Bonjour Philae
Bien je suis surpris concernant le rapport, je pensais d'avoir donner le premier car il y a une différence entre une première analyse et et une 2ème?
Je n'ai plus que celui ci
Désolé si je t'apporte pas tout satisfaction dans ce que tu me demande
ComboFix 08-09-04.02 - PHILIPPE 2008-09-05 0:47:11.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1310 [GMT 2:00]
Endroit: C:\Users\PHILIPPE\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-08-04 to 2008-09-04 ))))))))))))))))))))))))))))))))))))
.
2008-09-05 00:46 . 2008-09-05 00:46 <REP> d-------- C:\327882R2FWJFW
2008-09-05 00:41 . 2008-09-05 00:42 222,800,659 --a------ C:\Windows\MEMORY.DMP
2008-09-04 23:41 . 2008-09-05 00:32 <REP> d-------- C:\Program Files\RegCleaner
2008-09-04 23:37 . 2008-06-19 17:24 28,544 --a------ C:\Windows\System32\drivers\pavboot.sys
2008-09-04 22:35 . 2008-09-05 00:26 <REP> d-------- C:\Program Files\Smart Antivirus 2009
2008-09-03 22:03 . 2008-09-03 22:20 <REP> d-------- C:\Program Files\Photodex
2008-09-03 20:45 . 2008-09-03 20:46 <REP> d-------- C:\Program Files\QuickTime
2008-09-03 20:44 . 2008-09-03 20:44 <REP> d-------- C:\Program Files\Apple Software Update
2008-08-31 18:43 . 2008-09-02 17:22 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-31 18:43 . 2008-09-02 00:16 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-31 18:43 . 2008-09-02 00:16 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-27 21:25 . 2008-02-28 13:26 1,414,440 --a------ C:\Windows\System32\ShellManager310E2D762.dll
2008-08-27 21:25 . 2008-02-28 13:01 774,144 --a------ C:\Windows\System32\NEROINSTAEC43759.DB
2008-08-25 19:58 . 2006-09-12 12:46 227,328 -r-hs---- C:\Windows\System32\ac3DX.ax
2008-08-25 19:58 . 2008-03-16 14:30 216,064 -r-hs---- C:\Windows\System32\nbDX.dll
2008-08-25 19:58 . 2006-03-10 22:48 169,472 -r-hs---- C:\Windows\System32\MatroskaDX.ax
2008-08-25 19:58 . 2006-05-03 11:06 163,328 -r-hs---- C:\Windows\System32\flvDX.dll
2008-08-25 19:58 . 2005-11-25 21:46 161,792 -r-hs---- C:\Windows\System32\RealMediaDX.ax
2008-08-25 19:58 . 2006-01-13 00:23 123,904 -r-hs---- C:\Windows\System32\AVCDX.ax
2008-08-25 19:58 . 2005-02-22 17:55 81,920 -r-hs---- C:\Windows\System32\aac_parser.ax
2008-08-25 19:58 . 2003-11-21 00:00 54,784 -r-hs---- C:\Windows\System32\RLAPEDec.ax
2008-08-25 19:58 . 2004-04-27 00:00 37,888 -r-hs---- C:\Windows\System32\RLMPCDec.ax
2008-08-25 19:58 . 2007-02-21 12:47 31,232 -r-hs---- C:\Windows\System32\msfDX.dll
2008-08-25 19:55 . 2008-08-25 19:55 <REP> d-------- C:\Program Files\eRightSoft
2008-08-24 20:37 . 2008-08-24 20:37 <REP> d-------- C:\Program Files\Xvid
2008-08-24 17:31 . 2008-08-24 17:31 <REP> d-------- C:\Program Files\VSO
2008-08-22 11:38 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-22 11:38 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-22 11:38 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-22 11:38 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-22 11:37 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-22 11:37 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-22 11:37 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-22 11:37 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-22 11:37 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-19 14:18 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-18 18:11 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-18 18:11 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-18 18:11 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-18 18:11 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-18 18:11 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-03 21:55 --------- d-----w C:\Program Files\Google
2008-09-03 20:09 --------- d-----w C:\Program Files\CyberLink
2008-09-02 15:23 --------- d-----w C:\Program Files\SpywareBlaster
2008-09-01 22:38 --------- d-----w C:\Program Files\PhotoshopCS3Portable
2008-09-01 22:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-27 19:47 --------- d-----w C:\Program Files\Common Files\Nero
2008-08-26 18:50 --------- d-----w C:\Program Files\Glary Utilities
2008-08-23 14:24 --------- d-----w C:\Program Files\DivX
2008-08-19 12:15 --------- d-----w C:\Program Files\Windows Mail
