aide svp mon pc rame,infecté???
Dernière réponse : dans Sécurité
bonjour voila mon pc rame de plus en plus je pense qu'il est infecté.j'espere trouver de l'aide merci.
voila le rapport:
Logfile of HijackThis v1.99.1
Scan saved at 16:39, on 2008-11-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.exe
D:\WINDOWS\services.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
D:\Program Files\BroadJump\Client Foundation\CFD.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\Program Files\Sony\HotKey Utility\HKserv.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\powerpanel\Program\PcfMgr.exe
D:\Program Files\Club-Internet\Lanceur\lanceur.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Sony\HotKey Utility\HKWnd.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\k-der.one\Bureau\worldsat\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\system32\fservice.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: XBTB06823 - {BA463437-C3DE-47da-8280-87596824388A} - D:\PROGRA~1\GOOGLE~1\TOOLBA~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UpdateManager] "D:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SigmaTel StacMon] D:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [BJCFD] D:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [HKSERV.EXE] D:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] D:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: Club Internet.lnk = D:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Startup: TribalWeb.lnk = D:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = D:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: PowerPanel.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://espaceabonnes.club-internet.fr/services/symantec...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 16:41, on 2008-11-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.exe
D:\WINDOWS\services.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
D:\Program Files\BroadJump\Client Foundation\CFD.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\Program Files\Sony\HotKey Utility\HKserv.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\powerpanel\Program\PcfMgr.exe
D:\Program Files\Club-Internet\Lanceur\lanceur.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Sony\HotKey Utility\HKWnd.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\system32\fservice.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: XBTB06823 - {BA463437-C3DE-47da-8280-87596824388A} - D:\PROGRA~1\GOOGLE~1\TOOLBA~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UpdateManager] "D:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SigmaTel StacMon] D:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [BJCFD] D:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [HKSERV.EXE] D:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] D:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: Club Internet.lnk = D:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Startup: TribalWeb.lnk = D:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = D:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: PowerPanel.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://espaceabonnes.club-internet.fr/services/symantec...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
voila le rapport:
Logfile of HijackThis v1.99.1
Scan saved at 16:39, on 2008-11-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.exe
D:\WINDOWS\services.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
D:\Program Files\BroadJump\Client Foundation\CFD.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\Program Files\Sony\HotKey Utility\HKserv.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\powerpanel\Program\PcfMgr.exe
D:\Program Files\Club-Internet\Lanceur\lanceur.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Sony\HotKey Utility\HKWnd.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\k-der.one\Bureau\worldsat\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\system32\fservice.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: XBTB06823 - {BA463437-C3DE-47da-8280-87596824388A} - D:\PROGRA~1\GOOGLE~1\TOOLBA~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UpdateManager] "D:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SigmaTel StacMon] D:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [BJCFD] D:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [HKSERV.EXE] D:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] D:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: Club Internet.lnk = D:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Startup: TribalWeb.lnk = D:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = D:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: PowerPanel.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://espaceabonnes.club-internet.fr/services/symantec...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 16:41, on 2008-11-02
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.exe
D:\WINDOWS\services.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
D:\Program Files\BroadJump\Client Foundation\CFD.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\Program Files\Sony\HotKey Utility\HKserv.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\powerpanel\Program\PcfMgr.exe
D:\Program Files\Club-Internet\Lanceur\lanceur.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Sony\HotKey Utility\HKWnd.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe D:\WINDOWS\system32\fservice.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: XBTB06823 - {BA463437-C3DE-47da-8280-87596824388A} - D:\PROGRA~1\GOOGLE~1\TOOLBA~1.DLL
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UpdateManager] "D:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SigmaTel StacMon] D:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [BJCFD] D:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [Traymin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [HKSERV.EXE] D:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] D:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: Club Internet.lnk = D:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Startup: TribalWeb.lnk = D:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = D:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: PowerPanel.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://espaceabonnes.club-internet.fr/services/symantec...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
Autres pages sur : aide svp rame infecte
Lassé par la pub ? Créez un compte
Bonjour,
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
[#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
voila le rapport:
ComboFix 08-11-02.05 - k-der.one 2008-11-03 18:05:03.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.131 [GMT 1:00]
Lancé depuis: d:\documents and settings\k-der.one\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\documents and settings\k-der.one\Application Data\inst.exe
D:\WA6P
d:\windows\ktd32.atm
d:\windows\services.exe
d:\windows\system\sservice.exe
d:\windows\system32\fservice.exe
d:\windows\system32\reginv.dll
d:\windows\system32\winkey.dll
d:\windows\Temp\scsF.tmp
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-03 au 2008-11-03 ))))))))))))))))))))))))))))))))))))
.
