Ordi lent
Résolu
grandtoure
Messages postés
147
Statut
Membre
-
Destrio5 Messages postés 99820 Statut Modérateur -
Destrio5 Messages postés 99820 Statut Modérateur -
Bonjour,
j'ai un probleme avec mon ordi.. Il est lent et internet explorer a beaucoup de pop up. Voici le rapport de hijackthis. Merci pour votre aide
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:02 PM, on 10/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\AOL\1136858856\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {CA097453-375A-449A-92A3-A7CF45CAE5D9} - (no file)
O2 - BHO: (no name) - {D3F901B9-7C4B-4B7D-9836-F21F8E68FDC2} - C:\WINDOWS\system32\cbXPjJbB.dll (file missing)
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136858856\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\DOCUME~1\jonathan\LOCALS~1\temp\TEMPFO~1.AAA\xtras.SH! c:\DOCUME~1\jonathan\LOCALS~1\temp\TEMPFO~1.SH! C:\DOCUME~1\Jonathan\LOCALS~1\TEMPOR~1\Content.IE5\0A6KFJPV\KB6712~1.SH! C:\DOCUME~1\Jonathan\LOCALS~1\TEMPOR~1\Content.IE5\GIE1BL65\KB7678~1.SH! C:\DOCUME~1\Jonathan\LOCALS~1\TEMPOR~1\Content.IE5\QGD0OA9L\KB4564~1.SH! C:\DOCUME~1\Jonathan\Cookies\JOCB84~1.SH!
O4 - HKCU\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /M "Stylus CX4600" /EF "HKCU"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.aol.com/
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5332/mcfscan.cab
O20 - Winlogon Notify: cbXPjJbB - cbXPjJbB.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9uYXRoYW4g\command.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 1: (no name) - https://www.youtube.com/
j'ai un probleme avec mon ordi.. Il est lent et internet explorer a beaucoup de pop up. Voici le rapport de hijackthis. Merci pour votre aide
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:26:02 PM, on 10/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\AOL\1136858856\ee\AOLSoftware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {CA097453-375A-449A-92A3-A7CF45CAE5D9} - (no file)
O2 - BHO: (no name) - {D3F901B9-7C4B-4B7D-9836-F21F8E68FDC2} - C:\WINDOWS\system32\cbXPjJbB.dll (file missing)
O3 - Toolbar: (no name) - {37B85A29-692B-4205-9CAD-2626E4993404} - (no file)
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136858856\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\DOCUME~1\jonathan\LOCALS~1\temp\TEMPFO~1.AAA\xtras.SH! c:\DOCUME~1\jonathan\LOCALS~1\temp\TEMPFO~1.SH! C:\DOCUME~1\Jonathan\LOCALS~1\TEMPOR~1\Content.IE5\0A6KFJPV\KB6712~1.SH! C:\DOCUME~1\Jonathan\LOCALS~1\TEMPOR~1\Content.IE5\GIE1BL65\KB7678~1.SH! C:\DOCUME~1\Jonathan\LOCALS~1\TEMPOR~1\Content.IE5\QGD0OA9L\KB4564~1.SH! C:\DOCUME~1\Jonathan\Cookies\JOCB84~1.SH!
O4 - HKCU\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /M "Stylus CX4600" /EF "HKCU"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.aol.com/
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5332/mcfscan.cab
O20 - Winlogon Notify: cbXPjJbB - cbXPjJbB.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9uYXRoYW4g\command.exe (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 1: (no name) - https://www.youtube.com/
A voir également:
- Ordi lent
- Pc lent - Guide
- Comment reinitialiser un ordi - Guide
- Mon mac est lent comment le nettoyer - Guide
- Ordi scrabble - Télécharger - Jeux vidéo
- Ecran ordi a l'envers - Guide
26 réponses
Salut,
Tu es infecté par Vundo.
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt
Tu es infecté par Vundo.
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix\Combofix.txt
- Télécharge et installe Malwarebytes' Anti-Malware :
http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware
- Mets-le à jour.
- Redémarre en mode sans échec (Recommandé) :
https://blog.sosordi.net/
- Choisis ta session habituelle.
- Fais un scan complet avec Malwarebytes' Anti-Malware .
- Supprime tout ce que le logiciel trouve, enregistre le rapport.
- Redémarre en mode normal et poste le rapport ici.
http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware
- Mets-le à jour.
- Redémarre en mode sans échec (Recommandé) :
https://blog.sosordi.net/
- Choisis ta session habituelle.
- Fais un scan complet avec Malwarebytes' Anti-Malware .
- Supprime tout ce que le logiciel trouve, enregistre le rapport.
- Redémarre en mode normal et poste le rapport ici.
---> Relance MBAM, va dans Quarantaine et supprime tout.
---> Poste un nouveau rapport HijackThis.
Ton PC va mieux ?
---> Poste un nouveau rapport HijackThis.
Ton PC va mieux ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
---> Télécharge Lop S&D sur ton Bureau.
---> Double-clique dessus pour lancer l'installation.
---> Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
---> Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche).
---> Patiente jusqu'à la fin du scan.
---> Poste le rapport généré (C:\lopR.txt).
---> Double-clique dessus pour lancer l'installation.
---> Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
---> Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche).
---> Patiente jusqu'à la fin du scan.
---> Poste le rapport généré (C:\lopR.txt).
---> Relance Lop S&D.
---> Choisis cette fois-ci l'option 2 (Suppression).
---> Ne ferme pas la fenêtre lors de la suppression !
---> Poste le rapport généré (C:\lopR.txt).
---> Choisis cette fois-ci l'option 2 (Suppression).
---> Ne ferme pas la fenêtre lors de la suppression !
---> Poste le rapport généré (C:\lopR.txt).
---> Mets à jour Java :
https://www.java.com/fr/download/manual.jsp
---> Poste un nouveau rapport HijackThis.
https://www.java.com/fr/download/manual.jsp
---> Poste un nouveau rapport HijackThis.
---> Relance HijackThis et choisis Do a system scan only
---> Coche les cases qui sont devant les lignes suivantes :
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
---> Redémarre ton PC et poste un nouveau rapport HijackThis.
As-tu encore des problèmes ou on peut passer à la dernière étape ?
---> Coche les cases qui sont devant les lignes suivantes :
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.
---> Redémarre ton PC et poste un nouveau rapport HijackThis.
As-tu encore des problèmes ou on peut passer à la dernière étape ?
ComboFix 08-10-30.07 - Jonathan 2008-10-30 13:55:53.1 - NTFSx86
Running from: C:\Documents and Settings\Jonathan\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\network monitor
C:\temp\tn3
C:\WINDOWS\BM0ade429f.txt
C:\WINDOWS\BM0ade429f.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\default.htm
C:\WINDOWS\Fonts\'
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\msupdate.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\Sm9uYXRoYW4g\
C:\WINDOWS\svchost32.exe
C:\WINDOWS\system32\b10
C:\WINDOWS\system32\bdLSDcfe.ini
C:\WINDOWS\system32\bdLSDcfe.ini2
C:\WINDOWS\system32\bvspkrxs.ini
C:\WINDOWS\system32\crdnjuav.ini
C:\WINDOWS\system32\decfflgn.ini
C:\WINDOWS\system32\denqtmhw.ini
C:\WINDOWS\system32\gdnqgrsa.ini
C:\WINDOWS\system32\gewouovs.ini
C:\WINDOWS\system32\huknnwfx.ini
C:\WINDOWS\system32\ibxrkkwv.ini
C:\WINDOWS\system32\jhggclyf.ini
C:\WINDOWS\system32\JSsAyccf.ini
C:\WINDOWS\system32\JSsAyccf.ini2
C:\WINDOWS\system32\klxuujjn.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdvjlboc.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mvsmhjvf.ini
C:\WINDOWS\system32\nkwylewv.ini
C:\WINDOWS\system32\OpAJPXyb.ini
C:\WINDOWS\system32\OpAJPXyb.ini2
C:\WINDOWS\system32\PrYaIRqr.ini
C:\WINDOWS\system32\PrYaIRqr.ini2
C:\WINDOWS\system32\puhjxdkt.ini
C:\WINDOWS\system32\qoqweler.ini
C:\WINDOWS\system32\qqpAbJlm.ini
C:\WINDOWS\system32\qqpAbJlm.ini2
C:\WINDOWS\system32\qskuofgw.ini
C:\WINDOWS\system32\rcqmwyhu.ini
C:\WINDOWS\system32\rgwxeerp.ini
C:\WINDOWS\system32\RXaJRqru.ini
C:\WINDOWS\system32\RXaJRqru.ini2
C:\WINDOWS\system32\uvxyHRqr.ini
C:\WINDOWS\system32\uvxyHRqr.ini2
C:\WINDOWS\system32\vrafoaiu.ini
C:\WINDOWS\system32\xEfMnnmp.ini
C:\WINDOWS\system32\xEfMnnmp.ini2
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService
-------\Service_Network Monitor
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-30 )))))))))))))))))))))))))))))))
.
