Tes pubs, elles arrivent à quel moment ? N'importe quand ? sur n'importe quel site ? même déconnecté ?
Pourrais tu me faire une copie d'écran d'une de ces pubs svp et tu la postes ici.
>>> http://cjoint.com/
Tu cliques sur Parcourir, tu cherches ta capture, tu valides et voilà
FBrowserAdvisor + FBrowsingAdvisor [Résolu]
Modérateurs: toaster_78, niklavi, GrosBébé, Senosen
Règles du forum
Merci, de mettre vos rapports d'infections entre les BBcodes " hide" ou "code" , ceci afin d'éviter des messages trop longs !! un tuto pour le BBcode "hide" existe ici :
viewtopic.php?f=86&t=2338
Merci également de ne pas intervenir dans un sujet en cours si vous n'êtes pas l'auteur du sujet ou quand un helpeur a pris en main celui-ci.Si toutefois vous avez une observation pertinente et/ou à partager veuillez contacter le helpeur par MP
Merci, de mettre vos rapports d'infections entre les BBcodes " hide" ou "code" , ceci afin d'éviter des messages trop longs !! un tuto pour le BBcode "hide" existe ici :
viewtopic.php?f=86&t=2338
Merci également de ne pas intervenir dans un sujet en cours si vous n'êtes pas l'auteur du sujet ou quand un helpeur a pris en main celui-ci.Si toutefois vous avez une observation pertinente et/ou à partager veuillez contacter le helpeur par MP
Re: pubs intempestives
de bio72chat le 06 Mar 2008, 22:29
Accass a écrit:Tes pubs, elles arrivent à quel moment ? N'importe quand ? sur n'importe quel site ? même déconnecté ?
Pourrais tu me faire une copie d'écran d'une de ces pubs svp et tu la postes ici.
>>> http://cjoint.com/
Tu cliques sur Parcourir, tu cherches ta capture, tu valides et voilà
La dernière fois que j'ai eu une page qui s'ouvre, c'était une page blanche avec cette adresse: http://www.wwwamnc1.com/fallback.php
Vista m'a proposé de la fermer. Elles s'ouvrent seulement quand je suis connecté. Ce n'est jamais la même page et c'est beaucoup moins souvent qu'avant. En revanche lorsque j'ai fais une analyse, j'ai vu que l'UAC de vista n'était pas activé. Je l'ai activé et peut-être que j'aurai moins de problèmes ? Je remettrais l'adresse lorsque j'en aurai une autre (peut-être st-ce résolu ??)
Merci et à bientôt
Manu
-
bio72chat - flooder néophite
- Messages: 32
- Inscription: 06 Mar 2008, 17:18
Re: pubs intempestives
de GrosBébé le 06 Mar 2008, 22:58
Supprime les 3 derniers logiciels que je t'ai demandés d'installer + les rapports correspondants.
Surfe un peu et tiens nous au courant
Surfe un peu et tiens nous au courant
-
GrosBébé - Moderator
- Messages: 981
- Inscription: 10 Déc 2007, 15:16
Re: pubs intempestives
de GrosBébé le 07 Mar 2008, 19:51
Salut
Je viens de penser à un truc, tu souhaites toujours qu'on regarde pour tes logiciels qui se lancent au démarrage du pc ?
Je viens de penser à un truc, tu souhaites toujours qu'on regarde pour tes logiciels qui se lancent au démarrage du pc ?
-
GrosBébé - Moderator
- Messages: 981
- Inscription: 10 Déc 2007, 15:16
Re: pubs intempestives
de bio72chat le 07 Mar 2008, 20:47
Accass a écrit:Salut
Je viens de penser à un truc, tu souhaites toujours qu'on regarde pour tes logiciels qui se lancent au démarrage du pc ?
Pourquoi pas ? C'est vrai que c'est un peu long au démarrage !
PS J'ai installé firefox et pour l'instant je n'ai pas de pubs, en revanche, si j'ouvre explorer il y a des pubs qui s'ouvrent...
-
bio72chat - flooder néophite
- Messages: 32
- Inscription: 06 Mar 2008, 17:18
Re: pubs intempestives
de GrosBébé le 07 Mar 2008, 21:00
Salut
Je viens de penser à un autre truc encore (c'est le temps que l'information soit traitée par mon cerveau)
On verra après pour le démarrage si tu veux bien.
1/ Télécharge ComboFix (créé par sUBs) sur le bureau
>>> http://bibou0007.com/tutos-f45/tutorial ... x-t121.htm
Démarre en mode sans echec.
Méthode F8 de préférence
>>> http://bibou0007.com/tutos-f45/demarrer ... p-t337.htm
Double clique sur combofix.exe.
Tape sur la touche 1 pour démarrer le scan.
Ne clique surtout pas avec ta souris sur la fenêtre Combofix.
Lorsque le scan sera complété, un rapport apparaîtra.
Redémarre le pc normalement
Copie/colle ce rapport dans la prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Je viens de penser à un autre truc encore (c'est le temps que l'information soit traitée par mon cerveau)
On verra après pour le démarrage si tu veux bien.
1/ Télécharge ComboFix (créé par sUBs) sur le bureau
>>> http://bibou0007.com/tutos-f45/tutorial ... x-t121.htm
Démarre en mode sans echec.
Méthode F8 de préférence
>>> http://bibou0007.com/tutos-f45/demarrer ... p-t337.htm
Double clique sur combofix.exe.
Tape sur la touche 1 pour démarrer le scan.
Ne clique surtout pas avec ta souris sur la fenêtre Combofix.
Lorsque le scan sera complété, un rapport apparaîtra.
