Flood de connexions sur port 25 et 80
FrenchKira
-
FrenchKira -
FrenchKira -
Bonjour,
Depuis quelques jours, j'ai enormement de ralentissement au niveau de ma connexion internet. De plus, l'administrateur réseau de ma boite m'a indiqué que enormement de messages provenant de mon poste arrivent à l'arkoon...Je pensais à un virus mais après passage de avast,kaspersky,ad-aware et j'en passe, rien de détecté.
Si je lance TCPView(alors qu'aucune connexion internet n'est ouverte) j'obtiens ceci:
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2464 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2672 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2752 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2704 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2640 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2656 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2559 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2558 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2542 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2590 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2414 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2462 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2494 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2670 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2526 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2750 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2734 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2606 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2430 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2397 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2524 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2668 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2700 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2716 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2780 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2636 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2556 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2444 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2684 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2732 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2652 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2476 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2428 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2604 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2395 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2506 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2602 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2714 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2698 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2762 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2666 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2554 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2634 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2586 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2682 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2778 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2442 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2504 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2488 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2744 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2648 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2632 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2600 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2456 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2424 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2760 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2408 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2712 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2472 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2616 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2440 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2454 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2422 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2694 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2566 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2758 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2646 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2518 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2614 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2662 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2742 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2630 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2598 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2550 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2678 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2405 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2756 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2564 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2772 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2500 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2724 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2612 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2580 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2740 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2644 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2468 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2596 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2452 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2675 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2450 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2434 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2530 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2722 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2482 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2466 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2562 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2754 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2642 TIME_WAIT
.... et j'en passe
Impossible de voir de quel processus cela provient, de plus il m'arrive fréquemment d'avoir au lancement de ma machine un tres beau message "Le lanceur de processus DCOM s'est arrété de facon inattendue" suivi d'un compte à rebours (le truc classique)
Log Hi-Jack This:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:31, on 2008-07-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CoSine Communications\IPSec Dial Client\IPSecMon.exe
C:\Program Files\CoSine Communications\IPSec Dial Client\IreIKE.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Equant\Dialer\EACSvrMngr.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\CoSine Communications\IPSec Dial Client\SafeCfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\CF21756.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Lavasoft\Ad-Aware\tpactivate.exe
C:\WINDOWS\explorer.exe
C:\_CDs\Install\HiJackThis.exe
C:\Program Files\TcpView\Tcpview.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: SoftRemote.lnk = C:\Program Files\CoSine Communications\IPSec Dial Client\SafeCfg.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = arcan-alsace.local
O17 - HKLM\Software\..\Telephony: DomainName = arcan-alsace.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = arcan-alsace.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = arcan-alsace.local
O20 - Winlogon Notify: fxsclntr32 - C:\WINDOWS\SYSTEM32\fxsclntr32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: (Equant Access Companion) Services Manager (EACSvrMngr) - Equant - C:\Program Files\Equant\Dialer\EACSvrMngr.exe
O23 - Service: (Equant Access Companion) Devices and Services Monitoring (EACSys) - Equant - C:\Program Files\Equant\Dialer\EACSys.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\CoSine Communications\IPSec Dial Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\CoSine Communications\IPSec Dial Client\IreIKE.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
Depuis quelques jours, j'ai enormement de ralentissement au niveau de ma connexion internet. De plus, l'administrateur réseau de ma boite m'a indiqué que enormement de messages provenant de mon poste arrivent à l'arkoon...Je pensais à un virus mais après passage de avast,kaspersky,ad-aware et j'en passe, rien de détecté.
Si je lance TCPView(alors qu'aucune connexion internet n'est ouverte) j'obtiens ceci:
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2464 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2672 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2752 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2704 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2640 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2656 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2559 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2558 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2542 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2590 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2414 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2462 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2494 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2670 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2526 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2750 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2734 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2606 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2430 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2397 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2524 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2668 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2700 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2716 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2780 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2636 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2556 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2444 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2684 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2732 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2652 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2476 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2428 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2604 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2395 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2506 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2602 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2714 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2698 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2762 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2666 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2554 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2634 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2586 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2682 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2778 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2442 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2504 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2488 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2744 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2648 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2632 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2600 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2456 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2424 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2760 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2408 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2712 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2472 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2616 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2440 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2454 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2422 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2694 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2566 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2758 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2646 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2518 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2614 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2662 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2742 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2630 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2598 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2550 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2678 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2405 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2756 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2564 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2772 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2500 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2724 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2612 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2580 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2740 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2644 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2468 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2596 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2452 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2675 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2450 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2434 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2530 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2722 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2482 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2466 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2562 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2754 TIME_WAIT
[System Process]:0 TCP PO-DAMIEN:12025 localhost:2642 TIME_WAIT
.... et j'en passe
Impossible de voir de quel processus cela provient, de plus il m'arrive fréquemment d'avoir au lancement de ma machine un tres beau message "Le lanceur de processus DCOM s'est arrété de facon inattendue" suivi d'un compte à rebours (le truc classique)
Log Hi-Jack This:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:31, on 2008-07-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\CoSine Communications\IPSec Dial Client\IPSecMon.exe
C:\Program Files\CoSine Communications\IPSec Dial Client\IreIKE.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Equant\Dialer\EACSvrMngr.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\CoSine Communications\IPSec Dial Client\SafeCfg.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\CF21756.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Lavasoft\Ad-Aware\tpactivate.exe
C:\WINDOWS\explorer.exe
C:\_CDs\Install\HiJackThis.exe
C:\Program Files\TcpView\Tcpview.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')
O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')
O4 - Startup: CCC.lnk = ?