2008-10-30 14:09 . 2008-10-30 14:09 <DIR> d-------- C:\Temp\tn3
2008-10-30 11:13 . 2008-10-30 11:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-27 22:11 . 2008-10-27 22:11 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-10-27 17:23 . 2008-10-30 13:08 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-10-27 14:01 . 2008-05-15 16:15 53,168 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2008-09-22 03:41 . 2008-09-22 03:41 <DIR> d-------- C:\Documents and Settings\user\Application Data\InterVideo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-30 18:06 932 ------w C:\WINDOWS\system32\drivers\core.cache.dsk
2008-10-30 17:38 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2008-10-30 15:11 --------- d-----w C:\Documents and Settings\user\Application Data\COMCASTTOOLBAR
2008-10-29 02:14 --------- d-----w C:\Program Files\McAfee
2008-10-15 16:57 332,800 ----a-w C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-03 17:41 6,066,176 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\dllcache\srv.sys
2008-08-27 08:24 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 10:00 2,180,352 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 10:00 2,180,352 ----a-w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-08-14 09:58 2,136,064 ----a-w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-08-14 09:51 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-08-14 09:22 2,057,728 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 09:22 2,057,728 ----a-w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-08-14 09:22 2,015,744 ----a-w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 1207080]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"EPSON Stylus CX4600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE" [2004-03-04 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 339968]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"HostManager"="C:\Program Files\Common Files\AOL\1136858856\ee\AOLSoftware.exe" [2006-05-09 50760]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"EPSON Stylus CX4600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE" [2004-03-04 98304]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-08-08 67112]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\1136858856\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1136858856\\ee\\aolsoftware.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 compbattt;compbattt;C:\WINDOWS\system32\drivers\compbattt.sys [2008-06-24 86144]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 200192]
S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2007-10-24 23288]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9aea84f8-914c-11dc-a4d2-0014a560f6e7}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
2008-10-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2008-06-24 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-08-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
- - - - ORPHANS REMOVED - - - -
BHO-{CA097453-375A-449A-92A3-A7CF45CAE5D9} - (no file)
Notify-cbXPjJbB - cbXPjJbB.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\nb15r33l.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 14:11:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????6?6?8?6??`???? ???B?????????????hLC? ??????
scanning hidden files ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-10-30 14:34:32 - machine was rebooted [Jonathan]
ComboFix-quarantined-files.txt 2008-10-30 18:33:22
Pre-Run: 65,951,862,784 bytes free
Post-Run: 65,872,408,576 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition"
229 --- E O F --- 2008-10-30 17:08:17
Running from: C:\Documents and Settings\Jonathan\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\network monitor
C:\temp\tn3
C:\WINDOWS\BM0ade429f.txt
C:\WINDOWS\BM0ade429f.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\default.htm
C:\WINDOWS\Fonts\'
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\msupdate.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\Sm9uYXRoYW4g\
C:\WINDOWS\svchost32.exe
C:\WINDOWS\system32\b10
C:\WINDOWS\system32\bdLSDcfe.ini
C:\WINDOWS\system32\bdLSDcfe.ini2
C:\WINDOWS\system32\bvspkrxs.ini
C:\WINDOWS\system32\crdnjuav.ini
C:\WINDOWS\system32\decfflgn.ini
C:\WINDOWS\system32\denqtmhw.ini
C:\WINDOWS\system32\gdnqgrsa.ini
C:\WINDOWS\system32\gewouovs.ini
C:\WINDOWS\system32\huknnwfx.ini
C:\WINDOWS\system32\ibxrkkwv.ini
C:\WINDOWS\system32\jhggclyf.ini
C:\WINDOWS\system32\JSsAyccf.ini
C:\WINDOWS\system32\JSsAyccf.ini2
C:\WINDOWS\system32\klxuujjn.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdvjlboc.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\mvsmhjvf.ini
C:\WINDOWS\system32\nkwylewv.ini
C:\WINDOWS\system32\OpAJPXyb.ini
C:\WINDOWS\system32\OpAJPXyb.ini2
C:\WINDOWS\system32\PrYaIRqr.ini
C:\WINDOWS\system32\PrYaIRqr.ini2
C:\WINDOWS\system32\puhjxdkt.ini
C:\WINDOWS\system32\qoqweler.ini
C:\WINDOWS\system32\qqpAbJlm.ini
C:\WINDOWS\system32\qqpAbJlm.ini2
C:\WINDOWS\system32\qskuofgw.ini
C:\WINDOWS\system32\rcqmwyhu.ini
C:\WINDOWS\system32\rgwxeerp.ini
C:\WINDOWS\system32\RXaJRqru.ini
C:\WINDOWS\system32\RXaJRqru.ini2
C:\WINDOWS\system32\uvxyHRqr.ini
C:\WINDOWS\system32\uvxyHRqr.ini2
C:\WINDOWS\system32\vrafoaiu.ini
C:\WINDOWS\system32\xEfMnnmp.ini
C:\WINDOWS\system32\xEfMnnmp.ini2
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService
-------\Service_Network Monitor
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-30 )))))))))))))))))))))))))))))))
.
2008-10-30 14:09 . 2008-10-30 14:09 <DIR> d-------- C:\Temp\tn3
2008-10-30 11:13 . 2008-10-30 11:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-27 22:11 . 2008-10-27 22:11 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-10-27 17:23 . 2008-10-30 13:08 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-10-27 14:01 . 2008-05-15 16:15 53,168 --a------ C:\WINDOWS\system32\drivers\MpFilter.sys
2008-09-22 03:41 . 2008-09-22 03:41 <DIR> d-------- C:\Documents and Settings\user\Application Data\InterVideo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-30 18:06 932 ------w C:\WINDOWS\system32\drivers\core.cache.dsk
2008-10-30 17:38 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2008-10-30 15:11 --------- d-----w C:\Documents and Settings\user\Application Data\COMCASTTOOLBAR
2008-10-29 02:14 --------- d-----w C:\Program Files\McAfee
2008-10-15 16:57 332,800 ----a-w C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-03 17:41 6,066,176 ----a-w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\dllcache\srv.sys
2008-08-27 08:24 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 08:38 13,824 ----a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-25 08:37 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 10:00 2,180,352 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 10:00 2,180,352 ----a-w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-08-14 09:58 2,136,064 ----a-w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-08-14 09:51 138,368 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-08-14 09:22 2,057,728 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 09:22 2,057,728 ----a-w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-08-14 09:22 2,015,744 ----a-w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:32 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-20 1207080]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"EPSON Stylus CX4600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE" [2004-03-04 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 339968]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"HostManager"="C:\Program Files\Common Files\AOL\1136858856\ee\AOLSoftware.exe" [2006-05-09 50760]
"IPHSend"="C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"EPSON Stylus CX4600 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE" [2004-03-04 98304]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ddoctorv2"="C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-06-02 267048]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MBkLogOnHook"="C:\Program Files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-08-08 67112]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\1136858856\\ee\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1136858856\\ee\\aolsoftware.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 compbattt;compbattt;C:\WINDOWS\system32\drivers\compbattt.sys [2008-06-24 86144]
R3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 200192]
S3 SynasUSB;SynasUSB;C:\WINDOWS\system32\drivers\SynasUSB.sys [2007-10-24 23288]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9aea84f8-914c-11dc-a4d2-0014a560f6e7}]
\Shell\AutoRun\command - E:\LaunchU3.exe
.
Contents of the 'Scheduled Tasks' folder
2008-10-28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2008-06-24 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-08-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
- - - - ORPHANS REMOVED - - - -
BHO-{CA097453-375A-449A-92A3-A7CF45CAE5D9} - (no file)
Notify-cbXPjJbB - cbXPjJbB.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Jonathan\Application Data\Mozilla\Firefox\Profiles\nb15r33l.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 14:11:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????6?6?8?6??`???? ???B?????????????hLC? ??????
scanning hidden files ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\PROGRA~1\COMMON~1\McAfee\MNA\McNASvc.exe
C:\PROGRA~1\COMMON~1\McAfee\McProxy\McProxy.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2008-10-30 14:34:32 - machine was rebooted [Jonathan]
ComboFix-quarantined-files.txt 2008-10-30 18:33:22
Pre-Run: 65,951,862,784 bytes free
Post-Run: 65,872,408,576 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition"
229 --- E O F --- 2008-10-30 17:08:17
je vient de faire tout ce qu
e vous avez demander de faire voici mon rapport
Malwarebytes' Anti-Malware 1.30
Database version: 1340
Windows 5.1.2600 Service Pack 2
10/30/2008 4:49:18 PM
mbam-log-2008-10-30 (16-49-18).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 129958
Time elapsed: 1 hour(s), 31 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\system32\modtrux18 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\49a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jdam (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP515\A0140220.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP519\A0141556.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> Quarantined and deleted successfully.
e vous avez demander de faire voici mon rapport
Malwarebytes' Anti-Malware 1.30
Database version: 1340
Windows 5.1.2600 Service Pack 2
10/30/2008 4:49:18 PM
mbam-log-2008-10-30 (16-49-18).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 129958
Time elapsed: 1 hour(s), 31 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\system32\modtrux18 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\49a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jdam (Trojan.Agent) -> Quarantined and deleted successfully.
