Google délirant
Dernière réponse : dans Sécurité
Bonjour,
Depuis hier, le moteur de recherche délire complètement sur mon pc ; sous firefox, la recherche fonctionne normalement mais quand on clique sur un des résultats on arrive sur une autre page (un peu toujours les mêmes).
Sous IE, c'est pire, la connexion est la plupart du temps impossible (et ça foire pareil avec Yahoo, d'ailleurs).
J'ai essayé de nettoyer avec CCleaner, AD-Aware et Spy Sweeper a repéré un machin intitulé "edipol alloticket dialer" qu'il ne mettra en quarantaine, si j'ai bien compris, que si je lui verse 25 dollars (enfin 24.99).
Bref, si vous pouvez m'expliquer quel est le problème, et m'aider à le résoudre, vous serez bénis jusqu'à la 8ème génération...
A tout hasard, j'ai fait un Hijack This...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:58:58, on 09/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\PROGRA~1\EPRINT~1\REMOTE~1\remprn.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\INAC\Anti Spyware\inac2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\SSUPDATE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ad-aware(antispylog)\Ad-aware 6\Ad-aware.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.free.fr/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] "c:\windows\system\hpsysdrv.exe"
O4 - HKLM\..\Run: [HPHUPD05] "c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
O4 - HKLM\..\Run: [HPHmon05] "C:\WINDOWS\System32\hphmon05.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [MAAgent] "C:\Program Files\MarkAny\ContentSafer\MAAgent.exe"
O4 - HKLM\..\Run: [RemotePrinter] "C:\PROGRA~1\EPRINT~1\REMOTE~1\remprn.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [inrhc5g9j0eg9l] C:\Documents and Settings\Propriétaire\Local Settings\Temp\.tt567.tmp.exe /CR=5F8C0875B49BA02BB503A8EC828A17BC0F4B36070FCBD523B5D98BA835E4CBAA1DBC860873D8270EDB91A9289DEAD3FBE57CEB77B0E611E918AB26BC81730D9C89173D615B8B505CAFEAAB00517CB28B02
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [INACASAP] "C:\Program Files\INAC\Anti Spyware\inac2.exe" /h
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Acme.PCHButton] "C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe"
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [Kalender] "C:\Program Files\Kalender\Kalender.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {1B4988D6-1723-11D4-A48B-00E02917C902} (Contrôle ActiveX GEOMAP GIS) - http://sig.cg18.fr/ggAxFr.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://sig.cg18.fr/mgaxctrl.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://webgames.d.tmsrv.com/c=7ae08f6012ba6e8ee5abb20bb...
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://webgames.d.tmsrv.com/c=b9f4b22771d9ca23ed3d1284b...
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zyloml...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.40o...
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Imapdy_gelq - Macrovision Corporation - (no file)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Propriétaire/Bureau/anne%20work/LPMDSU/eot
--
End of file - 12059 bytes
Depuis hier, le moteur de recherche délire complètement sur mon pc ; sous firefox, la recherche fonctionne normalement mais quand on clique sur un des résultats on arrive sur une autre page (un peu toujours les mêmes).
Sous IE, c'est pire, la connexion est la plupart du temps impossible (et ça foire pareil avec Yahoo, d'ailleurs).
J'ai essayé de nettoyer avec CCleaner, AD-Aware et Spy Sweeper a repéré un machin intitulé "edipol alloticket dialer" qu'il ne mettra en quarantaine, si j'ai bien compris, que si je lui verse 25 dollars (enfin 24.99).
Bref, si vous pouvez m'expliquer quel est le problème, et m'aider à le résoudre, vous serez bénis jusqu'à la 8ème génération...