2008-11-02 12:30 . 2008-11-02 12:31 <REP> d-------- d:\windows\AU_Temp
2008-11-02 12:30 . 2008-11-02 12:31 20,712,345 --a------ d:\windows\VPTNFILE.631
2008-11-02 12:30 . 2008-11-02 12:31 20,712,345 --a------ d:\windows\LPT$VPN.631
2008-10-28 14:48 . 2008-10-28 14:48 350,764 --a------ d:\windows\system32\lncom.exe
2008-10-28 14:48 . 2008-10-28 14:48 102,464 --a------ d:\windows\system32\lncom_.jpg
2008-10-28 14:48 . 2008-10-28 14:48 102,464 --a------ d:\windows\7880060.jpg
2008-10-28 14:48 . 2008-10-28 14:48 100,003 --a------ d:\windows\7235485.jpg
2008-10-25 11:23 . 2007-07-09 14:11 584,192 -----c--- d:\windows\system32\dllcache\rpcrt4.dll
2008-10-25 10:56 . 2008-10-25 11:17 <REP> d-------- d:\windows\system32\CatRoot_bak
2008-10-17 21:32 . 2008-10-18 00:02 <REP> d-------- d:\program files\NOS
2008-10-17 21:32 . 2008-10-18 00:02 <REP> d-------- d:\documents and settings\All Users\Application Data\NOS
2008-10-17 20:25 . 2008-10-17 20:25 <REP> d-------- d:\program files\Microsoft ActiveSync
2008-10-15 11:26 . 2008-09-15 16:39 1,846,144 -----c--- d:\windows\system32\dllcache\win32k.sys
2008-10-15 11:25 . 2008-08-14 14:44 2,182,400 -----c--- d:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 11:25 . 2008-08-14 14:44 2,138,112 -----c--- d:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 11:25 . 2008-08-14 14:44 2,059,776 -----c--- d:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 11:25 . 2008-08-14 14:44 2,017,792 -----c--- d:\windows\system32\dllcache\ntkrpamp.exe
2008-10-09 23:47 . 2008-10-09 23:47 <REP> d-------- d:\documents and settings\k-der.one\OngameNetwork
2008-10-09 22:33 . 2008-10-09 22:33 <REP> d-------- d:\program files\iPod
2008-10-09 22:33 . 2008-04-17 12:12 107,368 --a------ d:\windows\system32\GEARAspi.dll
2008-10-09 22:33 . 2008-04-17 12:12 15,464 --a------ d:\windows\system32\drivers\GEARAspiWDM.sys
2008-10-09 22:32 . 2008-10-09 22:33 <REP> d-------- d:\program files\iTunes
2008-10-09 22:32 . 2008-10-09 22:32 <REP> d-------- d:\program files\Bonjour
2008-10-09 22:32 . 2008-10-09 22:33 <REP> d-------- d:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-09 22:30 . 2008-10-09 22:31 <REP> d-------- d:\program files\QuickTime
2008-10-09 19:22 . 2008-10-09 19:22 <REP> d-------- d:\program files\Microsoft CAPICOM 2.1.0.2
2008-10-09 16:05 . 2008-10-09 16:06 <REP> d-------- d:\program files\Motive
2008-10-09 14:57 . 2007-03-08 16:37 578,560 --a--c--- d:\windows\system32\dllcache\user32.dll
2008-10-09 14:29 . 2008-11-03 13:25 <REP> d-------- D:\SDFix
2008-10-09 11:39 . 2008-10-09 12:01 <REP> d-------- d:\program files\Motive(2)
2008-10-09 00:10 . 2008-10-19 17:34 <REP> d-------- d:\program files\Everest Poker
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 11:31 91,744 ----a-w d:\windows\BPMNT.dll
2008-11-02 11:31 71,749 ----a-w d:\windows\hcextoutput.dll
2008-11-02 11:31 348,229 ----a-w d:\windows\tsc.exe
2008-11-02 11:31 1,213,784 ----a-w d:\windows\vsapi32.dll
2008-10-30 07:07 --------- d-----w d:\program files\eMule
2008-10-29 12:24 --------- d-----w d:\documents and settings\k-der.one\Application Data\Azureus
2008-10-17 20:38 --------- d-----w d:\program files\Fichiers communs\Adobe
2008-10-17 19:23 --------- d--h--w d:\program files\InstallShield Installation Information
2008-10-15 13:40 --------- d-----w d:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-14 01:48 --------- d-----w d:\program files\Messenger Plus! Live