Files Infected:
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP515\A0140220.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP519\A0141556.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> Quarantined and deleted successfully.
oui merci beaucoup mon pc va plus mieux et voila mon rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:31:30 PM, on 10/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\AOL\1136858856\ee\AOLSoftware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136858856\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /M "Stylus CX4600" /EF "HKCU"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.aol.com/
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5332/mcfscan.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 1: (no name) - https://www.youtube.com/
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:31:30 PM, on 10/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\AOL\1136858856\ee\AOLSoftware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136858856\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /M "Stylus CX4600" /EF "HKCU"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.aol.com/
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5332/mcfscan.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 1: (no name) - https://www.youtube.com/
Je crois que c est venu avec ma connection d'internet et encore je croit que c'est moi qui ai installe pourquoi voulez vs savoir
ok je vient de le faire voici mon rapport
--------------------\\ Lop S&D 4.2.4-9 XP/Vista
Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Turion(tm) 64 Mobile Technology ML-32 )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : Jonathan ( Administrator )
BOOT : Normal boot
Antivirus : McAfee VirusScan (Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:61 Go)
D:\ (CD or DVD) - UDF - Total:3 Go (Free:0 Go)
"C:\Lop SD" ( MAJ : 30-10-2008|21:58 )
Option : [1] ( Fri 10/31/2008|12:31 )
--------------------\\ Listing folders in APPLIC~1
[04/30/2005|01:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Apple Computer
[04/29/2005|11:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[04/30/2005|02:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[04/30/2005|01:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Symantec
[06/23/2008|03:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[01/09/2006|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[05/09/2008|01:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[05/31/2007|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[01/03/2008|06:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[02/05/2007|12:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[07/05/2008|02:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Comcast
[11/20/2007|10:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[04/30/2005|02:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> hpqwmi
[05/12/2008|09:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Identities
[04/30/2005|01:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[05/05/2006|08:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kodak
[10/30/2008|02:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[08/11/2008|02:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[09/16/2006|07:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[10/30/2008|03:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[04/30/2005|01:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> muvee Technologies
[05/14/2008|10:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NCH Swift Sound
[06/14/2008|02:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PC Drivers HeadQuarters
[06/22/2008|10:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pinnacle
[11/11/2006|01:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[04/29/2005|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[07/26/2006|02:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Support.com
[06/13/2008|03:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft
[05/10/2006|10:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[06/23/2008|03:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Syncrosoft
[07/14/2008|01:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[05/15/2008|01:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[05/09/2008|01:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[05/18/2006|05:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[04/30/2005|01:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Apple Computer
[04/29/2005|11:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[04/30/2005|02:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[04/30/2005|01:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Symantec
[06/23/2008|03:00] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Adobe
[06/23/2008|03:50] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> AdobeUM
[04/30/2005|01:39] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Apple Computer
[05/12/2008|09:57] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Cakewalk
[01/09/2006|07:58] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Google
[04/29/2005|11:40] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Identities
[01/13/2006|11:30] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> InterVideo
[05/15/2008|01:07] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> iWin
[01/16/2006|04:58] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Leadertech
[06/24/2008|08:40] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> LimeWire
[01/09/2006|07:58] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Macromedia
[10/30/2008|02:49] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Malwarebytes
[06/30/2008|01:54] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> McAfee
[09/22/2008|03:53] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Microsoft
[07/27/2008|09:04] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Mozilla
[04/07/2007|10:38] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> MSNInstaller
[06/14/2008|01:41] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> muvee Technologies
[05/14/2008|10:32] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> NCH Swift Sound
[02/07/2006|11:50] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Simple Star
[01/16/2006|04:59] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Sonic
[06/23/2008|01:51] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Steinberg
[01/25/2006|12:25] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Sun
[01/10/2006|10:29] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Symantec
[11/12/2007|02:25] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> U3
[10/31/2008|11:39] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Viewpoint
[07/11/2007|07:06] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Wal-Mart Digital Photo Manager
[06/28/2007|04:31] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Wal-Mart Digital Photo Viewer
[07/04/2008|11:02] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Yahoo!
[03/05/2007|08:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[08/11/2008|03:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[06/24/2008|02:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Mozilla
[04/29/2005|11:40] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
[06/24/2008 03:23 PM][--a------] C:\WINDOWS\tasks\McDefragTask.job
[08/01/2008 01:00 AM][--a------] C:\WINDOWS\tasks\McQcTask.job
[10/28/2008 03:49 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[10/30/2008 08:39 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 04:00 AM][-rah-c---] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing Folders in C:\Program Files
[06/23/2008|01:49] C:\Program Files\<DIR> Adobe
[10/30/2008|03:55] C:\Program Files\<DIR> Advanced Spyware Remover
[10/29/2006|05:28] C:\Program Files\<DIR> AOD
[07/25/2008|03:07] C:\Program Files\<DIR> AOL Games
[06/14/2008|09:37] C:\Program Files\<DIR> Apple Software Update
[04/30/2005|12:54] C:\Program Files\<DIR> ATI Technologies
[07/05/2008|12:09] C:\Program Files\<DIR> CA Yahoo! Anti-Spy
[07/07/2008|02:22] C:\Program Files\<DIR> Cakewalk
[10/31/2008|11:42] C:\Program Files\<DIR> ComcastToolbar
[05/05/2008|12:39] C:\Program Files\<DIR> ComcastUI
[10/30/2008|01:57] C:\Program Files\<DIR> Common Files
[04/29/2005|11:40] C:\Program Files\<DIR> ComPlus Applications
[04/29/2005|11:45] C:\Program Files\<DIR> CONEXANT
[01/06/2008|01:00] C:\Program Files\<DIR> Easy Internet signup
[10/30/2008|04:53] C:\Program Files\<DIR> epson
[11/20/2007|10:15] C:\Program Files\<DIR> Google
[05/30/2008|11:30] C:\Program Files\<DIR> Hp
[01/10/2006|10:23] C:\Program Files\<DIR> HPQ
[06/24/2008|09:09] C:\Program Files\<DIR> IBM
[10/27/2008|10:34] C:\Program Files\<DIR> Internet Explorer
[04/30/2005|01:30] C:\Program Files\<DIR> InterVideo
[06/14/2008|09:45] C:\Program Files\<DIR> iPod
[06/14/2008|09:45] C:\Program Files\<DIR> iTunes
[07/22/2008|12:55] C:\Program Files\<DIR> Java
[05/05/2006|08:27] C:\Program Files\<DIR> Kodak
[10/30/2008|02:49] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[10/28/2008|10:14] C:\Program Files\<DIR> McAfee
[06/25/2008|01:05] C:\Program Files\<DIR> McAfee.com
[10/27/2008|10:23] C:\Program Files\<DIR> Messenger
[08/12/2008|10:10] C:\Program Files\<DIR> Microsoft ActiveSync
[04/29/2005|11:40] C:\Program Files\<DIR> microsoft frontpage
[03/02/2008|10:11] C:\Program Files\<DIR> Microsoft Games
[01/07/2008|12:58] C:\Program Files\<DIR> Microsoft Office
[01/09/2006|09:37] C:\Program Files\<DIR> Microsoft Visual Studio
[01/07/2008|12:58] C:\Program Files\<DIR> Microsoft Works
[01/09/2006|09:37] C:\Program Files\<DIR> Microsoft.NET
[04/29/2005|11:40] C:\Program Files\<DIR> Movie Maker
[10/31/2008|11:07] C:\Program Files\<DIR> Mozilla Firefox
[04/07/2007|10:38] C:\Program Files\<DIR> MSN
[04/30/2005|01:19] C:\Program Files\<DIR> MSN Encarta Plus
[04/29/2005|11:40] C:\Program Files\<DIR> MSN Gaming Zone
[11/20/2006|02:43] C:\Program Files\<DIR> MSXML 4.0
[04/30/2005|01:48] C:\Program Files\<DIR> muvee Technologies
[05/14/2008|10:32] C:\Program Files\<DIR> NCH Software
[06/13/2008|03:50] C:\Program Files\<DIR> NCH Swift Sound
[04/29/2005|11:40] C:\Program Files\<DIR> NetMeeting
[04/30/2005|01:37] C:\Program Files\<DIR> Online Services
[06/27/2007|11:37] C:\Program Files\<DIR> Outlook Express
[07/07/2008|02:11] C:\Program Files\<DIR> Outsim
[06/23/2008|01:29] C:\Program Files\<DIR> Pinnacle
[06/14/2008|09:43] C:\Program Files\<DIR> QuickTime
[06/17/2008|03:02] C:\Program Files\<DIR> Real
[08/10/2006|07:52] C:\Program Files\<DIR> Smart Panel
[01/16/2006|01:37] C:\Program Files\<DIR> Sonic
[06/23/2008|12:32] C:\Program Files\<DIR> Sun
[05/12/2008|05:21] C:\Program Files\<DIR> support.com
[08/27/2006|05:40] C:\Program Files\<DIR> Symantec
[04/30/2005|01:30] C:\Program Files\<DIR> Synaptics
[06/30/2008|02:10] C:\Program Files\<DIR> Syncrosoft
[10/30/2008|11:13] C:\Program Files\<DIR> Trend Micro
[04/29/2005|11:40] C:\Program Files\<DIR> Uninstall Information
[10/31/2008|11:39] C:\Program Files\<DIR> Viewpoint
[06/13/2008|01:10] C:\Program Files\<DIR> Windows Media Connect 2
[06/13/2008|01:10] C:\Program Files\<DIR> Windows Media Player
[04/29/2005|11:40] C:\Program Files\<DIR> Windows NT
[04/29/2005|11:40] C:\Program Files\<DIR> xerox
[07/27/2008|09:52] C:\Program Files\<DIR> Yahoo!
