|
|
Auteur
|
Message
|
1
|
|
|
|
|
Bonjour a tous!J'ai ce virus depuis 20 jours.J'ai tout essayé pour l'éliminer,mais ça ne marche pas.Aidez-moi SVP.....!!!
|
|
Modérateur/Helper
|
|
|
Bonjour,
Télécharge Hijackthis (de Trend Micro) sur ton Bureau.
Double clique sur HJTInstall.exe pour lancer l'installation.
Clique sur Install.
Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer.
Accepte la licence en cliquant sur Yes.
Clique sur "Do a system scan and save a logfile".
Poste ici le rapport généré.
Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log
Aide : Comment utiliser HijackThis.
|
|
|
|
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:01:09, on 13/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\Explorer.EXE
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_CH&c(...)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_CH&c(...)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {E8F5E07D-CA3B-4323-B9E0-3051FBF6645E} - C:\Users\SONYAY~1\AppData\Local\Temp\ljJCuvuU.dll
O2 - BHO: (no name) - {F50B3F5E-856E-4757-9BB1-B35D46CA7719} - C:\Windows\system32\rqRJBQjK.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\rqRJBQjK.dll,#1
O4 - HKLM\..\Run: [5a6f2e2c] rundll32.exe "C:\Windows\system32\rrvsmdhk.dll",b
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [5a6f2e2c] rundll32.exe "C:\Windows\system32\rrvsmdhk.dll",b
O4 - HKCU\..\Run: [BM595c1db0] Rundll32.exe "C:\Users\SONYAY~1\AppData\Local\Temp\fcukrthf.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de delivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.22.downloads.estara.com./as/OneCCDM.php?template=41001&am(...)
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - http://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9982 bytes
|
|
Modérateur/Helper
|
|
|
Re,
Désactive l'UAC( Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le )
1) Désactive toute protection résidente ( antivirus…) ! Aide ici : http://forum.pcastuces.com/desactiver_les_protections_residentes-f31s4.htm
Déconnecte-toi d’internet, ferme tous les programmes en cours et laisse combofix travailler : ne fais donc pas autre chose en même temps !
Télécharge Combofix de sUBs
Sauvegarde le sur ton bureau et pas ailleurs !
Redémarre en mode sans échecs : aide ici >>>
http://forum.telecharger.01net.com/telecharger/virus_et_assimiles/failles_de_(...)
/!\ Ne jamais redémarrer en mode sans échec via msconfig ! /!\
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. Il se trouve ici : C:\Combofix.txt
2) Copie/colle un nouveau rapport HiJackThis avec.
|
|
|
|
|
Voici le rapport de COMBOFIX
ComboFix 08-05-12.1 - Sonya Yoncheva 2008-05-13 21:48:34.2 - NTFSx86
Microsoft® Windows Vista™ Edition Familiale Premium 6.0.6000.0.1251.359.1036.18.389 [GMT 1:00]
Endroit: C:\Users\Sonya Yoncheva\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\cmgkkfme.ini
C:\Windows\system32\cnvrgtge.ini
C:\Windows\System32\dMUEdMoq.ini
C:\Windows\System32\dMUEdMoq.ini2
C:\Windows\System32\EdeNnUvw.ini
C:\Windows\System32\EdeNnUvw.ini2
C:\Windows\system32\kfcdiqcw.ini
C:\Windows\system32\khdmsvrr.ini
C:\Windows\System32\lbnhwwyf.ini
C:\Windows\System32\ldjbejyw.ini
C:\Windows\system32\upivkgka.ini
C:\Windows\system32\wpmwadax.ini
C:\Windows\System32\XbdKnUvw.ini
C:\Windows\System32\XbdKnUvw.ini2
C:\Windows\System32\XGOYxGgh.ini
C:\Windows\System32\XGOYxGgh.ini2
C:\Windows\System32\yGOoYccf.ini
C:\Windows\System32\yGOoYccf.ini2
.
---- Previous Run -------
.
C:\Windows\system32\AutoRun.inf
.