2008-10-09 15:13 --------- d-----w d:\program files\Club-Internet
2008-10-09 11:05 --------- d-----w d:\program files\QuickTime(2)
2008-10-09 11:04 --------- d-----w d:\program files\iTunes(2)
2008-10-09 11:04 --------- d-----w d:\program files\iPod(2)
2008-10-09 11:04 --------- d-----w d:\program files\Bonjour(2)
2008-10-09 11:03 --------- d-----w d:\program files\MOVAVI
2008-10-09 11:03 --------- d-----w d:\program files\ConvertMovie 5.0
2008-09-29 18:22 --------- d-----w d:\program files\DkZ Studio
2008-01-25 16:13 47,360 ----a-w d:\documents and settings\k-der.one\Application Data\pcouffin.sys
2006-12-29 23:35 29,192 ----a-w d:\documents and settings\k-der.one\Application Data\GDIPFONTCACHEV1.DAT
.
------- Sigcheck -------
2004-08-20 00:10 112640 fc21787f32e3793a4c7c02d2bfaa5ae0 d:\windows\ServicePackFiles\i386\wuauclt.exe
2008-04-14 03:34 112640 7e3defe771cb451b0ff630bfa435417e d:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\wuauclt.exe
2008-04-14 03:34 112640 7e3defe771cb451b0ff630bfa435417e d:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\wuauclt.exe
2004-08-20 00:10 112640 fc21787f32e3793a4c7c02d2bfaa5ae0 d:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\wuauclt.exe
2008-07-18 21:10 53448 d316e28958873859b88d72cf47ad1ea5 d:\windows\system32\wuauclt.exe
2008-07-18 21:10 53448 d316e28958873859b88d72cf47ad1ea5 d:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2004-08-20 15360]
"MsnMsgr"="d:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"H/PC Connection Agent"="d:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="d:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SigmaTel StacMon"="d:\program files\SigmaTel\C-Major Audio\stacmon.exe" [2003-07-27 49209]
"BJCFD"="d:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"SunJavaUpdateSched"="d:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HKSERV.EXE"="d:\program files\Sony\HotKey Utility\HKserv.exe" [2003-06-26 90112]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2004-04-13 3309568]
"NBKeyScan"="d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"AppleSyncNotifier"="d:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-20 d:\windows\system32\irprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 d:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2004-08-20 15360]
d:\documents and settings\k-der.one\Menu D‚marrer\Programmes\D‚marrage\
Club Internet.lnk - d:\program files\Club-Internet\Lanceur\lanceur.exe [2007-12-26 5484544]
TribalWeb.lnk - d:\program files\TribalWeb\tribalweb.exe [2008-02-28 1077248]
d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
LE COMPAGNON CLUB.lnk - d:\program files\Club-Internet\Le Compagnon Club\bin\matcli.exe [2008-10-09 217088]
PowerPanel.lnk - d:\program files\powerpanel\Program\PcfMgr.exe [2007-02-25 872448]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.dvsd"= d:\progra~1\FICHIE~1\SONYSH~1\dvlib\sonydv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntivirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Azureus\\Azureus.exe"=
"d:\\Program Files\\eMule\\emule.exe"=
"d:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\TribalWeb\\tribalweb.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Program Files\\TVAnts\\Tvants.exe"=