--------------------\\ Listing Folders in C:\Program Files\Common Files
[06/23/2008|03:29] C:\Program Files\Common Files\<DIR> Adobe
[06/26/2006|01:20] C:\Program Files\Common Files\<DIR> AOL
[06/26/2006|01:20] C:\Program Files\Common Files\<DIR> aolshare
[01/03/2008|06:26] C:\Program Files\Common Files\<DIR> Apple
[01/09/2006|09:38] C:\Program Files\Common Files\<DIR> DESIGNER
[06/23/2008|12:38] C:\Program Files\Common Files\<DIR> Download Manager
[04/30/2005|01:29] C:\Program Files\Common Files\<DIR> InstallShield
[04/30/2005|01:08] C:\Program Files\Common Files\<DIR> Java
[01/09/2006|09:39] C:\Program Files\Common Files\<DIR> L&H
[04/30/2005|01:54] C:\Program Files\Common Files\<DIR> LightScribe
[06/25/2008|01:08] C:\Program Files\Common Files\<DIR> McAfee
[08/12/2008|10:07] C:\Program Files\Common Files\<DIR> Microsoft Shared
[04/29/2005|11:40] C:\Program Files\Common Files\<DIR> MSSoap
[04/30/2005|01:48] C:\Program Files\Common Files\<DIR> muvee Technologies
[01/09/2006|10:07] C:\Program Files\Common Files\<DIR> Nullsoft
[04/29/2005|11:40] C:\Program Files\Common Files\<DIR> ODBC
[06/25/2008|03:08] C:\Program Files\Common Files\<DIR> Scanner
[04/29/2005|11:40] C:\Program Files\Common Files\<DIR> Services
[04/30/2005|01:27] C:\Program Files\Common Files\<DIR> Sonic Shared
[04/29/2005|11:40] C:\Program Files\Common Files\<DIR> SpeechEngines
[10/31/2008|11:46] C:\Program Files\Common Files\<DIR> SupportSoft
[08/27/2006|01:32] C:\Program Files\Common Files\<DIR> Symantec Shared
[06/27/2007|11:37] C:\Program Files\Common Files\<DIR> System
[04/30/2005|01:28] C:\Program Files\Common Files\<DIR> TiVo Shared
--------------------\\ Process
( 53 Processes )
... OK !
--------------------\\ Searching with S_Lop
No Lop folder found !
--------------------\\ Searching for Lop Files - Folders
No Lop folder found !
--------------------\\ Searching within the Registry
..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN
--------------------\\ Searching for hidden files with Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 12:32:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Searching for other infections
No other infections found !
[F:47][D:4]-> C:\DOCUME~1\Jonathan\LOCALS~1\Temp
[F:22][D:0]-> C:\DOCUME~1\Jonathan\Cookies
[F:30][D:4]-> C:\DOCUME~1\Jonathan\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - Fri 10/31/2008|12:36 - Option : [1]
--------------------\\ Scan completed at 12:36:06
--------------------\\ Lop S&D 4.2.4-9 XP/Vista
Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Turion(tm) 64 Mobile Technology ML-32 )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : Jonathan ( Administrator )
BOOT : Normal boot
Antivirus : McAfee VirusScan (Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:61 Go)
D:\ (CD or DVD) - UDF - Total:3 Go (Free:0 Go)
"C:\Lop SD" ( MAJ : 30-10-2008|21:58 )
Option : [1] ( Fri 10/31/2008|12:31 )
--------------------\\ Listing folders in APPLIC~1
[04/30/2005|01:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Apple Computer
[04/29/2005|11:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[04/30/2005|02:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[04/30/2005|01:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Symantec
[06/23/2008|03:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[01/09/2006|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[05/09/2008|01:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[05/31/2007|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[01/03/2008|06:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[02/05/2007|12:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[07/05/2008|02:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Comcast
[11/20/2007|10:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[04/30/2005|02:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> hpqwmi
[05/12/2008|09:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Identities
[04/30/2005|01:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[05/05/2006|08:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kodak
[10/30/2008|02:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[08/11/2008|02:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[09/16/2006|07:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[10/30/2008|03:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[04/30/2005|01:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> muvee Technologies
[05/14/2008|10:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NCH Swift Sound
[06/14/2008|02:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PC Drivers HeadQuarters
[06/22/2008|10:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pinnacle
[11/11/2006|01:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[04/29/2005|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[07/26/2006|02:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Support.com
[06/13/2008|03:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft
[05/10/2006|10:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[06/23/2008|03:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Syncrosoft
[07/14/2008|01:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[05/15/2008|01:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[05/09/2008|01:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[05/18/2006|05:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[04/30/2005|01:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Apple Computer
[04/29/2005|11:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[04/30/2005|02:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[04/30/2005|01:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Symantec
[06/23/2008|03:00] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Adobe
[06/23/2008|03:50] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> AdobeUM
[04/30/2005|01:39] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Apple Computer
[05/12/2008|09:57] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Cakewalk
[01/09/2006|07:58] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Google
[04/29/2005|11:40] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Identities
[01/13/2006|11:30] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> InterVideo
[05/15/2008|01:07] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> iWin
[01/16/2006|04:58] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Leadertech
[06/24/2008|08:40] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> LimeWire
[01/09/2006|07:58] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Macromedia
[10/30/2008|02:49] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Malwarebytes
[06/30/2008|01:54] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> McAfee
[09/22/2008|03:53] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Microsoft
[07/27/2008|09:04] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Mozilla
[04/07/2007|10:38] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> MSNInstaller
[06/14/2008|01:41] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> muvee Technologies
[05/14/2008|10:32] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> NCH Swift Sound
[02/07/2006|11:50] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Simple Star
[01/16/2006|04:59] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Sonic
[06/23/2008|01:51] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Steinberg
[01/25/2006|12:25] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Sun
[01/10/2006|10:29] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Symantec
[11/12/2007|02:25] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> U3
[10/31/2008|11:39] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Viewpoint
[07/11/2007|07:06] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Wal-Mart Digital Photo Manager
[06/28/2007|04:31] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Wal-Mart Digital Photo Viewer
[07/04/2008|11:02] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Yahoo!
[03/05/2007|08:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[08/11/2008|03:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[06/24/2008|02:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Mozilla
[04/29/2005|11:40] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
[06/24/2008 03:23 PM][--a------] C:\WINDOWS\tasks\McDefragTask.job
[08/01/2008 01:00 AM][--a------] C:\WINDOWS\tasks\McQcTask.job
[10/28/2008 03:49 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[10/30/2008 08:39 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 04:00 AM][-rah-c---] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing Folders in C:\Program Files
[06/23/2008|01:49] C:\Program Files\<DIR> Adobe
[10/30/2008|03:55] C:\Program Files\<DIR> Advanced Spyware Remover
[10/29/2006|05:28] C:\Program Files\<DIR> AOD
[07/25/2008|03:07] C:\Program Files\<DIR> AOL Games
[06/14/2008|09:37] C:\Program Files\<DIR> Apple Software Update
[04/30/2005|12:54] C:\Program Files\<DIR> ATI Technologies
[07/05/2008|12:09] C:\Program Files\<DIR> CA Yahoo! Anti-Spy
[07/07/2008|02:22] C:\Program Files\<DIR> Cakewalk
[10/31/2008|11:42] C:\Program Files\<DIR> ComcastToolbar
[05/05/2008|12:39] C:\Program Files\<DIR> ComcastUI
[10/30/2008|01:57] C:\Program Files\<DIR> Common Files
[04/29/2005|11:40] C:\Program Files\<DIR> ComPlus Applications
[04/29/2005|11:45] C:\Program Files\<DIR> CONEXANT
[01/06/2008|01:00] C:\Program Files\<DIR> Easy Internet signup
[10/30/2008|04:53] C:\Program Files\<DIR> epson
[11/20/2007|10:15] C:\Program Files\<DIR> Google
[05/30/2008|11:30] C:\Program Files\<DIR> Hp
[01/10/2006|10:23] C:\Program Files\<DIR> HPQ
[06/24/2008|09:09] C:\Program Files\<DIR> IBM
[10/27/2008|10:34] C:\Program Files\<DIR> Internet Explorer
[04/30/2005|01:30] C:\Program Files\<DIR> InterVideo
[06/14/2008|09:45] C:\Program Files\<DIR> iPod
[06/14/2008|09:45] C:\Program Files\<DIR> iTunes
[07/22/2008|12:55] C:\Program Files\<DIR> Java
[05/05/2006|08:27] C:\Program Files\<DIR> Kodak
[10/30/2008|02:49] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[10/28/2008|10:14] C:\Program Files\<DIR> McAfee
[06/25/2008|01:05] C:\Program Files\<DIR> McAfee.com
[10/27/2008|10:23] C:\Program Files\<DIR> Messenger
[08/12/2008|10:10] C:\Program Files\<DIR> Microsoft ActiveSync
[04/29/2005|11:40] C:\Program Files\<DIR> microsoft frontpage
[03/02/2008|10:11] C:\Program Files\<DIR> Microsoft Games
[01/07/2008|12:58] C:\Program Files\<DIR> Microsoft Office
[01/09/2006|09:37] C:\Program Files\<DIR> Microsoft Visual Studio
[01/07/2008|12:58] C:\Program Files\<DIR> Microsoft Works
[01/09/2006|09:37] C:\Program Files\<DIR> Microsoft.NET
[04/29/2005|11:40] C:\Program Files\<DIR> Movie Maker
[10/31/2008|11:07] C:\Program Files\<DIR> Mozilla Firefox
[04/07/2007|10:38] C:\Program Files\<DIR> MSN
[04/30/2005|01:19] C:\Program Files\<DIR> MSN Encarta Plus
[04/29/2005|11:40] C:\Program Files\<DIR> MSN Gaming Zone
[11/20/2006|02:43] C:\Program Files\<DIR> MSXML 4.0
[04/30/2005|01:48] C:\Program Files\<DIR> muvee Technologies
[05/14/2008|10:32] C:\Program Files\<DIR> NCH Software
[06/13/2008|03:50] C:\Program Files\<DIR> NCH Swift Sound
[04/29/2005|11:40] C:\Program Files\<DIR> NetMeeting
[04/30/2005|01:37] C:\Program Files\<DIR> Online Services
[06/27/2007|11:37] C:\Program Files\<DIR> Outlook Express
[07/07/2008|02:11] C:\Program Files\<DIR> Outsim
[06/23/2008|01:29] C:\Program Files\<DIR> Pinnacle
[06/14/2008|09:43] C:\Program Files\<DIR> QuickTime
[06/17/2008|03:02] C:\Program Files\<DIR> Real
[08/10/2006|07:52] C:\Program Files\<DIR> Smart Panel
[01/16/2006|01:37] C:\Program Files\<DIR> Sonic
[06/23/2008|12:32] C:\Program Files\<DIR> Sun
[05/12/2008|05:21] C:\Program Files\<DIR> support.com
[08/27/2006|05:40] C:\Program Files\<DIR> Symantec
[04/30/2005|01:30] C:\Program Files\<DIR> Synaptics
[06/30/2008|02:10] C:\Program Files\<DIR> Syncrosoft
[10/30/2008|11:13] C:\Program Files\<DIR> Trend Micro
[04/29/2005|11:40] C:\Program Files\<DIR> Uninstall Information
[10/31/2008|11:39] C:\Program Files\<DIR> Viewpoint
[06/13/2008|01:10] C:\Program Files\<DIR> Windows Media Connect 2
[06/13/2008|01:10] C:\Program Files\<DIR> Windows Media Player
[04/29/2005|11:40] C:\Program Files\<DIR> Windows NT
[04/29/2005|11:40] C:\Program Files\<DIR> xerox
[07/27/2008|09:52] C:\Program Files\<DIR> Yahoo!
--------------------\\ Listing Folders in C:\Program Files\Common Files
[06/23/2008|03:29] C:\Program Files\Common Files\<DIR> Adobe
[06/26/2006|01:20] C:\Program Files\Common Files\<DIR> AOL
[06/26/2006|01:20] C:\Program Files\Common Files\<DIR> aolshare
[01/03/2008|06:26] C:\Program Files\Common Files\<DIR> Apple
[01/09/2006|09:38] C:\Program Files\Common Files\<DIR> DESIGNER
[06/23/2008|12:38] C:\Program Files\Common Files\<DIR> Download Manager
[04/30/2005|01:29] C:\Program Files\Common Files\<DIR> InstallShield
[04/30/2005|01:08] C:\Program Files\Common Files\<DIR> Java
[01/09/2006|09:39] C:\Program Files\Common Files\<DIR> L&H
[04/30/2005|01:54] C:\Program Files\Common Files\<DIR> LightScribe
[06/25/2008|01:08] C:\Program Files\Common Files\<DIR> McAfee
[08/12/2008|10:07] C:\Program Files\Common Files\<DIR> Microsoft Shared
[04/29/2005|11:40] C:\Program Files\Common Files\<DIR> MSSoap
[04/30/2005|01:48] C:\Program Files\Common Files\<DIR> muvee Technologies
[01/09/2006|10:07] C:\Program Files\Common Files\<DIR> Nullsoft
[04/29/2005|11:40] C:\Program Files\Common Files\<DIR> ODBC
[06/25/2008|03:08] C:\Program Files\Common Files\<DIR> Scanner
[04/29/2005|11:40] C:\Program Files\Common Files\<DIR> Services
[04/30/2005|01:27] C:\Program Files\Common Files\<DIR> Sonic Shared
[04/29/2005|11:40] C:\Program Files\Common Files\<DIR> SpeechEngines
[10/31/2008|11:46] C:\Program Files\Common Files\<DIR> SupportSoft
[08/27/2006|01:32] C:\Program Files\Common Files\<DIR> Symantec Shared
[06/27/2007|11:37] C:\Program Files\Common Files\<DIR> System
[04/30/2005|01:28] C:\Program Files\Common Files\<DIR> TiVo Shared
--------------------\\ Process
( 53 Processes )
... OK !
--------------------\\ Searching with S_Lop
No Lop folder found !
--------------------\\ Searching for Lop Files - Folders
No Lop folder found !
--------------------\\ Searching within the Registry
..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN
--------------------\\ Searching for hidden files with Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 12:32:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Searching for other infections
No other infections found !
[F:47][D:4]-> C:\DOCUME~1\Jonathan\LOCALS~1\Temp
[F:22][D:0]-> C:\DOCUME~1\Jonathan\Cookies
[F:30][D:4]-> C:\DOCUME~1\Jonathan\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - Fri 10/31/2008|12:36 - Option : [1]
--------------------\\ Scan completed at 12:36:06
voici mon rapport
--------------------\\ Lop S&D 4.2.4-9 XP/Vista
Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Turion(tm) 64 Mobile Technology ML-32 )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : Jonathan ( Administrator )
BOOT : Normal boot
Antivirus : McAfee VirusScan (Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:61 Go)
D:\ (CD or DVD) - UDF - Total:3 Go (Free:0 Go)
"C:\Lop SD" ( MAJ : 30-10-2008|21:58 )
Option : [2] ( Fri 10/31/2008|13:02 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Deleted! - C:\Program Files\Viewpoint
Deleted! - C:\DOCUME~1\Jonathan\APPLIC~1\Viewpoint
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing folders in APPLIC~1
[04/30/2005|01:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Apple Computer
[04/29/2005|11:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[04/30/2005|02:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[04/30/2005|01:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Symantec
[06/23/2008|03:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[01/09/2006|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[05/09/2008|01:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[05/31/2007|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[01/03/2008|06:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[02/05/2007|12:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[07/05/2008|02:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Comcast
[11/20/2007|10:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[04/30/2005|02:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> hpqwmi
[05/12/2008|09:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Identities
[04/30/2005|01:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[05/05/2006|08:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kodak
[10/30/2008|02:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[08/11/2008|02:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[09/16/2006|07:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[10/30/2008|03:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[04/30/2005|01:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> muvee Technologies
[05/14/2008|10:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NCH Swift Sound
[06/14/2008|02:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PC Drivers HeadQuarters
[06/22/2008|10:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pinnacle
[11/11/2006|01:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[04/29/2005|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[07/26/2006|02:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Support.com
[06/13/2008|03:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft
[05/10/2006|10:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[06/23/2008|03:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Syncrosoft
[07/14/2008|01:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[05/15/2008|01:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[05/18/2006|05:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[04/30/2005|01:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Apple Computer
[04/29/2005|11:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[04/30/2005|02:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[04/30/2005|01:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Symantec
[06/23/2008|03:00] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Adobe
[06/23/2008|03:50] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> AdobeUM
[04/30/2005|01:39] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Apple Computer
[05/12/2008|09:57] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Cakewalk
[01/09/2006|07:58] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Google
[04/29/2005|11:40] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Identities
[01/13/2006|11:30] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> InterVideo
[05/15/2008|01:07] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> iWin
[01/16/2006|04:58] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Leadertech
[06/24/2008|08:40] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> LimeWire
[01/09/2006|07:58] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Macromedia
[10/30/2008|02:49] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Malwarebytes
[06/30/2008|01:54] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> McAfee
[09/22/2008|03:53] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Microsoft
[07/27/2008|09:04] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Mozilla
[04/07/2007|10:38] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> MSNInstaller
[06/14/2008|01:41] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> muvee Technologies
[05/14/2008|10:32] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> NCH Swift Sound
[02/07/2006|11:50] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Simple Star
[01/16/2006|04:59] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Sonic
[06/23/2008|01:51] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Steinberg
[01/25/2006|12:25] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Sun
[01/10/2006|10:29] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Symantec
[11/12/2007|02:25] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> U3
[07/11/2007|07:06] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Wal-Mart Digital Photo Manager
[06/28/2007|04:31] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Wal-Mart Digital Photo Viewer
[07/04/2008|11:02] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Yahoo!