2008-07-25 08:36 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-07-15 18:25 657,408 ----a-w C:\Windows\is-CIEJ3.exe
2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-15 15:18 174 --sha-w C:\Program Files\desktop.ini
2008-06-15 13:32 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-15 13:32 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r C:\Windows\System32\nbDX.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-02-20 1443072]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-09-02 1244848]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispSettingPage"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"vidc.yv12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
backup=C:\Windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^PHILIPPE^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=C:\Windows\pss\OpenOffice.org 2.3.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonHK]
--a------ 2007-03-15 16:37 32768 C:\Windows\BisonCam\BisonHK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BsMnt]
--a------ 2007-03-15 16:34 172032 C:\Windows\BisonCam\BsMnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 09:33 125952 C:\Windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-02-28 17:07 1828136 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MGSysCtrl]
--a------ 2007-07-24 11:51 561152 C:\Program Files\System Control Manager\MGSysCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-02-18 16:29 2221352 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
--a------ 2008-06-02 17:02 6210888 C:\Program Files\Pando Networks\Pando\pando.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 09:33 1233920 C:\Program Files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-01-21 12:17 61440 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 09:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2008-01-19 09:36 2153472 C:\Windows\System32\oobefldr.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"MSConfig"="C:\Windows\system32\msconfig.exe" /auto
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
"Skytel"=Skytel.exe
"RtHDVCpl"=RtHDVCpl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DAE95796-BBA8-47CB-B69A-18E732A2E220}"= C:\Program Files\CyberLink\PowerDirector Express\PDX.EXE:CyberLink PowerDirector Express
"{55C90591-2994-4C26-B3C3-5F7A57BB17A5}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{5551FA18-2659-41FE-AE29-D3052FA0B12A}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{4A3AD8A4-3552-4CC7-B2F4-BE19663CFE25}"= UDP:C:\Program Files\DAP\DAP.exe:Download Accelerator Plus (DAP)
"{F9B461C9-AA90-44B7-9A84-0502B77AC9B0}"= TCP:C:\Program Files\DAP\DAP.exe:Download Accelerator Plus (DAP)
"{3F04437F-D086-406A-949B-1229234AE1D3}"= UDP:56209:Pando P2P TCP Listening Port
"{31794B01-FB86-4657-B964-52A22FBC0B8B}"= TCP:56209:Pando P2P UDP Listening Port
"TCP Query User{BE5EBD63-C7CA-4ED8-9A90-0B47848D59ED}C:\\program files\\pando networks\\pando\\pando.exe"= UDP:C:\program files\pando networks\pando\pando.exe:pando
"UDP Query User{C7760DCA-3E0C-4044-B25E-1B51899F74C3}C:\\program files\\pando networks\\pando\\pando.exe"= TCP:C:\program files\pando networks\pando\pando.exe:pando
"{FC07506B-C126-41C0-8AC7-CF010C9543AD}"= UDP:56133:Pando P2P TCP Listening Port
"{D2A92B59-DCF2-4AAA-B681-A080DD31E6F5}"= TCP:56133:Pando P2P UDP Listening Port
"TCP Query User{95E6152F-7E4A-4E32-8F82-40C6A158A0B7}C:\\program files\\satellite tv for pc\\satellitetvforpc.exe"= UDP:C:\program files\satellite tv for pc\satellitetvforpc.exe:SatelliteTVforPC
"UDP Query User{7D27BCD2-F726-4C63-A5CF-31BC0B9F9E6D}C:\\program files\\satellite tv for pc\\satellitetvforpc.exe"= TCP:C:\program files\satellite tv for pc\satellitetvforpc.exe:SatelliteTVforPC
"TCP Query User{9B2B19AB-0FAC-4B61-9F9F-C111193E083E}C:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{AC66DC4F-A1C6-45BC-B5E0-224AE053C9E1}C:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:C:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"{DE1C6C6A-C2FF-4F9B-81EE-150CCB5540F6}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{3A455ADD-11C4-4794-B60D-AD362889AC97}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{E271158F-4A2E-40E6-8F2A-3594BAD89313}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"{7E958C55-60C6-47C6-ADCA-840309F3B342}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"TCP Query User{CF4D4733-60D4-484E-89F2-28FB034399B6}C:\\users\\philippe\\appdata\\local\\temp\\rar$ex02.901\\freezer.exe"= UDP:C:\users\philippe\appdata\local\temp\rar$ex02.901\freezer.exe:freezer.exe