((((((((((((((((((((((((((((( Fichiers cr©©s 2008-04-13 to 2008-05-13 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr©© dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 19:28 --------- d-----w C:\Users\Sonya Yoncheva\AppData\Roaming\AVG7
2008-05-13 18:21 --------- d-----w C:\Program Files\Trend Micro
2008-05-13 17:23 --------- d-----w C:\Users\Sonya Yoncheva\AppData\Roaming\Skype
2008-05-13 15:52 --------- d-----w C:\Users\Sonya Yoncheva\AppData\Roaming\skypePM
2008-05-12 20:25 --------- d-----w C:\Program Files\SPYWAREfighter
2008-05-12 20:17 --------- d-----w C:\Program Files\Common Files\Application
2008-05-11 23:11 --------- d-----w C:\Program Files\a-squared Free
2008-05-07 14:48 24,578,952 ----a-w C:\Users\Sonya Yoncheva\AdbeRdr812_fr_FR.exe
2008-05-06 08:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 08:53 --------- d-----w C:\Program Files\Orange
2008-04-27 21:02 --------- d-----w C:\Program Files\RegCleaner
2008-04-27 07:17 16,616,641 ------w C:\avg7qt.dat
2008-04-25 21:52 174 --sha-w C:\Program Files\desktop.ini
2008-04-25 21:46 --------- d-----w C:\Program Files\Windows Mail
2008-04-25 21:46 --------- d-----w C:\Program Files\Windows Calendar
2008-04-25 20:23 --------- d-----w C:\ProgramData\avg7
2008-04-25 20:18 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-04-25 19:28 --------- d-----w C:\ProgramData\Lavasoft
2008-04-25 18:06 --------- d-----w C:\Program Files\Lavasoft
2008-04-25 18:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-25 17:49 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-25 17:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-25 17:32 --------- d-----w C:\Program Files\Yahoo!
2008-04-25 17:32 --------- d-----w C:\Program Files\CCleaner
2008-04-25 16:52 13,448 ----a-w C:\Users\Sonya Yoncheva\AppData\Roaming\nvModes.dat
2008-04-20 16:40 --------- d-----w C:\Users\Sonya Yoncheva\AppData\Roaming\uTorrent
2008-04-04 14:23 737,280 ----a-w C:\Windows\iun6002.exe
2008-03-28 08:54 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-28 08:52 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-03-28 08:52 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-03-28 08:52 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-03-28 08:52 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-03-28 08:52 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-03-28 08:52 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-03-28 08:52 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-03-28 08:52 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-03-28 08:45 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-28 08:45 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-03-27 09:53 --------- d-----w C:\Users\Sonya Yoncheva\AppData\Roaming\HP
2008-03-25 20:44 --------- d-----w C:\ProgramData\WEBREG
2008-03-25 20:42 --------- d-----w C:\ProgramData\HP
2008-03-25 20:24 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-03-25 20:16 --------- d-----w C:\Users\Sonya Yoncheva\AppData\Roaming\HPAppData
2008-03-25 20:16 --------- d-----w C:\ProgramData\HPSSUPPLY
2008-03-25 20:16 --------- d-----w C:\Program Files\HP
2008-03-25 20:16 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-25 20:13 --------- d-----w C:\ProgramData\HP Product Assistant
2008-03-25 20:12 --------- d-----w C:\Program Files\Common Files\HP
2008-03-25 20:11 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-03-20 08:39 --------- d-----w C:\Program Files\Webteh
2008-03-13 09:20 53,768 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-12 10:44 32 ----a-w C:\Users\All Users\ezsid.dat
2008-02-12 10:44 32 ----a-w C:\ProgramData\ezsid.dat
2002-05-04 12:02 1,447,567 ----a-w C:\Users\Sonya Yoncheva\Acoustica-MP3-CD-Burner-Installer-v1.50.exe
2002-05-04 11:13 2,877,838 ----a-w C:\Users\Sonya Yoncheva\Acoustica-CD-Label-Maker-Installer-v1.10.exe
2002-04-29 16:12 1,581,850 ----a-w C:\Users\Sonya Yoncheva\Acoustica-MP3-Audio-Mixer-v2.13 (Newest Version).exe
2002-04-29 16:11 1,076,220 ----a-w C:\Users\Sonya Yoncheva\Acoustica-MP3-To-Wave-Converter-PLUS-v2.08 (Newest Version!).exe
2008-01-31 15:08 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-31 15:08 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-31 15:08 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-06-12 20:25 22 --sha-w C:\Windows\SMINST\HPCD.sys
2007-10-13 07:13 56 --sh--r C:\Windows\System32\9C7CB8A3DF.sys
2007-10-13 07:13 6,580 --sha-w C:\Windows\System32\KGyGaAvL.sys
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ©l©ments vides & les ©l©ments initiaux l©gitimes ne sont pas list©s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8D136970-2781-4881-A8CA-FEEC6D05BB02}]
C:\Users\SONYAY~1\AppData\Local\Temp\ljJCuvuU.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-03-25 10:48 906480]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 18:12 1232896]