[03/05/2007|08:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[08/11/2008|03:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[06/24/2008|02:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Mozilla
[04/29/2005|11:40] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
[06/24/2008 03:23 PM][--a------] C:\WINDOWS\tasks\McDefragTask.job
[08/01/2008 01:00 AM][--a------] C:\WINDOWS\tasks\McQcTask.job
[10/28/2008 03:49 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[10/30/2008 08:39 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 04:00 AM][-rah-c---] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing Folders in C:\Program Files
[06/23/2008|01:49] C:\Program Files\<DIR> Adobe
[10/30/2008|03:55] C:\Program Files\<DIR> Advanced Spyware Remover
[10/29/2006|05:28] C:\Program Files\<DIR> AOD
[07/25/2008|03:07] C:\Program Files\<DIR> AOL Games
[06/14/2008|09:37] C:\Program Files\<DIR> Apple Software Update
[04/30/2005|12:54] C:\Program Files\<DIR> ATI Technologies
[07/05/2008|12:09] C:\Program Files\<DIR> CA Yahoo! Anti-Spy
[07/07/2008|02:22] C:\Program Files\<DIR> Cakewalk
[10/31/2008|11:42] C:\Program Files\<DIR> ComcastToolbar
[05/05/2008|12:39] C:\Program Files\<DIR> ComcastUI
[10/30/2008|01:57] C:\Program Files\<DIR> Common Files
[04/29/2005|11:40] C:\Program Files\<DIR> ComPlus Applications
[04/29/2005|11:45] C:\Program Files\<DIR> CONEXANT
[01/06/2008|01:00] C:\Program Files\<DIR> Easy Internet signup
[10/30/2008|04:53] C:\Program Files\<DIR> epson
[11/20/2007|10:15] C:\Program Files\<DIR> Google
[05/30/2008|11:30] C:\Program Files\<DIR> Hp
[01/10/2006|10:23] C:\Program Files\<DIR> HPQ
[06/24/2008|09:09] C:\Program Files\<DIR> IBM
[10/27/2008|10:34] C:\Program Files\<DIR> Internet Explorer
[04/30/2005|01:30] C:\Program Files\<DIR> InterVideo
[06/14/2008|09:45] C:\Program Files\<DIR> iPod
[06/14/2008|09:45] C:\Program Files\<DIR> iTunes
[07/22/2008|12:55] C:\Program Files\<DIR> Java
[05/05/2006|08:27] C:\Program Files\<DIR> Kodak
[10/30/2008|02:49] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[10/28/2008|10:14] C:\Program Files\<DIR> McAfee
[06/25/2008|01:05] C:\Program Files\<DIR> McAfee.com
[10/27/2008|10:23] C:\Program Files\<DIR> Messenger
[08/12/2008|10:10] C:\Program Files\<DIR> Microsoft ActiveSync
[04/29/2005|11:40] C:\Program Files\<DIR> microsoft frontpage
[03/02/2008|10:11] C:\Program Files\<DIR> Microsoft Games
[01/07/2008|12:58] C:\Program Files\<DIR> Microsoft Office
[01/09/2006|09:37] C:\Program Files\<DIR> Microsoft Visual Studio
[01/07/2008|12:58] C:\Program Files\<DIR> Microsoft Works
[01/09/2006|09:37] C:\Program Files\<DIR> Microsoft.NET
[04/29/2005|11:40] C:\Program Files\<DIR> Movie Maker
[10/31/2008|12:37] C:\Program Files\<DIR> Mozilla Firefox
[04/07/2007|10:38] C:\Program Files\<DIR> MSN
[04/30/2005|01:19] C:\Program Files\<DIR> MSN Encarta Plus
[04/29/2005|11:40] C:\Program Files\<DIR> MSN Gaming Zone
[11/20/2006|02:43] C:\Program Files\<DIR> MSXML 4.0
[04/30/2005|01:48] C:\Program Files\<DIR> muvee Technologies
[05/14/2008|10:32] C:\Program Files\<DIR> NCH Software
[06/13/2008|03:50] C:\Program Files\<DIR> NCH Swift Sound
[04/29/2005|11:40] C:\Program Files\<DIR> NetMeeting
[04/30/2005|01:37] C:\Program Files\<DIR> Online Services
[06/27/2007|11:37] C:\Program Files\<DIR> Outlook Express
[07/07/2008|02:11] C:\Program Files\<DIR> Outsim
[06/23/2008|01:29] C:\Program Files\<DIR> Pinnacle
[06/14/2008|09:43] C:\Program Files\<DIR> QuickTime
[06/17/2008|03:02] C:\Program Files\<DIR> Real
[08/10/2006|07:52] C:\Program Files\<DIR> Smart Panel
[01/16/2006|01:37] C:\Program Files\<DIR> Sonic
[06/23/2008|12:32] C:\Program Files\<DIR> Sun
[05/12/2008|05:21] C:\Program Files\<DIR> support.com
[08/27/2006|05:40] C:\Program Files\<DIR> Symantec
[04/30/2005|01:30] C:\Program Files\<DIR> Synaptics
[06/30/2008|02:10] C:\Program Files\<DIR> Syncrosoft
[10/30/2008|11:13] C:\Program Files\<DIR> Trend Micro
[04/29/2005|11:40] C:\Program Files\<DIR> Uninstall Information
[06/13/2008|01:10] C:\Program Files\<DIR> Windows Media Connect 2
[06/13/2008|01:10] C:\Program Files\<DIR> Windows Media Player
[04/29/2005|11:40] C:\Program Files\<DIR> Windows NT
[04/29/2005|11:40] C:\Program Files\<DIR> xerox
[07/27/2008|09:52] C:\Program Files\<DIR> Yahoo!
--------------------\\ Listing Folders in C:\Program Files\Common Files
[06/23/2008|03:29] C:\Program Files\Common Files\<DIR> Adobe
[06/26/2006|01:20] C:\Program Files\Common Files\<DIR> AOL
[06/26/2006|01:20] C:\Program Files\Common Files\<DIR> aolshare
[01/03/2008|06:26] C:\Program Files\Common Files\<DIR> Apple
[01/09/2006|09:38] C:\Program Files\Common Files\<DIR> DESIGNER
[06/23/2008|12:38] C:\Program Files\Common Files\<DIR> Download Manager
[04/30/2005|01:29] C:\Program Files\Common Files\<DIR> InstallShield
[04/30/2005|01:08] C:\Program Files\Common Files\<DIR> Java
[01/09/2006|09:39] C:\Program Files\Common Files\<DIR> L&H
[04/30/2005|01:54] C:\Program Files\Common Files\<DIR> LightScribe
[06/25/2008|01:08] C:\Program Files\Common Files\<DIR> McAfee
[08/12/2008|10:07] C:\Program Files\Common Files\<DIR> Microsoft Shared
[04/29/2005|11:40] C:\Program Files\Common Files\<DIR> MSSoap
[04/30/2005|01:48] C:\Program Files\Common Files\<DIR> muvee Technologies
[01/09/2006|10:07] C:\Program Files\Common Files\<DIR> Nullsoft
[04/29/2005|11:40] C:\Program Files\Common Files\<DIR> ODBC
[06/25/2008|03:08] C:\Program Files\Common Files\<DIR> Scanner
[04/29/2005|11:40] C:\Program Files\Common Files\<DIR> Services
[04/30/2005|01:27] C:\Program Files\Common Files\<DIR> Sonic Shared
[04/29/2005|11:40] C:\Program Files\Common Files\<DIR> SpeechEngines
[10/31/2008|11:46] C:\Program Files\Common Files\<DIR> SupportSoft
[08/27/2006|01:32] C:\Program Files\Common Files\<DIR> Symantec Shared
[06/27/2007|11:37] C:\Program Files\Common Files\<DIR> System
[04/30/2005|01:28] C:\Program Files\Common Files\<DIR> TiVo Shared
--------------------\\ Process
( 50 Processes )
... OK !
--------------------\\ Searching with S_Lop
No Lop folder found !
--------------------\\ Searching for Lop Files - Folders
No Lop folder found !
--------------------\\ Searching within the Registry
..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN
--------------------\\ Searching for hidden files with Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 13:05:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Searching for other infections
No other infections found !
[F:47][D:4]-> C:\DOCUME~1\Jonathan\LOCALS~1\Temp
[F:22][D:0]-> C:\DOCUME~1\Jonathan\Cookies
[F:6][D:4]-> C:\DOCUME~1\Jonathan\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - Fri 10/31/2008|12:36 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Fri 10/31/2008|13:07 - Option : [2]
--------------------\\ Scan completed at 13:07:33
--------------------\\ Lop S&D 4.2.4-9 XP/Vista
Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : AMD Turion(tm) 64 Mobile Technology ML-32 )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : Jonathan ( Administrator )
BOOT : Normal boot
Antivirus : McAfee VirusScan (Activated)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:61 Go)
D:\ (CD or DVD) - UDF - Total:3 Go (Free:0 Go)
"C:\Lop SD" ( MAJ : 30-10-2008|21:58 )
Option : [2] ( Fri 10/31/2008|13:02 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Deleted! - C:\Program Files\Viewpoint
Deleted! - C:\DOCUME~1\Jonathan\APPLIC~1\Viewpoint
Deleted! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing folders in APPLIC~1
[04/30/2005|01:39] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Apple Computer
[04/29/2005|11:40] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[04/30/2005|02:07] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[04/30/2005|01:49] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Symantec
[06/23/2008|03:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[01/09/2006|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[05/09/2008|01:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[05/31/2007|11:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[01/03/2008|06:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[02/05/2007|12:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[07/05/2008|02:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Comcast
[11/20/2007|10:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[04/30/2005|02:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> hpqwmi
[05/12/2008|09:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Identities
[04/30/2005|01:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[05/05/2006|08:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Kodak
[10/30/2008|02:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[08/11/2008|02:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[09/16/2006|07:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[10/30/2008|03:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[04/30/2005|01:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> muvee Technologies
[05/14/2008|10:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NCH Swift Sound
[06/14/2008|02:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PC Drivers HeadQuarters
[06/22/2008|10:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pinnacle
[11/11/2006|01:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[04/29/2005|11:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[07/26/2006|02:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Support.com
[06/13/2008|03:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft
[05/10/2006|10:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[06/23/2008|03:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Syncrosoft
[07/14/2008|01:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[05/15/2008|01:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Trymedia
[05/18/2006|05:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[04/30/2005|01:39] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Apple Computer
[04/29/2005|11:40] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[04/30/2005|02:07] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[04/30/2005|01:49] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Symantec
[06/23/2008|03:00] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Adobe
[06/23/2008|03:50] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> AdobeUM
[04/30/2005|01:39] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Apple Computer
[05/12/2008|09:57] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Cakewalk
[01/09/2006|07:58] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Google
[04/29/2005|11:40] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Identities
[01/13/2006|11:30] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> InterVideo
[05/15/2008|01:07] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> iWin
[01/16/2006|04:58] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Leadertech
[06/24/2008|08:40] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> LimeWire
[01/09/2006|07:58] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Macromedia
[10/30/2008|02:49] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Malwarebytes
[06/30/2008|01:54] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> McAfee
[09/22/2008|03:53] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Microsoft
[07/27/2008|09:04] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Mozilla
[04/07/2007|10:38] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> MSNInstaller
[06/14/2008|01:41] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> muvee Technologies
[05/14/2008|10:32] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> NCH Swift Sound
[02/07/2006|11:50] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Simple Star
[01/16/2006|04:59] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Sonic
[06/23/2008|01:51] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Steinberg
[01/25/2006|12:25] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Sun
[01/10/2006|10:29] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Symantec
[11/12/2007|02:25] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> U3
[07/11/2007|07:06] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Wal-Mart Digital Photo Manager
[06/28/2007|04:31] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Wal-Mart Digital Photo Viewer
[07/04/2008|11:02] C:\DOCUME~1\Jonathan\APPLIC~1\<DIR> Yahoo!