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: SoftRemote.lnk = C:\Program Files\CoSine Communications\IPSec Dial Client\SafeCfg.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = arcan-alsace.local
O17 - HKLM\Software\..\Telephony: DomainName = arcan-alsace.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = arcan-alsace.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = arcan-alsace.local
O20 - Winlogon Notify: fxsclntr32 - C:\WINDOWS\SYSTEM32\fxsclntr32.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: (Equant Access Companion) Services Manager (EACSvrMngr) - Equant - C:\Program Files\Equant\Dialer\EACSvrMngr.exe
O23 - Service: (Equant Access Companion) Devices and Services Monitoring (EACSys) - Equant - C:\Program Files\Equant\Dialer\EACSys.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\CoSine Communications\IPSec Dial Client\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\CoSine Communications\IPSec Dial Client\IreIKE.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
A voir également:
- Flood de connexions sur port 25 et 80
- Facebook connexions - Guide
- Icmp port - Forum Réseau
- Advanced port scanner - Télécharger - Utilitaires
- Port usb bloqué par administrateur ✓ - Forum Windows
- Port wsd ✓ - Forum Réseau
2 réponses
Bonjour,
> Télécharge ComboFix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe (par sUBs) sur ton Bureau.
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement.
- Double clique combofix.exe
- Tape sur la touche 1 (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Attention : n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer la machine.
A+
> Télécharge ComboFix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe (par sUBs) sur ton Bureau.
Déconnecte toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement.
- Double clique combofix.exe
- Tape sur la touche 1 (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Attention : n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer la machine.
A+
Voilà voila:
ComboFix 08-07-30.02 - ddi 2008-07-31 15:10:08.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1260 [GMT 2:00]
Endroit: C:\Documents and Settings\ddi.ARCAN-ALSACE\Bureau\Outils\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-28 to 2008-07-31 ))))))))))))))))))))))))))))))))))))
.
2008-07-31 15:07 . 2008-07-31 15:07 16,384 --a----t- C:\Temp\Perflib_Perfdata_504.dat
2008-07-31 15:07 . 2008-07-31 15:07 16,384 --a----t- C:\Temp\Perflib_Perfdata_1b0.dat
2008-07-31 15:05 . 2008-07-31 15:05 <REP> d-------- C:\Documents and Settings\ddi.ARCAN-ALSACE\Application Data\TrojanHunter
2008-07-31 15:01 . 2008-07-31 15:01 <REP> d-------- C:\Program Files\TrojanHunter 5.0
2008-07-31 14:10 . 2008-07-31 14:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-31 11:53 . 2008-07-31 11:53 <REP> d-------- C:\Program Files\Sunbelt Software
2008-07-31 11:53 . 2008-06-21 04:54 269,736 -ra------ C:\WINDOWS\system32\drivers\SbFw.sys
2008-07-31 11:53 . 2008-06-21 04:54 65,576 --a------ C:\WINDOWS\system32\drivers\SbFwIm.sys
2008-07-30 17:32 . 2008-07-30 17:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-30 17:32 . 2008-07-30 17:32 <REP> d-------- C:\Documents and Settings\ddi.ARCAN-ALSACE\Application Data\Malwarebytes
2008-07-30 17:32 . 2008-07-30 17:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-30 17:32 . 2008-07-23 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-30 17:32 . 2008-07-23 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-30 17:23 . 2008-07-30 17:35 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-07-30 17:15 . 2008-07-30 17:15 <REP> d-------- C:\Program Files\Panda Security
2008-07-30 17:15 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-30 16:37 . 2008-07-30 16:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-07-30 16:37 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-07-30 16:37 . 2008-07-30 16:39 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-07-30 16:36 . 2008-07-30 17:47 <REP> d-------- C:\WINDOWS\Internet Logs
2008-07-30 09:55 . 2008-07-30 09:56 <REP> d-------- C:\Program Files\TcpView
2008-07-30 08:54 . 2008-07-30 09:14 <REP> d-------- C:\Program Files\RegCleaner
2008-07-30 08:38 . 2008-07-30 08:38 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-30 08:38 . 2008-07-30 08:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-28 16:15 . 2008-07-28 16:10 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-28 16:10 . 2008-07-30 08:31 <REP> d-------- C:\Documents and Settings\ddi.ARCAN-ALSACE\.housecall6.6
2008-07-25 14:14 . 2008-07-25 14:14 <REP> d-------- C:\WINDOWS\Sun
2008-07-25 10:48 . 2008-07-30 14:26 <REP> d-------- C:\DEV3