"d:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\program files\Microsoft ActiveSync\rapimgr.exe"= d:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\program files\Microsoft ActiveSync\wcescomm.exe"= d:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\program files\Microsoft ActiveSync\WCESMgr.exe"= d:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R3 HSFHWSIS;HSFHWSIS;d:\windows\system32\DRIVERS\HSFHWSIS.sys [2003-08-04 156288]
R3 softctrl;Software Flow Control Driver;d:\windows\system32\DRIVERS\softctrl.sys [2005-12-12 9760]
R3 SPI;Périphérique de contrôle d'E/S programmable Sony;d:\windows\system32\DRIVERS\SonyPI.sys [2001-08-17 37040]
S2 Ca536av;FashionCam Video Camera Device;d:\windows\system32\Drivers\Ca536av.sys [2003-09-05 514859]
S3 camvid40;Philips SPC 900NC PC Camera;d:\windows\system32\DRIVERS\camdrv41.sys [2005-08-25 1240576]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;d:\windows\system32\DRIVERS\WlanUZXP.sys [2005-05-12 260608]
S3 USBCamera;FashionCam Digital Still Camera Device;d:\windows\system32\Drivers\Bulk536.sys [2003-05-14 11048]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8eada3a9-8f05-11dc-81a3-080046b3117a}]
\Shell\AutoRun\command - RavMon.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-31 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-02 d:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- d:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-Sonic RecordNow! Deluxe - (no file)
HKLM-Run-PhiBtn - d:\windows\System32\drivers\PhiBtn.exe
HKLM-Run-Traymin900 - d:\windows\System32\drivers\Tray900.exe
HKLM-Run-Motive SmartBridge - d:\progra~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
HKLM-Run-StandardInstall - (no file)
HKLM-Explorer_Run-DirectX For Microsoft® Windows - d:\windows\system32\fservice.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - d:\documents and settings\k-der.one\Application Data\Mozilla\Firefox\Profiles\8mu0aar8.default\
FF -: plugin - d:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - d:\program files\ma-config.com\nphardwaredetection.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\npmozax.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-03 18:09:45
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
d:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
d:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
d:\windows\system32\nvsvc32.exe
d:\progra~1\MI3AA1~1\rapimgr.exe
d:\program files\iPod\bin\iPodService.exe
d:\program files\sony\HotKey Utility\HKWnd.exe
.
**************************************************************************
.
Heure de fin: 2008-11-03 18:17:00 - La machine a redémarré [k-der.one]
ComboFix-quarantined-files.txt 2008-11-03 17:16:53
Avant-CF: 7,716,515,840 octets libres
Après-CF: 7,807,479,808 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect
208 --- E O F --- 2008-10-25 18:00:57
ComboFix 08-11-02.05 - k-der.one 2008-11-03 18:05:03.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.131 [GMT 1:00]
Lancé depuis: d:\documents and settings\k-der.one\Bureau\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\documents and settings\k-der.one\Application Data\inst.exe
D:\WA6P
d:\windows\ktd32.atm
d:\windows\services.exe
d:\windows\system\sservice.exe
d:\windows\system32\fservice.exe
d:\windows\system32\reginv.dll
d:\windows\system32\winkey.dll
d:\windows\Temp\scsF.tmp
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-03 au 2008-11-03 ))))))))))))))))))))))))))))))))))))
.