[03/05/2007|08:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[08/11/2008|03:00] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[06/24/2008|02:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Mozilla
[04/29/2005|11:40] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks
[06/24/2008 03:23 PM][--a------] C:\WINDOWS\tasks\McDefragTask.job
[08/01/2008 01:00 AM][--a------] C:\WINDOWS\tasks\McQcTask.job
[10/28/2008 03:49 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[10/30/2008 08:39 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/04/2004 04:00 AM][-rah-c---] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing Folders in C:\Program Files
[06/23/2008|01:49] C:\Program Files\<DIR> Adobe
[10/30/2008|03:55] C:\Program Files\<DIR> Advanced Spyware Remover
[10/29/2006|05:28] C:\Program Files\<DIR> AOD
[07/25/2008|03:07] C:\Program Files\<DIR> AOL Games
[06/14/2008|09:37] C:\Program Files\<DIR> Apple Software Update
[04/30/2005|12:54] C:\Program Files\<DIR> ATI Technologies
[07/05/2008|12:09] C:\Program Files\<DIR> CA Yahoo! Anti-Spy
[07/07/2008|02:22] C:\Program Files\<DIR> Cakewalk
[10/31/2008|11:42] C:\Program Files\<DIR> ComcastToolbar
[05/05/2008|12:39] C:\Program Files\<DIR> ComcastUI
[10/30/2008|01:57] C:\Program Files\<DIR> Common Files
[04/29/2005|11:40] C:\Program Files\<DIR> ComPlus Applications
[04/29/2005|11:45] C:\Program Files\<DIR> CONEXANT
[01/06/2008|01:00] C:\Program Files\<DIR> Easy Internet signup
[10/30/2008|04:53] C:\Program Files\<DIR> epson
[11/20/2007|10:15] C:\Program Files\<DIR> Google
[05/30/2008|11:30] C:\Program Files\<DIR> Hp
[01/10/2006|10:23] C:\Program Files\<DIR> HPQ
[06/24/2008|09:09] C:\Program Files\<DIR> IBM
[10/27/2008|10:34] C:\Program Files\<DIR> Internet Explorer
[04/30/2005|01:30] C:\Program Files\<DIR> InterVideo
[06/14/2008|09:45] C:\Program Files\<DIR> iPod
[06/14/2008|09:45] C:\Program Files\<DIR> iTunes
[07/22/2008|12:55] C:\Program Files\<DIR> Java
[05/05/2006|08:27] C:\Program Files\<DIR> Kodak
[10/30/2008|02:49] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[10/28/2008|10:14] C:\Program Files\<DIR> McAfee
[06/25/2008|01:05] C:\Program Files\<DIR> McAfee.com
[10/27/2008|10:23] C:\Program Files\<DIR> Messenger
[08/12/2008|10:10] C:\Program Files\<DIR> Microsoft ActiveSync
[04/29/2005|11:40] C:\Program Files\<DIR> microsoft frontpage
[03/02/2008|10:11] C:\Program Files\<DIR> Microsoft Games
[01/07/2008|12:58] C:\Program Files\<DIR> Microsoft Office
[01/09/2006|09:37] C:\Program Files\<DIR> Microsoft Visual Studio
[01/07/2008|12:58] C:\Program Files\<DIR> Microsoft Works
[01/09/2006|09:37] C:\Program Files\<DIR> Microsoft.NET
[04/29/2005|11:40] C:\Program Files\<DIR> Movie Maker
[10/31/2008|12:37] C:\Program Files\<DIR> Mozilla Firefox
[04/07/2007|10:38] C:\Program Files\<DIR> MSN
[04/30/2005|01:19] C:\Program Files\<DIR> MSN Encarta Plus
[04/29/2005|11:40] C:\Program Files\<DIR> MSN Gaming Zone
[11/20/2006|02:43] C:\Program Files\<DIR> MSXML 4.0
[04/30/2005|01:48] C:\Program Files\<DIR> muvee Technologies
[05/14/2008|10:32] C:\Program Files\<DIR> NCH Software
[06/13/2008|03:50] C:\Program Files\<DIR> NCH Swift Sound
[04/29/2005|11:40] C:\Program Files\<DIR> NetMeeting
[04/30/2005|01:37] C:\Program Files\<DIR> Online Services
[06/27/2007|11:37] C:\Program Files\<DIR> Outlook Express
[07/07/2008|02:11] C:\Program Files\<DIR> Outsim
[06/23/2008|01:29] C:\Program Files\<DIR> Pinnacle
[06/14/2008|09:43] C:\Program Files\<DIR> QuickTime
[06/17/2008|03:02] C:\Program Files\<DIR> Real
[08/10/2006|07:52] C:\Program Files\<DIR> Smart Panel
[01/16/2006|01:37] C:\Program Files\<DIR> Sonic
[06/23/2008|12:32] C:\Program Files\<DIR> Sun
[05/12/2008|05:21] C:\Program Files\<DIR> support.com
[08/27/2006|05:40] C:\Program Files\<DIR> Symantec
[04/30/2005|01:30] C:\Program Files\<DIR> Synaptics
[06/30/2008|02:10] C:\Program Files\<DIR> Syncrosoft
[10/30/2008|11:13] C:\Program Files\<DIR> Trend Micro
[04/29/2005|11:40] C:\Program Files\<DIR> Uninstall Information
[06/13/2008|01:10] C:\Program Files\<DIR> Windows Media Connect 2
[06/13/2008|01:10] C:\Program Files\<DIR> Windows Media Player
[04/29/2005|11:40] C:\Program Files\<DIR> Windows NT
[04/29/2005|11:40] C:\Program Files\<DIR> xerox
[07/27/2008|09:52] C:\Program Files\<DIR> Yahoo!
--------------------\\ Listing Folders in C:\Program Files\Common Files
[06/23/2008|03:29] C:\Program Files\Common Files\<DIR> Adobe
[06/26/2006|01:20] C:\Program Files\Common Files\<DIR> AOL
[06/26/2006|01:20] C:\Program Files\Common Files\<DIR> aolshare
[01/03/2008|06:26] C:\Program Files\Common Files\<DIR> Apple
[01/09/2006|09:38] C:\Program Files\Common Files\<DIR> DESIGNER
[06/23/2008|12:38] C:\Program Files\Common Files\<DIR> Download Manager
[04/30/2005|01:29] C:\Program Files\Common Files\<DIR> InstallShield
[04/30/2005|01:08] C:\Program Files\Common Files\<DIR> Java
[01/09/2006|09:39] C:\Program Files\Common Files\<DIR> L&H
[04/30/2005|01:54] C:\Program Files\Common Files\<DIR> LightScribe
[06/25/2008|01:08] C:\Program Files\Common Files\<DIR> McAfee
[08/12/2008|10:07] C:\Program Files\Common Files\<DIR> Microsoft Shared
[04/29/2005|11:40] C:\Program Files\Common Files\<DIR> MSSoap
[04/30/2005|01:48] C:\Program Files\Common Files\<DIR> muvee Technologies
[01/09/2006|10:07] C:\Program Files\Common Files\<DIR> Nullsoft
[04/29/2005|11:40] C:\Program Files\Common Files\<DIR> ODBC
[06/25/2008|03:08] C:\Program Files\Common Files\<DIR> Scanner
[04/29/2005|11:40] C:\Program Files\Common Files\<DIR> Services
[04/30/2005|01:27] C:\Program Files\Common Files\<DIR> Sonic Shared
[04/29/2005|11:40] C:\Program Files\Common Files\<DIR> SpeechEngines
[10/31/2008|11:46] C:\Program Files\Common Files\<DIR> SupportSoft
[08/27/2006|01:32] C:\Program Files\Common Files\<DIR> Symantec Shared
[06/27/2007|11:37] C:\Program Files\Common Files\<DIR> System
[04/30/2005|01:28] C:\Program Files\Common Files\<DIR> TiVo Shared
--------------------\\ Process
( 50 Processes )
... OK !
--------------------\\ Searching with S_Lop
No Lop folder found !
--------------------\\ Searching for Lop Files - Folders
No Lop folder found !
--------------------\\ Searching within the Registry
..... OK !
--------------------\\ Checking the Hosts file
Hosts file CLEAN
--------------------\\ Searching for hidden files with Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-31 13:05:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Searching for other infections
No other infections found !
[F:47][D:4]-> C:\DOCUME~1\Jonathan\LOCALS~1\Temp
[F:22][D:0]-> C:\DOCUME~1\Jonathan\Cookies
[F:6][D:4]-> C:\DOCUME~1\Jonathan\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - Fri 10/31/2008|12:36 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - Fri 10/31/2008|13:07 - Option : [2]
--------------------\\ Scan completed at 13:07:33
Viewpoint est supprimé.
