\l.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\m.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\n.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\o.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\p.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\q.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\r.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\s.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\t.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\u.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\v.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\w.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\x.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\y.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\z.txt
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-02-27 au 2013-03-27 ))))))))))))))))))))))))))))))))))))
.
.
2013-03-25 17:17 . 2013-03-25 18:13 -------- dc----w- c:\documents and settings\LEGRAND\Application Data\ShieldApps
2013-02-28 06:09 . 2013-02-28 06:09 -------- dc----w- C:\bin
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-12 00:32 . 2008-01-16 18:50 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-16 16:41 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 19:56 . 2004-08-16 16:41 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 19:56 . 2004-08-16 16:40 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 19:56 . 2004-08-16 16:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:54 . 2004-08-16 16:40 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2004-08-16 16:40 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 07:24 . 2004-08-03 23:48 2071808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-07 07:24 . 2004-08-16 16:40 2195072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 10:09 . 2004-08-16 16:41 1867392 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-16 16:40 1298432 ----a-w- c:\windows\system32\quartz.dll
2013-01-02 06:49 . 2004-08-16 16:40 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2011-08-18 17:28 . 2011-08-18 17:28 2562560 -c-h--w- c:\program files\Fichiers communs\WinA
2011-08-17 16:48 . 2011-08-17 16:48 198656 -c-h--w- c:\program files\Fichiers communs\Winq
2011-08-17 16:46 . 2011-08-17 16:46 204800 -c-h--w- c:\program files\Fichiers communs\Wink5N6
2011-08-17 16:45 . 2011-08-17 16:45 204800 -c-h--w- c:\program files\Fichiers communs\Winq3
2011-08-17 16:43 . 2011-08-17 16:43 204800 -c-h--w- c:\program files\Fichiers communs\Winf
2011-08-17 16:25 . 2011-08-17 16:25 203776 -c-h--w- c:\program files\Fichiers communs\Wint6T9
2007-10-23 17:15 . 2007-10-23 17:15 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{19803860-b306-423c-bbb5-f60a7d82cde5}"= "c:\program files\WiseConvert_1.5\prxtbWis2.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{19803860-b306-423c-bbb5-f60a7d82cde5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{19803860-b306-423c-bbb5-f60a7d82cde5}]
2012-11-06 13:01 183112 -c--a-w- c:\program files\WiseConvert_1.5\prxtbWis2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{19803860-b306-423c-bbb5-f60a7d82cde5}"= "c:\program files\WiseConvert_1.5\prxtbWis2.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{19803860-b306-423c-bbb5-f60a7d82cde5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{19803860-B306-423C-BBB5-F60A7D82CDE5}"= "c:\program files\WiseConvert_1.5\prxtbWis2.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{19803860-b306-423c-bbb5-f60a7d82cde5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]
"orangeinside"="c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\one\OrangeInside.exe" [2012-09-06 1511424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"SiS KHooker"="c:\windows\system32\khooker.exe" [2003-05-29 294912]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2011-01-07 253672]
"CardDetectorICON225"="c:\program files\CardDetector\ICON225\CardDetector.exe" [2007-11-13 278528]
"BEWINTERNET-FR-DMGP-V2SessionManager"="c:\program files\Orange\IEWInternet\SessionManager\SessionManager.exe" [2008-02-13 102400]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-01-19 114992]
"emoticonMail"="c:\program files\EmoticonMail\OESmileLoader.exe" [2008-11-20 449536]
"AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2011-12-13 357800]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
"APSDaemon"="c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
Démarrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
WiFi Station.lnk - c:\program files\Hercules\WiFi Station\WifiStation.exe [2008-9-5 626176]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2008-03-28 15:33 1743808 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Orange\\IEWInternet\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Documents and Settings\\LEGRAND\\Application Data\\CVHZLTJ5EV.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Orange\\OrangeUpdate\\Service\\OUCore.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\VTech\\DownloadManager\\System\\AgentMonitor.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28/07/2011 13:42 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28/07/2011 13:42 361032]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [28/01/2011 17:10 387072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28/07/2011 13:42 21256]
S2 Orange update Core Service;Orange update Core Service;c:\program files\Orange\OrangeUpdate\Service\OUCore.exe [18/09/2012 15:33 1082016]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\LEGRAND\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\LEGRAND\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [17/08/2008 08:01 95744]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [17/08/2008 08:01 51968]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [20/06/2005 10:12 215040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-15 15:56 1629648 -c--a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2013-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2013-03-27 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-22 22:50]
.
2013-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-02 04:53]
.
2013-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-02 04:53]
.
2007-10-23 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-16 12:39]
.
