Sujet Précédent Sujet Suivant

Trojan system32\cmcfg3.dll

Fermé
Leroy - 9 déc. 2007 à 20:02
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 - 13 déc. 2007 à 21:41
Bonjour,

Chers Membres de la communauté underground, bonsoir.

Je me trouve ce soir confronter a un problème que je n’arrive pas a résoudre – ce probleme c'est le Trojan horse Generic9.AATD
Mon anti-virus, AVG 7.5, le situe a cet endroit : "C:\WINDOWS\system32\cmcfg3.dll"
Il le supprime, mais au redémarrage, celui-ci redevient actif.
J’imagine que Hijackthis pourrais mettre utile pour son éradication, mais ne sachant pas l’utiliser je préfère vous demander conseil. Je vous remercie de votre aide et vous joint ci-dessous le rapport Hijack.

ps : J'ai reussi a me débarasser d'un autre virus qui a partir d'une recherche google me renvoyais sur une page search-daily. Malgré cela mon Pc patine dans la semoule (presque 10 minutes pour redémarrer). Une solution ?!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:32, on 09/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\WLAN Card Utilities\Center.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\leroy\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Yahoo! France
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F08CDB2D-0228-4B1C-97A2-9BCABB6E5513} - C:\WINDOWS\system32\cmcfg3.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Norton Save and Restore] "C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/fr/check/qdiagh.cab?326
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
A voir également:

81 réponses

Précédent
Réponse 41 / 81
Marxes Messages postés 38 Date d'inscription dimanche 9 décembre 2007 Statut Membre Dernière intervention 13 décembre 2007
12 déc. 2007 à 00:16
Je me mets au travail...

A tout de suite.
0
Réponse 42 / 81
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
12 déc. 2007 à 00:54
apparemment, tu n'es pas revenu, j'espère que tu n'as pas de nouveaux soucis

possible que j'aille me coucher bientôt, serais là demain en soirée peut être pas avant
0
Réponse 43 / 81
Marxes Messages postés 38 Date d'inscription dimanche 9 décembre 2007 Statut Membre Dernière intervention 13 décembre 2007
12 déc. 2007 à 00:56
Tu es la ?
0
Réponse 44 / 81
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
12 déc. 2007 à 00:57
oui
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 81
Marxes Messages postés 38 Date d'inscription dimanche 9 décembre 2007 Statut Membre Dernière intervention 13 décembre 2007
12 déc. 2007 à 01:01
Je ne sais pas si tu es allée te coucher, si c'est le cas, bonne soirée et beau reve.

A tout cas voila pour commencer le rapport Combofix :
(la suite arrive rapport hijack et SReng)

ComboFix 07-12-08.1 - Leroy 2007-12-12 0:25:01.5 - NTFSx86
Running from: C:\Documents and Settings\Leroy\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Leroy\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\drivers\ylfiqyhy.dat
.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-11 to 2007-12-11 ))))))))))))))))))))))))))))))))))))
.