Redémarre le pc normalement
Copie/colle ce rapport dans la prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
-
GrosBébé - Moderator
- Messages: 981
- Inscription: 10 Déc 2007, 15:16
Re: pubs intempestives
de bio72chat le 07 Mar 2008, 22:10
Merci
rapport cobifix:
ComboFix 08-03-05.1 - de Vevey 2008-03-07 21:59:03.2 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1629 [GMT 1:00]
Endroit: C:\Users\de Vevey\Downloads\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\koos.exe
C:\Windows\system32\kprof
C:\Windows\system32\poof
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-07 to 2008-03-07 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 17:07 --------- d-----w C:\ProgramData\Spyware Terminator
2008-03-06 21:18 --------- d-----w C:\ProgramData\Symantec
2008-03-06 21:18 --------- d-----w C:\Program Files\ContextEnhancer
2008-03-06 19:11 --------- d-----w C:\Program Files\BDGest
2008-03-06 18:42 --------- d-----w C:\Program Files\Navilog1
2008-03-06 17:39 120,728 ----a-w C:\GDIPFONTCACHEV1.DAT
2008-03-06 16:34 --------- d-----w C:\Users\de Vevey\AppData\Roaming\Vista Start Menu
2008-03-04 18:11 --------- d-----w C:\Program Files\Spyware Terminator
2008-03-04 17:46 --------- d-----w C:\Program Files\Trend Micro
2008-03-03 15:33 --------- d-----w C:\Users\de Vevey\AppData\Roaming\Tunebite
2008-03-01 15:13 --------- d-----w C:\Users\de Vevey\AppData\Roaming\Spyware Terminator
2008-03-01 14:43 138,752 ----a-w C:\Windows\system32\drivers\sp_rsdrv2.sys
2008-02-28 14:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-26 12:50 --------- d-----w C:\ProgramData\RapidSolution
2008-02-26 12:21 --------- d-----w C:\Program Files\PixiePack Codec Pack
2008-02-26 12:17 --------- d-----w C:\Program Files\RapidSolution
2008-02-26 11:56 --------- d-----w C:\Users\de Vevey\AppData\Roaming\LimeWire
2008-02-18 17:19 --------- d-----w C:\ProgramData\Apple Computer
2008-02-18 17:19 --------- d-----w C:\Program Files\iTunes
2008-02-18 17:19 --------- d-----w C:\Program Files\iPod
2008-02-18 17:18 --------- d-----w C:\Program Files\QuickTime
2008-02-15 18:02 --------- d-----w C:\ProgramData\Elaborate Bytes
2008-02-15 17:53 --------- d-----w C:\Program Files\Elaborate Bytes
2008-02-14 16:04 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 16:03 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-14 16:03 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-14 16:03 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-14 16:03 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-14 16:03 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-14 16:03 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-14 16:03 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-14 16:03 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-02-14 16:01 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 16:01 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 16:01 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-14 16:01 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 16:01 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 16:00 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 16:00 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 16:00 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 16:00 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 16:00 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 16:00 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 15:57 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-10 14:04 --------- d-----w C:\Program Files\cell3D
2008-02-10 12:16 --------- d-----w C:\Program Files\MOVAVI
2008-02-10 12:16 --------- d-----w C:\Program Files\ConvertMovie 5.0
2008-02-10 11:24 --------- d-----w C:\Program Files\Ligos
2008-02-10 10:52 --------- d-----w C:\Program Files\MediaInfo
2008-02-07 17:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-07 17:40 --------- d-----w C:\Users\de Vevey\AppData\Roaming\CyberLink
2008-02-07 17:40 --------- d-----w C:\Program Files\CyberLink
2008-02-07 17:25 --------- d-----w C:\Program Files\WinMPG Video Convert
2008-01-31 16:02 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2008-01-31 15:58 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-31 15:54 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2008-01-27 13:14 --------- d-----w C:\Users\de Vevey\AppData\Roaming\dvdcss
2008-01-18 17:03 --------- d-----w C:\Program Files\Norton 360
2008-01-15 08:54 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-01-15 04:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-01-12 17:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-01-10 15:14 --------- d-----w C:\Users\de Vevey\AppData\Roaming\Roxio
2008-01-10 08:36 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-10 08:36 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 08:26 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-10 08:26 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-07 20:18 --------- d-----w C:\ProgramData\Roxio
2008-01-07 17:14 --------- d-----w C:\Program Files\DVD Decrypter
2007-11-18 20:01 20 ---h--w C:\Users\All Users\PKP_DLec.DAT
2007-11-18 20:01 20 ---h--w C:\Users\All Users\PKP_DLds.DAT
2007-11-18 20:01 20 ---h--w C:\ProgramData\PKP_DLec.DAT
2007-11-18 20:01 20 ---h--w C:\ProgramData\PKP_DLds.DAT
2007-10-28 11:17 20 ---h--w C:\Users\All Users\PKP_DLbz.DAT
2007-10-28 11:17 20 ---h--w C:\ProgramData\PKP_DLbz.DAT
2007-08-30 16:33 174 --sha-w C:\Program Files\desktop.ini
2007-05-31 18:24 8 ----a-w C:\Users\de Vevey\AppData\Roaming\usb.dat.bin
2007-06-18 14:52 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-06-18 14:52 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-06-18 14:52 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-05-14 17:13 22 --sha-w C:\Windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-03-05_17.45.15.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-05 16:39:27 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-03-07 21:03:33 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-03-05 16:33:43 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-03-07 20:30:18 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-03-05 16:37:38 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-03-07 21:04:04 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-03-07 21:04:04 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-03-05 16:34:31 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-03-07 19:54:57 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-03-05 16:37:38 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-03-07 21:04:04 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-03-07 21:04:04 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-03-05 16:27:43 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-07 17:27:28 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-05 16:27:43 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-07 17:27:28 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-05 16:27:43 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-07 17:27:28 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2004-07-31 16:50:36 51,200 ----a-w C:\Windows\System32\dumphive.exe
+ 2008-03-05 21:29:16 82,432 ----a-w C:\Windows\System32\IEDFix.exe
- 2008-03-05 16:44:27 107,004 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-03-06 13:53:07 107,416 ----a-w C:\Windows\System32\perfc009.dat
- 2008-03-05 16:44:27 121,436 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-03-06 13:53:07 121,814 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-03-05 16:44:27 617,860 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-03-06 13:53:07 618,272 ----a-w C:\Windows\System32\perfh009.dat
- 2008-03-05 16:44:27 699,236 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-03-06 13:53:07 699,984 ----a-w C:\Windows\System32\perfh00C.dat