"5a6f2e2c"="C:\Windows\system32\rrvsmdhk.dll" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-18 00:04 1006264]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 11:58 579584]
"MSServer"="C:\Windows\system32\rqRJBQjK.dll" [ ]
"5a6f2e2c"="C:\Windows\system32\rrvsmdhk.dll" [ ]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-26 13:34 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-06-11 11:59 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AED720DD-DC18-4410-939E-150B541147C3}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{2D57E464-2F4D-46F3-ABDD-E6DBC29259D6}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"TCP Query User{7571E45D-BA3F-462B-8DFA-C2E9C3E59FAE}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{A5B274FA-AD95-44B4-9E59-5D3A3AA86D3E}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{4F3CF2BC-317F-476E-9FE4-F02B4F097E17}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C89A8C25-FE81-45EF-8282-D097D759990E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{8121C210-7B6E-4992-B434-82EEB61FF002}C:\\users\\sonya yoncheva\\appdata\\local\\temp\\occ.exe"= UDP:C:\users\sonya yoncheva\appdata\local\temp\occ.exe:occ.exe
"UDP Query User{A269DFF1-0B46-4F47-803F-62CE3AB4B354}C:\\users\\sonya yoncheva\\appdata\\local\\temp\\occ.exe"= TCP:C:\users\sonya yoncheva\appdata\local\temp\occ.exe:occ.exe
"{86FE7D5D-F617-46A4-9ABB-9646F137E896}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{73DAA764-A4A6-4486-A202-1FD631931810}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{4851E84C-2CD6-4B5B-9EF9-C953C90B3707}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{65D1D2E7-BDD1-4350-9DEE-5CA90AB5450E}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{07D75CFC-9F56-4A82-9E0A-95078170685C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{B7C66562-A8CA-4E72-B7B7-F5CAF6392CA6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{729F14BA-10C5-4FAE-8032-BD28694A9244}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5B53DB8A-05B3-45FD-8046-EF822EAB56E7}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{74CB4DC2-9FCF-4BBF-8421-C9804405F1A1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{8FA5FE72-F927-422A-B428-AE7FAD8AE0B8}C:\\program files\\google\\google sketchup 6\\sketchup.exe"= UDP:C:\program files\google\google sketchup 6\sketchup.exe:SketchUp Application
"UDP Query User{C1A1197E-5DD0-4631-B1FB-7E94FBAE4FB8}C:\\program files\\google\\google sketchup 6\\sketchup.exe"= TCP:C:\program files\google\google sketchup 6\sketchup.exe:SketchUp Application
"TCP Query User{333AE107-A404-4391-A794-71E98D555E56}C:\\program files\\google\\google sketchup 6\\layout\\layout.exe"= UDP:C:\program files\google\google sketchup 6\layout\layout.exe:LayOut
"UDP Query User{7331B1D5-2AE6-4141-841E-3FA7E94D7E97}C:\\program files\\google\\google sketchup 6\\layout\\layout.exe"= TCP:C:\program files\google\google sketchup 6\layout\layout.exe:LayOut
"TCP Query User{02C0FD2D-F2F5-46EA-9105-92B688240B07}C:\\program files\\k-lite codec pack\\media player classic\\mplayerc.exe"= UDP:C:\program files\k-lite codec pack\media player classic\mplayerc.exe:Media Player Classic
"UDP Query User{6541724E-2A49-4233-8A86-4A34910728A7}C:\\program files\\k-lite codec pack\\media player classic\\mplayerc.exe"= TCP:C:\program files\k-lite codec pack\media player classic\mplayerc.exe:Media Player Classic
"TCP Query User{046602C0-0CD1-4B09-8EEA-9B4863DF284A}C:\\users\\sonya yoncheva\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\sonya yoncheva\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{88176B13-5EF1-42C5-AA5B-C7534A93A868}C:\\users\\sonya yoncheva\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\sonya yoncheva\program files\utorrent\utorrent.exe:utorrent.exe
"{B01E36F2-C157-4622-BA8D-2214199A1160}"= Disabled:UDP:E:\setup\HPZnui01.exe:hpznui01.exe
"{FE431086-1CB9-4A00-A323-F9CE7CE6528C}"= Disabled:TCP:E:\setup\HPZnui01.exe:hpznui01.exe
"{609BD8E2-208C-4C9B-AACC-E00CEAD1199E}"= Disabled:UDP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{223549BB-06AE-4504-8E7F-EDC4D49EB201}"= Disabled:TCP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{26A73429-F4DD-482D-AB48-29C75948ABA5}"= Disabled:UDP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{35B7D03D-1DFB-49E4-8C04-920BB115D15D}"= Disabled:TCP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{7E2DBCCF-183A-4C94-B927-E5E2F77291AE}"= Disabled:UDP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{98462D42-E577-46BC-AF88-029F24CAA04A}"= Disabled:TCP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{CB0C730A-8715-4066-8024-BDB21DAA5567}"= Disabled:UDP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{F884FF36-A5A5-41D1-BF50-E9FD6F9F0E32}"= Disabled:TCP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{93