2008-07-24 16:54 . 2008-07-31 15:08 <REP> d-------- C:\Temp\_avast4_
2008-07-24 11:53 . 2008-07-24 11:54 <REP> d-------- C:\Program Files\Lavasoft
2008-07-24 11:16 . 2008-07-24 12:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-24 11:12 . 2008-07-24 11:12 <REP> d-------- C:\Program Files\Alwil Software
2008-07-23 10:12 . 2008-07-23 10:12 253,091 --a------ C:\(SY 123) Comparatifs Commande Année - Année Précédente.rdl
2008-07-23 10:00 . 2008-07-23 10:00 <REP> d-------- C:\Program Files\Fichiers communs\Deterministic Networks
2008-07-23 10:00 . 2008-07-23 10:00 <REP> d-------- C:\Program Files\CoSine Communications
2008-07-23 09:59 . 2008-07-23 09:59 <REP> d-------- C:\Program Files\Equant
2008-07-22 16:04 . 2008-07-30 09:33 <REP> d-------- C:\Temp\unc
2008-07-02 17:53 . 2008-07-02 17:53 <REP> d-------- C:\Program Files\Whisper Technology
2008-07-02 16:23 . 2008-07-02 16:23 <REP> d-------- C:\Documents and Settings\ddi.ARCAN-ALSACE\Application Data\FileZilla
2008-07-02 16:21 . 2008-07-02 16:21 <REP> d-------- C:\Program Files\Microsoft Device Emulator
2008-07-01 17:34 . 2008-07-02 10:43 25,413 --a------ C:\Commande - Liste des ventes.xml
2008-06-28 15:46 . 2008-06-30 20:43 <REP> d-------- C:\SNES
2008-06-27 10:34 . 2008-06-27 10:40 30,855,686 --a------ C:\TEST.xml
2008-06-27 09:42 . 2008-06-27 09:38 339,318,787 --a------ C:\Adler_SQL_50_270609.zip
2008-06-27 09:41 . 2008-06-27 09:34 356,675,195 --a------ C:\Adler_SQL_50_270608.zip
2008-06-23 17:47 . 2008-07-01 11:11 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-06-23 14:00 . 2007-12-03 10:26 90,112 --a------ C:\WINDOWS\system32\PcbActx.dll
2008-06-23 09:36 . 2008-06-23 09:37 20 --a------ C:\WINDOWS\MakePcb.dat
2008-06-21 04:54 . 2008-06-21 04:54 66,600 -ra------ C:\WINDOWS\system32\drivers\sbhips.sys
2008-06-20 15:28 . 2008-06-20 15:28 37,888 --a------ C:\Liste references pub..xls
2008-06-20 14:49 . 2008-06-20 14:54 <REP> d-------- C:\Program Files\eChanblard
2008-06-19 21:40 . 2008-06-23 10:21 90,195 --a------ C:\Liste references pub..htm
2008-06-19 12:37 . 2008-06-19 12:37 <REP> d-------- C:\Documents and Settings\ddi.ARCAN-ALSACE\pnlinks
2008-06-18 10:13 . 2008-06-18 10:13 <REP> d-------- C:\Program Files\Winamp
2008-06-18 10:13 . 2008-06-18 11:14 <REP> d-------- C:\Documents and Settings\ddi.ARCAN-ALSACE\Application Data\Winamp
2008-06-17 11:06 . 2008-06-17 10:46 5,058 --a------ C:\A08-0186.EXP
2008-06-17 11:06 . 2008-06-11 11:09 4,048 --a------ C:\A6110653.EXP
2008-06-10 16:52 . 2008-06-10 16:52 <REP> d-------- C:\Program Files\Microsoft France
2008-06-10 15:10 . 2008-06-10 15:08 36,864 --a------ C:\WINDOWS\system32\PLSERVERLib.dll
2008-06-10 12:35 . 2008-06-10 12:40 36,864 --a------ C:\WINDOWS\system32\AxPLSERVERLib.dll
2008-06-10 11:23 . 2008-06-10 11:23 163,840 --a------ C:\WINDOWS\system32\PLServer.ocx
2008-06-05 16:49 . 2008-06-05 16:44 6,336 --a------ C:\COMMENTAUTOLIGNE.csv
2008-06-03 10:00 . 2008-06-03 10:00 <REP> d-------- C:\ARCAN Clients
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 13:08 12,532 ----a-w C:\tracedbg.dat
2008-07-31 13:00 --------- d-----w C:\Documents and Settings\ddi.ARCAN-ALSACE\Application Data\Free Download Manager
2008-07-30 09:29 --------- d-----w C:\Documents and Settings\ddi.ARCAN-ALSACE\Application Data\ICAClient
2008-07-30 07:58 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-07-28 18:17 --------- d-----w C:\Documents and Settings\ddi.ARCAN-ALSACE\Application Data\vlc
2008-07-23 07:59 16,000 ----a-w C:\WINDOWS\system32\drivers\eqdrv5.sys
2008-07-23 06:24 --------- d-----w C:\Program Files\Java
2008-07-20 19:42 --------- d-----w C:\Documents and Settings\ddi.ARCAN-ALSACE\Application Data\TeraCopy
2008-07-02 14:25 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-06-23 07:37 --------- d-----w C:\Program Files\Pcb
2008-06-17 13:48 --------- d-----w C:\Program Files\Free Download Manager
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-11-09 14:10 30,288 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2007-11-09 14:10 79,440 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2007-11-09 14:10 75,344 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
2007-11-09 14:10 140,880 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2007-11-09 14:10 42,576 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
2007-11-09 14:10 50,768 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
2007-11-09 14:10 34,384 ----a-w C:\Program Files\mozilla firefox\plugins\logging.dll
2008-02-28 12:30 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-11-09 14:11 685,648 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2007-11-09 14:11 30,288 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