Fais analyser le fichier suivant : C:\WINDOWS\system32\drivers\compbattt.sys
Sur VirusTotal et poste le lien de l'analyse :
https://www.virustotal.com/gui/
Fais analyser le fichier suivant : C:\WINDOWS\system32\drivers\compbattt.sys
Sur VirusTotal et poste le lien de l'analyse :
https://www.virustotal.com/gui/
ok je vient de faire voici leur rapport
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.1.0 2008.10.31 -
AntiVir 7.9.0.10 2008.10.31 -
Authentium 5.1.0.4 2008.10.31 -
Avast 4.8.1248.0 2008.10.31 -
AVG 8.0.0.161 2008.10.31 -
BitDefender 7.2 2008.10.31 -
CAT-QuickHeal 9.50 2008.10.31 -
ClamAV 0.94.1 2008.10.31 -
DrWeb 4.44.0.09170 2008.10.31 -
eSafe 7.0.17.0 2008.10.30 -
eTrust-Vet 31.6.6184 2008.10.31 -
Ewido 4.0 2008.10.31 -
F-Prot 4.4.4.56 2008.10.30 -
Fortinet 3.117.0.0 2008.10.31 -
GData 19 2008.10.31 -
Ikarus T3.1.1.44.0 2008.10.31 -
K7AntiVirus 7.10.513 2008.10.31 -
Kaspersky 7.0.0.125 2008.10.31 -
McAfee 5419 2008.10.31 -
Microsoft 1.4005 2008.10.31 -
NOD32 3573 2008.10.31 -
Norman 5.80.02 2008.10.31 -
Panda 9.0.0.4 2008.10.31 -
PCTools 4.4.2.0 2008.10.31 -
Rising 21.01.42.00 2008.10.31 -
SecureWeb-Gateway 6.7.6 2008.10.31 -
Sophos 4.35.0 2008.10.31 -
Sunbelt 3.1.1767.2 2008.10.31 -
Symantec 10 2008.10.31 -
TheHacker 6.3.1.1.135 2008.10.31 -
TrendMicro 8.700.0.1004 2008.10.31 -
VBA32 3.12.8.9 2008.10.30 -
ViRobot 2008.10.31.1446 2008.10.31 -
VirusBuster 4.5.11.0 2008.10.31 -
Information additionnelle
File size: 9344 bytes
MD5...: df1b1a24bf52d0ebc01ed4ece8979f50
SHA1..: 8fd882f496712d85b4cb3f5cb08c1e742c82a8df
SHA256: 78c5e7be2ffa6a0709f3095ab006c86e3991afc9e9b5abec94c3e8df2ea2169d
SHA512: 74db02374261e2a9a16b122253ef3136a56244090c81b3d396850e82a3bd51bd
7acb577f55d63dfa70f19cc45749e8a014439e580927f5e368358459ed5677a1
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x11a00
timedatestamp.....: 0x3b7d8556 (Fri Aug 17 20:57:58 2001)
machinetype.......: 0x14c (I386)
( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x994 0xa00 6.19 14a2fe113740e941fc1572286874bab1
.rdata 0xd00 0x111 0x180 3.25 d8370b5492bdb906c6d452828b3577a1
PAGE 0xe80 0xb75 0xb80 6.34 e0cb37fad78f7fec0b389b6b92fbd0c3
INIT 0x1a00 0x496 0x500 4.89 4cabda142818d20c33588c1a135ae1c4
.rsrc 0x1f00 0x3f0 0x400 3.34 3e0253c3e0b1a477afba270035125a39
.reloc 0x2300 0x168 0x180 4.70 bfec853f4aa1cdc1da21ce7da5df2da5
( 3 imports )
> NTOSKRNL.EXE: ExQueueWorkItem, IoFreeIrp, IoDeleteDevice, KeInitializeEvent, IoAttachDeviceToDeviceStack, IoCreateSymbolicLink, IoCreateDevice, RtlInitUnicodeString, KeSetEvent, KeWaitForSingleObject, IoBuildDeviceIoControlRequest, RtlCompareUnicodeString, ZwClose, IoCancelIrp, KeQueryInterruptTime, IoFileObjectType, ZwCreateFile, InterlockedDecrement, InterlockedIncrement, PoCallDriver, PoStartNextPowerIrp, ExFreePool, ObfDereferenceObject, IoAllocateIrp, ObfReferenceObject, RtlCopyUnicodeString, ExAllocatePoolWithTag, IoGetDeviceInterfaces, IoRegisterPlugPlayNotification, ObReferenceObjectByHandle, IofCallDriver, IofCompleteRequest, IoGetRelatedDeviceObject
> HAL.DLL: ExAcquireFastMutex, ExReleaseFastMutex
> BATTC.SYS: BatteryClassStatusNotify, BatteryClassIoctl, BatteryClassInitializeDevice
( 0 exports )
ATENTION ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.
Autre fichier
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.11.1.0 2008.10.31 -
AntiVir 7.9.0.10 2008.10.31 -
Authentium 5.1.0.4 2008.10.31 -
Avast 4.8.1248.0 2008.10.31 -
AVG 8.0.0.161 2008.10.31 -
BitDefender 7.2 2008.10.31 -
CAT-QuickHeal 9.50 2008.10.31 -
ClamAV 0.94.1 2008.10.31 -
DrWeb 4.44.0.09170 2008.10.31 -
eSafe 7.0.17.0 2008.10.30 -
eTrust-Vet 31.6.6184 2008.10.31 -
Ewido 4.0 2008.10.31 -
F-Prot 4.4.4.56 2008.10.30 -
Fortinet 3.117.0.0 2008.10.31 -
GData 19 2008.10.31 -
Ikarus T3.1.1.44.0 2008.10.31 -
K7AntiVirus 7.10.513 2008.10.31 -
Kaspersky 7.0.0.125 2008.10.31 -
McAfee 5419 2008.10.31 -
Microsoft 1.4005 2008.10.31 -
NOD32 3573 2008.10.31 -
Norman 5.80.02 2008.10.31 -
Panda 9.0.0.4 2008.10.31 -
PCTools 4.4.2.0 2008.10.31 -
Rising 21.01.42.00 2008.10.31 -
SecureWeb-Gateway 6.7.6 2008.10.31 -
Sophos 4.35.0 2008.10.31 -
Sunbelt 3.1.1767.2 2008.10.31 -
Symantec 10 2008.10.31 -
TheHacker 6.3.1.1.135 2008.10.31 -
TrendMicro 8.700.0.1004 2008.10.31 -
VBA32 3.12.8.9 2008.10.30 -
ViRobot 2008.10.31.1446 2008.10.31 -
VirusBuster 4.5.11.0 2008.10.31 -
Information additionnelle
File size: 9344 bytes
MD5...: df1b1a24bf52d0ebc01ed4ece8979f50
SHA1..: 8fd882f496712d85b4cb3f5cb08c1e742c82a8df
SHA256: 78c5e7be2ffa6a0709f3095ab006c86e3991afc9e9b5abec94c3e8df2ea2169d
SHA512: 74db02374261e2a9a16b122253ef3136a56244090c81b3d396850e82a3bd51bd
7acb577f55d63dfa70f19cc45749e8a014439e580927f5e368358459ed5677a1
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x11a00
timedatestamp.....: 0x3b7d8556 (Fri Aug 17 20:57:58 2001)
machinetype.......: 0x14c (I386)
( 6 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x300 0x994 0xa00 6.19 14a2fe113740e941fc1572286874bab1
.rdata 0xd00 0x111 0x180 3.25 d8370b5492bdb906c6d452828b3577a1
PAGE 0xe80 0xb75 0xb80 6.34 e0cb37fad78f7fec0b389b6b92fbd0c3
INIT 0x1a00 0x496 0x500 4.89 4cabda142818d20c33588c1a135ae1c4
.rsrc 0x1f00 0x3f0 0x400 3.34 3e0253c3e0b1a477afba270035125a39
.reloc 0x2300 0x168 0x180 4.70 bfec853f4aa1cdc1da21ce7da5df2da5
( 3 imports )
> NTOSKRNL.EXE: ExQueueWorkItem, IoFreeIrp, IoDeleteDevice, KeInitializeEvent, IoAttachDeviceToDeviceStack, IoCreateSymbolicLink, IoCreateDevice, RtlInitUnicodeString, KeSetEvent, KeWaitForSingleObject, IoBuildDeviceIoControlRequest, RtlCompareUnicodeString, ZwClose, IoCancelIrp, KeQueryInterruptTime, IoFileObjectType, ZwCreateFile, InterlockedDecrement, InterlockedIncrement, PoCallDriver, PoStartNextPowerIrp, ExFreePool, ObfDereferenceObject, IoAllocateIrp, ObfReferenceObject, RtlCopyUnicodeString, ExAllocatePoolWithTag, IoGetDeviceInterfaces, IoRegisterPlugPlayNotification, ObReferenceObjectByHandle, IofCallDriver, IofCompleteRequest, IoGetRelatedDeviceObject
> HAL.DLL: ExAcquireFastMutex, ExReleaseFastMutex
> BATTC.SYS: BatteryClassStatusNotify, BatteryClassIoctl, BatteryClassInitializeDevice
( 0 exports )
ATENTION ATTENTION: VirusTotal est un service gratuit offert par Hispasec Sistemas. Il n'y a aucune garantie quant à la disponibilité et la continuité de ce service. Bien que le taux de détection permis par l'utilisation de multiples moteurs antivirus soit bien supérieur à celui offert par seulement un produit, ces résultats NE garantissent PAS qu'un fichier est sans danger. Il n'y a actuellement aucune solution qui offre un taux d'efficacité de 100% pour la détection des virus et malwares.
Autre fichier
je lvient de faire ce que vs avez demander voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:19 PM, on 10/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\AOL\1136858856\ee\AOLSoftware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136858856\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /M "Stylus CX4600" /EF "HKCU"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.aol.com/
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5332/mcfscan.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O24 - Desktop Component 1: (no name) - https://www.youtube.com/
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:02:19 PM, on 10/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\Common Files\AOL\1136858856\ee\AOLSoftware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/comcast.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = https://support.microsoft.com/en-US/topic/internet-explorer-downloads-d49e1f0d-571c-9a7b-d97e-be248806ca70
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136858856\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /O6 "USB001" /M "Stylus CX4600"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MBkLogOnHook] C:\Program Files\McAfee\MBK\LogOnHook.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [EPSON Stylus CX4600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9AA.EXE /P26 "EPSON Stylus CX4600 Series" /M "Stylus CX4600" /EF "HKCU"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.aol.com/
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5332/mcfscan.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O24 - Desktop Component 1: (no name) - https://www.youtube.com/