+ 2003-06-05 19:13:00 53,248 ----a-w C:\Windows\System32\Process.exe
+ 2006-04-27 15:49:30 288,417 ----a-w C:\Windows\System32\SrchSTS.exe
+ 2008-03-01 22:12:41 86,016 ----a-w C:\Windows\System32\VACFix.exe
+ 2007-09-05 22:22:23 289,144 ----a-w C:\Windows\System32\VCCLSID.exe
- 2008-03-05 16:33:16 13,632 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3182665122-644683889-1724685261-1001_UserData.bin
+ 2008-03-07 19:17:11 13,824 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3182665122-644683889-1724685261-1001_UserData.bin
- 2008-03-05 16:33:16 66,842 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-07 19:17:11 66,930 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-03-05 16:33:13 56,746 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-07 19:17:05 57,056 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-10-03 22:36:46 25,600 ----a-w C:\Windows\System32\WS2Fix.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C6C4BA2-1646-0F3A-1FAE-B393C162C92E}]
2007-12-30 21:48 1019904 --a------ C:\Program Files\ContextEnhancer\ContextEnhancer-2.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 09:25 1232896]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 17:15 221184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"VistaStartMenu"="C:\Program Files\Vista Start Menu\VistaStartMenu.exe" [2007-10-29 17:47 1682944]
"Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2005-06-22 16:12 386752]
"L06FXLRD_398878"="C:\Program Files\Microsoft Etudes\Microsoft Etudes 2006 DVD\EDICT.exe" [2005-06-04 17:03 301776]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-12 19:22 1006264]
"vspdfprsrv.exe"="C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe" [2007-03-23 16:13 1006080]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 15:46 4349952 C:\Windows\RtHDVCpl.exe]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 14:52 240112]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 12:34 155648]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 16:16 65536]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 03:40 86960]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-04-19 17:11 151552]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 14:42 65536]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-12-10 20:52 49152]
"DMXLauncher"="C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 02:44 113136]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-14 19:10 116328]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08 813912]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 12:01 1037736]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 00:43 67488]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-01 15:43 2957824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ValidateAdminCodeSignatures"= 1 (0x1)
"FilterAdministratorToken"= 1 (0x1)
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk
backup=C:\Windows\pss\Lancement rapide d'Adobe Reader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\Windows\pss\NkbMonitor.exe.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-09-11 00:43 67488 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L06FXLRD_2057809]
--a------ 2005-06-04 17:03 301776 C:\Program Files\Microsoft Etudes\Microsoft Etudes 2006 DVD\EDICT.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L06FXLRD_339021]
--a------ 2005-06-04 17:03 301776 C:\Program Files\Microsoft Etudes\Microsoft Etudes 2006 DVD\EDICT.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B57534CE-0AC0-4B59-A790-A854D6FA852C}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{338668FA-4645-4EB1-A247-0B913093B924}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{C66A945F-328B-4B4D-9A77-3203F36E0734}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{D0A5B541-60EF-403B-8938-1FF459276FE6}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{927BB122-A1BD-41AA-A1AC-4E5FC0FD2373}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{6E196828-82F1-479B-829A-C9B1678DAC89}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{901A94A8-477D-4856-9324-47DBF700A47D}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{39AB7D19-6CCD-4E7C-8CA3-E252363A38BB}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{73B5252A-6CE3-44E9-A380-E98DF58AA1D8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{30968050-DEA8-4E34-A0C6-CC643033EF06}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{6A03E41A-A608-45D0-8FA3-E3D509EB1EC9}"= Disabled:UDP:C:\Program Files\devolo\informer\devinf.exe:devolo Informer
"{CF0DF76B-EB88-4DFD-9C72-684588FF7CD2}"= Disabled:TCP:C:\Program Files\devolo\informer\devinf.exe:devolo Informer
"{325A061E-6A8F-4680-B1C5-FEFA288358C5}"= Disabled:UDP:C:\Program Files\devolo\easyshare\easyshare.exe:devolo EasyShare
"{D2516950-C605-4E50-A24D-EBBE04031121}"= Disabled:TCP:C:\Program Files\devolo\easyshare\easyshare.exe:devolo EasyShare
"{FC34C2E9-1AB0-4F0E-B95B-A02CE9A1211C}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{2B00657A-3345-4DAB-B5FE-A6446EF26484}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{E6E67274-1792-4C8D-B217-107DFAFABFB0}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E9078819-0AEF-4F13-B4DF-7F51516D98E7}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0E712AD8-2546-4747-BE68-AED683189DB3}"= UDP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{A6D50B9B-D9C7-4798-8905-631EB811062F}"= TCP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080305.002\IDSvix86.sys [2008-02-13 17:18]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-03-01 15:43]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 00:45]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 10:32]
R2 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\Windows\system32\plcndis5.sys [2004-05-17 09:21]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" [2007-08-24 14:52]
R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-12-28 01:11]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-13 12:09]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-08 13:16]
R3 RoxMediaDB10;RoxMediaDB10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [2007-08-24 14:52]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 23:32]
S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 09:13]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;"C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe" [2007-08-24 14:53]
S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [2007-08-24 14:52]
S2 SessionLauncher;SessionLauncher;C:\Users\DEVEVE~1\AppData\Local\Temp\DX9\SessionLauncher.exe []
S3 ATHFMWDL;Philips USB Wireless Adapter Bootloader driver;C:\Windows\system32\Drivers\ATHFMWDL.sys [2005-02-24 21:42]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;"C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [2007-08-24 14:53]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e454897f-00bc-11dc-857e-001a926a9d92}]
\shell\AutoRun\command - G:\welcome.exe
*Newly Created Service* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {E505DA68-3442-5D45-2BD4-1AF0B6312E53} /qb
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{969B3B70-8765-11D5-9809-0050BACBF861}]
rundll32.exe advpack.dll,LaunchINFSection C:\Program Files\CyberLink\MP3PowerEncoder\Cyber.inf,PerUserStub
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-07 21:06:58 C:\Windows\Tasks\User_Feed_Synchronization-{B35540EA-BDF1-432C-8E57-C3AFE42E6BB9}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-07 22:04:09
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\conime.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehRec.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-07 22:07:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-07 21:07:41
.