AE6C54-7AF9-4F93-B1CA-CA756A60F482}"= Disabled:UDP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{45D7B858-72FD-4956-93EF-682A81694E2A}"= Disabled:TCP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{2949906C-AC64-4816-A209-8F96F310D3A4}"= Disabled:UDP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{562FEACB-C333-4C52-98B4-88A3E44E8698}"= Disabled:TCP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{B0DF022B-2064-478A-B5CB-A1424066EEB7}"= Disabled:UDP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{2E0586D3-B9A9-42EA-BBB0-AB8330748BAA}"= Disabled:TCP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{65F2D3FE-E862-4DA6-A98A-EC3DB22F4725}"= Disabled:UDP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{044BE1CE-31AB-4AED-803E-A6CDA656E116}"= Disabled:TCP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{C3F329AF-3BEE-4C3F-B1D1-D0E14B099F14}"= Disabled:UDP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{631325ED-1467-4771-AC3F-FB9564275EF4}"= Disabled:TCP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{C0EDDCB6-EFDA-4B06-9C97-C2E56C2E75F9}"= Disabled:UDP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{F4C72F4F-CFB7-493E-B386-96040CE207EA}"= Disabled:TCP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{258096CD-11C9-438F-BB24-274214F6793B}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{92A5478B-2C9B-44C4-B027-297890FEFFCD}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{07A931EF-0A40-45D0-BC64-477720CFA2A0}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{268E6F77-D201-4C7D-9A1A-ACF5F48CCEF1}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-13 10:20]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 04:10]
S3 BCM43XV;Pilote de la carte reseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-17 17:20]
S3 btwaudio;Peripherique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-21 13:54]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-21 13:54]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-21 13:54]
S3 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-10-20 11:10]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contenu du dossier 'Scheduled Tasks/Tўches planifi©es'
"2008-05-13 21:00:22 C:\Windows\Tasks\User_Feed_Synchronization-{8C1CC358-796A-4AE1-BC1F-AE10D48B512E}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 21:56:34
Windows 6.0.6000 NTFS
Balayage processus cach©s ...
Balayage cach© autostart entries ...
Balayage des fichiers cach©s ...
C:\Users\Sonya Yoncheva\AppData\Roaming\Mozilla\Firefox\Profiles\jlbcu3p5.default\history.dat 872 bytes
Scan termin© avec succЁs
Les fichiers cach©s: 1
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\a-squared Free\a2service.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\SPYWAREfighter\spfprc.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Windows\System32\conime.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-13 22:02:49 - machine was rebooted [Sonya Yoncheva]
ComboFix-quarantined-files.txt 2008-05-13 21:02:28
Le texte du message associe au numero 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associe au numero 0x2379 est introuvable dans le fichier de messages pour Application.
252 --- E O F --- 2008-05-08 20:08:56
|
|
|
|
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:53, on 13/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\SPYWAREfighter\spftray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_CH&c(...)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {8D136970-2781-4881-A8CA-FEEC6D05BB02} - C:\Users\SONYAY~1\AppData\Local\Temp\ljJCuvuU.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\rqRJBQjK.dll,#1
O4 - HKLM\..\Run: [5a6f2e2c] rundll32.exe "C:\Windows\system32\rrvsmdhk.dll",b
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [5a6f2e2c] rundll32.exe "C:\Windows\system32\rrvsmdhk.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de delivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.22.downloads.estara.com./as/OneCCDM.php?template=41001&am(...)
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - http://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 9399 bytes
|
|
Modérateur/Helper
|
|
|
|
|
Bonjour avec en peu de retard!
Voici le dernièr rapport de Combofix:
ComboFix 08-05-12.1 - Sonya Yoncheva 2008-05-15 12:48:32.3 - NTFSx86
Microsoft® Windows Vista™ Edition Familiale Premium 6.0.6000.0.1251.359.1036.18.317 [GMT 1:00]
Endroit: C:\Users\Sonya Yoncheva\Desktop\ComboFix.exe
Command switches used :: C:\Users\Sonya Yoncheva\Desktop\CFScript.txt
* Crйation d'un nouveau point de restauration
FILE ::
C:\Users\SONYAY~1\AppData\Local\Temp\ljJCuvuU.dll
C:\Windows\System32\9C7CB8A3DF.sys
C:\Windows\system32\rqRJBQjK.dll
C:\Windows\system32\rrvsmdhk.dll
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\System32\9C7CB8A3DF.sys
.