2008-02-28 12:33 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2008-04-23 09:28 56 --sha-w C:\WINDOWS\SMINST\hpboot.sys
.
((((((((((((((((((((((((((((( snapshot@2008-07-31_14.13.41.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-31 11:53:37 214,997 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-07-31 13:09:01 214,996 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-07-31 13:01:42 59,392 ------r C:\WINDOWS\system32\streamhlp.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"LightScribe Control Panel"="C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-04-19 13:26 484904]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51 202024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 10:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 15:52 145184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:27 1015808]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 10:52 57344]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 18:36 872448]
"ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2008-07-09 18:54 1056928]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 10:00 15360]
C:\WINDOWS\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 10:57:36 49152]
C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 10:57:36 49152]
C:\Documents and Settings\Administrateur.ARCAN-ALSACE\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 10:57:36 49152]
C:\Documents and Settings\ddi\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 10:57:36 49152]
C:\WINDOWS\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 10:57:36 49152]
C:\Documents and Settings\ddi.ARCAN-ALSACE\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 10:57:36 49152]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 15:14:00 561213]
SoftRemote.lnk - C:\Program Files\CoSine Communications\IPSec Dial Client\SafeCfg.exe [2008-07-23 10:00:02 73780]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fxsclntr32]
2004-05-02 19:23 10752 C:\WINDOWS\system32\fxsclntr32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Agent Program Neighborhood.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Agent Program Neighborhood.lnk
backup=C:\WINDOWS\pss\Agent Program Neighborhood.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DVD Check.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DVD Check.lnk
backup=C:\WINDOWS\pss\DVD Check.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 19:54 623992 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2008-07-31 14:39 2468200 C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 16:40 1884160 C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-08-04 10:29 1056552 C:\Program Files\Nero\Nero8\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-08-08 09:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
--a------ 2007-05-08 08:38 331552 C:\Program Files\PDF Complete\pdfsty.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-03-15 01:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-12-20 16:51 1187840 C:\WINDOWS\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2006-03-09 17:38 806912 C:\WINDOWS\CREATOR\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
--a------ 2006-10-09 11:23 697976 C:\WINDOWS\SMINST\Scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-08-04 10:30 2043688 C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
--a------ 2007-05-23 11:00 192512 C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinVNC4"=2 (0x2)
"WudfSvc"=3 (0x3)
"Sophos AutoUpdate Service"=2 (0x2)
"SAVAdminService"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"IviRegMgr"=2 (0x2)
"InCDsrv"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Adobe Version Cue CS3"=3 (0x3)
"aawservice"=2 (0x2)
"NMIndexingService"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Navision\\Install\\V5.00\\AtDebug.exe"=
"C:\\Program Files\\Equant\\Dialer\\dialer.exe"=
"C:\\Navision\\Install\\v401\\AtDebug.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Pcb\\EasyManager.exe"=
"C:\\Program Files\\CoSine Communications\\IPSec Dial Client\\IreIKE.exe"=
"C:\Program Files\CoSine Communications\IPSec Dial Client\ViewLog.exe"= C:\Program Files\CoSine Communications\IPSec Dial Client\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
"C:\Program Files\CoSine Communications\IPSec Dial Client\CmonApp.exe"= C:\Program Files\CoSine Communications\IPSec Dial Client\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
"C:\Program Files\CoSine Communications\IPSec Dial Client\vpn.exe"= C:\Program Files\CoSine Communications\IPSec Dial Client\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"2724:TCP"= 2724:TCP:messenger