2008-02-29 15:37:46 --- E O F ---
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1629 [GMT 1:00]
Endroit: C:\Users\de Vevey\Downloads\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\koos.exe
C:\Windows\system32\kprof
C:\Windows\system32\poof
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-07 to 2008-03-07 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 17:07 --------- d-----w C:\ProgramData\Spyware Terminator
2008-03-06 21:18 --------- d-----w C:\ProgramData\Symantec
2008-03-06 21:18 --------- d-----w C:\Program Files\ContextEnhancer
2008-03-06 19:11 --------- d-----w C:\Program Files\BDGest
2008-03-06 18:42 --------- d-----w C:\Program Files\Navilog1
2008-03-06 17:39 120,728 ----a-w C:\GDIPFONTCACHEV1.DAT
2008-03-06 16:34 --------- d-----w C:\Users\de Vevey\AppData\Roaming\Vista Start Menu
2008-03-04 18:11 --------- d-----w C:\Program Files\Spyware Terminator
2008-03-04 17:46 --------- d-----w C:\Program Files\Trend Micro
2008-03-03 15:33 --------- d-----w C:\Users\de Vevey\AppData\Roaming\Tunebite
2008-03-01 15:13 --------- d-----w C:\Users\de Vevey\AppData\Roaming\Spyware Terminator
2008-03-01 14:43 138,752 ----a-w C:\Windows\system32\drivers\sp_rsdrv2.sys
2008-02-28 14:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-26 12:50 --------- d-----w C:\ProgramData\RapidSolution
2008-02-26 12:21 --------- d-----w C:\Program Files\PixiePack Codec Pack
2008-02-26 12:17 --------- d-----w C:\Program Files\RapidSolution
2008-02-26 11:56 --------- d-----w C:\Users\de Vevey\AppData\Roaming\LimeWire
2008-02-18 17:19 --------- d-----w C:\ProgramData\Apple Computer
2008-02-18 17:19 --------- d-----w C:\Program Files\iTunes
2008-02-18 17:19 --------- d-----w C:\Program Files\iPod
2008-02-18 17:18 --------- d-----w C:\Program Files\QuickTime
2008-02-15 18:02 --------- d-----w C:\ProgramData\Elaborate Bytes
2008-02-15 17:53 --------- d-----w C:\Program Files\Elaborate Bytes
2008-02-14 16:04 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 16:03 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-14 16:03 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-14 16:03 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-14 16:03 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-14 16:03 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-14 16:03 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-14 16:03 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-14 16:03 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-02-14 16:01 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 16:01 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 16:01 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-14 16:01 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 16:01 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 16:00 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 16:00 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 16:00 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 16:00 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 16:00 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 16:00 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 15:57 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-10 14:04 --------- d-----w C:\Program Files\cell3D
2008-02-10 12:16 --------- d-----w C:\Program Files\MOVAVI
2008-02-10 12:16 --------- d-----w C:\Program Files\ConvertMovie 5.0
2008-02-10 11:24 --------- d-----w C:\Program Files\Ligos
2008-02-10 10:52 --------- d-----w C:\Program Files\MediaInfo
2008-02-07 17:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-07 17:40 --------- d-----w C:\Users\de Vevey\AppData\Roaming\CyberLink
2008-02-07 17:40 --------- d-----w C:\Program Files\CyberLink
2008-02-07 17:25 --------- d-----w C:\Program Files\WinMPG Video Convert
2008-01-31 16:02 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2008-01-31 15:58 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-31 15:54 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2008-01-27 13:14 --------- d-----w C:\Users\de Vevey\AppData\Roaming\dvdcss
2008-01-18 17:03 --------- d-----w C:\Program Files\Norton 360
2008-01-15 08:54 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-01-15 04:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-01-12 17:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-01-10 15:14 --------- d-----w C:\Users\de Vevey\AppData\Roaming\Roxio
2008-01-10 08:36 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-10 08:36 --------- d-----w C:\Program Files\Windows Mail
2008-01-10 08:26 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-10 08:26 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-07 20:18 --------- d-----w C:\ProgramData\Roxio
2008-01-07 17:14 --------- d-----w C:\Program Files\DVD Decrypter
2007-11-18 20:01 20 ---h--w C:\Users\All Users\PKP_DLec.DAT
2007-11-18 20:01 20 ---h--w C:\Users\All Users\PKP_DLds.DAT
2007-11-18 20:01 20 ---h--w C:\ProgramData\PKP_DLec.DAT
2007-11-18 20:01 20 ---h--w C:\ProgramData\PKP_DLds.DAT
2007-10-28 11:17 20 ---h--w C:\Users\All Users\PKP_DLbz.DAT
2007-10-28 11:17 20 ---h--w C:\ProgramData\PKP_DLbz.DAT
2007-08-30 16:33 174 --sha-w C:\Program Files\desktop.ini
2007-05-31 18:24 8 ----a-w C:\Users\de Vevey\AppData\Roaming\usb.dat.bin