"UDP Query User{8140AB56-9A25-4145-8F00-DC2A82D26AC5}C:\\users\\philippe\\appdata\\local\\temp\\rar$ex02.901\\freezer.exe"= TCP:C:\users\philippe\appdata\local\temp\rar$ex02.901\freezer.exe:freezer.exe
"TCP Query User{6D134D20-157C-4ED5-A630-74A89C4DA4E7}C:\\users\\philippe\\appdata\\local\\temp\\rar$ex10.9794\\freezer.exe"= UDP:C:\users\philippe\appdata\local\temp\rar$ex10.9794\freezer.exe:freezer.exe
"UDP Query User{066371DE-BFD7-4760-950D-F3AF9C8DD562}C:\\users\\philippe\\appdata\\local\\temp\\rar$ex10.9794\\freezer.exe"= TCP:C:\users\philippe\appdata\local\temp\rar$ex10.9794\freezer.exe:freezer.exe
"TCP Query User{7694262C-D4C2-449A-9917-96CE6BBB8881}C:\\users\\philippe\\appdata\\local\\temp\\rar$ex00.898\\freezer.exe"= UDP:C:\users\philippe\appdata\local\temp\rar$ex00.898\freezer.exe:freezer.exe
"UDP Query User{B6BD68B0-A8C1-4CC5-8F33-BBAB9CBE0A54}C:\\users\\philippe\\appdata\\local\\temp\\rar$ex00.898\\freezer.exe"= TCP:C:\users\philippe\appdata\local\temp\rar$ex00.898\freezer.exe:freezer.exe
"TCP Query User{A9A38817-1882-45CC-ACDA-A25FD602F79B}C:\\users\\philippe\\appdata\\local\\temp\\rar$ex34.168\\freezer.exe"= UDP:C:\users\philippe\appdata\local\temp\rar$ex34.168\freezer.exe:freezer.exe
"UDP Query User{59760EFB-EFD0-4E25-9B55-D541F42A2417}C:\\users\\philippe\\appdata\\local\\temp\\rar$ex34.168\\freezer.exe"= TCP:C:\users\philippe\appdata\local\temp\rar$ex34.168\freezer.exe:freezer.exe
"TCP Query User{89B70B87-7D88-4939-A74E-FBD905FD7B2B}C:\\program files\\free music zilla\\fmzilla.exe"= UDP:C:\program files\free music zilla\fmzilla.exe:FMZilla Module
"UDP Query User{BE81D47D-CDCA-404E-B732-7473046D6468}C:\\program files\\free music zilla\\fmzilla.exe"= TCP:C:\program files\free music zilla\fmzilla.exe:FMZilla Module
"{3B1888C8-717A-4FA8-91C1-05FA53EA6276}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{63104130-5EE1-481C-BD5B-FFD0067BCA7A}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{A1D9A682-00E2-4FF8-B624-5233C9F3B71B}"= UDP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
"{7D51DAD6-8B5A-45CF-A296-1375BF0FC1CB}"= TCP:C:\Program Files\ma-config.com\maconfservice.exe:maconfservice
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 7680]
R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot.sys [2008-06-19 28544]
R2 NishService;SCM Driver Daemon;C:\Program Files\System Control Manager\edd.exe [2006-03-22 40960]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-05-12 3592704]
R3 MGHwCtrl;MGHwCtrl;C:\Windows\system32\drivers\MGHwCtrl.sys [2006-12-22 19456]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2008-02-15 59392]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\Windows\system32\regedt32.exe [2006-11-02 9216]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-06-14 576680]
*Newly Created Service* - CATCHME
*Newly Created Service* - PAVBOOT
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\PHILIPPE\AppData\Roaming\Mozilla\Firefox\Profiles\i9t1vvno.default\
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1229.1533\npCIDetect11.dll
FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-05 00:49:38
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
.
Temps d'accomplissement: 2008-09-05 0:52:08
ComboFix-quarantined-files.txt 2008-09-04 22:51:03
Pre-Run: 7,098,531,840 octets libres
Post-Run: 7,261,163,520 octets libres
217 --- E O F --- 2008-09-02 15:29:19
Voici le rapport HijackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:29:36, on 05/09/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\PHILIPPE\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - Startup: SpywareBlaster.lnk = C:\Program Files\SpywareBlaster\spywareblaster.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_0_1_0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5342/mcfscan.cab
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 5265 bytes
Virus " smart antivirus"
Groupe Sécurité
Pour tous les lecteurs :
Télécharge 
Désactiver les protections résidentes - Tutoriel
E