2007-12-10 18:20 . 2007-12-10 18:20 <REP> d-------- C:\Documents and Settings\Leroy\Application Data\Grisoft
2007-12-10 18:19 . 2007-12-10 18:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-10 18:19 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-10 18:03 . 2007-12-10 18:03 23,570,258 --a------ C:\upload_moi_B-DOG.tar.gz
2007-12-10 00:12 . 2007-12-10 00:13 <REP> d-------- C:\CCleaner
2007-12-10 00:08 . 2007-12-11 16:43 <REP> d-------- C:\Hijackthis
2007-12-08 16:30 . 2007-12-08 16:33 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AVG7
2007-12-08 13:51 . 2007-12-08 13:51 <REP> d-------- C:\VundoFix Backups
2007-12-07 20:12 . 2007-12-07 20:12 <REP> d-------- C:\Program Files\Lavasoft
2007-12-07 20:12 . 2007-12-07 20:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-06 13:34 . 2007-05-29 13:55 22,112 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-12-06 13:34 . 2007-05-29 13:55 10,592 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2007-12-06 13:34 . 2007-05-29 13:55 705 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2007-12-05 18:46 . 2007-12-05 18:46 <REP> d-------- C:\Program Files\The Weather Channel FW
2007-12-05 11:48 . 2007-12-05 11:48 <REP> d-------- C:\Program Files\Alwil Software
2007-12-04 21:40 . 2007-12-05 18:46 <REP> d-------- C:\Program Files\a-squared Free
2007-12-03 19:23 . 2007-12-03 19:24 <REP> d-------- C:\Program Files\iTunes
2007-12-03 19:16 . 2007-12-10 21:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-03 19:16 . 2007-12-03 19:16 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-03 19:09 . 2007-12-03 19:09 <REP> d-------- C:\Program Files\Apple Software Update
2007-12-02 18:36 . 2007-12-02 18:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-12-02 18:35 . 2007-06-21 21:54 75,248 --a------ C:\WINDOWS\zllsputility.exe
2007-12-02 18:35 . 2007-06-21 21:55 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2007-12-02 18:35 . 2007-06-21 21:55 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2007-12-02 18:35 . 2007-06-21 21:55 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2007-12-02 18:35 . 2007-06-21 21:55 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2007-12-02 18:35 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2007-12-02 18:35 . 2007-12-02 18:40 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2007-12-02 18:34 . 2007-12-02 18:34 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-12-02 18:34 . 2007-12-02 18:34 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-12-02 18:33 . 2007-12-12 00:40 22,423,584 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-02 18:33 . 2007-12-12 00:34 263,828 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-02 18:33 . 2007-05-31 00:03 110,360 --a------ C:\WINDOWS\system32\drivers\kl1.sys
2007-12-02 18:31 . 2007-12-02 20:01 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2007-12-02 18:31 . 2007-06-21 21:54 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2007-12-02 18:31 . 2007-12-12 00:35 58,727 --a------ C:\WINDOWS\system32\vsconfig.xml
2007-12-02 18:28 . 2007-12-12 00:18 <REP> d-------- C:\WINDOWS\Internet Logs
2007-12-02 15:56 . 2007-12-09 08:00 <REP> d-------- C:\Documents and Settings\Leroy\Application Data\AVG7
2007-12-02 15:55 . 2007-12-02 15:55 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-02 15:54 . 2007-12-09 20:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-02 15:24 . 2007-12-02 15:24 <REP> d-------- C:\Program Files\ZNsoft Corporation
2007-12-02 15:24 . 2004-10-06 12:08 606,208 --a------ C:\WINDOWS\system32\BtnPlus1.ocx
2007-12-02 15:24 . 2004-10-06 12:24 471,040 --a------ C:\WINDOWS\system32\FraPlus1.ocx
2007-12-02 15:24 . 2000-10-01 23:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
2007-12-02 15:24 . 1997-05-01 00:00 57,856 --a------ C:\WINDOWS\system32\DrvFacts.ocx
2007-12-01 03:02 . 2007-12-01 03:02 <REP> d-------- C:\Program Files\Windows Live Favorites
2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-29 16:29 . 2007-11-29 16:29 <REP> d-------- C:\WINDOWS\Applian FLV Player
2007-11-29 16:29 . 2007-11-29 16:29 <REP> d-------- C:\Program Files\FLV Player
2007-11-28 00:50 . 2007-12-08 14:59 <REP> d-------- C:\Program Files\eMule
2007-11-27 19:33 . 2007-01-12 23:50 215,144 --a------ C:\WINDOWS\pw32a0.dll
2007-11-27 19:30 . 2007-12-06 13:28 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-11-27 19:30 . 2007-12-06 13:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-11-26 11:56 . 2007-11-26 11:56 335 --a------ C:\WINDOWS\mozregistry.dat
2007-11-25 19:06 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\Korg\Voisinage r‚seau
2007-11-25 19:06 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\Korg\Voisinage d'impression
2007-11-25 19:06 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\Korg\ModŠles
2007-11-25 19:06 . 2007-11-25 19:07 <REP> dr-h----- C:\Documents and Settings\Korg\Mes documents
2007-11-25 19:06 . 2005-10-26 11:52 <REP> dr-h----- C:\Documents and Settings\Korg\Menu D‚marrer
2007-11-25 19:06 . 2007-11-25 19:07 <REP> dr-h----- C:\Documents and Settings\Korg\Favoris
2007-11-25 19:06 . 2007-12-09 20:27 <REP> d--h----- C:\Documents and Settings\Korg\Bureau
2007-11-25 16:15 . 2007-11-25 16:15 1,156 --a------ C:\WINDOWS\mozver.dat
2007-11-25 14:49 . 2007-11-25 14:49 <REP> d-------- C:\Program Files\Lavalys
2007-11-25 03:16 . 2007-11-25 03:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2007-11-25 01:55 . 2007-11-25 01:56 <REP> d-------- C:\WINDOWS\system32\NtmsData
2007-11-25 00:52 . 2007-11-25 00:52 2 --a------ C:\WINDOWS\msoffice.ini
2007-11-25 00:27 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\PH2\Voisinage r‚seau
2007-11-25 00:27 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\PH2\Voisinage d'impression
2007-11-25 00:27 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\PH2\ModŠles
2007-11-25 00:27 . 2007-11-25 00:34 <REP> dr------- C:\Documents and Settings\PH2\Mes documents
2007-11-25 00:27 . 2005-10-26 11:52 <REP> dr------- C:\Documents and Settings\PH2\Menu D‚marrer
2007-11-25 00:27 . 2007-11-25 00:28 <REP> dr------- C:\Documents and Settings\PH2\Favoris
2007-11-25 00:27 . 2007-11-25 00:27 <REP> d-------- C:\Documents and Settings\PH2\Bureau
2007-11-24 22:45 . 2007-11-24 22:45 <REP> d-------- C:\Program Files\Windows Resource Kits
2007-11-24 00:01 . 2007-11-24 00:01 0 --a------ C:\Documents and Settings\Administrateur\Application Data\wklnhst.dat
2007-11-23 23:50 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2007-11-23 23:50 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2007-11-23 23:50 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2007-11-23 23:50 . 2005-10-26 03:58 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2007-11-23 23:50 . 2005-10-26 11:52 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2007-11-23 23:50 . 2005-10-26 03:58 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2007-11-23 23:50 . 2007-12-09 20:27 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2007-11-23 23:50 . 2005-10-26 04:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2007-11-23 23:50 . 2005-10-26 04:25 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
2007-11-23 19:46 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-11-23 19:46 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2007-11-23 19:45 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-11-23 19:45 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
2007-11-23 19:45 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-11-23 19:45 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
2007-11-23 19:45 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-11-23 19:45 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-11 23:37 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-12-11 21:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2007-12-09 19:16 5,894 ----a-w C:\Documents and Settings\Leroy\Application Data\wklnhst.dat
2007-12-06 12:29 --------- d-----w C:\Program Files\Symantec
2007-12-06 12:28 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-03 18:23 --------- d-----w C:\Program Files\iPod
2007-12-03 18:19 --------- d-----w C:\Program Files\QuickTime
2007-12-03 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-01 02:04 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-11-28 14:17 --------- d-----w C:\Program Files\Java
2007-11-27 21:56 --------- d-----w C:\Program Files\Google
2007-11-27 18:55 --------- d-----w C:\Program Files\Norton Save and Restore
2007-11-27 18:42 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-25 13:11 --------- d-----w C:\Program Files\Yahoo!
2007-11-25 13:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-25 13:10 --------- d-----w C:\Program Files\HPQ
2007-11-25 13:10 --------- d-----w C:\Program Files\Fichiers communs\AOL
2007-11-25 10:51 --------- d-----w C:\Program Files\Easy Internet signup
2007-11-24 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-11-07 13:28 68,248 ----a-w C:\Documents and Settings\Leroy\Application Data\GDIPFONTCACHEV1.DAT
2007-11-07 00:45 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-06 03:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-11-06 03:03 --------- d-----w C:\Program Files\MSN Messenger
2007-01-28 15:51 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2006-09-08 01:50 774,144 ----a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-09_20.51.56.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-03-06 14:27:46 162,816 ----a-w C:\WINDOWS\erdnt\[u]0[/u]9-12-2007\ERDNT.EXE
+ 2007-12-09 22:00:05 6,225,920 ----a-w C:\WINDOWS\erdnt\[u]0[/u]9-12-2007\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-12-09 22:00:05 147,456 ----a-w C:\WINDOWS\erdnt\[u]0[/u]9-12-2007\Users\[u]0[/u]0000002\UsrClass.dat
+ 2005-03-06 14:27:46 162,816 ----a-w C:\WINDOWS\erdnt\10-12-2007\ERDNT.EXE
+ 2007-12-10 16:22:52 7,286,784 ----a-w C:\WINDOWS\erdnt\10-12-2007\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-12-10 16:22:52 147,456 ----a-w C:\WINDOWS\erdnt\10-12-2007\Users\[u]0[/u]0000002\UsrClass.dat
+ 2005-03-06 14:27:46 162,816 ----a-w C:\WINDOWS\erdnt\12-12-2007\ERDNT.EXE
+ 2007-12-11 23:17:36 7,286,784 ----a-w C:\WINDOWS\erdnt\12-12-2007\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-12-11 23:17:37 147,456 ----a-w C:\WINDOWS\erdnt\12-12-2007\Users\[u]0[/u]0000002\UsrClass.dat
+ 2005-03-06 14:27:46 162,816 ----a-w C:\WINDOWS\erdnt\AutoBackup\10-12-2007\ERDNT.EXE
+ 2007-12-10 00:19:30 7,286,784 ----a-w C:\WINDOWS\erdnt\AutoBackup\10-12-2007\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-12-10 00:19:34 147,456 ----a-w C:\WINDOWS\erdnt\AutoBackup\10-12-2007\Users\[u]0[/u]0000002\UsrClass.dat
+ 2005-03-06 14:27:46 162,816 ----a-w C:\WINDOWS\erdnt\AutoBackup\11-12-2007\ERDNT.EXE
+ 2007-12-11 20:12:43 7,286,784 ----a-w C:\WINDOWS\erdnt\AutoBackup\11-12-2007\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-12-11 20:12:46 147,456 ----a-w C:\WINDOWS\erdnt\AutoBackup\11-12-2007\Users\[u]0[/u]0000002\UsrClass.dat
+ 2005-03-06 14:27:46 162,816 ----a-w C:\WINDOWS\erdnt\AutoBackup\2007-12-10\ERDNT.EXE
+ 2007-12-09 23:44:35 6,230,016 ----a-w C:\WINDOWS\erdnt\AutoBackup\2007-12-10\Users\[u]0[/u]0000001\ntuser.dat
+ 2007-12-09 23:44:39 147,456 ----a-w C:\WINDOWS\erdnt\AutoBackup\2007-12-10\Users\[u]0[/u]0000002\UsrClass.dat
+ 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-12-11 23:39:15 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_a04.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-04-19 06:39]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\Money Express.exe" [2001-07-25 09:00]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 09:00]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 20:05]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 21:50]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 09:59]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-09-03 00:04]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 15:17]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 13:26]
"Control Center"="C:\Program Files\WLAN Card Utilities\Center.exe" [2005-02-18 16:49]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2001-10-09 13:28]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2004-07-11 19:56]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2001-10-05 16:51]
"Norton Save and Restore"="C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe" [2007-03-26 15:45]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 18:22]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 12:54]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 09:00]
"PicasaNet"="C:\Program Files\Hello\Hello.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-07-17 19:43]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)


*Newly Created Service* - ASNDIS5
*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-08 06:41:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-07 19:00:01 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - Korg.job"
"2007-12-11 23:20:04 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\Leroy\LOCALS~1\Temp\qqgtjsrb.dll
.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 00:39:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????0?0?9?0??p???? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\ASNDIS5]
"ImagePath"="\??\C:\PROGRA~1\WLANCA~1\ASNDIS5.SYS"
.
Completion time: 2007-12-12 0:49:50 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-11 21:35
C:\ComboFix3.txt ... 2007-12-11 16:51
.
--- E O F ---


voila pour ça.
0
Réponse 46 / 81
Marxes Messages postés 38 Date d'inscription dimanche 9 décembre 2007 Statut Membre Dernière intervention 13 décembre 2007
12 déc. 2007 à 01:04
On pourra reprendre plus tard si tu veux.
Tu va etre completement décalée par ma faute.