((((((((((((((((((((((((((((( Fichiers crййs 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier crйй dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 11:37 --------- d-----w C:\Program Files\a-squared Free
2008-05-15 11:09 --------- d-----w C:\Users\Sonya Yoncheva\AppData\Roaming\Skype
2008-05-15 10:58 --------- d-----w C:\Users\Sonya Yoncheva\AppData\Roaming\skypePM
2008-05-15 10:52 --------- d-----w C:\Users\Sonya Yoncheva\AppData\Roaming\AVG7
2008-05-15 00:18 --------- d-----w C:\Program Files\Spiceworks
2008-05-14 23:46 --------- d-----w C:\Program Files\Morgan
2008-05-14 19:01 --------- d-----w C:\Program Files\Windows Mail
2008-05-13 22:03 --------- d-----w C:\ProgramData\Lavasoft
2008-05-13 21:57 --------- d-----w C:\ProgramData\eMule
2008-05-13 21:57 --------- d-----w C:\Program Files\eMule
2008-05-13 18:21 --------- d-----w C:\Program Files\Trend Micro
2008-05-12 20:25 --------- d-----w C:\Program Files\SPYWAREfighter
2008-05-12 20:17 --------- d-----w C:\Program Files\Common Files\Application
2008-05-07 14:48 24,578,952 ----a-w C:\Users\Sonya Yoncheva\AdbeRdr812_fr_FR.exe
2008-05-06 08:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 08:53 --------- d-----w C:\Program Files\Orange
2008-04-27 21:02 --------- d-----w C:\Program Files\RegCleaner
2008-04-27 07:17 16,616,641 ------w C:\avg7qt.dat
2008-04-25 21:52 174 --sha-w C:\Program Files\desktop.ini
2008-04-25 21:46 --------- d-----w C:\Program Files\Windows Calendar
2008-04-25 20:23 --------- d-----w C:\ProgramData\avg7
2008-04-25 20:18 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-04-25 17:49 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-04-25 17:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-25 17:32 --------- d-----w C:\Program Files\Yahoo!
2008-04-25 17:32 --------- d-----w C:\Program Files\CCleaner
2008-04-25 16:52 13,448 ----a-w C:\Users\Sonya Yoncheva\AppData\Roaming\nvModes.dat
2008-04-04 14:23 737,280 ----a-w C:\Windows\iun6002.exe
2008-03-28 08:54 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-03-28 08:54 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-03-28 08:53 36,864 ----a-w C:\Windows\System32\wmdmps.dll
2008-03-28 08:53 311,296 ----a-w C:\Windows\System32\mswmdm.dll
2008-03-28 08:53 31,744 ----a-w C:\Windows\System32\wmdmlog.dll
2008-03-28 08:45 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-03-28 08:45 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-03-28 08:45 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-03-28 08:45 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-03-28 08:45 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-03-27 09:53 --------- d-----w C:\Users\Sonya Yoncheva\AppData\Roaming\HP
2008-03-25 20:44 --------- d-----w C:\ProgramData\WEBREG
2008-03-25 20:42 --------- d-----w C:\ProgramData\HP
2008-03-25 20:24 --------- d-----w C:\ProgramData\Hewlett-Packard
2008-03-25 20:16 --------- d-----w C:\Users\Sonya Yoncheva\AppData\Roaming\HPAppData
2008-03-25 20:16 --------- d-----w C:\ProgramData\HPSSUPPLY
2008-03-25 20:16 --------- d-----w C:\Program Files\HP
2008-03-25 20:16 --------- d-----w C:\Program Files\Hewlett-Packard
2008-03-25 20:13 --------- d-----w C:\ProgramData\HP Product Assistant
2008-03-25 20:12 --------- d-----w C:\Program Files\Common Files\HP
2008-03-25 20:11 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2008-03-20 08:39 --------- d-----w C:\Program Files\Webteh
2008-03-03 04:40 599,552 ----a-w C:\Windows\System32\CnxtAp32.dll
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 14:38 946,832 ----a-w C:\Windows\System32\_ISource30.dll
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-12 10:44 32 ----a-w C:\Users\All Users\ezsid.dat
2008-02-12 10:44 32 ----a-w C:\ProgramData\ezsid.dat
2002-05-04 12:02 1,447,567 ----a-w C:\Users\Sonya Yoncheva\Acoustica-MP3-CD-Burner-Installer-v1.50.exe
2002-05-04 11:13 2,877,838 ----a-w C:\Users\Sonya Yoncheva\Acoustica-CD-Label-Maker-Installer-v1.10.exe
2002-04-29 16:12 1,581,850 ----a-w C:\Users\Sonya Yoncheva\Acoustica-MP3-Audio-Mixer-v2.13 (Newest Version).exe
2002-04-29 16:11 1,076,220 ----a-w C:\Users\Sonya Yoncheva\Acoustica-MP3-To-Wave-Converter-PLUS-v2.08 (Newest Version!).exe
2008-01-31 15:08 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-31 15:08 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-31 15:08 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-06-12 20:25 22 --sha-w C:\Windows\SMINST\HPCD.sys
2007-10-13 07:13 6,580 --sha-w C:\Windows\System32\KGyGaAvL.sys
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((( snapshot@2008-05-13_22.01.46.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-13 20:55:55 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-15 10:50:16 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-13 20:54:33 5,780 ----a-w C:\Windows\bthservsdp.dat
+ 2008-05-15 00:30:24 5,780 ----a-w C:\Windows\bthservsdp.dat
+ 2008-05-15 10:50:16 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-15 10:50:16 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-13 20:48:07 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-15 11:05:38 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-13 20:56:19 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-15 10:51:03 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-05-13 20:54:51 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-15 11:04:36 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-13 20:56:19 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-15 10:50:56 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-15 10:50:56 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2008-05-15 11:02:12 2,230 ----a-w C:\Windows\SoftwareDistribution\EventCache\{4EF3DA09-A964-4C1E-9109-972BC4AEC521}.bin