2013-03-27 c:\windows\Tasks\User_Feed_Synchronization-{C4224D49-A1DC-411D-8A9D-91C58CE583AE}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_IE
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: ajouter cette page à vos favoris Orange - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\addfavorites_html\addfavorites.html
IE: envoyer le texte sélectionné par sms - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html
IE: envoyer par sms - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\sendsms_html\sendsms.html
IE: envoyer un mail - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\sendmail_html\sendmail.html
IE: orange.fr - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\orange_html\orange.html
IE: rechercher le texte sélectionné - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html
IE: Rechercher sur le Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: traduire la page - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\translate_html\translate.html
IE: traduire le texte sélectionné - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\translateSelectedText_html\translateSelectedText.html
Trusted Zone: orange.fr\logicielsgratuits
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-27 07:35
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(4040)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\EmoticonMail\OESmileHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Fichiers communs\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2013-03-27 07:44:48 - La machine a redémarré
ComboFix-quarantined-files.txt 2013-03-27 06:44
ComboFix2.txt 2013-03-26 11:20
.
Avant-CF: 9 220 075 520 octets libres
Après-CF: 9 417 498 624 octets libres
.
- - End Of File - - 9C7A74B2833677B5CC0D3269F4303E9C
milles excuses mais j ai du faire le coller sur ma phrase de présentation,
ce n'est pas mon style, la coutoisie sur le net j'aime qu'elle soit appliquée et je l'applique.
Ci-desous le nouveau rapport
encore merci d'avance pour votre aide.
bonne journée
ComboFix 13-03-25.01 - LEGRAND 27/03/2013 7:00.2.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.702.363 [GMT 1:00]
Lancé depuis: c:\documents and settings\LEGRAND\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\LEGRAND\Bureau\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\windows\system32\Vcr.exe"
.
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LEGRAND\Application Data\PriceGong
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\1.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\a.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\b.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\c.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\d.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\e.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\f.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\g.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\h.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\i.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\j.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\k.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\l.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\m.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\n.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\o.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\p.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\q.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\r.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\s.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\t.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\u.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\v.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\w.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\x.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\y.txt
c:\documents and settings\LEGRAND\Application Data\PriceGong\Data\z.txt
.
.
((((((((((((((((((((((((((((( Fichiers créés du 2013-02-27 au 2013-03-27 ))))))))))))))))))))))))))))))))))))
.
.
2013-03-25 17:17 . 2013-03-25 18:13 -------- dc----w- c:\documents and settings\LEGRAND\Application Data\ShieldApps
2013-02-28 06:09 . 2013-02-28 06:09 -------- dc----w- C:\bin
.
.
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-12 00:32 . 2008-01-16 18:50 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2004-08-16 16:41 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-05 19:56 . 2004-08-16 16:41 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 19:56 . 2004-08-16 16:40 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-02-05 19:56 . 2004-08-16 16:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-05 05:54 . 2004-08-16 16:40 385024 ----a-w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2004-08-16 16:40 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 07:24 . 2004-08-03 23:48 2071808 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-07 07:24 . 2004-08-16 16:40 2195072 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 10:09 . 2004-08-16 16:41 1867392 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-16 16:40 1298432 ----a-w- c:\windows\system32\quartz.dll
2013-01-02 06:49 . 2004-08-16 16:40 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2011-08-18 17:28 . 2011-08-18 17:28 2562560 -c-h--w- c:\program files\Fichiers communs\WinA
2011-08-17 16:48 . 2011-08-17 16:48 198656 -c-h--w- c:\program files\Fichiers communs\Winq
2011-08-17 16:46 . 2011-08-17 16:46 204800 -c-h--w- c:\program files\Fichiers communs\Wink5N6
2011-08-17 16:45 . 2011-08-17 16:45 204800 -c-h--w- c:\program files\Fichiers communs\Winq3
2011-08-17 16:43 . 2011-08-17 16:43 204800 -c-h--w- c:\program files\Fichiers communs\Winf
2011-08-17 16:25 . 2011-08-17 16:25 203776 -c-h--w- c:\program files\Fichiers communs\Wint6T9
2007-10-23 17:15 . 2007-10-23 17:15 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
.
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{19803860-b306-423c-bbb5-f60a7d82cde5}"= "c:\program files\WiseConvert_1.5\prxtbWis2.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{19803860-b306-423c-bbb5-f60a7d82cde5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{19803860-b306-423c-bbb5-f60a7d82cde5}]
2012-11-06 13:01 183112 -c--a-w- c:\program files\WiseConvert_1.5\prxtbWis2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{19803860-b306-423c-bbb5-f60a7d82cde5}"= "c:\program files\WiseConvert_1.5\prxtbWis2.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{19803860-b306-423c-bbb5-f60a7d82cde5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{19803860-B306-423C-BBB5-F60A7D82CDE5}"= "c:\program files\WiseConvert_1.5\prxtbWis2.dll" [2012-11-06 183112]
.