J'suis impardonnable !
0
Réponse 47 / 81
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
12 déc. 2007 à 01:07
j'attendais que tu reviennes, je suis sur un autre topic, je reviens ensuite

regarder le rapport
0
Réponse 48 / 81
Marxes Messages postés 38 Date d'inscription dimanche 9 décembre 2007 Statut Membre Dernière intervention 13 décembre 2007
12 déc. 2007 à 01:10
Pas de probleme, je suis sur le point de faire le scan Hijack / SReng
ps : Qu'est-ce que ça rame...
0
Réponse 49 / 81
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
12 déc. 2007 à 01:14
ça rame ? pourtant ca a l'air pas mal du tout.

juste ceci : 

DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\DOCUME~1\Leroy\LOCALS~1\Temp\qqgtjsrb.dll

peux tu regarder manuellement en ayant affiché les fichiers et dossiers cachés, si tu vois la dll stp. Vide tout le contenu de temp de toute manière.
0
Réponse 50 / 81
Marxes Messages postés 38 Date d'inscription dimanche 9 décembre 2007 Statut Membre Dernière intervention 13 décembre 2007
12 déc. 2007 à 01:17
apres le rapport combofix, voila la rapport hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:12:52, on 12/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\WLAN Card Utilities\Center.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Norton Save and Restore] "C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [HP Software Update] ; C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] ; "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LSBWatcher] ; c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] ; "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [PicasaNet] ; "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [QuickTime Task] ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] ; C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [googletalk] ; "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [MoneyAgent] ; "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [msnmsgr] ; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] ; "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/fr/check/qdiagh.cab?326
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 51 / 81
Marxes Messages postés 38 Date d'inscription dimanche 9 décembre 2007 Statut Membre Dernière intervention 13 décembre 2007
12 déc. 2007 à 01:23
A dire vrai je trouve meme pas le chemin d'acces

C:\DOCUME~1\Leroy\LOCALS~1\Temp\qqgtjsrb.dll

DOCUME~1 ???? J'arrive pas a le voir...

edit : C:\Documents and Settings\Leroy\Local Settings\Temp ???
0
Réponse 52 / 81
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
12 déc. 2007 à 01:24
si il faut faire

c:\documents & settings\leroy\local setting\temp

pour le rapport hijackthis il est ok mais il l'était déjà :)

je crois que je vais m'arrêter là on continuera demain n'oublie pas de poster sreng, et de me dire pour le dossier TEMP

bonne nuit

0
Réponse 53 / 81
Marxes Messages postés 38 Date d'inscription dimanche 9 décembre 2007 Statut Membre Dernière intervention 13 décembre 2007
12 déc. 2007 à 01:27
Bonne nuit

A demain.
0
Réponse 54 / 81
Marxes Messages postés 38 Date d'inscription dimanche 9 décembre 2007 Statut Membre Dernière intervention 13 décembre 2007
12 déc. 2007 à 02:03
Il est tard mais je voulais finir,

Alors pour l'info :
c:\documents & settings\leroy\local setting\temp

dans le fichier "temp" pas de "qqgtjsrb.dll" suspect. Juste 2 elements "JET3C07.tmp" & "Perflib_Perfdata_88.dat"
Je vide le dossier Temp ?!


(En 2 post) Voila le rapport SRENG que tu voulais :





[CODE]

2007-12-12,01:37:58

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<googletalk><; "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart> [Google]
<MoneyAgent><; "C:\Program Files\Microsoft Money\System\Money Express.exe"> [Microsoft Corporation]
<msnmsgr><; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation]
<Yahoo! Pager><; "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet> [(Verified)Yahoo! Inc.]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ATIPTA><"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"> [ATI Technologies, Inc.]
<SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe> [(Verified)Microsoft Windows Publisher]
<hpWirelessAssistant><C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe> [Hewlett-Packard Company]
<ccApp><"C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"> [(Verified)Symantec Corporation]
<eabconfg.cpl><C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start> [Hewlett-Packard ]
<Cpqset><C:\Program Files\HPQ\Default Settings\cpqset.exe> []
<Control Center><C:\Program Files\WLAN Card Utilities\Center.exe> []
<WorksFUD><C:\Program Files\Microsoft Works\wkfud.exe> [Microsoft® Corporation]
<Microsoft Works Portfolio><C:\Program Files\Microsoft Works\WksSb.exe /AllUsers> [Microsoft® Corporation]
<Microsoft Works Update Detection><C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe> [Microsoft® Corporation]
<Norton Save and Restore><"C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe"> [(Verified)Symantec Corporation]
<osCheck><"C:\Program Files\Norton Internet Security\osCheck.exe"> [(Verified)Symantec Corporation]
<Symantec PIF AlertEng><"C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"> [N/A]
<ZoneAlarm Client><"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"> [(Verified)Check Point Software Technologies Ltd.]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<!AVG Anti-Spyware><"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [(Verified)GRISOFT LTD]
<HP Software Update><; C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe> [Hewlett-Packard Co.]
<iTunesHelper><; "C:\Program Files\iTunes\iTunesHelper.exe"> [(Verified)"Apple Computer, Inc."]
<LSBWatcher><; c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe> [Hewlett-Packard Company]
<MoneyStartUp10.0><; "C:\Program Files\Microsoft Money\System\Activation.exe"> [Microsoft Corporation]
<PicasaNet><; "C:\Program Files\Hello\Hello.exe" -b> [N/A]
<QuickTime Task><; "C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.]
<RealTray><; C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [(Verified)GRISOFT LTD]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]

==================================
Startup Folders
[HP Digital Imaging Monitor]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk --> C:\PROGRA~1\Hp\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]><N>
[ERUNT AutoBackup]
<C:\Documents and Settings\Leroy\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk --> C:\PROGRA~1\ERUNT\AUTOBACK.EXE [N/A]><N>

==================================
Services
[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
<"C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple, Inc.>
[Gestion d'applications / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Service d'état ASP.NET / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
<C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.>
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
<"C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Running/Auto Start]
<"C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon><Symantec Corporation>
[Symantec Lic NetConnect service / CLTNetCnService][Running/Auto Start]
<"C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon><Symantec Corporation>
[COM Host / comHost][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe"><Symantec Corporation>
[Google Updater Service / gusvc][Stopped/Manual Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[HP WMI Interface / hpqwmi][Running/Manual Start]
<C:\Program Files\HPQ\SHARED\HPQWMI.exe><Hewlett-Packard Development Company, L.P.>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Service de l'iPod / iPod Service][Stopped/Manual Start]
<"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[Validation de mot de passe Symantec IS / ISPwdSvc][Stopped/Manual Start]
<"C:\Program Files\Norton Internet Security\isPwdSvc.exe"><Symantec Corporation>
[LightScribeService Direct Disc Labeling Service / LightScribeService][Running/Auto Start]
<"C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"><Hewlett-Packard Company>
[LiveUpdate / LiveUpdate][Stopped/Manual Start]
<"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"><Symantec Corporation>
[LiveUpdate Notice Service Ex / LiveUpdate Notice Ex][Running/Auto Start]
<"C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon><Symantec Corporation>
[LiveUpdate Notice Service / LiveUpdate Notice Service][Stopped/Auto Start]
<"C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"><Symantec Corporation>
[Norton Save and Restore / Norton Save and Restore][Running/Auto Start]
<C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe><Symantec Corporation>
[Norton Protection Center Service / NSCService][Stopped/Disabled]
<"C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE"><Symantec Corporation>
[Planificateur LiveUpdate automatique / Planificateur LiveUpdate automatique][Stopped/Auto Start]
<"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"><Symantec Corporation>
[Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start]
<C:\WINDOWS\system32\HPZipm12.exe><HP>
[Symantec Core LC / Symantec Core LC][Running/Auto Start]
<"C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe"><>
[Symantec AppCore Service / SymAppCore][Running/Auto Start]
<"C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe"><Symantec Corporation>
[TrueVector Internet Monitor / vsmon][Stopped/Auto Start]
<C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service><Zone Labs, LLC>