- 2008-04-28 18:54:08 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-14 23:46:03 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-04-28 18:54:08 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-14 23:46:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-04-28 18:54:08 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-14 23:46:03 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2002-11-15 12:11:26 77,824 ----a-w C:\Windows\System32\MMSwitch.dll
- 2008-05-13 00:01:47 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-05-15 00:31:07 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-05-13 20:48:31 11,352 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1909657652-3276425344-4084196196-1000_UserData.bin
+ 2008-05-15 10:53:26 11,688 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1909657652-3276425344-4084196196-1000_UserData.bin
- 2008-05-13 20:48:31 82,376 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-15 10:53:25 82,696 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-13 20:42:44 39,150 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-15 10:53:05 39,398 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2008-04-26 19:02:18 42,602,510 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-05-14 13:24:21 42,621,581 ----a-w C:\Windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2008-04-16 00:49:12 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.16674_none_f05a2d326e88eb29\OESpamFilter.dat
+ 2008-04-16 00:44:28 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6000.20815_none_f125abb58774f9cb\OESpamFilter.dat
+ 2008-04-16 00:44:37 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.18054_none_f2560bb06b9f4438\OESpamFilter.dat
+ 2008-04-16 00:43:45 2,413,032 ----a-w C:\Windows\winsxs\x86_microsoft-windows-oespamfilter-dat_31bf3856ad364e35_6.0.6001.22159_none_f2e4a9ed84b862b5\OESpamFilter.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les йlйments vides & les йlйments initiaux lйgitimes ne sont pas listйs
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-03-25 10:48 906480]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 18:12 1232896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-18 00:04 1006264]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-15 11:58 579584]
"spywarefighterguard"="C:\Program Files\SPYWAREfighter\spftray.exe" [2008-02-21 15:37 115344]
"Spiceworks"="C:\Program Files\Spiceworks\bin\spicetray_silent.exe" [2007-06-07 17:11 61440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-26 13:34 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-06-11 11:59 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{AED720DD-DC18-4410-939E-150B541147C3}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{2D57E464-2F4D-46F3-ABDD-E6DBC29259D6}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"TCP Query User{7571E45D-BA3F-462B-8DFA-C2E9C3E59FAE}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{A5B274FA-AD95-44B4-9E59-5D3A3AA86D3E}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{4F3CF2BC-317F-476E-9FE4-F02B4F097E17}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C89A8C25-FE81-45EF-8282-D097D759990E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{8121C210-7B6E-4992-B434-82EEB61FF002}C:\\users\\sonya yoncheva\\appdata\\local\\temp\\occ.exe"= UDP:C:\users\sonya yoncheva\appdata\local\temp\occ.exe:occ.exe
"UDP Query User{A269DFF1-0B46-4F47-803F-62CE3AB4B354}C:\\users\\sonya yoncheva\\appdata\\local\\temp\\occ.exe"= TCP:C:\users\sonya yoncheva\appdata\local\temp\occ.exe:occ.exe
"{86FE7D5D-F617-46A4-9ABB-9646F137E896}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{73DAA764-A4A6-4486-A202-1FD631931810}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{4851E84C-2CD6-4B5B-9EF9-C953C90B3707}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{65D1D2E7-BDD1-4350-9DEE-5CA90AB5450E}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{07D75CFC-9F56-4A82-9E0A-95078170685C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{B7C66562-A8CA-4E72-B7B7-F5CAF6392CA6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{729F14BA-10C5-4FAE-8032-BD28694A9244}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5B53DB8A-05B3-45FD-8046-EF822EAB56E7}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{74CB4DC2-9FCF-4BBF-8421-C9804405F1A1}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{8FA5FE72-F927-422A-B428-AE7FAD8AE0B8}C:\\program files\\google\\google sketchup 6\\sketchup.exe"= UDP:C:\program files\google\google sketchup 6\sketchup.exe:SketchUp Application
"UDP Query User{C1A1197E-5DD0-4631-B1FB-7E94FBAE4FB8}C:\\program files\\google\\google sketchup 6\\sketchup.exe"= TCP:C:\program files\google\google sketchup 6\sketchup.exe:SketchUp Application
"TCP Query User{333AE107-A404-4391-A794-71E98D555E56}C:\\program files\\google\\google sketchup 6\\layout\\layout.exe"= UDP:C:\program files\google\google sketchup 6\layout\layout.exe:LayOut
"UDP Query User{7331B1D5-2AE6-4141-841E-3FA7E94D7E97}C:\\program files\\google\\google sketchup 6\\layout\\layout.exe"= TCP:C:\program files\google\google sketchup 6\layout\layout.exe:LayOut