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 IPSECDRV;SafeNet IPSec Plugin;C:\WINDOWS\system32\Drivers\IPSECDRV.sys [2006-05-01 18:06]
R1 SbFw;SbFw;C:\WINDOWS\system32\drivers\SbFw.sys [2008-06-21 04:54]
R1 sbhips;Sunbelt HIPS Driver;C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 04:54]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 Crypto;Crypto;C:\WINDOWS\system32\Drivers\Crypto.sys [2005-08-15 09:27]
R2 MsDtsServer;SQL Server Integration Services;C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2007-02-10 05:23]
R2 msftesql$SRVNAVISION;SQL Server FullText Search (SRVNAVISION);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2006-08-28 02:53]
R2 MSSQL$SRVNAVISION;SQL Server (SRVNAVISION);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 05:29]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 08:38]
R2 PO-DAMIEN;Microsoft Dynamics NAV Database Server PO-DAMIEN;C:\Navision\Install\V5.00 SERVER\SERVER.exe [2007-03-06 17:11]
R2 SbPF.Launcher;SbPF.Launcher;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-01 10:51]
R3 DniVap;SafeNet WAN Miniport (VA);C:\WINDOWS\system32\DRIVERS\vap.sys [2001-12-14 16:26]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-09-19 18:58]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 04:54]
R3 swivsp;AC8xx Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\swivspnt.sys [2006-10-12 09:49]
S2 PO-DAMIEN-CLASSIC;Microsoft Dynamics NAV Application Server PO-DAMIEN-CLASSIC;C:\Navision\Install\V5.00 APP\nas.exe [2007-03-06 17:11]
S2 PO-DAMIEN-SQL;Microsoft Dynamics NAV Application Server PO-DAMIEN-SQL;C:\Navision\Install\V5.00 APP\nassql.exe [2007-03-06 17:11]
S2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-01 10:51]
S3 GtVUsb;GlobeTrotter 3G+ Viper Filter Service;C:\WINDOWS\system32\DRIVERS\GtVUsb.sys [2006-11-21 19:15]
S3 MSOLAP$SRVNAVISION;SQL Server Analysis Services (SRVNAVISION);C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [2007-02-10 05:23]
S3 ReportServer$SRVNAVISION;SQL Server Reporting Services (SRVNAVISION);C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2007-02-10 05:23]
S3 SQLAgent$SRVNAVISION;SQL Server Agent (SRVNAVISION);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [2007-02-10 05:29]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S4 msvsmon80;Débogueur distant Visual Studio 2005;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-12-09 10:36]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {09258F12-48E7-B18E-C414-1F48C215685F} /qb
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\ddi.ARCAN-ALSACE\Application Data\Mozilla\Firefox\Profiles\pgkkhghv.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ig
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30226.2\npctrl.1.0.30109.0.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30226.2\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 15:15:39
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql$SRVNAVISION]
"ImagePath"="\"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:SRVNAVISION"
ComboFix 08-07-30.02 - ddi 2008-07-31 15:10:08.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1260 [GMT 2:00]
Endroit: C:\Documents and Settings\ddi.ARCAN-ALSACE\Bureau\Outils\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-28 to 2008-07-31 ))))))))))))))))))))))))))))))))))))
.
2008-07-31 15:07 . 2008-07-31 15:07 16,384 --a----t- C:\Temp\Perflib_Perfdata_504.dat
2008-07-31 15:07 . 2008-07-31 15:07 16,384 --a----t- C:\Temp\Perflib_Perfdata_1b0.dat
2008-07-31 15:05 . 2008-07-31 15:05 <REP> d-------- C:\Documents and Settings\ddi.ARCAN-ALSACE\Application Data\TrojanHunter
2008-07-31 15:01 . 2008-07-31 15:01 <REP> d-------- C:\Program Files\TrojanHunter 5.0
2008-07-31 14:10 . 2008-07-31 14:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-31 11:53 . 2008-07-31 11:53 <REP> d-------- C:\Program Files\Sunbelt Software
2008-07-31 11:53 . 2008-06-21 04:54 269,736 -ra------ C:\WINDOWS\system32\drivers\SbFw.sys
2008-07-31 11:53 . 2008-06-21 04:54 65,576 --a------ C:\WINDOWS\system32\drivers\SbFwIm.sys
2008-07-30 17:32 . 2008-07-30 17:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-30 17:32 . 2008-07-30 17:32 <REP> d-------- C:\Documents and Settings\ddi.ARCAN-ALSACE\Application Data\Malwarebytes
2008-07-30 17:32 . 2008-07-30 17:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-30 17:32 . 2008-07-23 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-30 17:32 . 2008-07-23 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-30 17:23 . 2008-07-30 17:35 <REP> d-------- C:\Program Files\a-squared Anti-Malware
2008-07-30 17:15 . 2008-07-30 17:15 <REP> d-------- C:\Program Files\Panda Security