==================================
Drivers
[AliIde / AliIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[Pilote de processeur AMD / AmdK8][Running/System Start]
<system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
<\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[Pilote pour carte réseau Broadcom 802.11 / BCM43XX][Running/Manual Start]
<system32\DRIVERS\bcmwl5.sys><Broadcom Corporation>
[Conexant AMC Audio / CAMCAUD][Running/Manual Start]
<system32\drivers\camc6aud.sys><Conexant Systems Inc.>
[CAMCHALA / CAMCHALA][Running/Manual Start]
<system32\drivers\camc6hal.sys><Conexant Systems Inc.>
[catchme / catchme][Running/Manual Start]
<\??\C:\DOCUME~1\Leroy\LOCALS~1\Temp\catchme.sys><N/A>
[eabfiltr / eabfiltr][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\EABFiltr.sys><Hewlett-Packard Development Company, L.P.>
[eabusb / eabusb][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\eabusb.sys><Hewlett-Packard Development Company, L.P.>
[Symantec Eraser Control driver / eeCtrl][Running/System Start]
<\??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[EraserUtilRebootDrv / EraserUtilRebootDrv][Running/Manual Start]
<\??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys><Symantec Corporation>
[GEARAspiWDM / GEARAspiWDM][Running/Manual Start]
<SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]
<system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]
<system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]
<system32\DRIVERS\HPZius12.sys><HP>
[HSFHWATI / HSFHWATI][Running/Manual Start]
<system32\DRIVERS\HSFHWATI.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
<system32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\kl1.sys><Kaspersky Lab>
[KLIF / KLIF][Running/System Start]
<system32\DRIVERS\klif.sys><Kaspersky Lab>
[AEGIS Protocol (IEEE 802.1x) v2.3.1.9 / MDC8021X][Running/Auto Start]
<system32\DRIVERS\mdc8021x.sys><Meetinghouse Data Communications>
[mdmxsdk / mdmxsdk][Running/Auto Start]
<system32\DRIVERS\mdmxsdk.sys><Conexant>
[NAVENG / NAVENG][Running/Manual Start]
<\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20071129.006\NAVENG.SYS><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
<\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20071129.006\NAVEX15.SYS><Symantec Corporation>
[PCAMPR5 NDIS Protocol Driver / PCAMPR5][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\PCAMPR5.SYS><N/A>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[PCASp50 NDIS Protocol Driver / PCASp50][Stopped/Manual Start]
<System32\Drivers\PCASp50.sys><Printing Communications Assoc., Inc. (PCAUSA)>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[ASUS USB Wireless LAN Driver / RT2500USB][Stopped/Manual Start]
<system32\DRIVERS\rt2500usb.sys><Ralink Technology Inc.>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[Pilote de périphérique SMC IrCC Miniport / SMCIRDA][Stopped/Manual Start]
<system32\DRIVERS\smcirda.sys><SMC>
[SPBBCDrv / SPBBCDrv][Running/System Start]
<\??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[srescan / srescan][Running/Boot Start]
<\SystemRoot\system32\ZoneLabs\srescan.sys><Zone Labs, LLC>
[SRTSP / SRTSP][Running/System Start]
<System32\Drivers\SRTSP.SYS><Symantec Corporation>
[SRTSPL / SRTSPL][Stopped/Manual Start]
<System32\Drivers\SRTSPL.SYS><Symantec Corporation>
[SRTSPX / SRTSPX][Running/System Start]
<System32\Drivers\SRTSPX.SYS><Symantec Corporation>
[SYMDNS / SYMDNS][Running/Manual Start]
<\SystemRoot\System32\Drivers\SYMDNS.SYS><Symantec Corporation>
[SymEvent / SymEvent][Running/Manual Start]
<\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS><Symantec Corporation>
[SYMFW / SYMFW][Running/Manual Start]
<\SystemRoot\System32\Drivers\SYMFW.SYS><Symantec Corporation>
[SYMIDS / SYMIDS][Running/Manual Start]
<\SystemRoot\System32\Drivers\SYMIDS.SYS><Symantec Corporation>
[SYMIDSCO / SYMIDSCO][Running/Manual Start]
<\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20061025.029\SymIDSCo.sys><Symantec Corporation>
[symlcbrd / symlcbrd][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\symlcbrd.sys><Symantec Corporation>
[SYMNDIS / SYMNDIS][Running/Manual Start]
<\SystemRoot\System32\Drivers\SYMNDIS.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Running/Manual Start]
<\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/System Start]
<\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
<system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[vsdatant / vsdatant][Running/System Start]
<System32\vsdatant.sys><Zone Labs, LLC>
[WAN Miniport (ATW) / wanatw][Stopped/Manual Start]
<system32\DRIVERS\wanatw4.sys><N/A>
[winachsf / winachsf][Running/Manual Start]
<system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[ASNDIS5 Protocol Driver / ASNDIS5][Running/Manual Start]
<\??\C:\PROGRA~1\WLANCA~1\ASNDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>

==================================
Browser Add-ons
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll, Yahoo! Inc.>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} <C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll, Symantec Corporation>
[Yahoo! IE Services Button]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <C:\Program Files\Yahoo!\Common\yiesrvc.dll, Yahoo! Inc.>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[]
{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} <C:\Program Files\Microsoft Money\System\mnyviewer.dll, Microsoft Corporation>
[Java Plug-in 1.6.0_03]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Yahoo! IE Services Button]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <C:\Program Files\Yahoo!\Common\yiesrvc.dll, Yahoo! Inc.>
[Real.com]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} <C:\WINDOWS\system32\Shdocvw.dll, Microsoft Corporation>
[]
{E023F504-0C5A-4750-A1E7-A9046DEA8A21} <C:\Program Files\Microsoft Money\System\mnyviewer.dll, Microsoft Corporation>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Vue HP]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} <C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll, Hewlett-Packard Company>
[Java Plug-in 1.6.0_03]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_01]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[QDiagHUpdateObj Class]
{EB387D2F-E27B-4D36-979E-847D1036C65D} <C:\WINDOWS\system32\qdiagh.ocx, Gteko Ltd.>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll, Yahoo! Inc.>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Shockwave ActiveX Control]
{166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\Macromed\Director\SwDir.dll, Macromedia, Inc.>
[]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75} <C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll, Symantec Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\MSXML3.DLL, N/A>
[HtmlDlgSafeHelper Class]
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\MSXML3.DLL, N/A>
[Yahoo! IE Services Button]
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <C:\Program Files\Yahoo!\Common\yiesrvc.dll, Yahoo! Inc.>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Afficher Norton Toolbar]
{90222687-F593-4738-B738-FBEE9C7B26DF} <C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll, Symantec Corporation>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
[Vue HP]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} <C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll, Hewlett-Packard Company>
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[Yahoo! VersionInfo]
{D5184A39-CBDF-4A4F-AC1A-7A45A852C883} <C:\Program Files\Yahoo!\Common\YVerInfo.dll, Yahoo! Inc.>
[iTunesDetector Class]
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} <C:\Program Files\iTunes\ITDetector.ocx, Apple Computer, Inc.>
[MessengerChecker Class]
{DA4F543C-C8A9-4E88-9A79-548CBB46F18F} <C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, Yahoo! Inc.>
[QuickTimeCheck Class]
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, Apple Inc.>
[Messenger Class]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <, N/A>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\MSXML3.DLL, N/A>
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll, Yahoo! Inc.>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\MSXML3.DLL, N/A>
[XML HTTP 3.0]
{F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\MSXML3.DLL, N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\MSXML3.DLL, N/A>
[]
{FDD3B846-8D59-4FFB-8758-209B6AD74ACC} <C:\Program Files\Microsoft Money\System\mnyviewer.dll, Microsoft Corporation>
[&Google Search]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html, N/A>
[&Windows Live Search]
<res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm, N/A>
[Add to Windows &Live Favorites]
<https://onedrive.live.com/?id=favorites N/A>
[Pages liées]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html, N/A>
[Pages similaires]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html, N/A>
[Version de la page actuelle disponible dans le cache Google]
<res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html, N/A>
0
Réponse 55 / 81
Marxes Messages postés 38 Date d'inscription dimanche 9 décembre 2007 Statut Membre Dernière intervention 13 décembre 2007
12 déc. 2007 à 02:10
La suite du rapport SReng :