2007-06-18 14:52 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-06-18 14:52 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-06-18 14:52 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-05-14 17:13 22 --sha-w C:\Windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((( snapshot@2008-03-05_17.45.15.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-05 16:39:27 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-03-07 21:03:33 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-03-05 16:33:43 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-03-07 20:30:18 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-03-05 16:37:38 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-03-07 21:04:04 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-03-07 21:04:04 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-03-05 16:34:31 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
+ 2008-03-07 19:54:57 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\UsrClass.dat
- 2008-03-05 16:37:38 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-03-07 21:04:04 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-03-07 21:04:04 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-03-05 16:27:43 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-07 17:27:28 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-05 16:27:43 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-07 17:27:28 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-05 16:27:43 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-07 17:27:28 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2004-07-31 16:50:36 51,200 ----a-w C:\Windows\System32\dumphive.exe
+ 2008-03-05 21:29:16 82,432 ----a-w C:\Windows\System32\IEDFix.exe
- 2008-03-05 16:44:27 107,004 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-03-06 13:53:07 107,416 ----a-w C:\Windows\System32\perfc009.dat
- 2008-03-05 16:44:27 121,436 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-03-06 13:53:07 121,814 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-03-05 16:44:27 617,860 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-03-06 13:53:07 618,272 ----a-w C:\Windows\System32\perfh009.dat
- 2008-03-05 16:44:27 699,236 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-03-06 13:53:07 699,984 ----a-w C:\Windows\System32\perfh00C.dat
+ 2003-06-05 19:13:00 53,248 ----a-w C:\Windows\System32\Process.exe
+ 2006-04-27 15:49:30 288,417 ----a-w C:\Windows\System32\SrchSTS.exe
+ 2008-03-01 22:12:41 86,016 ----a-w C:\Windows\System32\VACFix.exe
+ 2007-09-05 22:22:23 289,144 ----a-w C:\Windows\System32\VCCLSID.exe
- 2008-03-05 16:33:16 13,632 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3182665122-644683889-1724685261-1001_UserData.bin
+ 2008-03-07 19:17:11 13,824 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3182665122-644683889-1724685261-1001_UserData.bin
- 2008-03-05 16:33:16 66,842 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-07 19:17:11 66,930 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-03-05 16:33:13 56,746 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-03-07 19:17:05 57,056 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2007-10-03 22:36:46 25,600 ----a-w C:\Windows\System32\WS2Fix.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C6C4BA2-1646-0F3A-1FAE-B393C162C92E}]
2007-12-30 21:48 1019904 --a------ C:\Program Files\ContextEnhancer\ContextEnhancer-2.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 09:25 1232896]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 17:15 221184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
"VistaStartMenu"="C:\Program Files\Vista Start Menu\VistaStartMenu.exe" [2007-10-29 17:47 1682944]
"Gestionnaire Antidote.exe"="C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe" [2005-06-22 16:12 386752]
"L06FXLRD_398878"="C:\Program Files\Microsoft Etudes\Microsoft Etudes 2006 DVD\EDICT.exe" [2005-06-04 17:03 301776]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-05-12 19:22 1006264]
"vspdfprsrv.exe"="C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe" [2007-03-23 16:13 1006080]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 15:46 4349952 C:\Windows\RtHDVCpl.exe]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2007-08-24 14:52 240112]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 12:34 155648]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 16:16 65536]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 03:40 86960]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-04-19 17:11 151552]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 14:42 65536]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-12-10 20:52 49152]
"DMXLauncher"="C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe" [2007-08-14 02:44 113136]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-03-14 19:10 116328]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08 813912]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 12:01 1037736]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 00:43 67488]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-03-01 15:43 2957824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ValidateAdminCodeSignatures"= 1 (0x1)
"FilterAdministratorToken"= 1 (0x1)
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lancement rapide d'Adobe Reader.lnk
backup=C:\Windows\pss\Lancement rapide d'Adobe Reader.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
backup=C:\Windows\pss\NkbMonitor.exe.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-09-11 00:43 67488 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L06FXLRD_2057809]
--a------ 2005-06-04 17:03 301776 C:\Program Files\Microsoft Etudes\Microsoft Etudes 2006 DVD\EDICT.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L06FXLRD_339021]