A tout hasard, j'ai fait un Hijack This...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:58:58, on 09/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\PROGRA~1\EPRINT~1\REMOTE~1\remprn.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\INAC\Anti Spyware\inac2.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\SSUPDATE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ad-aware(antispylog)\Ad-aware 6\Ad-aware.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.free.fr/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] "c:\windows\system\hpsysdrv.exe"
O4 - HKLM\..\Run: [HPHUPD05] "c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
O4 - HKLM\..\Run: [HPHmon05] "C:\WINDOWS\System32\hphmon05.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [MAAgent] "C:\Program Files\MarkAny\ContentSafer\MAAgent.exe"
O4 - HKLM\..\Run: [RemotePrinter] "C:\PROGRA~1\EPRINT~1\REMOTE~1\remprn.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [inrhc5g9j0eg9l] C:\Documents and Settings\Propriétaire\Local Settings\Temp\.tt567.tmp.exe /CR=5F8C0875B49BA02BB503A8EC828A17BC0F4B36070FCBD523B5D98BA835E4CBAA1DBC860873D8270EDB91A9289DEAD3FBE57CEB77B0E611E918AB26BC81730D9C89173D615B8B505CAFEAAB00517CB28B02
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [INACASAP] "C:\Program Files\INAC\Anti Spyware\inac2.exe" /h
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Acme.PCHButton] "C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe"
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [Kalender] "C:\Program Files\Kalender\Kalender.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {1B4988D6-1723-11D4-A48B-00E02917C902} (Contrôle ActiveX GEOMAP GIS) - http://sig.cg18.fr/ggAxFr.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://sig.cg18.fr/mgaxctrl.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://webgames.d.tmsrv.com/c=7ae08f6012ba6e8ee5abb20bb...
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://webgames.d.tmsrv.com/c=b9f4b22771d9ca23ed3d1284b...
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zyloml...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.40o...
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Imapdy_gelq - Macrovision Corporation - (no file)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Propriétaire/Bureau/anne%20work/LPMDSU/eot
--
End of file - 12059 bytes
Autres pages sur : google delirant
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge Catchme ([#ff0000]Gmer[/#f]) sur ton Bureau.
Double clique sur catchme.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, poste le rapport catchme.log dans ta prochaine réponse.
:-( Firefox refuse la connexion avec www.gmer.net
"Bien que le site semble valide, le navigateur n'a pas pu établir de connexion."
"Bien que le site semble valide, le navigateur n'a pas pu établir de connexion."
Rapport Catchme
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
HKLM\SYSTEM\CurrentControlSet\Services\TDTCPerv
scanning hidden autostart entries ...
scanning hidden files ...
C:\Documents and Settings\Propriétaire\Local Settings\Temp\TDSS2a5c.tmp 688128 bytes
C:\WINDOWS\system32\drivers\tdssserv.sys 36864 bytes
C:\WINDOWS\system32\tdssadw.dll 32768 bytes
C:\WINDOWS\system32\tdssinit.dll 57344 bytes
C:\WINDOWS\system32\tdssl.dll 20480 bytes
C:\WINDOWS\system32\tdsslog.dll 12288 bytes
C:\WINDOWS\system32\tdssmain.dll 12288 bytes
C:\WINDOWS\system32\tdssserf.dll 12288 bytes
C:\WINDOWS\system32\tdssservers.dat 256 bytes
scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 9
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
HKLM\SYSTEM\CurrentControlSet\Services\TDTCPerv
scanning hidden autostart entries ...
scanning hidden files ...
C:\Documents and Settings\Propriétaire\Local Settings\Temp\TDSS2a5c.tmp 688128 bytes
C:\WINDOWS\system32\drivers\tdssserv.sys 36864 bytes
C:\WINDOWS\system32\tdssadw.dll 32768 bytes
C:\WINDOWS\system32\tdssinit.dll 57344 bytes
C:\WINDOWS\system32\tdssl.dll 20480 bytes
C:\WINDOWS\system32\tdsslog.dll 12288 bytes
C:\WINDOWS\system32\tdssmain.dll 12288 bytes
C:\WINDOWS\system32\tdssserf.dll 12288 bytes
C:\WINDOWS\system32\tdssservers.dat 256 bytes
scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 9
Re,
Télécharge KillTD sur ton Bureau.
Dézippe-le puis double-clique sur Kill.cmd (le .cmd n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, refais un scan Catchme puis poste le rapport dans ta prochaine réponse.
Re et encore merci,
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
HKLM\SYSTEM\CurrentControlSet\Services\TDTCPerv
scanning hidden autostart entries ...
scanning hidden files ...
C:\Documents and Settings\Propriétaire\Local Settings\Temp\TDSS2a5c.tmp 688128 bytes
C:\WINDOWS\system32\drivers\tdssserv.sys 36864 bytes
C:\WINDOWS\system32\tdssadw.dll 32768 bytes
C:\WINDOWS\system32\tdssinit.dll 57344 bytes
C:\WINDOWS\system32\tdssl.dll 20480 bytes
C:\WINDOWS\system32\tdsslog.dll 12288 bytes
C:\WINDOWS\system32\tdssmain.dll 12288 bytes
C:\WINDOWS\system32\tdssserf.dll 12288 bytes
C:\WINDOWS\system32\tdssservers.dat 256 bytes
scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 9
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net
scanning hidden processes ...
scanning hidden services ...
