Votre question

Besoin d'un avis

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
19 Janvier 2009 15:48:59

J'ai lancé combofix et je voulais savoir si je suis infecté ou non merci

ComboFix 09-01-18.03 - Administrateur 2009-01-19 15:30:33.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2038.1375 [GMT 1:00]
Lancé depuis: d:\downloads\ComboFix.exe
Commutateurs utilisés :: d:\downloads\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrateur\Local Settings\Temporary Internet Files\sqlnet.log

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-19 au 2009-01-19 ))))))))))))))))))))))))))))))))))))
.

2009-01-19 13:29 . 2009-01-19 13:34 <REP> d-------- c:\program files\Opt-In Software
2009-01-19 09:11 . 2009-01-19 09:13 <REP> d-------- C:\zzzz
2009-01-15 14:05 . 2009-01-15 15:34 <REP> d-------- C:\interf_sortie
2009-01-10 12:49 . 2009-01-10 12:49 <REP> d-------- c:\documents and settings\All Users\Application Data\Acronis
2009-01-08 15:04 . 2009-01-08 15:04 <REP> d-------- c:\windows\system32\NtmsData
2009-01-08 15:04 . 2009-01-08 15:04 454,688 --a------ c:\windows\system32\drivers\timntr.sys
2009-01-08 15:04 . 2009-01-08 15:04 132,352 --a------ c:\windows\system32\drivers\snapman.sys
2009-01-08 15:04 . 2009-01-08 15:04 43,008 --a------ c:\windows\system32\drivers\tifsfilt.sys
2009-01-08 15:03 . 2009-01-08 15:03 <REP> d-------- c:\program files\Fichiers communs\Acronis
2009-01-08 15:03 . 2009-01-08 15:03 <REP> d-------- c:\program files\Acronis
2009-01-04 01:36 . 2009-01-04 01:36 <REP> d-------- c:\documents and settings\Administrateur\deluge
2009-01-02 10:42 . 2009-01-02 10:43 <REP> d-------- c:\documents and settings\rbouazizi\Bureau
2009-01-02 10:42 . 2009-01-02 10:42 <REP> d-------- c:\documents and settings\rbouazizi
2009-01-02 10:28 . 2008-12-30 17:56 <REP> d-------- C:\siveco
2009-01-02 10:26 . 2009-01-02 10:15 757,064,006 --a------ C:\siveco.rar
2009-01-02 09:58 . 2008-08-28 00:19 <REP> d--h----- c:\documents and settings\mdjelassi\Voisinage réseau
2009-01-02 09:58 . 2008-08-28 00:19 <REP> d--h----- c:\documents and settings\mdjelassi\Voisinage d'impression
2009-01-02 09:58 . 2008-08-27 22:24 <REP> d--h----- c:\documents and settings\mdjelassi\Modèles
2009-01-02 09:58 . 2009-01-02 09:58 <REP> dr------- c:\documents and settings\mdjelassi\Mes documents
2009-01-02 09:58 . 2008-08-28 00:19 <REP> dr------- c:\documents and settings\mdjelassi\Menu Démarrer
2009-01-02 09:58 . 2009-01-02 09:58 <REP> dr------- c:\documents and settings\mdjelassi\Favoris
2009-01-02 09:58 . 2008-08-28 00:19 <REP> d-------- c:\documents and settings\mdjelassi\Bureau
2009-01-02 09:58 . 2009-01-02 09:58 <REP> d-------- c:\documents and settings\mdjelassi\Application Data\PC Suite
2009-01-02 09:58 . 2009-01-02 10:11 <REP> d-------- c:\documents and settings\mdjelassi
2009-01-02 09:47 . 2009-01-02 09:47 <REP> d-------- C:\JDev1012
2008-12-29 14:48 . 2008-12-29 15:15 <REP> d-------- C:\UBCD4Win
2008-12-28 16:01 . 2008-12-28 16:01 <REP> d-------- c:\program files\Microsoft
2008-12-28 16:00 . 2008-12-28 16:00 <REP> d-------- c:\program files\Windows Live SkyDrive
2008-12-28 12:33 . 2009-01-19 15:35 <REP> d-------- c:\documents and settings\Administrateur\Tracing
2008-12-28 11:56 . 2008-12-28 11:56 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2008-12-23 17:39 . 2008-12-23 17:40 <REP> d-------- c:\program files\trend micro
2008-12-20 12:06 . 2008-12-20 12:06 <REP> d-------- c:\program files\SpeedSim