--a------ 2005-06-04 17:03 301776 C:\Program Files\Microsoft Etudes\Microsoft Etudes 2006 DVD\EDICT.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B57534CE-0AC0-4B59-A790-A854D6FA852C}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{338668FA-4645-4EB1-A247-0B913093B924}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{C66A945F-328B-4B4D-9A77-3203F36E0734}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{D0A5B541-60EF-403B-8938-1FF459276FE6}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{927BB122-A1BD-41AA-A1AC-4E5FC0FD2373}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{6E196828-82F1-479B-829A-C9B1678DAC89}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{901A94A8-477D-4856-9324-47DBF700A47D}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{39AB7D19-6CCD-4E7C-8CA3-E252363A38BB}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{73B5252A-6CE3-44E9-A380-E98DF58AA1D8}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{30968050-DEA8-4E34-A0C6-CC643033EF06}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{6A03E41A-A608-45D0-8FA3-E3D509EB1EC9}"= Disabled:UDP:C:\Program Files\devolo\informer\devinf.exe:devolo Informer
"{CF0DF76B-EB88-4DFD-9C72-684588FF7CD2}"= Disabled:TCP:C:\Program Files\devolo\informer\devinf.exe:devolo Informer
"{325A061E-6A8F-4680-B1C5-FEFA288358C5}"= Disabled:UDP:C:\Program Files\devolo\easyshare\easyshare.exe:devolo EasyShare
"{D2516950-C605-4E50-A24D-EBBE04031121}"= Disabled:TCP:C:\Program Files\devolo\easyshare\easyshare.exe:devolo EasyShare
"{FC34C2E9-1AB0-4F0E-B95B-A02CE9A1211C}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{2B00657A-3345-4DAB-B5FE-A6446EF26484}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{E6E67274-1792-4C8D-B217-107DFAFABFB0}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{E9078819-0AEF-4F13-B4DF-7F51516D98E7}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0E712AD8-2546-4747-BE68-AED683189DB3}"= UDP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{A6D50B9B-D9C7-4798-8905-631EB811062F}"= TCP:C:\Program Files\RapidSolution\Tunebite\TunebiteHelper.exe:TunebiteHelper
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080305.002\IDSvix86.sys [2008-02-13 17:18]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-03-01 15:43]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 00:45]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 10:32]
R2 PLCNDIS5;PLCNDIS5 NDIS Protocol Driver;C:\Windows\system32\plcndis5.sys [2004-05-17 09:21]
R2 RoxWatch10;Roxio Hard Drive Watcher 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe" [2007-08-24 14:52]
R3 3xHybrid;ASUSTek SAA713x PCI Card;C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-12-28 01:11]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-13 12:09]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-01-08 13:16]
R3 RoxMediaDB10;RoxMediaDB10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [2007-08-24 14:52]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 23:32]
S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 09:13]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;"C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe" [2007-08-24 14:53]
S2 RoxLiveShare10;LiveShare P2P Server 10;"C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [2007-08-24 14:52]
S2 SessionLauncher;SessionLauncher;C:\Users\DEVEVE~1\AppData\Local\Temp\DX9\SessionLauncher.exe []
S3 ATHFMWDL;Philips USB Wireless Adapter Bootloader driver;C:\Windows\system32\Drivers\ATHFMWDL.sys [2005-02-24 21:42]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;"C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe" [2007-08-24 14:53]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e454897f-00bc-11dc-857e-001a926a9d92}]
\shell\AutoRun\command - G:\welcome.exe
*Newly Created Service* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {E505DA68-3442-5D45-2BD4-1AF0B6312E53} /qb
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{969B3B70-8765-11D5-9809-0050BACBF861}]
rundll32.exe advpack.dll,LaunchINFSection C:\Program Files\CyberLink\MP3PowerEncoder\Cyber.inf,PerUserStub
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-07 21:06:58 C:\Windows\Tasks\User_Feed_Synchronization-{B35540EA-BDF1-432C-8E57-C3AFE42E6BB9}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-07 22:04:09
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\conime.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehRec.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-07 22:07:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-07 21:07:41
.
2008-02-29 15:37:46 --- E O F ---
-
bio72chat - flooder néophite
- Messages: 32
- Inscription: 06 Mar 2008, 17:18
Re: pubs intempestives
de GrosBébé le 07 Mar 2008, 22:35
Je ne vois pas du tout d'où viennent tes pubs sous Internet explorer.
Nik (ou quelqu'un d'autre), si tu veux intervenir ....
Nik (ou quelqu'un d'autre), si tu veux intervenir ....
-
GrosBébé - Moderator
- Messages: 981
- Inscription: 10 Déc 2007, 15:16
Re: pubs intempestives
de niklavi le 08 Mar 2008, 08:21
gaffe à combofix quand même, c'est un outil de désinfection.
renomme ton fichier hijackthis.exe en scan.exe puis lance le et affiche moi le rapport.
renomme ton fichier hijackthis.exe en scan.exe puis lance le et affiche moi le rapport.
- niklavi
- Moderator
- Messages: 298
- Inscription: 02 Avr 2007, 06:45
Re: pubs intempestives
de bio72chat le 08 Mar 2008, 10:25
niklavi a écrit:gaffe à combofix quand même, c'est un outil de désinfection.
renomme ton fichier hijackthis.exe en scan.exe puis lance le et affiche moi le rapport.
Si vous trouvez pas c'est pas grave car avec Firefox ça à l'air OK...