"TCP Query User{02C0FD2D-F2F5-46EA-9105-92B688240B07}C:\\program files\\k-lite codec pack\\media player classic\\mplayerc.exe"= UDP:C:\program files\k-lite codec pack\media player classic\mplayerc.exe:Media Player Classic
"UDP Query User{6541724E-2A49-4233-8A86-4A34910728A7}C:\\program files\\k-lite codec pack\\media player classic\\mplayerc.exe"= TCP:C:\program files\k-lite codec pack\media player classic\mplayerc.exe:Media Player Classic
"TCP Query User{046602C0-0CD1-4B09-8EEA-9B4863DF284A}C:\\users\\sonya yoncheva\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\sonya yoncheva\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{88176B13-5EF1-42C5-AA5B-C7534A93A868}C:\\users\\sonya yoncheva\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\sonya yoncheva\program files\utorrent\utorrent.exe:utorrent.exe
"{B01E36F2-C157-4622-BA8D-2214199A1160}"= Disabled:UDP:E:\setup\HPZnui01.exe:hpznui01.exe
"{FE431086-1CB9-4A00-A323-F9CE7CE6528C}"= Disabled:TCP:E:\setup\HPZnui01.exe:hpznui01.exe
"{609BD8E2-208C-4C9B-AACC-E00CEAD1199E}"= Disabled:UDP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{223549BB-06AE-4504-8E7F-EDC4D49EB201}"= Disabled:TCP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{26A73429-F4DD-482D-AB48-29C75948ABA5}"= Disabled:UDP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{35B7D03D-1DFB-49E4-8C04-920BB115D15D}"= Disabled:TCP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{7E2DBCCF-183A-4C94-B927-E5E2F77291AE}"= Disabled:UDP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{98462D42-E577-46BC-AF88-029F24CAA04A}"= Disabled:TCP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:hpofxm08.exe
"{CB0C730A-8715-4066-8024-BDB21DAA5567}"= Disabled:UDP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{F884FF36-A5A5-41D1-BF50-E9FD6F9F0E32}"= Disabled:TCP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:hposfx08.exe
"{93AE6C54-7AF9-4F93-B1CA-CA756A60F482}"= Disabled:UDP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{45D7B858-72FD-4956-93EF-682A81694E2A}"= Disabled:TCP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{2949906C-AC64-4816-A209-8F96F310D3A4}"= Disabled:UDP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{562FEACB-C333-4C52-98B4-88A3E44E8698}"= Disabled:TCP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:hpqscnvw.exe
"{B0DF022B-2064-478A-B5CB-A1424066EEB7}"= Disabled:UDP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{2E0586D3-B9A9-42EA-BBB0-AB8330748BAA}"= Disabled:TCP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{65F2D3FE-E862-4DA6-A98A-EC3DB22F4725}"= Disabled:UDP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{044BE1CE-31AB-4AED-803E-A6CDA656E116}"= Disabled:TCP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:hpzwiz01.exe
"{C3F329AF-3BEE-4C3F-B1D1-D0E14B099F14}"= Disabled:UDP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{631325ED-1467-4771-AC3F-FB9564275EF4}"= Disabled:TCP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{C0EDDCB6-EFDA-4B06-9C97-C2E56C2E75F9}"= Disabled:UDP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{F4C72F4F-CFB7-493E-B386-96040CE207EA}"= Disabled:TCP:C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:hpqnrs08.exe
"{258096CD-11C9-438F-BB24-274214F6793B}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{92A5478B-2C9B-44C4-B027-297890FEFFCD}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{07A931EF-0A40-45D0-BC64-477720CFA2A0}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{268E6F77-D201-4C7D-9A1A-ACF5F48CCEF1}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 HPSLPSVC;HP Network Devices Support;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 NetPipeActivator;Adaptateur d’ecouteur Net.Pipe;"C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [2006-11-02 13:36]
R2 NetTcpActivator;Adaptateur d’ecouteur Net.Tcp;"C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [2006-11-02 13:36]
R2 RapiMgr;Connectivite de l'appareil Windows Mobile;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 WcesComm;Connectivite de l'appareil Windows Mobile 2003;C:\Windows\system32\svchost.exe [2006-11-02 10:45]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-05 10:39]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-13 10:20]
R3 btwaudio;Peripherique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2006-11-21 13:54]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [2006-11-21 13:54]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-21 13:54]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 04:10]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 09:44]
R3 SpyFighter;SpyFighter Guard Device;C:\Program Files\SPYWAREfighter\spyfighter.sys [2008-02-21 15:38]
R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Program Files\SPYWAREfighter\spfprc.exe" [2008-02-21 15:37]
S2 NetMsmqActivator;Adaptateur d’ecouteur Net.Msmq;"C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" -NetMsmqActivator []
S3 BCM43XV;Pilote de la carte reseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-17 17:20]
S3 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-10-20 11:10]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contenu du dossier 'Scheduled Tasks/Tвches planifiйes'
"2008-05-15 11:50:21 C:\Windows\Tasks\User_Feed_Synchronization-{8C1CC358-796A-4AE1-BC1F-AE10D48B512E}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 12:53:12
Windows 6.0.6000 NTFS
Balayage processus cachйs ...