HKLM\SYSTEM\CurrentControlSet\Services\TDTCPerv
scanning hidden autostart entries ...
scanning hidden files ...
C:\Documents and Settings\Propriétaire\Local Settings\Temp\TDSS2a5c.tmp 688128 bytes
C:\WINDOWS\system32\drivers\tdssserv.sys 36864 bytes
C:\WINDOWS\system32\tdssadw.dll 32768 bytes
C:\WINDOWS\system32\tdssinit.dll 57344 bytes
C:\WINDOWS\system32\tdssl.dll 20480 bytes
C:\WINDOWS\system32\tdsslog.dll 12288 bytes
C:\WINDOWS\system32\tdssmain.dll 12288 bytes
C:\WINDOWS\system32\tdssserf.dll 12288 bytes
C:\WINDOWS\system32\tdssservers.dat 256 bytes
scan completed successfully
hidden processes: 0
hidden services: 1
hidden files: 9
Re,
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
RE,
ComboFix 08-09-19.02 - Propri‚taire 2008-09-19 21:08:52.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.157 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@yahoo[2].txt
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@yahoo[7].txt
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\blphc1g9j0eg9l.scr
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\tdssservers.dat
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-19 au 2008-09-19 ))))))))))))))))))))))))))))))))))))
.
2008-09-19 21:06 . 2008-09-19 21:15 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-19 21:06 . 2008-09-19 21:15 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-19 21:06 . 2008-09-19 21:15 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-19 21:06 . 2008-09-19 21:15 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-19 19:09 . 2008-09-19 19:33 <REP> d----c--- C:\fixwareout
2008-09-19 16:58 . 2008-09-19 16:58 <REP> d-------- C:\Program Files\Trend Micro
2008-09-18 12:42 . 2008-09-19 20:48 <REP> d-------- C:\Program Files\INAC
2008-09-18 12:42 . 2008-09-19 19:32 67,645 --a------ C:\WINDOWS\system32\drivers\pshook11.sys
2008-09-18 09:29 . 2008-09-18 09:29 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-18 09:29 . <REP> C:\Documents and Settings\Propriétaire\Application Data\SUPERAntiSpyware.com
2008-09-18 09:29 . 2008-09-18 09:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-18 09:27 . 2008-09-18 09:27 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-17 19:20 . 2008-09-17 21:36 164 --a--c--- C:\install.dat
2008-09-17 19:09 . <REP> C:\Documents and Settings\Propriétaire\Application Data\GetRightToGo
2008-09-17 15:45 . 2008-09-17 15:59 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-09-17 15:45 . 2008-09-17 15:59 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-09-17 15:44 . 2008-09-17 15:44 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-09-17 15:44 . 2008-09-19 20:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-17 15:16 . 2004-01-01 12:22 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-09-17 15:16 . 2004-01-01 09:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-17 15:16 . 2004-01-01 09:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-17 15:16 . 2004-03-24 22:03 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-17 15:16 . 2006-08-15 15:15 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-17 15:16 . 2004-03-24 22:03 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-17 15:16 . 2004-03-24 22:03 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-09-17 15:16 . 2004-01-01 09:48 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-17 15:16 . 2004-01-01 09:08 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-09-17 15:16 . 2004-01-01 12:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sonic
2008-09-17 15:16 . 2004-01-01 12:52 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SampleView
2008-09-17 15:16 . 2008-09-17 15:16 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-17 14:56 . 2008-09-17 14:56 <REP> d----c--- C:\kav
2008-09-17 12:33 . 2008-09-17 12:33 <REP> d-------- C:\Program Files\Enigma Software Group
2008-09-06 10:59 . 2008-09-06 11:28 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-02 18:29 . 2008-09-05 13:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-02 18:29 . 2008-09-02 18:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-22 04:07 . 2008-08-22 04:07 <REP> d-------- C:\Program Files\Microsoft Silverlight
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-19 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\docuPrinterLT
2008-09-19 18:53 --------- d-----w C:\Program Files\ad-aware(antispylog)
2008-09-19 17:16 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\UK's Kalender
2008-09-18 17:17 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\OpenOffice.org2
2008-09-11 17:01 --------- d-----w C:\Program Files\Easy Internet signup
2008-09-07 12:49 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Mozilla
2008-09-05 16:17 --------- d-----w C:\Program Files\MSECache
2008-08-31 11:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-31 11:33 --------- d-----w C:\Program Files\Hattrick Forever
2008-08-31 11:32 --------- d-----w C:\Program Files\HAM
2008-08-31 11:32 --------- d-----w C:\Program Files\Evid & Denouvel
2008-08-31 11:31 --------- d-----w C:\Program Files\CCLEANER
2008-08-28 16:37 --------- d-----w C:\Program Files\Hattrick Organizer
2008-08-19 12:54 32,549 ----a-w C:\WINDOWS\king-uninstall.exe
2008-08-15 09:16 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-08-15 09:16 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-08-15 09:16 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Real
2008-07-23 12:57 --------- d-----w C:\Program Files\PokerStars
2008-07-20 10:36 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\FMZilla
2008-06-23 10:14 35,336 ----a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2008-03-22 13:30 372 ----a-w C:\Program Files\Bureau.lnk
2007-09-29 16:51 5,120 --sha-w C:\Program Files\Thumbs.db
2007-09-26 05:26 2,212 ----a-w C:\Program Files\workplacelogo.gif
2007-09-08 18:39 5,082,491 ----a-w C:\Program Files\StreamerOne-Setup-4.5.2.zip
2007-09-04 16:33 2,815,488 ----a-w C:\Program Files\TvantsSetup.EXE
2007-06-13 20:08 1,304,000 ----a-w C:\Program Files\emploi du temps.exe
2007-06-12 02:05 1,306,346 ----a-w C:\Program Files\calendrier.exe
2007-03-14 12:59 545,752 ----a-w C:\Program Files\acrobat reader.exe
2007-02-14 21:03 811,736 ----a-w C:\Program Files\Convertisseur_Works_pour_Word_2000_____________.exe
2006-11-26 16:00 967,351 ----a-w C:\Program Files\GeoKid_1.0.zip
2006-04-22 16:23 24,192 ----a-w C:\Documents and Settings\Propriétaire\usbsermptxp.sys
2006-04-22 16:23 22,768 ----a-w C:\Documents and Settings\Propriétaire\usbsermpt.sys
2006-02-13 23:39 1,034 ------w C:\Program Files\launch.htm
2006-01-19 16:21 975,360 ------w C:\Program Files\ECOVILLE_LE_JEU.exe
2005-11-03 14:55 1,953,480 ------w C:\Program Files\PPVIEWER.EXE
2005-09-05 07:21 635,569 ----a-w C:\Program Files\XviD-1.0.3-20122004.exe
2004-06-27 23:06 609,553 ----a-w C:\Program Files\ot_271.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe" [2004-01-01 159744]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 15360]
"Kalender"="C:\Program Files\Kalender\Kalender.exe" [2007-01-07 811008]
"Orb"="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" [2008-04-01 507904]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 483328]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-12-05 3022848]
"nwiz"="C:\WINDOWS\system32\nwiz.exe" [2003-12-05 753664]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"Pop-Up Stopper"="C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe" [2003-01-14 868352]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-31 57344]
"RemotePrinter"="C:\PROGRA~1\EPRINT~1\REMOTE~1\remprn.exe" [2005-09-26 2646016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-08-15 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 286720]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ask Harrap's Shorter.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Ask Harrap's Shorter.lnk
backup=C:\WINDOWS\pss\Ask Harrap's Shorter.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2003-02-11 20:02 61440 C:\hp\KBD\kbd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a------ 2003-09-12 20:13 98304 C:\WINDOWS\system32\ps2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-15 00:43 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-08-15 11:16 214560 C:\Program Files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2003-11-03 17:50 221184 C:\WINDOWS\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 09:01 110592 C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2003-04-03 21:35 50176 C:\WINDOWS\ALCXMNTR.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" -tray
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Emule\\emule.exe"=
"C:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE"=
"C:\\Program Files\\StreamerOne\\StreamerOne.exe"=
"C:\\Program Files\\ePrintDirect\\Remote Printer Driver\\remprn.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"=
"C:\\kav\\kav8.0\\french\\setup.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2005-08-17 69120]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2004-10-25 59392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
tapisrv REG_MULTI_SZ Tapisrv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8193272c-d09f-11db-92a7-000ea65765e6}]
\Shell\AutoRun\command - 32e2.com
\Shell\explore\Command - 32e2.com
\Shell\open\Command - 32e2.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca85123d-9a0e-11dc-92fd-000ea65765e6}]
\Shell\AutoRun\command - 32e2.com
\Shell\explore\Command - 32e2.com
\Shell\open\Command - 32e2.com
.
Contenu du dossier 'Tâches planifiées'
2008-09-19 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
2008-09-19 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
2008-09-19 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-inrhc5g9j0eg9l - C:\Documents and Settings\Propriétaire\Local Settings\Temp\.tt567.tmp.exe
HKLM-Run-INACASAP - C:\Program Files\INAC\Anti Spyware\inac2.exe
MSConfigStartUp-Shareaza - C:\Documents and Settings\Propriétaire\Bureau\joy\Shareaza\Shareaza.exe
MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
MSConfigStartUp-VTTimer - VTTimer.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = www.yahoo.com
R0 -: HKCU-Main,Default_Search_URL = hxxp://srch-qfr10.hpwis.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKLM-Main,Search Bar = hxxp://srch-qfr10.hpwis.com/
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
R1 -: HKCU-SearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://fr.search.yahoo.com
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 -: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 -: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe -
O16 -: {1B4988D6-1723-11D4-A48B-00E02917C902} - hxxp://sig.cg18.fr/ggAxFr.cab
C:\WINDOWS\Downloaded Program Files\ggAxFrEn.INF
C:\WINDOWS\Downloaded Program Files\GGAXCTL.OCX
O16 -: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
C:\WINDOWS\Downloaded Program Files\AdSignerADP.inf
C:\WINDOWS\system32\msvcp60.dll
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\Downloaded Program Files\AdVerifierADP.dll
C:\WINDOWS\Downloaded Program Files\AdSignerADP.dll
O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://webgames.d.tmsrv.com/c=b9f4b22771d9ca23ed3d1284bf05b2ea/aff=t_25oa_frca_wg/p/release/iwin/wg_shangrila/shangrila/zylomgamesplayer.cab
C:\WINDOWS\Downloaded Program Files\ZylomGamesPlayer.inf
C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-19 21:17:24
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AxPsHook11]
"ImagePath"="\??\"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Panicware\Pop-Up Stopper\DPHOOK32.DLL
-> C:\WINDOWS\PANICNT.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Orb Networks\Orb\bin\Orb.exe
C:\WINDOWS\system32\hpzipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Heure de fin: 2008-09-19 21:24:05 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-19 19:23:58
Avant-CF: 32ÿ749ÿ019ÿ136 octets libres
Après-CF: 33,167,626,240 octets libres
275 --- E O F --- 2008-09-11 01:10:21
ComboFix 08-09-19.02 - Propri‚taire 2008-09-19 21:08:52.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.157 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Propri‚taire\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@yahoo[2].txt
C:\Documents and Settings\Propriétaire\Cookies\propriétaire@yahoo[7].txt
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\actskn43.ocx
C:\WINDOWS\system32\blphc1g9j0eg9l.scr
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\tdssservers.dat
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-08-19 au 2008-09-19 ))))))))))))))))))))))))))))))))))))
.
2008-09-19 21:06 . 2008-09-19 21:15 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-19 21:06 . 2008-09-19 21:15 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-19 21:06 . 2008-09-19 21:15 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-19 21:06 . 2008-09-19 21:15 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-19 19:09 . 2008-09-19 19:33 <REP> d----c--- C:\fixwareout
2008-09-19 16:58 . 2008-09-19 16:58 <REP> d-------- C:\Program Files\Trend Micro
2008-09-18 12:42 . 2008-09-19 20:48 <REP> d-------- C:\Program Files\INAC
2008-09-18 12:42 . 2008-09-19 19:32 67,645 --a------ C:\WINDOWS\system32\drivers\pshook11.sys
2008-09-18 09:29 . 2008-09-18 09:29 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-18 09:29 . <REP> C:\Documents and Settings\Propriétaire\Application Data\SUPERAntiSpyware.com
2008-09-18 09:29 . 2008-09-18 09:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-18 09:27 . 2008-09-18 09:27 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-17 19:20 . 2008-09-17 21:36 164 --a--c--- C:\install.dat
2008-09-17 19:09 . <REP> C:\Documents and Settings\Propriétaire\Application Data\GetRightToGo
2008-09-17 15:45 . 2008-09-17 15:59 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-09-17 15:45 . 2008-09-17 15:59 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-09-17 15:44 . 2008-09-17 15:44 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-09-17 15:44 . 2008-09-19 20:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-17 15:16 . 2004-01-01 12:22 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-09-17 15:16 . 2004-01-01 09:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-17 15:16 . 2004-01-01 09:48 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-17 15:16 . 2004-03-24 22:03 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-17 15:16 . 2006-08-15 15:15 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-17 15:16 . 2004-03-24 22:03 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-17 15:16 . 2004-03-24 22:03 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-09-17 15:16 . 2004-01-01 09:48 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-17 15:16 . 2004-01-01 09:08 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-09-17 15:16 . 2004-01-01 12:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Sonic
2008-09-17 15:16 . 2004-01-01 12:52 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SampleView
2008-09-17 15:16 . 2008-09-17 15:16 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-17 14:56 . 2008-09-17 14:56 <REP> d----c--- C:\kav
2008-09-17 12:33 . 2008-09-17 12:33 <REP> d-------- C:\Program Files\Enigma Software Group
2008-09-06 10:59 . 2008-09-06 11:28 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-02 18:29 . 2008-09-05 13:10 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-02 18:29 . 2008-09-02 18:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-22 04:07 . 2008-08-22 04:07 <REP> d-------- C:\Program Files\Microsoft Silverlight
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-19 19:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\docuPrinterLT
2008-09-19 18:53 --------- d-----w C:\Program Files\ad-aware(antispylog)
2008-09-19 17:16 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\UK's Kalender
2008-09-18 17:17 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\OpenOffice.org2
2008-09-11 17:01 --------- d-----w C:\Program Files\Easy Internet signup
2008-09-07 12:49 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Mozilla
2008-09-05 16:17 --------- d-----w C:\Program Files\MSECache
2008-08-31 11:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-31 11:33 --------- d-----w C:\Program Files\Hattrick Forever
2008-08-31 11:32 --------- d-----w C:\Program Files\HAM
2008-08-31 11:32 --------- d-----w C:\Program Files\Evid & Denouvel
2008-08-31 11:31 --------- d-----w C:\Program Files\CCLEANER
2008-08-28 16:37 --------- d-----w C:\Program Files\Hattrick Organizer
2008-08-19 12:54 32,549 ----a-w C:\WINDOWS\king-uninstall.exe
2008-08-15 09:16 --------- d-----w C:\Program Files\Fichiers communs\xing shared
2008-08-15 09:16 --------- d-----w C:\Program Files\Fichiers communs\Real
2008-08-15 09:16 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\Real
2008-07-23 12:57 --------- d-----w C:\Program Files\PokerStars
2008-07-20 10:36 --------- d-----w C:\Documents and Settings\Propriétaire\Application Data\FMZilla
2008-06-23 10:14 35,336 ----a-w C:\Documents and Settings\Propriétaire\Application Data\GDIPFONTCACHEV1.DAT
2008-03-22 13:30 372 ----a-w C:\Program Files\Bureau.lnk
2007-09-29 16:51 5,120 --sha-w C:\Program Files\Thumbs.db
2007-09-26 05:26 2,212 ----a-w C:\Program Files\workplacelogo.gif
2007-09-08 18:39 5,082,491 ----a-w C:\Program Files\StreamerOne-Setup-4.5.2.zip
2007-09-04 16:33 2,815,488 ----a-w C:\Program Files\TvantsSetup.EXE
2007-06-13 20:08 1,304,000 ----a-w C:\Program Files\emploi du temps.exe
2007-06-12 02:05 1,306,346 ----a-w C:\Program Files\calendrier.exe
2007-03-14 12:59 545,752 ----a-w C:\Program Files\acrobat reader.exe
2007-02-14 21:03 811,736 ----a-w C:\Program Files\Convertisseur_Works_pour_Word_2000_____________.exe
2006-11-26 16:00 967,351 ----a-w C:\Program Files\GeoKid_1.0.zip
2006-04-22 16:23 24,192 ----a-w C:\Documents and Settings\Propriétaire\usbsermptxp.sys
2006-04-22 16:23 22,768 ----a-w C:\Documents and Settings\Propriétaire\usbsermpt.sys
2006-02-13 23:39 1,034 ------w C:\Program Files\launch.htm
2006-01-19 16:21 975,360 ------w C:\Program Files\ECOVILLE_LE_JEU.exe
2005-11-03 14:55 1,953,480 ------w C:\Program Files\PPVIEWER.EXE
2005-09-05 07:21 635,569 ----a-w C:\Program Files\XviD-1.0.3-20122004.exe
2004-06-27 23:06 609,553 ----a-w C:\Program Files\ot_271.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acme.PCHButton"="C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe" [2004-01-01 159744]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 15360]
"Kalender"="C:\Program Files\Kalender\Kalender.exe" [2007-01-07 811008]
"Orb"="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe" [2008-04-01 507904]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-08-21 483328]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-12-05 3022848]
"nwiz"="C:\WINDOWS\system32\nwiz.exe" [2003-12-05 753664]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"Pop-Up Stopper"="C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe" [2003-01-14 868352]
"MAAgent"="C:\Program Files\MarkAny\ContentSafer\MAAgent.exe" [2007-01-31 57344]
"RemotePrinter"="C:\PROGRA~1\EPRINT~1\REMOTE~1\remprn.exe" [2005-09-26 2646016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-08-15 185896]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 286720]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ask Harrap's Shorter.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Ask Harrap's Shorter.lnk
backup=C:\WINDOWS\pss\Ask Harrap's Shorter.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2003-02-11 20:02 61440 C:\hp\KBD\kbd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a------ 2003-09-12 20:13 98304 C:\WINDOWS\system32\ps2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-11-15 00:43 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-08-15 11:16 214560 C:\Program Files\Real\RealPlayer\realplay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2003-11-03 17:50 221184 C:\WINDOWS\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2003-08-19 09:01 110592 C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2003-04-03 21:35 50176 C:\WINDOWS\ALCXMNTR.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" -tray
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Emule\\emule.exe"=
"C:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE"=
"C:\\Program Files\\StreamerOne\\StreamerOne.exe"=
"C:\\Program Files\\ePrintDirect\\Remote Printer Driver\\remprn.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\xmltv.exe"=
"C:\\Program Files\\Orb Networks\\Orb\\bin\\OrbChannelScan.exe"=
"C:\\kav\\kav8.0\\french\\setup.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2005-08-17 69120]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2004-10-25 59392]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
tapisrv REG_MULTI_SZ Tapisrv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8193272c-d09f-11db-92a7-000ea65765e6}]
\Shell\AutoRun\command - 32e2.com
\Shell\explore\Command - 32e2.com
\Shell\open\Command - 32e2.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ca85123d-9a0e-11dc-92fd-000ea65765e6}]
\Shell\AutoRun\command - 32e2.com
\Shell\explore\Command - 32e2.com
\Shell\open\Command - 32e2.com
.
Contenu du dossier 'Tâches planifiées'
2008-09-19 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]
2008-09-19 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
2008-09-19 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-inrhc5g9j0eg9l - C:\Documents and Settings\Propriétaire\Local Settings\Temp\.tt567.tmp.exe
HKLM-Run-INACASAP - C:\Program Files\INAC\Anti Spyware\inac2.exe
MSConfigStartUp-Shareaza - C:\Documents and Settings\Propriétaire\Bureau\joy\Shareaza\Shareaza.exe
MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
MSConfigStartUp-VTTimer - VTTimer.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = www.yahoo.com
R0 -: HKCU-Main,Default_Search_URL = hxxp://srch-qfr10.hpwis.com/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKLM-Main,Search Bar = hxxp://srch-qfr10.hpwis.com/
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
R1 -: HKCU-SearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://fr.search.yahoo.com
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 -: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 -: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe -
O16 -: {1B4988D6-1723-11D4-A48B-00E02917C902} - hxxp://sig.cg18.fr/ggAxFr.cab
C:\WINDOWS\Downloaded Program Files\ggAxFrEn.INF
C:\WINDOWS\Downloaded Program Files\GGAXCTL.OCX
O16 -: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
C:\WINDOWS\Downloaded Program Files\AdSignerADP.inf
C:\WINDOWS\system32\msvcp60.dll
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\Downloaded Program Files\AdVerifierADP.dll
C:\WINDOWS\Downloaded Program Files\AdSignerADP.dll
O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://webgames.d.tmsrv.com/c=b9f4b22771d9ca23ed3d1284bf05b2ea/aff=t_25oa_frca_wg/p/release/iwin/wg_shangrila/shangrila/zylomgamesplayer.cab
C:\WINDOWS\Downloaded Program Files\ZylomGamesPlayer.inf
C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-19 21:17:24
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\AxPsHook11]
"ImagePath"="\??\"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Panicware\Pop-Up Stopper\DPHOOK32.DLL
-> C:\WINDOWS\PANICNT.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Orb Networks\Orb\bin\Orb.exe
C:\WINDOWS\system32\hpzipm12.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Heure de fin: 2008-09-19 21:24:05 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-09-19 19:23:58
Avant-CF: 32ÿ749ÿ019ÿ136 octets libres
Après-CF: 33,167,626,240 octets libres
275 --- E O F --- 2008-09-11 01:10:21
Re,
On continue![:)]( ":)")
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
On continue
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Re bonjour,
voici le log MBAM
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1180
Windows 5.1.2600 Service Pack 2
09/20/2008 17:22:47
mbam-log-2008-09-20 (17-22-47).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 159537
Temps écoulé: 2 hour(s), 42 minute(s), 39 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\WINDOWS\system32\blphc1g9j0eg9l.scr.vir (Fake.BlueScreenError) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP2\A0002062.scr (Fake.BlueScreenError) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Bureau\AntiSpyware(2).exe (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Bureau\AntiSpyware.exe (Rogue.Antispyware) -> Quarantined and deleted successfully.
voici le log MBAM
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1180
Windows 5.1.2600 Service Pack 2
09/20/2008 17:22:47
mbam-log-2008-09-20 (17-22-47).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 159537
Temps écoulé: 2 hour(s), 42 minute(s), 39 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\WINDOWS\system32\blphc1g9j0eg9l.scr.vir (Fake.BlueScreenError) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AA3F8F0A-60AD-4079-B11F-59E3B100AF75}\RP2\A0002062.scr (Fake.BlueScreenError) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Bureau\AntiSpyware(2).exe (Rogue.Antispyware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Propriétaire\Bureau\AntiSpyware.exe (Rogue.Antispyware) -> Quarantined and deleted successfully.
Le voilà !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:12, on 09/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kalender\Kalender.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] "c:\windows\system\hpsysdrv.exe"
O4 - HKLM\..\Run: [HPHUPD05] "c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
O4 - HKLM\..\Run: [HPHmon05] "C:\WINDOWS\System32\hphmon05.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [MAAgent] "C:\Program Files\MarkAny\ContentSafer\MAAgent.exe"
O4 - HKLM\..\Run: [RemotePrinter] "C:\PROGRA~1\EPRINT~1\REMOTE~1\remprn.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Acme.PCHButton] "C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Kalender] "C:\Program Files\Kalender\Kalender.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {1B4988D6-1723-11D4-A48B-00E02917C902} (Contrôle ActiveX GEOMAP GIS) - http://sig.cg18.fr/ggAxFr.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://sig.cg18.fr/mgaxctrl.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://webgames.d.tmsrv.com/c=7ae08f6012ba6e8ee5abb20bb...
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://webgames.d.tmsrv.com/c=b9f4b22771d9ca23ed3d1284b...
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zyloml...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Imapdy_gelq - Macrovision Corporation - (no file)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Propriétaire/Bureau/anne%20work/LPMDSU/eot
--
End of file - 10369 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:50:12, on 09/20/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\Program Files\MarkAny\ContentSafer\MAAgent.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kalender\Kalender.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] "c:\windows\system\hpsysdrv.exe"
O4 - HKLM\..\Run: [HPHUPD05] "c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe"
O4 - HKLM\..\Run: [HPHmon05] "C:\WINDOWS\System32\hphmon05.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
O4 - HKLM\..\Run: [MAAgent] "C:\Program Files\MarkAny\ContentSafer\MAAgent.exe"
O4 - HKLM\..\Run: [RemotePrinter] "C:\PROGRA~1\EPRINT~1\REMOTE~1\remprn.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Acme.PCHButton] "C:\PROGRA~1\PRESAR~1\Presario\XPHWWRP4\plugin\bin\PCHButton.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Kalender] "C:\Program Files\Kalender\Kalender.exe"
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {1B4988D6-1723-11D4-A48B-00E02917C902} (Contrôle ActiveX GEOMAP GIS) - http://sig.cg18.fr/ggAxFr.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://sig.cg18.fr/mgaxctrl.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://webgames.d.tmsrv.com/c=7ae08f6012ba6e8ee5abb20bb...
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://webgames.d.tmsrv.com/c=b9f4b22771d9ca23ed3d1284b...
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zyloml...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Imapdy_gelq - Macrovision Corporation - (no file)
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Propriétaire/Bureau/anne%20work/LPMDSU/eot
--
End of file - 10369 bytes
Lassé par la pub ? Créez un compte