scan.exe::
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:01, on 08.03.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Etudes\Microsoft Etudes 2006 DVD\EDICT.EXE
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/hp/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: ContextEnhancer - {4C6C4BA2-1646-0F3A-1FAE-B393C162C92E} - C:\Program Files\ContextEnhancer\ContextEnhancer-2.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [L06FXLRD_398878] "C:\Program Files\Microsoft Etudes\Microsoft Etudes 2006 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {558714D6-8AC5-11D2-BCB7-00A024A866A5} (ScreenShot Control) - https://collectionsbmu.ville-ge.ch/Comp ... enshot.cab
O16 - DPF: {9D3AA934-55FA-4373-96FD-ED7787E4F161} (MouseHooker Class) - https://collectionsbmu.ville-ge.ch/Comp ... Hooker.dll
O16 - DPF: {A6DCA047-3979-41C8-A5B6-57013B4EC57C} (Fetcher Class) - https://collectionsbmu.ville-ge.ch/Comp ... tcher2.dll
O16 - DPF: {CC0FC8B5-F895-11D2-BCDC-00105A68DFF3} (CIDSETTER Class) - https://collectionsbmu.ville-ge.ch/Comp ... CIDSET.dll
O16 - DPF: {DA606A1F-A615-4734-96DD-8C84312D50D5} (SilentPrinter Class) - https://collectionsbmu.ville-ge.ch/Comp ... Helper.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\DEVEVE~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 12470 bytes
Scan saved at 10:25:01, on 08.03.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Etudes\Microsoft Etudes 2006 DVD\EDICT.EXE
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/hp/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: ContextEnhancer - {4C6C4BA2-1646-0F3A-1FAE-B393C162C92E} - C:\Program Files\ContextEnhancer\ContextEnhancer-2.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [L06FXLRD_398878] "C:\Program Files\Microsoft Etudes\Microsoft Etudes 2006 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {558714D6-8AC5-11D2-BCB7-00A024A866A5} (ScreenShot Control) - https://collectionsbmu.ville-ge.ch/Comp ... enshot.cab
O16 - DPF: {9D3AA934-55FA-4373-96FD-ED7787E4F161} (MouseHooker Class) - https://collectionsbmu.ville-ge.ch/Comp ... Hooker.dll
O16 - DPF: {A6DCA047-3979-41C8-A5B6-57013B4EC57C} (Fetcher Class) - https://collectionsbmu.ville-ge.ch/Comp ... tcher2.dll
O16 - DPF: {CC0FC8B5-F895-11D2-BCDC-00105A68DFF3} (CIDSETTER Class) - https://collectionsbmu.ville-ge.ch/Comp ... CIDSET.dll
O16 - DPF: {DA606A1F-A615-4734-96DD-8C84312D50D5} (SilentPrinter Class) - https://collectionsbmu.ville-ge.ch/Comp ... Helper.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\DEVEVE~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 12470 bytes
-
bio72chat - flooder néophite
- Messages: 32
- Inscription: 06 Mar 2008, 17:18
Re: pubs intempestives
de bio72chat le 08 Mar 2008, 12:32
bio72chat a écrit:niklavi a écrit:gaffe à combofix quand même, c'est un outil de désinfection.
renomme ton fichier hijackthis.exe en scan.exe puis lance le et affiche moi le rapport.
Si vous trouvez pas c'est pas grave car avec Firefox ça à l'air OK...scan.exe::Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:01, on 08.03.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Etudes\Microsoft Etudes 2006 DVD\EDICT.EXE
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/hp/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: ContextEnhancer - {4C6C4BA2-1646-0F3A-1FAE-B393C162C92E} - C:\Program Files\ContextEnhancer\ContextEnhancer-2.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [L06FXLRD_398878] "C:\Program Files\Microsoft Etudes\Microsoft Etudes 2006 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {558714D6-8AC5-11D2-BCB7-00A024A866A5} (ScreenShot Control) - https://collectionsbmu.ville-ge.ch/Comp ... enshot.cab
O16 - DPF: {9D3AA934-55FA-4373-96FD-ED7787E4F161} (MouseHooker Class) - https://collectionsbmu.ville-ge.ch/Comp ... Hooker.dll
O16 - DPF: {A6DCA047-3979-41C8-A5B6-57013B4EC57C} (Fetcher Class) - https://collectionsbmu.ville-ge.ch/Comp ... tcher2.dll
O16 - DPF: {CC0FC8B5-F895-11D2-BCDC-00105A68DFF3} (CIDSETTER Class) - https://collectionsbmu.ville-ge.ch/Comp ... CIDSET.dll
O16 - DPF: {DA606A1F-A615-4734-96DD-8C84312D50D5} (SilentPrinter Class) - https://collectionsbmu.ville-ge.ch/Comp ... Helper.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\DEVEVE~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 12470 bytes
Entre temps un autre problème est apparu: lorsque je mets un CD Audio dans mon lecteur, il ne se met plus en route automatiquement et lorsque je clique sur l'icone du lecteur j'ai le message suivant: "Windows ne parvient pas à accéder au périphérique, au chemin d’accès ou au fichier spécifié. Vous ne disposez peut-être pas des autorisations appropriées pour avoir accès à l’élément". En revanche si je l'ouvre je peux accéder aux morceau. Que faire ?
PS Dois-je ouvrir une nouvelle question ou puis-je rester sur celle-là ?
Merci à touss!!
-
bio72chat - flooder néophite
- Messages: 32
- Inscription: 06 Mar 2008, 17:18
Re: pubs intempestives
de GrosBébé le 08 Mar 2008, 12:43
Bonjour à tous
Chuis un âne
Ce truc y est depuis le premier rapport hijackthis et c'est maintenant que je le vois.
Désinstalle ContextEnhancer.
Puis supprime ce dossier en gras
C:\Program Files\ContextEnhancer
Reposte un nouveau rapport hijackthis.
Pour ton autre souci, crée un nouveau sujet, ce sera mieux
Chuis un âne
Ce truc y est depuis le premier rapport hijackthis et c'est maintenant que je le vois.
Désinstalle ContextEnhancer.
Puis supprime ce dossier en gras
C:\Program Files\ContextEnhancer
Reposte un nouveau rapport hijackthis.
Pour ton autre souci, crée un nouveau sujet, ce sera mieux
-
GrosBébé - Moderator
- Messages: 981
- Inscription: 10 Déc 2007, 15:16
Re: pubs intempestives
de bio72chat le 08 Mar 2008, 13:54
Accass a écrit:Bonjour à tous
Chuis un âne
Ce truc y est depuis le premier rapport hijackthis et c'est maintenant que je le vois.
Désinstalle ContextEnhancer.
Puis supprime ce dossier en gras
C:\Program Files\ContextEnhancer
Reposte un nouveau rapport hijackthis.
Pour ton autre souci, crée un nouveau sujet, ce sera mieux
J'ai désinstallé contextenhancer mais je n'ai pas trouvé le dossier C:\Program Files\ContextEnhancer que tu m'as demandé d'enlever (déjà supprimé quand j'ai desinstallé context enhancer ?).