==================================
Running Processes
[PID: 716 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 788 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 820 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4121]
[C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 864 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 876 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1040 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4121]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2499]
[PID: 1064 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1180 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1220 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1356 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1404 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[PID: 1788 / SYSTEM][C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe] [Symantec Corporation, 106.0.1.10]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Fichiers communs\Symantec Shared\ccL60U.dll] [Symantec Corporation, 106.0.1.10]
[C:\Program Files\Fichiers communs\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 106.0.1.10]
[C:\Program Files\Fichiers communs\Symantec Shared\ccSvc.dll] [Symantec Corporation, 106.0.1.10]
[C:\Program Files\Fichiers communs\Symantec Shared\ccSet.dll] [Symantec Corporation, 106.0.1.10]
[C:\PROGRA~1\FICHIE~1\SYMANT~1\CCSETPLG.DLL] [Symantec Corporation, 106.0.1.10]
[C:\PROGRA~1\NORTON~1\NORTON~1\AVPSVC32.DLL] [Symantec Corporation, 14.0.0.89]
[C:\PROGRA~1\NORTON~1\NORTON~1\AVPSVC32.loc] [Symantec Corporation, 14.0.0.89]
[C:\Program Files\Norton Internet Security\Norton AntiVirus\AVSubmit.dll] [Symantec Corporation, 14.0.0.89]
[C:\Program Files\Norton Internet Security\Norton AntiVirus\AVSubmit.loc] [Symantec Corporation, 14.0.0.89]
[C:\PROGRA~1\NORTON~1\ISDATASV.DLL] [Symantec Corporation, 10.0.0.247]
[C:\PROGRA~1\FICHIE~1\SYMANT~1\NPC\NPCWMIMN.DLL] [Symantec Corporation, 2007.4.00.2]
[C:\PROGRA~1\FICHIE~1\SYMANT~1\SNDSVC.DLL] [Symantec Corporation, 7.0.0.170]
[C:\Program Files\Fichiers communs\Symantec Shared\ccL60.dll] [Symantec Corporation, 106.0.1.10]
[C:\PROGRA~1\FICHIE~1\SYMANT~1\SUBMIS~1\SUBENG.DLL] [Symantec Corporation, 2.0.0.164]
[C:\PROGRA~1\FICHIE~1\SYMANT~1\SUBMIS~1\SUBRES.loc] [Symantec Corporation, 2.0.0.164]
[C:\PROGRA~1\FICHIE~1\SYMANT~1\SPBBC\TPROCPLG.DLL] [Symantec Corporation, 3.0.1.10]
[C:\PROGRA~1\FICHIE~1\SYMANT~1\CCEVTPLG.DLL] [Symantec Corporation, 106.0.1.10]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[C:\PROGRA~1\FICHIE~1\SYMANT~1\PIF\{B8E1D~1\PIFENG.DLL] [Symantec Corporation, 1.2.0.18]
[C:\Program Files\Fichiers communs\Symantec Shared\ccEvtCli.dll] [Symantec Corporation, 106.0.1.10]
[C:\PROGRA~1\FICHIE~1\SYMANT~1\FIREWALL\FWAGENT.DLL] [Symantec Corporation, 2.0.2.5]
[C:\PROGRA~1\FICHIE~1\SYMANT~1\SPBBC\SPBBCEVT.DLL] [Symantec Corporation, 3.0.1.10]
[C:\Program Files\Norton Internet Security\SetEvtHp.dll] [Symantec Corporation, 10.0.0.247]
[C:\PROGRA~1\FICHIE~1\SYMANT~1\SRTSP\SRTSP32.DLL] [Symantec Corporation, 10.2.2.6]
[C:\PROGRA~1\FICHIE~1\SYMANT~1\CCLOGIN.DLL] [Symantec Corporation, 104.0.3.10]
[C:\PROGRA~1\FICHIE~1\SYMANT~1\ccL40.dll] [Symantec Corporation, 104.0.3.10]
[C:\Program Files\Fichiers communs\Symantec Shared\ccProSub.dll] [Symantec Corporation, 106.0.1.10]
[C:\PROGRA~1\FICHIE~1\SYMANT~1\CCSETEVT.DLL] [Symantec Corporation, 106.0.1.10]
[C:\WINDOWS\system32\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRA~1\NORTON~1\ISSVC.DLL] [Symantec Corporation, 10.0.0.86]
[C:\PROGRA~1\NORTON~1\NORTON~1\NAVEVENT.DLL] [Symantec Corporation, 14.0.0.89]
[C:\WINDOWS\system32\SymNeti.dll] [Symantec Corporation, 7.0.0.170]
[C:\Program Files\Norton Internet Security\isDataCl.dll] [Symantec Corporation, 10.0.0.247]
[C:\Program Files\Fichiers communs\Symantec Shared\AntiVirus\AVIfc.dll] [Symantec Corporation, 1.0.00.194]
[C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppMgr32.dll] [Symantec Corporation, 1.0.00.101]
[C:\Program Files\Fichiers communs\Symantec Shared\Firewall\FWHelper.dll] [Symantec Corporation, 2.0.2.5]
[C:\Program Files\Norton Internet Security\fwPlugin.dll] [Symantec Corporation, 10.0.0.247]
[C:\Program Files\Fichiers communs\Symantec Shared\NcoItf.dll] [Symantec Corporation, 2007.1.00.133]
[C:\Program Files\Norton Internet Security\fwEvent.dll] [Symantec Corporation, 10.0.0.247]
[C:\PROGRA~1\FICHIE~1\SYMANT~1\OPC\{31011~1\CLTNETCN.DLL] [Symantec Corporation, 7.0.0.108]
[C:\Program Files\Norton Internet Security\IMCfg.dll] [Symantec Corporation, 10.0.0.247]
[C:\Program Files\Fichiers communs\Symantec Shared\NPC\npcWmiDt.dll] [Symantec Corporation, 2007.4.00.2]
[C:\PROGRA~1\FICHIE~1\SYMANT~1\PIF\{B8E1D~1\PollMgr.dll] [Symantec Corporation, 1.2.0.18]
[C:\PROGRA~1\FICHIE~1\SYMANT~1\SUBMIS~1\SubConn.dll] [Symantec Corporation, 2.0.0.164]
[PID: 1988 / Leroy][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4121]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2499]
[PID: 136 / Leroy][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Unlocker\UnlockerCOM.dll] [N/A, ]
[C:\Program Files\Norton Save and Restore\Browser\VProShellExt.dll] [Symantec Corporation, 11.0.2.20309]
[C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll] [Zone Labs, LLC, 7.0.362.000]
[C:\Program Files\Zone Labs\ZoneAlarm\zlavscan_Loc040c.dll] [Zone Labs Inc., 5.3.017.000]
[C:\PROGRA~1\Yahoo!\Common\ymmapi2005010104.dll] [Yahoo! Inc., 2005, 1, 1, 4]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll] [Symantec Corporation, 14.0.0.89]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Fichiers communs\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 106.0.1.10]
[C:\Program Files\Fichiers communs\Symantec Shared\ccL60U.dll] [Symantec Corporation, 106.0.1.10]
[C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.loc] [N/A, ]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll] [GRISOFT s.r.o., 7, 5, 1, 36]
[C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\system32\wpdshext.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36]
[C:\WINDOWS\system32\MSCOREE.DLL] [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll] [Microsoft Corporation, 1.1.4322.2032]
[C:\Program Files\Microsoft Money\System\urlmapps.dll] [Microsoft Corporation, 10.00.0831]
[C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll] [Hewlett-Packard Company, 1.0.0.7]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200]
[C:\Program Files\Microsoft Money\System\mnyviewer.dll] [Microsoft Corporation, 10.00.0831]
[C:\Program Files\Microsoft Office\Office10\msohev.dll] [Microsoft Corporation, 10.0.2609]
[PID: 428 / SYSTEM][C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe] [Symantec Corporation, 1.0.00.101]
[C:\WINDOWS\system32\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Fichiers communs\Symantec Shared\ccL60U.dll] [Symantec Corporation, 106.0.1.10]
[C:\Program Files\Fichiers communs\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 106.0.1.10]
[C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppMgr32.dll] [Symantec Corporation, 1.0.00.101]
[C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSet32.dll] [Symantec Corporation, 1.0.00.101]
[C:\Program Files\Fichiers communs\Symantec Shared\AntiVirus\AVScan.dll] [Symantec Corporation, 1.0.00.194]
[C:\Program Files\Fichiers communs\Symantec Shared\AntiVirus\AV.loc] [Symantec Corporation, 1.0.00.194]
[C:\Program Files\Fichiers communs\Symantec Shared\AntiVirus\avDefMgr.dll] [Symantec Corporation, 1.0.00.194]
[C:\Program Files\Fichiers communs\Symantec Shared\DefUtDCD.dll] [Symantec Corporation, 3.2.10.0]
[C:\Program Files\Fichiers communs\Symantec Shared\AntiVirus\avModule.dll] [Symantec Corporation, 1.0.00.194]
[C:\Program Files\Fichiers communs\Symantec Shared\QBackup.dll] [Symantec Corporation, 1.0.00.194]
[C:\Program Files\Fichiers communs\Symantec Shared\AntiVirus\AVExclu.dll] [Symantec Corporation, 1.0.00.194]
[C:\Program Files\Fichiers communs\Symantec Shared\SRTSP\Srtsp32.dll] [Symantec Corporation, 10.2.2.6]
[C:\Program Files\Fichiers communs\Symantec Shared\ccScanw.dll] [Symantec Corporation, 106.0.1.10]
[C:\Program Files\Fichiers communs\Symantec Shared\ecmldr32.DLL] [Symantec Corporation, 61.3.0.17]
[C:\Program Files\Fichiers communs\Symantec Shared\MSL\msl.dll] [Symantec Corporation, 5.0.069.000]
[C:\Program Files\Fichiers communs\Symantec Shared\ccProSub.dll] [Symantec Corporation, 106.0.1.10]
[C:\PROGRA~1\FICHIE~1\SYMANT~1\ccEvtCli.dll] [Symantec Corporation, 106.0.1.10]
[C:\Program Files\Fichiers communs\Symantec Shared\ccSvc.dll] [Symantec Corporation, 106.0.1.10]
[PID: 540 / SYSTEM][C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe] [, ]
[C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcnet.dll] [, ]
[PID: 1372 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\hpzsnt07.dll] [HP, 2,140,0,0]