2008-07-30 17:15 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-30 16:37 . 2008-07-30 16:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-07-30 16:37 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-07-30 16:37 . 2008-07-30 16:39 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-07-30 16:36 . 2008-07-30 17:47 <REP> d-------- C:\WINDOWS\Internet Logs
2008-07-30 09:55 . 2008-07-30 09:56 <REP> d-------- C:\Program Files\TcpView
2008-07-30 08:54 . 2008-07-30 09:14 <REP> d-------- C:\Program Files\RegCleaner
2008-07-30 08:38 . 2008-07-30 08:38 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-30 08:38 . 2008-07-30 08:57 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-28 16:15 . 2008-07-28 16:10 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-28 16:10 . 2008-07-30 08:31 <REP> d-------- C:\Documents and Settings\ddi.ARCAN-ALSACE\.housecall6.6
2008-07-25 14:14 . 2008-07-25 14:14 <REP> d-------- C:\WINDOWS\Sun
2008-07-25 10:48 . 2008-07-30 14:26 <REP> d-------- C:\DEV3
2008-07-24 16:54 . 2008-07-31 15:08 <REP> d-------- C:\Temp\_avast4_
2008-07-24 11:53 . 2008-07-24 11:54 <REP> d-------- C:\Program Files\Lavasoft
2008-07-24 11:16 . 2008-07-24 12:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-24 11:12 . 2008-07-24 11:12 <REP> d-------- C:\Program Files\Alwil Software
2008-07-23 10:12 . 2008-07-23 10:12 253,091 --a------ C:\(SY 123) Comparatifs Commande Année - Année Précédente.rdl
2008-07-23 10:00 . 2008-07-23 10:00 <REP> d-------- C:\Program Files\Fichiers communs\Deterministic Networks
2008-07-23 10:00 . 2008-07-23 10:00 <REP> d-------- C:\Program Files\CoSine Communications
2008-07-23 09:59 . 2008-07-23 09:59 <REP> d-------- C:\Program Files\Equant
2008-07-22 16:04 . 2008-07-30 09:33 <REP> d-------- C:\Temp\unc
2008-07-02 17:53 . 2008-07-02 17:53 <REP> d-------- C:\Program Files\Whisper Technology
2008-07-02 16:23 . 2008-07-02 16:23 <REP> d-------- C:\Documents and Settings\ddi.ARCAN-ALSACE\Application Data\FileZilla
2008-07-02 16:21 . 2008-07-02 16:21 <REP> d-------- C:\Program Files\Microsoft Device Emulator
2008-07-01 17:34 . 2008-07-02 10:43 25,413 --a------ C:\Commande - Liste des ventes.xml
2008-06-28 15:46 . 2008-06-30 20:43 <REP> d-------- C:\SNES
2008-06-27 10:34 . 2008-06-27 10:40 30,855,686 --a------ C:\TEST.xml
2008-06-27 09:42 . 2008-06-27 09:38 339,318,787 --a------ C:\Adler_SQL_50_270609.zip
2008-06-27 09:41 . 2008-06-27 09:34 356,675,195 --a------ C:\Adler_SQL_50_270608.zip
2008-06-23 17:47 . 2008-07-01 11:11 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-06-23 14:00 . 2007-12-03 10:26 90,112 --a------ C:\WINDOWS\system32\PcbActx.dll
2008-06-23 09:36 . 2008-06-23 09:37 20 --a------ C:\WINDOWS\MakePcb.dat
2008-06-21 04:54 . 2008-06-21 04:54 66,600 -ra------ C:\WINDOWS\system32\drivers\sbhips.sys
2008-06-20 15:28 . 2008-06-20 15:28 37,888 --a------ C:\Liste references pub..xls
2008-06-20 14:49 . 2008-06-20 14:54 <REP> d-------- C:\Program Files\eChanblard
2008-06-19 21:40 . 2008-06-23 10:21 90,195 --a------ C:\Liste references pub..htm
2008-06-19 12:37 . 2008-06-19 12:37 <REP> d-------- C:\Documents and Settings\ddi.ARCAN-ALSACE\pnlinks
2008-06-18 10:13 . 2008-06-18 10:13 <REP> d-------- C:\Program Files\Winamp
2008-06-18 10:13 . 2008-06-18 11:14 <REP> d-------- C:\Documents and Settings\ddi.ARCAN-ALSACE\Application Data\Winamp
2008-06-17 11:06 . 2008-06-17 10:46 5,058 --a------ C:\A08-0186.EXP
2008-06-17 11:06 . 2008-06-11 11:09 4,048 --a------ C:\A6110653.EXP
2008-06-10 16:52 . 2008-06-10 16:52 <REP> d-------- C:\Program Files\Microsoft France
2008-06-10 15:10 . 2008-06-10 15:08 36,864 --a------ C:\WINDOWS\system32\PLSERVERLib.dll
2008-06-10 12:35 . 2008-06-10 12:40 36,864 --a------ C:\WINDOWS\system32\AxPLSERVERLib.dll
2008-06-10 11:23 . 2008-06-10 11:23 163,840 --a------ C:\WINDOWS\system32\PLServer.ocx
2008-06-05 16:49 . 2008-06-05 16:44 6,336 --a------ C:\COMMENTAUTOLIGNE.csv
2008-06-03 10:00 . 2008-06-03 10:00 <REP> d-------- C:\ARCAN Clients
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 13:08 12,532 ----a-w C:\tracedbg.dat
2008-07-31 13:00 --------- d-----w C:\Documents and Settings\ddi.ARCAN-ALSACE\Application Data\Free Download Manager
2008-07-30 09:29 --------- d-----w C:\Documents and Settings\ddi.ARCAN-ALSACE\Application Data\ICAClient
2008-07-30 07:58 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-07-28 18:17 --------- d-----w C:\Documents and Settings\ddi.ARCAN-ALSACE\Application Data\vlc
2008-07-23 07:59 16,000 ----a-w C:\WINDOWS\system32\drivers\eqdrv5.sys
2008-07-23 06:24 --------- d-----w C:\Program Files\Java
2008-07-20 19:42 --------- d-----w C:\Documents and Settings\ddi.ARCAN-ALSACE\Application Data\TeraCopy