[HKEY_CLASSES_ROOT\clsid\{19803860-b306-423c-bbb5-f60a7d82cde5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 -c--a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1211176]
"orangeinside"="c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\one\OrangeInside.exe" [2012-09-06 1511424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"SiS KHooker"="c:\windows\system32\khooker.exe" [2003-05-29 294912]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2011-01-07 253672]
"CardDetectorICON225"="c:\program files\CardDetector\ICON225\CardDetector.exe" [2007-11-13 278528]
"BEWINTERNET-FR-DMGP-V2SessionManager"="c:\program files\Orange\IEWInternet\SessionManager\SessionManager.exe" [2008-02-13 102400]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-01-19 114992]
"emoticonMail"="c:\program files\EmoticonMail\OESmileLoader.exe" [2008-11-20 449536]
"AgentMonitor"="c:\program files\VTech\DownloadManager\System\AgentMonitor.exe" [2011-12-13 357800]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888]
"APSDaemon"="c:\program files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\
Démarrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
WiFi Station.lnk - c:\program files\Hercules\WiFi Station\WifiStation.exe [2008-9-5 626176]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2008-03-28 15:33 1743808 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Orange\\IEWInternet\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Documents and Settings\\LEGRAND\\Application Data\\CVHZLTJ5EV.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Fichiers communs\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Orange\\OrangeUpdate\\Service\\OUCore.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\VTech\\DownloadManager\\System\\AgentMonitor.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28/07/2011 13:42 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28/07/2011 13:42 361032]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [28/01/2011 17:10 387072]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28/07/2011 13:42 21256]
S2 Orange update Core Service;Orange update Core Service;c:\program files\Orange\OrangeUpdate\Service\OUCore.exe [18/09/2012 15:33 1082016]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\LEGRAND\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\LEGRAND\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [17/08/2008 08:01 95744]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [17/08/2008 08:01 51968]
S3 SIS163u;SiS163 usb Wireless LAN Adapter Driver;c:\windows\system32\drivers\sis163u.sys [20/06/2005 10:12 215040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-03-15 15:56 1629648 -c--a-w- c:\program files\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe
.
Contenu du dossier 'Tâches planifiées'
.
2013-03-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2013-03-27 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-22 22:50]
.
2013-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-02 04:53]
.
2013-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-02 04:53]
.
2007-10-23 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-12-16 12:39]
.
2013-03-27 c:\windows\Tasks\User_Feed_Synchronization-{C4224D49-A1DC-411D-8A9D-91C58CE583AE}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://r.orange.fr/r/Ohome_portail?ref=O_OI_defaultPage_IE
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: ajouter cette page à vos favoris Orange - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\addfavorites_html\addfavorites.html
IE: envoyer le texte sélectionné par sms - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\sendsmsselectedtext_html\sendsmsselectedtext.html
IE: envoyer par sms - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\sendsms_html\sendsms.html
IE: envoyer un mail - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\sendmail_html\sendmail.html
IE: orange.fr - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\orange_html\orange.html
IE: rechercher le texte sélectionné - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\selectedsearch_html\selectedsearch.html
IE: Rechercher sur le Web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: traduire la page - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\translate_html\translate.html
IE: traduire le texte sélectionné - c:\documents and settings\LEGRAND\Application Data\Orange\OrangeInside\src\translateSelectedText_html\translateSelectedText.html
Trusted Zone: orange.fr\logicielsgratuits
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-27 07:35
Windows 5.1.2600 Service Pack 3 NTFS
.
Recherche de processus cachés ...
.
Recherche d'éléments en démarrage automatique cachés ...
.
Recherche de fichiers cachés ...
.
Scan terminé avec succès
Fichiers cachés: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MySqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
.
- - - - - - - > 'explorer.exe'(4040)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
c:\program files\EmoticonMail\OESmileHook.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\HPZipm12.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\Fichiers communs\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Heure de fin: 2013-03-27 07:44:48 - La machine a redémarré
ComboFix-quarantined-files.txt 2013-03-27 06:44
ComboFix2.txt 2013-03-26 11:20
.
Avant-CF: 9 220 075 520 octets libres
Après-CF: 9 417 498 624 octets libres
.
- - End Of File - - 9C7A74B2833677B5CC0D3269F4303E9C
Hello ! :)
Eh bien on a déjà bien avancé.
Il reste des publiciels.
Pour info on a viré un stealer (voleur de mots de passes) donc t'auras intérêt à les changer TOUS (sans exception) à la fin de la désinfection.
▶ Télécharge sur cette page: AdwCleaner (de Xplode)
▶ Lance-le
clique sur Suppression et patiente le temps du nettoyage.
▶ Poste le contenu du rapport que tu trouveras dans ton disque dur c:\ADwcleaner[Sx].txt ou son contenu s'il s'ouvre.
Eh bien on a déjà bien avancé.
Il reste des publiciels.
Pour info on a viré un stealer (voleur de mots de passes) donc t'auras intérêt à les changer TOUS (sans exception) à la fin de la désinfection.
▶ Télécharge sur cette page: AdwCleaner (de Xplode)
▶ Lance-le
clique sur Suppression et patiente le temps du nettoyage.
▶ Poste le contenu du rapport que tu trouveras dans ton disque dur c:\ADwcleaner[Sx].txt ou son contenu s'il s'ouvre.