Ci-dessous le nouveau rapport
:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:54:39, on 08.03.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Microsoft Etudes\Microsoft Etudes 2006 DVD\EDICT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/hp/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [L06FXLRD_398878] "C:\Program Files\Microsoft Etudes\Microsoft Etudes 2006 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-3182665122-644683889-1724685261-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3182665122-644683889-1724685261-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3182665122-644683889-1724685261-1000\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3182665122-644683889-1724685261-1000\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3182665122-644683889-1724685261-1000\..\Run: [L06FXLRD_3733556] "C:\Program Files\Microsoft Etudes\Microsoft Etudes 2006 DVD\EDICT.EXE" -m (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3182665122-644683889-1724685261-1000\..\Run: [L06FXLRD_339021] "C:\Program Files\Microsoft Etudes\Microsoft Etudes 2006 DVD\EDICT.EXE" -m (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3182665122-644683889-1724685261-1000\..\Run: [L06FXLRD_2057809] "C:\Program Files\Microsoft Etudes\Microsoft Etudes 2006 DVD\EDICT.EXE" -m (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3182665122-644683889-1724685261-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3182665122-644683889-1724685261-1000\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe" (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3182665122-644683889-1724685261-1000\..\RunOnce: [StartMS] "C:\Program Files\Creative\Shared Files\Media Sniffer\StartMS.EXE" /s (User 'IUSR_NMPR')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {558714D6-8AC5-11D2-BCB7-00A024A866A5} (ScreenShot Control) - https://collectionsbmu.ville-ge.ch/Comp ... enshot.cab
O16 - DPF: {9D3AA934-55FA-4373-96FD-ED7787E4F161} (MouseHooker Class) - https://collectionsbmu.ville-ge.ch/Comp ... Hooker.dll
O16 - DPF: {A6DCA047-3979-41C8-A5B6-57013B4EC57C} (Fetcher Class) - https://collectionsbmu.ville-ge.ch/Comp ... tcher2.dll
O16 - DPF: {CC0FC8B5-F895-11D2-BCDC-00105A68DFF3} (CIDSETTER Class) - https://collectionsbmu.ville-ge.ch/Comp ... CIDSET.dll
O16 - DPF: {DA606A1F-A615-4734-96DD-8C84312D50D5} (SilentPrinter Class) - https://collectionsbmu.ville-ge.ch/Comp ... Helper.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\DEVEVE~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 13984 bytes
Scan saved at 13:54:39, on 08.03.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
C:\Program Files\Microsoft Etudes\Microsoft Etudes 2006 DVD\EDICT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSHelpRunner10.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/hp/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe --background
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [L06FXLRD_398878] "C:\Program Files\Microsoft Etudes\Microsoft Etudes 2006 DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-3182665122-644683889-1724685261-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3182665122-644683889-1724685261-1000\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3182665122-644683889-1724685261-1000\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3182665122-644683889-1724685261-1000\..\Run: [Gestionnaire Antidote.exe] C:\Program Files\Druide\Antidote\Antidote\Gestionnaire Antidote.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3182665122-644683889-1724685261-1000\..\Run: [L06FXLRD_3733556] "C:\Program Files\Microsoft Etudes\Microsoft Etudes 2006 DVD\EDICT.EXE" -m (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3182665122-644683889-1724685261-1000\..\Run: [L06FXLRD_339021] "C:\Program Files\Microsoft Etudes\Microsoft Etudes 2006 DVD\EDICT.EXE" -m (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3182665122-644683889-1724685261-1000\..\Run: [L06FXLRD_2057809] "C:\Program Files\Microsoft Etudes\Microsoft Etudes 2006 DVD\EDICT.EXE" -m (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3182665122-644683889-1724685261-1000\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3182665122-644683889-1724685261-1000\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe" (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-21-3182665122-644683889-1724685261-1000\..\RunOnce: [StartMS] "C:\Program Files\Creative\Shared Files\Media Sniffer\StartMS.EXE" /s (User 'IUSR_NMPR')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {558714D6-8AC5-11D2-BCB7-00A024A866A5} (ScreenShot Control) - https://collectionsbmu.ville-ge.ch/Comp ... enshot.cab
O16 - DPF: {9D3AA934-55FA-4373-96FD-ED7787E4F161} (MouseHooker Class) - https://collectionsbmu.ville-ge.ch/Comp ... Hooker.dll
O16 - DPF: {A6DCA047-3979-41C8-A5B6-57013B4EC57C} (Fetcher Class) - https://collectionsbmu.ville-ge.ch/Comp ... tcher2.dll
O16 - DPF: {CC0FC8B5-F895-11D2-BCDC-00105A68DFF3} (CIDSETTER Class) - https://collectionsbmu.ville-ge.ch/Comp ... CIDSET.dll
O16 - DPF: {DA606A1F-A615-4734-96DD-8C84312D50D5} (SilentPrinter Class) - https://collectionsbmu.ville-ge.ch/Comp ... Helper.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
O23 - Service: SessionLauncher - Unknown owner - C:\Users\DEVEVE~1\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 13984 bytes
-
bio72chat - flooder néophite
- Messages: 32
- Inscription: 06 Mar 2008, 17:18
-
GrosBébé - Moderator
- Messages: 981
- Inscription: 10 Déc 2007, 15:16
Re: pubs intempestives
de bio72chat le 08 Mar 2008, 16:05
Accass a écrit:Et maintenant ?
J'ai surfé 20min avec explorer et plus de pubs !!!
Merci !!!
Pour plus de sécurité, je vais quand même passer à firefox.
Salutations
-
bio72chat - flooder néophite
- Messages: 32
- Inscription: 06 Mar 2008, 17:18
37 messages • Page 2 sur 3 • 1, 2, 3
Retourner vers Désinfections !
Qui est en ligne
Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 0 invités
- Portail‹
- logithèque
- Index du forum ‹ informatique ‹ sécurité ‹ Désinfections !
- L’équipe du forum • Supprimer les cookies du forum • Heures au format UTC + 1 heure