Balayage cachй autostart entries ...
Balayage des fichiers cachйs ...
Scan terminй avec succиs
Les fichiers cachйs: 0
**************************************************************************
.
Temps d'accomplissement: 2008-05-15 12:54:35
ComboFix-quarantined-files.txt 2008-05-15 11:54:14
ComboFix2.txt 2008-05-13 21:02:51
Le texte du message associe au numero 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associe au numero 0x2379 est introuvable dans le fichier de messages pour Application.
273 --- E O F --- 2008-05-14 19:01:55
|
|
Modérateur/Helper
|
|
|
Re,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
|
|
|
|
|
Désolé pour le retard! Voici le rapport de Malware:
Malwarebytes' Anti-Malware 1.12
Version de la base de donnйes: 770
Type de recherche: Examen complet (C:\|D:\|E:\|)
Elйments examinйs: 191815
Temps йcoulй: 55 minute(s), 46 second(s)
Processus mйmoire infectй(s): 0
Module(s) mйmoire infectй(s): 0
Clй(s) du Registre infectйe(s): 2
Valeur(s) du Registre infectйe(s): 0
Elйment(s) de donnйes du Registre infectй(s): 0
Dossier(s) infectй(s): 0
Fichier(s) infectй(s): 0
Processus mйmoire infectй(s):
(Aucun йlйment nuisible dйtectй)
Module(s) mйmoire infectй(s):
(Aucun йlйment nuisible dйtectй)
Clй(s) du Registre infectйe(s):
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectйe(s):
(Aucun йlйment nuisible dйtectй)
Elйment(s) de donnйes du Registre infectй(s):
(Aucun йlйment nuisible dйtectй)
Dossier(s) infectй(s):
(Aucun йlйment nuisible dйtectй)
Fichier(s) infectй(s):
(Aucun йlйment nuisible dйtectй)
|
|
Modérateur/Helper
|
|
|
 Bonsoir,
Poste un nouveau rapport hijackthis et dis-moi comment va le PC.
Toujours des problèmes ?
|
|
|
|
|
Bonsoir!
Je te remercie pour l'aide!L'ordinateur va super bien depuis qu'on a fait tout ça!Seul chose il me dit qu'il y a un problem avec les hosts.J'ai rien fait ,car je ne sais même pas de quoi il s'agit.  Des fois aussi il me demande de choisir la connexion d'internet sans raison,vu que je suis déjà connectée...
Je poste le dernier rapport de hijack:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:41:11, on 13/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FR_CH&c(...)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {8D136970-2781-4881-A8CA-FEEC6D05BB02} - C:\Users\SONYAY~1\AppData\Local\Temp\ljJCuvuU.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\rqRJBQjK.dll,#1
O4 - HKLM\..\Run: [5a6f2e2c] rundll32.exe "C:\Windows\system32\rrvsmdhk.dll",b
O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [5a6f2e2c] rundll32.exe "C:\Windows\system32\rrvsmdhk.dll",b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de delivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {65FDEDF3-8ED9-4F5B-825E-18C2D44191A7} (OneCCCtl Class) - http://d.66.155.171.22.downloads.estara.com./as/OneCCDM.php?template=41001&am(...)
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - http://www.fnacmusic.com/telechargementFnacmusic/FnacmusicDnl.CAB
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Unknown owner - c:\Program Files\Norton Internet Security\isPwdSvc.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\ | | |