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-19 14:35 --------- d-----w c:\documents and settings\Administrateur\Application Data\skypePM
2009-01-19 14:35 --------- d-----w c:\documents and settings\Administrateur\Application Data\Skype
2009-01-19 14:34 --------- d-----w c:\program files\SuperCopier2
2009-01-19 14:30 --------- d-----w c:\documents and settings\Administrateur\Application Data\Free Download Manager
2009-01-19 14:02 --------- d-----w c:\documents and settings\Administrateur\Application Data\Ditto
2009-01-17 10:25 --------- d-----w c:\program files\Google
2009-01-14 11:04 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-28 16:57 --------- d-----w c:\program files\Bandoo
2008-12-28 11:31 --------- d-----w c:\program files\Windows Live
2008-12-28 10:40 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-18 15:29 --------- d-----w c:\program files\RelevantKnowledge
2008-12-12 13:21 --------- d-----w c:\program files\Winamp
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 11:35 --------- d-----w c:\program files\7-Zip
2008-12-04 11:23 --------- d-----w c:\documents and settings\Administrateur\Application Data\Dev-Cpp
2008-11-28 08:28 --------- d-----w c:\program files\Skype
2008-11-28 08:28 --------- d-----w c:\program files\Fichiers communs\Skype
2008-08-29 06:44 166 ----a-w c:\documents and settings\Administrateur\Status.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"Ditto"="c:\program files\Ditto\Ditto.exe" [2008-01-16 684032]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"Yagoon Time"="c:\program files\Yagoon\Time\Time.exe" [2006-03-26 3896832]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-11-21 3297280]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Tvs"="c:\program files\TOSHIBA\Tvs\TvsTray.exe" [2006-02-02 73728]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-01-23 223232]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-08-28 949376]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe" [2008-02-22 1274752]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe" [2008-02-22 884696]
"Acronis Scheduler2 Service"="c:\program files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2008-02-22 136472]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\j2sdk1.4.2_05\\bin\\java.exe"=
"c:\\oracle\\product\\10.2.0\\db_1\\jdk\\jre\\bin\\java.exe"=
"c:\\Program Files\\Crystal Decisions\\Crystal Reports 9\\crw32.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\JDev1012\\jdev\\jdk\\bin\\javaw.exe"=
"c:\\JDev1012\\jdev\\jdev\\bin\\jdevw.exe"=
"d:\\Alerte Rouge 3\\Data\\ra3_1.0.game"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-08-28 15424]
R4 BOBJCentralMS;Central Management Server;c:\program files\Business Objects\BusinessObjects Enterprise 11.5\win32_x86\CMS.exe [2007-03-01 2625536]
R4 BOBJCrystalReportApplicationServer;Report Application Server;c:\program files\Business Objects\common\3.5\bin\crystalras.exe [2007-03-01 456192]
R4 BOBJMySQL;MySQL 4.1.13a;c:\program files\Business Objects\MySQL\mysql-pro-4.1.13a-win32\bin\mysqld.exe [2008-08-28 3596288]
S3 OracleOraDb10gTNSListener;OracleOraDb10gTNSListener;c:\oracle\product\10.2.0\db_1\BIN\TNSLSNR --> c:\oracle\product\10.2.0\db_1\BIN\TNSLSNR [?]
S3 OracleOraHome92Agent;OracleOraHome92Agent;c:\oracle\ora92\bin\agntsrvc.exe [2002-04-26 28944]
S3 OracleOraHome92SNMPPeerEncapsulator;OracleOraHome92SNMPPeerEncapsulator;c:\oracle\ora92\bin\encsvc.exe [2002-02-13 165310]
S3 OracleOraHome92SNMPPeerMasterAgent;OracleOraHome92SNMPPeerMasterAgent;c:\oracle\ora92\bin\agntsvc.exe [2002-02-13 216188]
S3 OracleServiceIMP9;OracleServiceIMP9;c:\oracle\ora92\bin\ORACLE.EXE IMP9 --> c:\oracle\ora92\bin\ORACLE.EXE IMP9 [?]
S3 OracleServiceMIG6;OracleServiceMIG6;c:\oracle\ora92\bin\ORACLE.EXE MIG6 --> c:\oracle\ora92\bin\ORACLE.EXE MIG6 [?]
S3 OracleServiceMIG7;OracleServiceMIG7;c:\oracle\ora92\bin\ORACLE.EXE MIG7 --> c:\oracle\ora92\bin\ORACLE.EXE MIG7 [?]
S3 OracleServiceO10G;OracleServiceO10G;c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE O10G --> c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE O10G [?]
S3 OracleServiceORA9;OracleServiceORA9;c:\oracle\ora92\bin\ORACLE.EXE ORA9 --> c:\oracle\ora92\bin\ORACLE.EXE ORA9 [?]
S4 OracleJobSchedulerO10G;OracleJobSchedulerO10G;c:\oracle\product\10.2.0\db_1\Bin\extjob.exe O10G --> c:\oracle\product\10.2.0\db_1\Bin\extjob.exe O10G [?]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{27b8f6c4-8874-11dd-8ade-0016d4252542}]
\Shell\AutoRun\command - G:\xk2n.bat
\Shell\explore\Command - G:\xk2n.bat
\Shell\open\Command - G:\xk2n.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{509d1594-8487-11dd-8ad2-0016d4252542}]
\Shell\AutoRun\command - H:\xk2n.bat
\Shell\explore\Command - H:\xk2n.bat
\Shell\open\Command - H:\xk2n.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55984246-7483-11dd-8a9b-f3322bbb1021}]
\Shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c44981c2-8645-11dd-8ad7-0016d4252542}]
\Shell\AutoRun\command - G:\xk2n.bat
\Shell\explore\Command - G:\xk2n.bat
\Shell\open\Command - G:\xk2n.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0089ac8-9513-11dd-8afa-0016d4252542}]
\Shell\AutoRun\command - G:\itsduel.exe
\Shell\explore\Command - G:\itsduel.exe
\Shell\open\Command - G:\itsduel.exe
.
- - - - ORPHELINS SUPPRIMES - - - -