2008-11-02 12:30 . 2008-11-02 12:31 <REP> d-------- d:\windows\AU_Temp
2008-11-02 12:30 . 2008-11-02 12:31 20,712,345 --a------ d:\windows\VPTNFILE.631
2008-11-02 12:30 . 2008-11-02 12:31 20,712,345 --a------ d:\windows\LPT$VPN.631
2008-10-28 14:48 . 2008-10-28 14:48 350,764 --a------ d:\windows\system32\lncom.exe
2008-10-28 14:48 . 2008-10-28 14:48 102,464 --a------ d:\windows\system32\lncom_.jpg
2008-10-28 14:48 . 2008-10-28 14:48 102,464 --a------ d:\windows\7880060.jpg
2008-10-28 14:48 . 2008-10-28 14:48 100,003 --a------ d:\windows\7235485.jpg
2008-10-25 11:23 . 2007-07-09 14:11 584,192 -----c--- d:\windows\system32\dllcache\rpcrt4.dll
2008-10-25 10:56 . 2008-10-25 11:17 <REP> d-------- d:\windows\system32\CatRoot_bak
2008-10-17 21:32 . 2008-10-18 00:02 <REP> d-------- d:\program files\NOS
2008-10-17 21:32 . 2008-10-18 00:02 <REP> d-------- d:\documents and settings\All Users\Application Data\NOS
2008-10-17 20:25 . 2008-10-17 20:25 <REP> d-------- d:\program files\Microsoft ActiveSync
2008-10-15 11:26 . 2008-09-15 16:39 1,846,144 -----c--- d:\windows\system32\dllcache\win32k.sys
2008-10-15 11:25 . 2008-08-14 14:44 2,182,400 -----c--- d:\windows\system32\dllcache\ntoskrnl.exe
2008-10-15 11:25 . 2008-08-14 14:44 2,138,112 -----c--- d:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-15 11:25 . 2008-08-14 14:44 2,059,776 -----c--- d:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-15 11:25 . 2008-08-14 14:44 2,017,792 -----c--- d:\windows\system32\dllcache\ntkrpamp.exe
2008-10-09 23:47 . 2008-10-09 23:47 <REP> d-------- d:\documents and settings\k-der.one\OngameNetwork
2008-10-09 22:33 . 2008-10-09 22:33 <REP> d-------- d:\program files\iPod
2008-10-09 22:33 . 2008-04-17 12:12 107,368 --a------ d:\windows\system32\GEARAspi.dll
2008-10-09 22:33 . 2008-04-17 12:12 15,464 --a------ d:\windows\system32\drivers\GEARAspiWDM.sys
2008-10-09 22:32 . 2008-10-09 22:33 <REP> d-------- d:\program files\iTunes
2008-10-09 22:32 . 2008-10-09 22:32 <REP> d-------- d:\program files\Bonjour
2008-10-09 22:32 . 2008-10-09 22:33 <REP> d-------- d:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-09 22:30 . 2008-10-09 22:31 <REP> d-------- d:\program files\QuickTime
2008-10-09 19:22 . 2008-10-09 19:22 <REP> d-------- d:\program files\Microsoft CAPICOM 2.1.0.2
2008-10-09 16:05 . 2008-10-09 16:06 <REP> d-------- d:\program files\Motive
2008-10-09 14:57 . 2007-03-08 16:37 578,560 --a--c--- d:\windows\system32\dllcache\user32.dll
2008-10-09 14:29 . 2008-11-03 13:25 <REP> d-------- D:\SDFix
2008-10-09 11:39 . 2008-10-09 12:01 <REP> d-------- d:\program files\Motive(2)
2008-10-09 00:10 . 2008-10-19 17:34 <REP> d-------- d:\program files\Everest Poker
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 11:31 91,744 ----a-w d:\windows\BPMNT.dll
2008-11-02 11:31 71,749 ----a-w d:\windows\hcextoutput.dll
2008-11-02 11:31 348,229 ----a-w d:\windows\tsc.exe
2008-11-02 11:31 1,213,784 ----a-w d:\windows\vsapi32.dll
2008-10-30 07:07 --------- d-----w d:\program files\eMule
2008-10-29 12:24 --------- d-----w d:\documents and settings\k-der.one\Application Data\Azureus
2008-10-17 20:38 --------- d-----w d:\program files\Fichiers communs\Adobe
2008-10-17 19:23 --------- d--h--w d:\program files\InstallShield Installation Information
2008-10-15 13:40 --------- d-----w d:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-14 01:48 --------- d-----w d:\program files\Messenger Plus! Live
2008-10-09 15:13 --------- d-----w d:\program files\Club-Internet
2008-10-09 11:05 --------- d-----w d:\program files\QuickTime(2)
2008-10-09 11:04 --------- d-----w d:\program files\iTunes(2)
2008-10-09 11:04 --------- d-----w d:\program files\iPod(2)
2008-10-09 11:04 --------- d-----w d:\program files\Bonjour(2)
2008-10-09 11:03 --------- d-----w d:\program files\MOVAVI
2008-10-09 11:03 --------- d-----w d:\program files\ConvertMovie 5.0
2008-09-29 18:22 --------- d-----w d:\program files\DkZ Studio
2008-01-25 16:13 47,360 ----a-w d:\documents and settings\k-der.one\Application Data\pcouffin.sys
2006-12-29 23:35 29,192 ----a-w d:\documents and settings\k-der.one\Application Data\GDIPFONTCACHEV1.DAT
.
------- Sigcheck -------
2004-08-20 00:10 112640 fc21787f32e3793a4c7c02d2bfaa5ae0 d:\windows\ServicePackFiles\i386\wuauclt.exe
2008-04-14 03:34 112640 7e3defe771cb451b0ff630bfa435417e d:\windows\SoftwareDistribution\Download\23ec66f2314a80d718b5483ab6e865af\wuauclt.exe
2008-04-14 03:34 112640 7e3defe771cb451b0ff630bfa435417e d:\windows\SoftwareDistribution\Download\44b6174a4a693136d02d4a7ecd7cbd54\wuauclt.exe
2004-08-20 00:10 112640 fc21787f32e3793a4c7c02d2bfaa5ae0 d:\windows\SoftwareDistribution\Download\70ccc3de7e94865059fbcf2f809c03b1\wuauclt.exe
2008-07-18 21:10 53448 d316e28958873859b88d72cf47ad1ea5 d:\windows\system32\wuauclt.exe
2008-07-18 21:10 53448 d316e28958873859b88d72cf47ad1ea5 d:\windows\system32\dllcache\wuauclt.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\system32\ctfmon.exe" [2004-08-20 15360]
"MsnMsgr"="d:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"H/PC Connection Agent"="d:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="d:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SigmaTel StacMon"="d:\program files\SigmaTel\C-Major Audio\stacmon.exe" [2003-07-27 49209]
"BJCFD"="d:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"SunJavaUpdateSched"="d:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HKSERV.EXE"="d:\program files\Sony\HotKey Utility\HKserv.exe" [2003-06-26 90112]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2004-04-13 3309568]
"NBKeyScan"="d:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"AppleSyncNotifier"="d:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"BluetoothAuthenticationAgent"="irprops.cpl" [2004-08-20 d:\windows\system32\irprops.cpl]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 d:\windows\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2004-08-20 15360]
d:\documents and settings\k-der.one\Menu D‚marrer\Programmes\D‚marrage\
Club Internet.lnk - d:\program files\Club-Internet\Lanceur\lanceur.exe [2007-12-26 5484544]
TribalWeb.lnk - d:\program files\TribalWeb\tribalweb.exe [2008-02-28 1077248]
d:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
LE COMPAGNON CLUB.lnk - d:\program files\Club-Internet\Le Compagnon Club\bin\matcli.exe [2008-10-09 217088]
PowerPanel.lnk - d:\program files\powerpanel\Program\PcfMgr.exe [2007-02-25 872448]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.dvsd"= d:\progra~1\FICHIE~1\SONYSH~1\dvlib\sonydv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntivirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Azureus\\Azureus.exe"=
"d:\\Program Files\\eMule\\emule.exe"=
"d:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Program Files\\TribalWeb\\tribalweb.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"d:\\Program Files\\TVAnts\\Tvants.exe"=
"d:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\program files\Microsoft ActiveSync\rapimgr.exe"= d:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"d:\program files\Microsoft ActiveSync\wcescomm.exe"= d:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"d:\program files\Microsoft ActiveSync\WCESMgr.exe"= d:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R3 HSFHWSIS;HSFHWSIS;d:\windows\system32\DRIVERS\HSFHWSIS.sys [2003-08-04 156288]
R3 softctrl;Software Flow Control Driver;d:\windows\system32\DRIVERS\softctrl.sys [2005-12-12 9760]
R3 SPI;Périphérique de contrôle d'E/S programmable Sony;d:\windows\system32\DRIVERS\SonyPI.sys [2001-08-17 37040]
S2 Ca536av;FashionCam Video Camera Device;d:\windows\system32\Drivers\Ca536av.sys [2003-09-05 514859]
S3 camvid40;Philips SPC 900NC PC Camera;d:\windows\system32\DRIVERS\camdrv41.sys [2005-08-25 1240576]
S3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;d:\windows\system32\DRIVERS\WlanUZXP.sys [2005-05-12 260608]
S3 USBCamera;FashionCam Digital Still Camera Device;d:\windows\system32\Drivers\Bulk536.sys [2003-05-14 11048]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8eada3a9-8f05-11dc-81a3-080046b3117a}]
\Shell\AutoRun\command - RavMon.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-31 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-11-02 d:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- d:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-Sonic RecordNow! Deluxe - (no file)
HKLM-Run-PhiBtn - d:\windows\System32\drivers\PhiBtn.exe
HKLM-Run-Traymin900 - d:\windows\System32\drivers\Tray900.exe
HKLM-Run-Motive SmartBridge - d:\progra~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
HKLM-Run-StandardInstall - (no file)
HKLM-Explorer_Run-DirectX For Microsoft® Windows - d:\windows\system32\fservice.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - d:\documents and settings\k-der.one\Application Data\Mozilla\Firefox\Profiles\8mu0aar8.default\
FF -: plugin - d:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - d:\program files\ma-config.com\nphardwaredetection.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - d:\program files\Mozilla Firefox\plugins\npmozax.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-03 18:09:45