2008-07-02 14:25 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-06-23 07:37 --------- d-----w C:\Program Files\Pcb
2008-06-17 13:48 --------- d-----w C:\Program Files\Free Download Manager
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-11-09 14:10 30,288 ----a-w C:\Program Files\mozilla firefox\plugins\cgpcfg.dll
2007-11-09 14:10 79,440 ----a-w C:\Program Files\mozilla firefox\plugins\CgpCore.dll
2007-11-09 14:10 75,344 ----a-w C:\Program Files\mozilla firefox\plugins\confmgr.dll
2007-11-09 14:10 140,880 ----a-w C:\Program Files\mozilla firefox\plugins\ctxmui.dll
2007-11-09 14:10 42,576 ----a-w C:\Program Files\mozilla firefox\plugins\icafile.dll
2007-11-09 14:10 50,768 ----a-w C:\Program Files\mozilla firefox\plugins\icalogon.dll
2007-11-09 14:10 34,384 ----a-w C:\Program Files\mozilla firefox\plugins\logging.dll
2008-02-28 12:30 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-11-09 14:11 685,648 ----a-w C:\Program Files\mozilla firefox\plugins\sslsdk_b.dll
2007-11-09 14:11 30,288 ----a-w C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
2008-02-28 12:33 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
2008-04-23 09:28 56 --sha-w C:\WINDOWS\SMINST\hpboot.sys
.
((((((((((((((((((((((((((((( snapshot@2008-07-31_14.13.41.43 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-31 11:53:37 214,997 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-07-31 13:09:01 214,996 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-07-31 13:01:42 59,392 ------r C:\WINDOWS\system32\streamhlp.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"LightScribe Control Panel"="C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-04-19 13:26 484904]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 12:51 202024]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 10:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 15:52 145184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:27 1015808]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"HP Software Update"="c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 10:52 57344]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 18:36 872448]
"ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2008-07-09 18:54 1056928]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 10:00 15360]
C:\WINDOWS\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 10:57:36 49152]
C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 10:57:36 49152]
C:\Documents and Settings\Administrateur.ARCAN-ALSACE\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 10:57:36 49152]
C:\Documents and Settings\ddi\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 10:57:36 49152]
C:\WINDOWS\system32\config\systemprofile\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 10:57:36 49152]
C:\Documents and Settings\ddi.ARCAN-ALSACE\Menu D‚marrer\Programmes\D‚marrage\
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-09-29 10:57:36 49152]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 15:14:00 561213]
SoftRemote.lnk - C:\Program Files\CoSine Communications\IPSec Dial Client\SafeCfg.exe [2008-07-23 10:00:02 73780]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fxsclntr32]
2004-05-02 19:23 10752 C:\WINDOWS\system32\fxsclntr32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Agent Program Neighborhood.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Agent Program Neighborhood.lnk
backup=C:\WINDOWS\pss\Agent Program Neighborhood.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DVD Check.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DVD Check.lnk
backup=C:\WINDOWS\pss\DVD Check.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Acrobat.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Acrobat.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Acrobat.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 19:54 623992 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2008-07-31 14:39 2468200 C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 16:40 1884160 C:\PROGRA~1\FICHIE~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-08-04 10:29 1056552 C:\Program Files\Nero\Nero8\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-08-08 09:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
--a------ 2007-05-08 08:38 331552 C:\Program Files\PDF Complete\pdfsty.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-03-15 01:50 233472 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2005-12-20 16:51 1187840 C:\WINDOWS\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2006-03-09 17:38 806912 C:\WINDOWS\CREATOR\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