[PID: 204 / SYSTEM][C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe] [Apple, Inc., 1, 14, 0, 0]
[PID: 1004 / Leroy][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.14.10.5168]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.14.10.5168]
[C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.FRA] [ATI Technologies, Inc., 6.14.10.5168]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] [ATI Technologies, Inc., 6.14.10.5168]
[PID: 2140 / SYSTEM][C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe] [Hewlett-Packard Company, 1.4.44.1]
[C:\Program Files\Fichiers communs\LightScribe\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Fichiers communs\LightScribe\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[PID: 2228 / Leroy][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] [Synaptics, Inc., 8.0.13 17Jun05]
[C:\WINDOWS\system32\SynCOM.dll] [Synaptics, Inc., 8.0.13 17Jun05]
[C:\WINDOWS\system32\SynTPAPI.dll] [Synaptics, Inc., 8.0.13 17Jun05]
[PID: 2564 / SYSTEM][C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe] [Symantec Corporation, 11.0.2.20309]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Fichiers communs\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.3.10]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[C:\Program Files\Norton Save and Restore\Shared\VProObj.dll] [Symantec Corporation, 11.0.2.20309]
[C:\Program Files\Norton Save and Restore\Shared\NotifyHandler.dll] [Symantec Corporation, 11.0.2.20309]
[C:\Program Files\Norton Save and Restore\shared\ErrorGui.dll] [Symantec Corporation, 11.0.2.20309]
[C:\Program Files\Norton Save and Restore\Shared\VProScheduler.dll] [Symantec Corporation, 11.0.2.20309]
[C:\Program Files\Norton Save and Restore\Agent\VProImaging.dll] [Symantec Corporation, 11.0.2.20309]
[C:\Program Files\Norton Save and Restore\Shared\FileBackup.dll] [Symantec Corporation, 11.0.2.20309]
[C:\Program Files\Norton Save and Restore\Agent\gwrks32.dll] [GEAR-Software, 3.53.002.08]
[C:\Program Files\Norton Save and Restore\Agent\GEARAW32.dll] [GEAR-Software, 3.53.002.08]
[C:\Program Files\Norton Save and Restore\Agent\gwlangEN.dll] [GEAR-Software, 3.53.002.08]
[PID: 3044 / Leroy][C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe] [Symantec Corporation, 106.0.1.10]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Fichiers communs\Symantec Shared\ccL60U.dll] [Symantec Corporation, 106.0.1.10]
[C:\WINDOWS\system32\SymNeti.dll] [Symantec Corporation, 7.0.0.170]
[C:\Program Files\Fichiers communs\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 106.0.1.10]
[C:\Program Files\Fichiers communs\Symantec Shared\ccSvc.dll] [Symantec Corporation, 106.0.1.10]
[C:\Program Files\Fichiers communs\Symantec Shared\ccSet.dll] [Symantec Corporation, 106.0.1.10]
[C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppPlg32.dll] [Symantec Corporation, 1.0.00.101]
[C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppMgr32.dll] [Symantec Corporation, 1.0.00.101]
[C:\WINDOWS\system32\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSet32.dll] [Symantec Corporation, 1.0.00.101]
[C:\PROGRA~1\FICHIE~1\SYMANT~1\CCALERT.DLL] [Symantec Corporation, 106.0.1.10]
[C:\PROGRA~1\FICHIE~1\SYMANT~1\CCEMLPXY.DLL] [Symantec Corporation, 106.0.1.10]
[C:\Program Files\Norton Internet Security\fwAlert.dll] [Symantec Corporation, 10.0.0.247]
[C:\Program Files\Norton Internet Security\fwAlRes.dll] [Symantec Corporation, 10.0.0.247]
[C:\PROGRA~1\NORTON~1\NORTON~1\DEFALERT.DLL] [Symantec Corporation, 14.5.0.9]
[C:\PROGRA~1\NORTON~1\NORTON~1\AVPAPP32.DLL] [Symantec Corporation, 14.0.0.89]
[C:\PROGRA~1\NORTON~1\NISTRAY.DLL] [Symantec Corporation, 10.0.0.86]
[C:\PROGRA~1\NORTON~1\ISLALERT.DLL] [Symantec Corporation, 10.5.0.10]
[C:\Program Files\Fichiers communs\Symantec Shared\NPC\npcTRAY.dll] [Symantec Corporation, 2007.4.00.2]
[C:\Program Files\Fichiers communs\Symantec Shared\CF\PEP2.dll] [Symantec Corporation, 2006.1.00.58]
[C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll] [Symantec Corporation, 1.2.0.18]
[C:\Program Files\Fichiers communs\Symantec Shared\COH\sesHlp.dll] [Symantec Corporation, 6.1.3.20]
[C:\Program Files\Fichiers communs\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 106.0.1.10]
[C:\Program Files\Fichiers communs\Symantec Shared\ccProSub.dll] [Symantec Corporation, 106.0.1.10]
[C:\Program Files\Fichiers communs\Symantec Shared\COH\sH0001.dll] [Symantec Corporation, 6,1,3,20]
[C:\PROGRA~1\NORTON~1\AlertRes.dll] [Symantec Corporation, 10.0.0.86]
[C:\Program Files\Norton Internet Security\fwEvent.dll] [Symantec Corporation, 10.0.0.247]
[C:\Program Files\Fichiers communs\Symantec Shared\NcoItf.dll] [Symantec Corporation, 2007.1.00.133]
[C:\PROGRA~1\NORTON~1\NISTrRes.dll] [Symantec Corporation, 10.0.0.86]
[C:\PROGRA~1\NORTON~1\NORTON~1\AVPAPP32.loc] [Symantec Corporation, 14.0.0.89]
[C:\Program Files\Norton Internet Security\SetEvtHp.dll] [Symantec Corporation, 10.0.0.247]
[C:\Program Files\Fichiers communs\Symantec Shared\AntiVirus\AVIfc.dll] [Symantec Corporation, 1.0.00.194]
[C:\Program Files\Norton Internet Security\isDataCl.dll] [Symantec Corporation, 10.0.0.247]
[C:\Program Files\Fichiers communs\Symantec Shared\NPC\DataPvdr.dll] [Symantec Corporation, 2007.4.00.2]
[C:\PROGRA~1\FICHIE~1\SYMANT~1\ccEvtCli.dll] [Symantec Corporation, 106.0.1.10]
[C:\Program Files\Fichiers communs\Symantec Shared\NPC\NSCHlpr2.dll] [Symantec Corporation, 2007.4.00.2]
[C:\PROGRA~1\FICHIE~1\SYMANT~1\rcEmlPxy.dll] [Symantec Corporation, 106.0.1.10]
[C:\WINDOWS\system32\SymRedir.dll] [Symantec Corporation, 7.0.0.170]
[C:\Program Files\Fichiers communs\Symantec Shared\NPC\pcStatus.dll] [Symantec Corporation, 2007.4.00.2]
[C:\Program Files\Fichiers communs\Symantec Shared\NPC\uiLicPlg.dll] [Symantec Corporation, 2007.4.00.2]
[C:\Program Files\Fichiers communs\Symantec Shared\NPC\NSCWSCR2.DLL] [Symantec Corporation, 2007.4.00.2]
[C:\Program Files\Fichiers communs\Symantec Shared\AntiVirus\AVMail.dll] [Symantec Corporation, 1.0.00.194]
[C:\Program Files\Fichiers communs\Symantec Shared\NPC\npcWmiCl.dll] [Symantec Corporation, 2007.4.00.2]
[C:\Program Files\Fichiers communs\Symantec Shared\NPC\npcWmiDt.dll] [Symantec Corporation, 2007.4.00.2]
[C:\Program Files\Fichiers communs\Symantec Shared\AntiVirus\AVExclu.dll] [Symantec Corporation, 1.0.00.194]
[C:\Program Files\Norton Internet Security\IMCfg.dll] [Symantec Corporation, 10.0.0.247]
[C:\Program Files\Fichiers communs\Symantec Shared\NPC\PEPEvnt.dll] [Symantec Corporation, 2007.4.00.2]
[C:\Program Files\Fichiers communs\Symantec Shared\CF\cfV2Pack.dll] [Symantec Corporation, 2006.1.00.58]
[C:\Program Files\Fichiers communs\Symantec Shared\CF\cfEPack.dll] [Symantec Corporation, 2006.1.00.58]
[C:\PROGRA~1\FICHIE~1\SYMANT~1\PIF\{B8E1D~1\AlertUi.dll] [Symantec Corporation, 1.2.0.18]
[PID: 3100 / Leroy][C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe] [Hewlett-Packard , 5, 20, 4, 2]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[C:\Program Files\HPQ\Quick Launch Buttons\CPQINFO.DLL] [Hewlett-Packard , 5, 20, 4, 2]
[PID: 3848 / Leroy][C:\Program Files\WLAN Card Utilities\Center.exe] [, 2.2.6.8]
[C:\Program Files\WLAN Card Utilities\ASAUTHEN.DLL] [, 2, 0, 0, 0]
[C:\Program Files\WLAN Card Utilities\ASW32N50.dll] [Printing Communications Assoc., Inc. (PCAUSA), 5.00.13.50]
[C:\Program Files\WLAN Card Utilities\AegisE5.dll] [Meetinghouse Data Communications, 1, 8, 41, 1]
[PID: 768 / Leroy][C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe] [Microsoft® Corporation, 6.00.3215.0]
[PID: 224 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2964 / Leroy][C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.30.5]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[PID: 3764 / Leroy][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3760 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 400 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 984 / SYSTEM][C:\Program Files\HPQ\SHARED\HPQWMI.exe] [Hewlett-Packard Development Company, L.P., 1, 0, 6, 1]
[PID: 3672 / Leroy][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[C:\WINDOWS\system32\mucltui.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 3876 / Leroy][C:\Documents and Settings\Rob\Bureau\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
[C:\Documents and Settings\Leroy\Bureau\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 204, C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1004, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3100, C:\PROGRAM FILES\HPQ\QUICK LAUNCH BUTTONS\EABSERVR.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3848, C:\PROGRAM FILES\WLAN CARD UTILITIES\CENTER.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 768, C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE]

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


[/CODE]


Fini pour aujourd'hui !
0
Réponse 56 / 81
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
12 déc. 2007 à 12:39
bonjour,

de rapide passage, je dois repartir, pour ce soir si tu peux faire ceci stp

* Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

* Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.

* Redémarre ton ordinateur en mode sans échec

* Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script.

* Appuie sur Y pour commencer le processus de nettoyage.

Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

* Appuie sur une touche pour redémarrer le PC.

Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum,

0
Réponse 57 / 81
Marxes Messages postés 38 Date d'inscription dimanche 9 décembre 2007 Statut Membre Dernière intervention 13 décembre 2007
12 déc. 2007 à 17:14
Bonjour,

Je me suis occupé de SDFix comme tu me la demandé, voici le rapport :


SDFix: Version 1.118

Run by Leroy on 12/12/2007 at 16:05

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\Leroy\Bureau\SDfix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\autorun.inf - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-12 16:18:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\lis

t]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\Leroy\Bureau\SDfix\backups\backups.zip

Files with Hidden Attributes:

Mon 18 Sep 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 13 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 29 Dec 2006 43,520 ...H. --- "C:\Documents and Settings\PH\Application Data\Microsoft\ModŠles\~WRL0590.tmp"
Wed 19 Jul 2006 30,208 ...H. --- "C:\Documents and Settings\PH\Application Data\Microsoft\ModŠles\~WRL3576.tmp"
Fri 22 Sep 2006 42,496 ...H. --- "C:\Documents and Settings\PH\Application Data\Microsoft\Word\~WRL0388.tmp"
Mon 11 Dec 2006 43,520 ...H. --- "C:\Documents and Settings\PH\Application Data\Microsoft\Word\~WRL1000.tmp"
Tue 12 Dec 2006 44,032 ...H. --- "C:\Documents and Settings\PH\Application Data\Microsoft\Word\~WRL1182.tmp"
Thu 15 Feb 2007 50,688 ...H. --- "C:\Documents and Settings\PH\Application Data\Microsoft\Word\~WRL1186.tmp"
Wed 20 Jun 2007 56,320 ...H. --- "C:\Documents and Settings\PH\Application Data\Microsoft\Word\~WRL2599.tmp"
Tue 12 Dec 2006 44,544 ...H. --- "C:\Documents and Settings\PH\Application Data\Microsoft\Word\~WRL2681.tmp"
Sun 14 Jan 2007 46,592 ...H. --- "C:\Documents and Settings\PH\Application Data\Microsoft\Word\~WRL2746.tmp"
Fri 22 Dec 2006 43,520 ...H. --- "C:\Documents and Settings\PH\Application Data\Microsoft\Word\~WRL2801.tmp"
Fri 15 Sep 2006 40,448 ...H. --- "C:\Documents and Settings\PH\Application Data\Microsoft\Word\~WRL3109.tmp"
Mon 18 Sep 2006 4,348 ...H. --- "C:\Documents and Settings\PH\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Mon 18 Sep 2006 20 A..H. --- "C:\Documents and Settings\PH\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Mon 18 Sep 2006 312 A.SH. --- "C:\Documents and Settings\PH\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Tue 17 Aug 2004 10,397 A..H. --- "C:\Documents and Settings\Korg\Application Data\Microsoft\Internet Explorer\brndlog.bak"