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
d:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
d:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
d:\windows\system32\nvsvc32.exe
d:\progra~1\MI3AA1~1\rapimgr.exe
d:\program files\iPod\bin\iPodService.exe
d:\program files\sony\HotKey Utility\HKWnd.exe
.
**************************************************************************
.
Heure de fin: 2008-11-03 18:17:00 - La machine a redémarré [k-der.one]
ComboFix-quarantined-files.txt 2008-11-03 17:16:53
Avant-CF: 7,716,515,840 octets libres
Après-CF: 7,807,479,808 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /fastdetect
208 --- E O F --- 2008-10-25 18:00:57
Re,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
[#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]
AIDE : Tuto en images sur MBAM
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 759
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 126905
Temps écoulé: 2 hour(s), 52 minute(s), 35 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Version de la base de données: 759
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 126905
Temps écoulé: 2 hour(s), 52 minute(s), 35 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
voila le dernier rapport:
Logfile of HijackThis v1.99.1
Scan saved at 14:32:10, on 05/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
D:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
D:\Program Files\BroadJump\Client Foundation\CFD.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\Program Files\Sony\HotKey Utility\HKserv.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\powerpanel\Program\PcfMgr.exe
D:\Program Files\Club-Internet\Lanceur\lanceur.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Sony\HotKey Utility\HKWnd.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\k-der.one\Bureau\worldsat\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UpdateManager] "D:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SigmaTel StacMon] D:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [BJCFD] D:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HKSERV.EXE] D:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: Club Internet.lnk = D:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Startup: TribalWeb.lnk = D:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = D:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: PowerPanel.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://espaceabonnes.club-internet.fr/services/symantec...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 14:32:10, on 05/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
D:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
D:\Program Files\BroadJump\Client Foundation\CFD.exe
D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
D:\Program Files\Sony\HotKey Utility\HKserv.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\powerpanel\Program\PcfMgr.exe
D:\Program Files\Club-Internet\Lanceur\lanceur.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Sony\HotKey Utility\HKWnd.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\k-der.one\Bureau\worldsat\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UpdateManager] "D:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SigmaTel StacMon] D:\Program Files\SigmaTel\C-Major Audio\stacmon.exe
O4 - HKLM\..\Run: [BJCFD] D:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HKSERV.EXE] D:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NBKeyScan] "D:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: Club Internet.lnk = D:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Startup: TribalWeb.lnk = D:\Program Files\TribalWeb\tribalweb.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = D:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O4 - Global Startup: PowerPanel.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://D:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download all links using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8....
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall...
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - http://espaceabonnes.club-internet.fr/services/symantec...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumPc infecte, analyse avec hijackthis aide svp
- solutionsExplorer.exe redemarre, pc lent. aide svp
- ForumRelier deux pc a internet aide svp
- ForumBurnout paradise utimate box pc aide svp
- ForumPc rame aide log hijackthis svp merci
- ForumAide pour achat pc de bureau svp
- ForumAide pour enlever virus pc svp
- ForumInfection navipromo et egdacces aide svp
- ForumUbuntu ne demarre plus aide svp svp
- ForumInfecte par new malware.j aide svp
- Voir plus