--a------ 2006-10-09 11:23 697976 C:\WINDOWS\SMINST\Scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-08-04 10:30 2043688 C:\Program Files\Nero\Nero8\InCD\NBHGui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
--a------ 2007-05-23 11:00 192512 C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WinVNC4"=2 (0x2)
"WudfSvc"=3 (0x3)
"Sophos AutoUpdate Service"=2 (0x2)
"SAVAdminService"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"IviRegMgr"=2 (0x2)
"InCDsrv"=2 (0x2)
"FontCache3.0.0.0"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Adobe Version Cue CS3"=3 (0x3)
"aawservice"=2 (0x2)
"NMIndexingService"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Fichiers communs\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Navision\\Install\\V5.00\\AtDebug.exe"=
"C:\\Program Files\\Equant\\Dialer\\dialer.exe"=
"C:\\Navision\\Install\\v401\\AtDebug.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Pcb\\EasyManager.exe"=
"C:\\Program Files\\CoSine Communications\\IPSec Dial Client\\IreIKE.exe"=
"C:\Program Files\CoSine Communications\IPSec Dial Client\ViewLog.exe"= C:\Program Files\CoSine Communications\IPSec Dial Client\ViewLog.exe:127.0.0.1/255.255.255.255:Enabled:ViewLog
"C:\Program Files\CoSine Communications\IPSec Dial Client\CmonApp.exe"= C:\Program Files\CoSine Communications\IPSec Dial Client\CmonApp.exe:127.0.0.1/255.255.255.255:Enabled:CMonApp
"C:\Program Files\CoSine Communications\IPSec Dial Client\vpn.exe"= C:\Program Files\CoSine Communications\IPSec Dial Client\vpn.exe:127.0.0.1/255.255.255.255:Enabled:VPN Connection Manager
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"2724:TCP"= 2724:TCP:messenger
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 IPSECDRV;SafeNet IPSec Plugin;C:\WINDOWS\system32\Drivers\IPSECDRV.sys [2006-05-01 18:06]
R1 SbFw;SbFw;C:\WINDOWS\system32\drivers\SbFw.sys [2008-06-21 04:54]
R1 sbhips;Sunbelt HIPS Driver;C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 04:54]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 Crypto;Crypto;C:\WINDOWS\system32\Drivers\Crypto.sys [2005-08-15 09:27]
R2 MsDtsServer;SQL Server Integration Services;C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [2007-02-10 05:23]
R2 msftesql$SRVNAVISION;SQL Server FullText Search (SRVNAVISION);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe [2006-08-28 02:53]
R2 MSSQL$SRVNAVISION;SQL Server (SRVNAVISION);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 05:29]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 08:38]
R2 PO-DAMIEN;Microsoft Dynamics NAV Database Server PO-DAMIEN;C:\Navision\Install\V5.00 SERVER\SERVER.exe [2007-03-06 17:11]
R2 SbPF.Launcher;SbPF.Launcher;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-01 10:51]
R3 DniVap;SafeNet WAN Miniport (VA);C:\WINDOWS\system32\DRIVERS\vap.sys [2001-12-14 16:26]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2006-09-19 18:58]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 04:54]
R3 swivsp;AC8xx Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\swivspnt.sys [2006-10-12 09:49]
S2 PO-DAMIEN-CLASSIC;Microsoft Dynamics NAV Application Server PO-DAMIEN-CLASSIC;C:\Navision\Install\V5.00 APP\nas.exe [2007-03-06 17:11]
S2 PO-DAMIEN-SQL;Microsoft Dynamics NAV Application Server PO-DAMIEN-SQL;C:\Navision\Install\V5.00 APP\nassql.exe [2007-03-06 17:11]
S2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-01 10:51]
S3 GtVUsb;GlobeTrotter 3G+ Viper Filter Service;C:\WINDOWS\system32\DRIVERS\GtVUsb.sys [2006-11-21 19:15]
S3 MSOLAP$SRVNAVISION;SQL Server Analysis Services (SRVNAVISION);C:\Program Files\Microsoft SQL Server\MSSQL.2\OLAP\bin\msmdsrv.exe [2007-02-10 05:23]
S3 ReportServer$SRVNAVISION;SQL Server Reporting Services (SRVNAVISION);C:\Program Files\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2007-02-10 05:23]
S3 SQLAgent$SRVNAVISION;SQL Server Agent (SRVNAVISION);C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [2007-02-10 05:29]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S4 msvsmon80;Débogueur distant Visual Studio 2005;C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-12-09 10:36]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {09258F12-48E7-B18E-C414-1F48C215685F} /qb
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\ddi.ARCAN-ALSACE\Application Data\Mozilla\Firefox\Profiles\pgkkhghv.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ig
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30226.2\npctrl.1.0.30109.0.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.30226.2\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 15:15:39
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msftesql$SRVNAVISION]
"ImagePath"="\"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:SRVNAVISION"