Mon 31 Jul 2006 25,088 A..H. --- "C:\Program Files\xerox\fichier a rendre\Marc\PhJ Docu,ments\~WRL0503.tmp"
Wed 16 Aug 2006 22,016 A..H. --- "C:\Program Files\xerox\fichier a rendre\PhJ Docu,ments\~WRL0768.tmp"
Wed 20 Jun 2007 24,064 A..H. --- "C:\Program Files\xerox\fichier a rendre\Marc\PhJ Docu,ments\~WRL1040.tmp"
Thu 20 Jul 2006 20,992 A..H. --- "C:\Program Files\xerox\fichier a rendre\Marc\PhJ Docu,ments\~WRL1078.tmp"
Fri 29 Sep 2006 20,480 A..H. --- "C:\Program Files\xerox\fichier a rendre\Marc\PhJ Docu,ments\~WRL1165.tmp"
Sun 30 Jul 2006 23,040 A..H. --- "C:\Program Files\xerox\fichier a rendre\Marc\PhJ Docu,ments\~WRL1332.tmp"
Thu 20 Jul 2006 20,992 A..H. --- "C:\Program Files\xerox\fichier a rendre\Marc\PhJ Docu,ments\~WRL1457.tmp"
Sat 2 Sep 2006 19,968 A..H. --- "C:\Program Files\xerox\fichier a rendre\Marc\PhJ Docu,ments\~WRL1654.tmp"
Mon 31 Jul 2006 24,064 A..H. --- "C:\Program Files\xerox\fichier a rendre\Marc\PhJ Docu,ments\~WRL1801.tmp"
Mon 31 Jul 2006 25,088 A..H. --- "C:\Program Files\xerox\fichier a rendre\Marc\PhJ Docu,ments\~WRL1807.tmp"
Tue 18 Jul 2006 22,016 A..H. --- "C:\Program Files\xerox\fichier a rendre\Marc\PhJ Docu,ments\~WRL2219.tmp"
Thu 14 Sep 2006 19,968 A..H. --- "C:\Program Files\xerox\fichier a rendre\Marc\PhJ Docu,ments\~WRL3578.tmp"
Fri 14 Sep 2007 58,400 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Documents administratifs\wcs.exe"
Thu 1 Nov 2007 26,112 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Misc docs\~WRL1223.tmp"
Fri 2 Nov 2007 40,960 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Misc docs\~WRL2787.tmp"
Fri 2 Nov 2007 48,640 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Misc docs\~WRL3384.tmp"
Sat 27 Jan 2007 30,720 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Natures Mortes\~WRL0202.tmp"
Sat 27 Jan 2007 29,696 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Natures Mortes\~WRL0279.tmp"
Sat 27 Jan 2007 27,136 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Natures Mortes\~WRL0434.tmp"
Sat 27 Jan 2007 27,648 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Natures Mortes\~WRL1320.tmp"
Sun 28 Jan 2007 35,328 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Natures Mortes\~WRL1624.tmp"
Sun 28 Jan 2007 39,936 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Natures Mortes\~WRL2228.tmp"
Sat 27 Jan 2007 20,992 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Natures Mortes\~WRL2819.tmp"
Sat 27 Jan 2007 32,256 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Natures Mortes\~WRL3060.tmp"
Sat 27 Jan 2007 30,208 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Natures Mortes\~WRL3065.tmp"
Sun 6 May 2007 40,448 A..H. --- "C:\Program Files\xerox\fichier a rendre\Anna\Writings\Natures Mortes\~WRL3594.tmp"
Wed 19 Jul 2006 8 A..H. --- "C:\Documents and Settings\All Users\Application

Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"

Finished!



Merci,

ps : J'espere que l'on va s'en sortir! En revanche le deuxieme pc me semble capricieux depuis l'histoire de la clé (erreur serieuse a l'ouverture d'un fichier word entre autre), je te transmettrai le rapport combo de celui la aussi, juste question de checker... :-(
0
Réponse 58 / 81
philae83 Messages postés 12837 Date d'inscription mercredi 3 janvier 2007 Statut Contributeur sécurité Dernière intervention 8 décembre 2009 206
12 déc. 2007 à 21:36
bonsoir,

désolée, j'ai été retenue plus longtemps que prévu


pour le 2 ème pc, on va voir ca aussi, évite pour ne pas dire n'utilise pas la clé d'un pc sur l'autre stp. SInon on n'en sortira pas.
pour éviter certaines infections justement, jète un oeil ici (vacciner sa clé)
rend toi sur ce lien
https://forum.zebulon.fr/topic/131959-infections-par-supports-amovibles/
c'est justement l'infection que tu avais. et que tu as peut être encore d'ailleurs sur le 2ème pc cause la clé usb
descend dans la page jusqu'à


Je suis infecté, que faire ?

ensuite tu iras jusqu'à
Conserver sa clé saine, la "vacciner"

et tu feras ce qui est expliqué pour garder ta clé saine.
Si tu as un soucis, reviens le dire mais c'est très bien expliqué, je pense que tout ira bien.

Ensuite

pour résumer la situation, elle ne me parait pas trop mal maintenant. Pourrais tu stp faire un scan en ligne
ici
* Fait un scan antivirus en ligne Panda et copie colle le résultat ici
https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
(avec Internet Explorer et désactive ton Antivirus pendant le scan)

* tuto en image
http://pageperso.aol.fr/loraline60/panda_scan.htm

oui si problème ici
* Fait un scan antivirus en ligne avec Internet Explorer
https://www.bitdefender.fr/
et copie colle le résultat ici
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.

tuto en image

http://pageperso.aol.fr/rginformatique/mapage/defender.htm

@ +
0
Réponse 59 / 81
Marxes
12 déc. 2007 à 22:15
bonsoir,

je suis en train de faire le scan panda sur le pc.
En ce moment je suis sur le pc numero 2 je te donne le rapport HiJack de celui la :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:07, on 13/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Lexmark 3400 Series\ezprint.exe
C:\WINDOWS\System32\lxcycoms.exe
C:\WINDOWS\System32\WDBtnMgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\LVComsX.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: XBTP06568 - {311F9DE8-6126-4EEE-B15F-65CBB3B4F9F6} - C:\Program Files\AOL Security Toolbar\tbu3E\AOL_security_toolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: AOL Security Toolbar - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - C:\Program Files\AOL Security Toolbar\tbu3E\AOL_security_toolbar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [lxcymon.exe] "C:\Program Files\Lexmark 3400 Series\lxcymon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3400 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [LXCYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-343818398-1383384898-1957994488-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe (User 'Louise')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcy_device - - C:\WINDOWS\System32\lxcycoms.exe
0
Réponse 60 / 81
Marxes
12 déc. 2007 à 22:20
Le scan panda a déja trouvé 16 spyware sur le Pc1 (le pc a l'origine de ce forum)...
0

Discussions similaires

XINPUT1_3.dll manquant (missing)
Maxirugue -
dan -

39 réponses
cheval de troie trojan
idnoder -
idnoder -

42 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
message au demarrage de windows
laborantine -
MacHenri -

29 réponses
Windows bloqué --> x:\windows\system32>
MO34 -
MisteryBean -

9 réponses