MSConfigStartUp-kamsoft - c:\windows\system32\ckvo.exe
MSConfigStartUp-Lwfwtbwl - d:\downloads\FREEGATE\fg679p.exe


.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = <local>
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Tout télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\c1lyydzm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=fr
FF - plugin: c:\documents and settings\Administrateur\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJPI142_05.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPOJI610.dll

---- PARAMETRES FIREFOX ----
FF - user.js: browser.urlbar.autoFill - true
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: content.switch.threshold - 650000
FF - user.js: browser.xul.error_pages.enabled - true
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-19 15:35:30
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\mc23.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraDb10gTNSListener]
"ImagePath"="c:\oracle\product\10.2.0\db_1\BIN\TNSLSNR "

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OracleOraHome92TNSListener]
"ImagePath"="c:\oracle\ora92\BIN\TNSLSNR "
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(1020)
c:\windows\system32\relog_ap.dll
c:\windows\system32\imon.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\ESET\nod32krn.exe
c:\oracle\ora92\bin\TNSLSNR.EXE
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Fichiers communs\Acronis\Schedule2\schedul2.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
.
**************************************************************************
.
Heure de fin: 2009-01-19 15:38:36 - La machine a redémarré [Administrateur]
ComboFix-quarantined-files.txt 2009-01-19 14:38:32

Avant-CF: 9,166,188,544 octets libres
Après-CF: 9,260,892,160 octets libres

227 --- E O F --- 2009-01-14 11:04:40

Autres pages sur : besoin avis

19 Janvier 2009 18:37:38

Fais un rapport hijacthis et la on te dira si tu est infecté ou pas!
20 Janvier 2009 13:28:27

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:19:38, on 20/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Business Objects\MySQL\mysql-pro-4.1.13a-win32\bin\mysqld.exe
C:\Program Files\Eset\nod32krn.exe
C:\oracle\ora92\BIN\TNSLSNR.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Business Objects\BusinessObjects Enterprise 11.5\win32_x86\CMS.exe
C:\Program Files\Business Objects\common\3.5\bin\crystalras.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Ditto\Ditto.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Yagoon\Time\Time.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\WINDOWS\Explorer.EXE
d:\Downloads\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [Ditto] C:\Program Files\Ditto\Ditto.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Yagoon Time] "C:\Program Files\Yagoon\Time\Time.exe" min
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Cont...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0FC4535-082A-480E-A027-B065AD3EACD8}: Domain = CTF
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Central Management Server (BOBJCentralMS) - Business Objects - C:\Program Files\Business Objects\BusinessObjects Enterprise 11.5\win32_x86\CMS.exe
O23 - Service: Report Application Server (BOBJCrystalReportApplicationServer) - Business Objects - C:\Program Files\Business Objects\common\3.5\bin\crystalras.exe
O23 - Service: MySQL 4.1.13a (BOBJMySQL) - Unknown owner - C:\Program Files\Business Objects\MySQL\mysql-pro-4.1.13a-win32\bin\mysqld.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraDb10gTNSListener - Unknown owner - C:\oracle\product\10.2.0\db_1\BIN\TNSLSNR.exe
O23 - Service: OracleOraHome92Agent - Oracle Corporation - C:\oracle\ora92\bin\agntsrvc.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: OracleOraHome92SNMPPeerEncapsulator - Unknown owner - C:\oracle\ora92\BIN\ENCSVC.EXE
O23 - Service: OracleOraHome92SNMPPeerMasterAgent - Unknown owner - C:\oracle\ora92\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHome92TNSListener - Unknown owner - C:\oracle\ora92\BIN\TNSLSNR.exe
O23 - Service: OracleServiceIMP9 - Oracle Corporation - c:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: OracleServiceMIG6 - Oracle Corporation - c:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: OracleServiceMIG7 - Oracle Corporation - c:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: OracleServiceO10G - Oracle Corporation - c:\oracle\product\10.2.0\db_1\bin\ORACLE.EXE
O23 - Service: OracleServiceORA9 - Oracle Corporation - c:\oracle\ora92\bin\ORACLE.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 11125 bytes
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS