Votre question

a laide virus bagle est de retour

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
29 Février 2008 12:59:08

Bonjour ou bonsoir je ne sais plus

J ai vraiment besoin d aide, hier j ai chopé un bagle qui m a défoncé le systeme de securité tout entier et supprimer mes connexions internets, j ai essayé de me débrouiller un peu seul et suivi quelques pos sur forum mais la je bloque et j aimerais bien dromir un peu.
Donc voila ce que j ai fait j ai telecharger un logiciel pirate (je sais pas bien mais un logiciel pour retoruver mot de passe word a 200 euros j peux pas moi) et boum tout a sauté, j ai donc fait comme ceci
- elibagla (le rapport ci dessous)
- combofix (idem)
- patch bagle
- highjackthis
- toolscleaner

Je sais plus trop dans quel ordre, mais j ai enfin pu reinstaller avast mais l ordi rame, toujours pas internet, j ai relancer un scan avec eliblagla il me trouve encore le srosa.sys, et en ce moment meme windows est en train de verifier les fichiers system....
aidez moi s il vous plait

elibagla


Fri Feb 29 04:14:40 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.08
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Fri Feb 29 04:15:18 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\drivers\SROSA.SYS --> Acceso Denegado, Bagle (rootkit) (Reiniciar para completar la Limpieza)

Nº Total de Directorios: 12857
Nº Total de Ficheros: 122845
Nº de Ficheros Analizados: 10407
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Fri Feb 29 04:23:16 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.08
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Fri Feb 29 04:29:51 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.08
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Fri Feb 29 04:30:36 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 8046
Nº Total de Ficheros: 74857
Nº de Ficheros Analizados: 677
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.

Fri Feb 29 04:41:53 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.08
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Fri Feb 29 04:42:07 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\drivers\SROSA.SYS --> Acceso Denegado, Bagle (rootkit) (Reiniciar para completar la Limpieza)

Nº Total de Directorios: 12862
Nº Total de Ficheros: 122807
Nº de Ficheros Analizados: 10408
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Fri Feb 29 04:50:31 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.08
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Fri Feb 29 04:57:50 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.08
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Reinicie para Completar la Limpieza.

Fri Feb 29 05:20:01 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Fri Feb 29 12:10:08 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Fri Feb 29 12:10:11 2008
EliBagle v11.08 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\SROSA.SYS.VIR --> Eliminado Bagle (rootkit)

Nº Total de Directorios: 12834
Nº Total de Ficheros: 122899
Nº de Ficheros Analizados: 10490
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

combofix

ComboFix 08-02-25.3 - siegfrield 2008-02-29 5:32:59.2 - NTFSx86 MINIMAL

Endroit: C:\Documents and Settings\siegfrield\Bureau\Antibagle.exe
.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-28 to 2008-02-29 ))))))))))))))))))))))))))))))))))))
.

2008-02-29 04:14 . 2008-02-29 04:14 <REP> d-------- C:\Muestras
2008-02-29 04:01 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-29 04:01 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-29 04:01 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-29 04:01 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-29 04:01 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-29 04:01 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-29 04:00 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-29 02:53 . 2008-02-29 02:53 1,000 --a------ C:\WINDOWS\ARCHPR.INI
2008-02-29 02:32 . 2008-02-29 03:12 <REP> d-------- C:\Program Files\Elcomsoft
2008-02-29 02:32 . 2008-02-29 02:36 1,740 --a------ C:\WINDOWS\aopr.ini
2008-02-28 23:19 . 2008-02-28 23:20 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-02-28 23:15 . 2008-02-28 23:15 <REP> d-------- C:\Program Files\J'M Les Langues
2008-02-28 23:14 . 2008-02-29 02:58 <REP> d-------- C:\Program Files\Marco Polo Fran‡ais Anglais 4
2008-02-28 23:14 . 2008-02-28 23:14 720,896 --a------ C:\WINDOWS\iun6002ev.exe
2008-02-28 23:13 . 2008-02-28 23:13 <REP> d-------- C:\Program Files\VocabOne02
2008-02-28 23:12 . 2008-02-29 03:14 <REP> d-------- C:\WINDOWS\Lhsp
2008-02-28 23:11 . 2008-02-28 23:16 <REP> d-------- C:\Program Files\Sayz Me
2008-02-28 23:10 . 2008-02-29 03:24 <REP> d-------- C:\Program Files\Kit Shtooka
2008-02-28 13:22 . 2008-02-28 13:51 <REP> d-------- C:\Program Files\PROMT5
2008-02-28 13:22 . 2008-02-29 04:01 <REP> d-------- C:\Documents and Settings\All Users\Bureau
2008-02-28 13:12 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-02-28 13:03 . 2008-02-28 13:03 <REP> d-------- C:\Program Files\Systran
2008-02-28 12:12 . 2008-02-28 12:12 76,800 --a------ C:\WINDOWS\system32\drivers\SSHDRV84.sys
2008-02-25 16:57 . 2008-02-25 16:57 <REP> d-------- C:\Program Files\Merriam-Webster
2008-02-25 14:34 . 2008-02-28 23:15 144 --a------ C:\WINDOWS\PR1V2.INI
2008-02-25 12:01 . 2008-02-26 22:26 119 --a------ C:\WINDOWS\rcwin.ini
2008-02-25 11:16 . 2008-02-25 14:30 <REP> d-------- C:\Program Files\Le Robert
2008-02-24 20:16 . 2008-02-24 20:17 <REP> d-------- C:\Program Files\Harrap's Multim‚dia
2008-02-24 20:16 . 1998-07-30 17:40 306,688 --a------ C:\WINDOWS\IsUn040c.exe
2008-02-24 15:41 . 2008-02-24 15:41 40,121 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-02-24 15:38 . 2008-02-24 15:41 4,510 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-02-24 15:37 . 2008-02-24 15:37 <REP> d-------- C:\WINDOWS\BricoPacks
2008-02-24 15:06 . 2008-02-24 15:41 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-02-24 14:57 . 2008-02-24 14:59 <REP> d-------- C:\WINDOWS\Packs
2008-02-23 12:41 . 2008-02-23 12:43 <REP> d-------- C:\Documents and Settings\siegfrield\Application Data\SecondLife
2008-02-22 09:29 . 2008-02-28 22:15 <REP> d-------- C:\Documents and Settings\siegfrield\Application Data\OpenOffice.org2
2008-02-21 20:55 . 2008-02-21 20:55 <REP> d-------- C:\Program Files\OpenOffice.org 2.3
2008-02-19 20:35 . 2008-02-19 20:35 <REP> d-------- C:\Documents and Settings\siegfrield\Application Data\TVU networks
2008-02-19 20:35 . 2008-02-19 20:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TVU networks
2008-02-18 14:45 . 2008-02-18 14:45 <REP> d-------- C:\WINDOWS\Sun
2008-02-11 15:56 . 2008-02-18 19:57 <REP> d-------- C:\Documents and Settings\siegfrield\Application Data\Image Zone Express
2008-02-10 13:05 . 2005-03-08 05:43 51,120 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-02-10 13:05 . 2005-03-08 05:43 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-02-10 13:02 . 2005-03-08 05:43 21,744 -ra------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-02-09 18:47 . 2008-02-09 18:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-02-09 18:46 . 2008-02-09 18:46 <REP> d-------- C:\Program Files\Fichiers communs\HP
2008-02-09 18:41 . 2008-02-09 18:41 <REP> d-------- C:\Program Files\Fichiers communs\Hewlett-Packard
2008-02-09 18:31 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-02-09 18:31 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-02-09 18:31 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-02-09 18:31 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-02-09 18:31 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-02-09 18:31 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-02-09 18:31 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-02-09 17:21 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-02-09 17:21 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-02-09 17:19 . 2008-02-10 13:06 113,622 --a------ C:\WINDOWS\hpoins07.dat
2008-02-09 17:19 . 2005-05-24 07:50 21,124 --------- C:\WINDOWS\hpomdl07.dat
2008-02-09 17:18 . 2008-02-18 19:54 <REP> d-------- C:\Documents and Settings\siegfrield\Application Data\HP
2008-02-04 22:16 . 2008-02-04 22:20 <REP> dr------- C:\Program Files\TypingMaster
2008-02-04 22:06 . 2008-02-07 15:28 <REP> d-------- C:\Program Files\Dactylo
2008-02-04 21:29 . 2008-02-04 21:29 <REP> d-------- C:\Documents and Settings\siegfrield\.jrw
2008-02-03 12:39 . 2008-02-03 12:39 <REP> d-------- C:\Documents and Settings\siegfrield\Application Data\Talkback
2008-02-03 12:37 . 2008-02-03 12:37 <REP> d-------- C:\Documents and Settings\siegfrield\Application Data\Thunderbird
2008-02-03 00:14 . 2008-02-16 10:52 <REP> d-------- C:\Program Files\Windows Live Safety Center
2008-02-01 21:35 . 2008-02-01 21:35 <REP> d-------- C:\Documents and Settings\siegfrield\Application Data\JLC's Software
2008-02-01 21:34 . 2008-02-04 22:06 <REP> d-------- C:\Program Files\JLC's Software
2008-01-29 22:21 . 2008-01-29 22:21 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-01-29 22:18 . 2008-01-29 22:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-29 21:50 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-29 21:09 . 2008-01-29 21:09 <REP> d-------- C:\Program Files\Browser Mouse
2008-01-29 21:09 . 2008-01-29 21:09 62,592 --a------ C:\WINDOWS\system32\drivers\moufiltr.sys
2008-01-29 21:07 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-01-29 21:07 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-01-29 14:17 . 2008-01-29 14:17 <REP> d-------- C:\Program Files\MaxiCompte
2008-01-29 00:54 . 2008-01-29 00:54 <REP> d-------- C:\Documents and Settings\siegfrield\Application Data\Media Player Classic

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-29 02:18 --------- d-----w C:\Program Files\eMule
2008-02-29 02:08 --------- d-----w C:\Program Files\Google
2008-02-29 01:58 --------- d-----w C:\Program Files\Marco Polo Français Anglais 4
2008-02-29 01:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-28 19:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-28 15:24 --------- d-----w C:\Program Files\InterVideo
2008-02-24 19:17 --------- d-----w C:\Program Files\Harrap's Multimédia
2008-02-24 13:29 --------- d-----w C:\Program Files\Larousse
2008-02-24 13:26 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-21 19:55 --------- d-----w C:\Program Files\Java
2008-02-09 17:46 --------- d-----w C:\Program Files\Hp
2008-01-29 15:24 --------- d-----w C:\Program Files\Microsoft Works
2008-01-29 13:40 --------- d-----w C:\Program Files\Comptes et Budgets
2008-01-27 20:20 --------- d-----w C:\Program Files\VBW
2008-01-27 20:19 --------- d-----w C:\Program Files\Fichiers communs\Borland Shared
2008-01-27 18:44 --------- d-----w C:\Documents and Settings\siegfrield\Application Data\AlauxSoft
2008-01-27 18:35 --------- d-----w C:\Program Files\Zylom Games
2008-01-27 18:35 --------- d-----w C:\Program Files\Yahoo!
2008-01-27 18:33 --------- d-----w C:\Program Files\Opera
2008-01-27 13:44 --------- d-----w C:\Documents and Settings\siegfrield\Application Data\FlashFXP
2008-01-26 15:09 --------- d-----w C:\Program Files\TRADOS
2008-01-26 15:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\TRADOS
2008-01-23 21:18 --------- d-----w C:\Program Files\Astonsoft
2008-01-23 21:16 --------- d-----w C:\Program Files\Dealio
2008-01-23 21:15 --------- d-----w C:\Documents and Settings\siegfrield\Application Data\Search Settings
2008-01-23 21:07 --------- d-----w C:\Program Files\CDBurnerXP
2008-01-23 21:05 --------- d-----w C:\Documents and Settings\siegfrield\Application Data\DeepBurner
2008-01-23 20:49 --------- d-----w C:\Program Files\Search Settings
2008-01-23 19:51 --------- d-----w C:\Documents and Settings\siegfrield\Application Data\Apple Computer
2008-01-19 13:03 --------- d-----w C:\Program Files\Guitar Pro 5
2008-01-19 00:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Zylom
2008-01-18 18:04 --------- d-----w C:\Program Files\QuickTime
2008-01-18 13:10 --------- d-----w C:\Program Files\DivX
2008-01-18 11:46 --------- d-----w C:\Program Files\MSBuild
2008-01-18 11:44 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-18 11:40 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-01-17 17:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-01-14 18:43 --------- d-----w C:\Program Files\Convar
2008-01-10 18:15 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-01-10 14:48 --------- d-----w C:\Documents and Settings\siegfrield\Application Data\DAEMON Tools
2008-01-10 14:29 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-10 14:28 --------- d-----w C:\Program Files\DRAE
2008-01-10 14:27 --------- d--h--w C:\Program Files\Zero G Registry
2008-01-08 19:24 --------- d-----w C:\Program Files\MSXML 6.0
2008-01-08 15:27 --------- d-----w C:\Program Files\Windows Live
2008-01-08 15:26 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-01-08 15:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-07 16:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-03 01:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-01-03 00:31 --------- d-----w C:\Documents and Settings\siegfrield\Application Data\vlc
2008-01-02 23:12 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-02 23:03 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-01-02 14:48 --------- d-----w C:\Program Files\VideoLAN
2008-01-02 14:48 --------- d-----w C:\Program Files\Gabest
2008-01-02 14:47 --------- d-----w C:\Program Files\URUSoft
2008-01-02 14:45 --------- d-----w C:\Program Files\CCleaner
2008-01-02 14:45 --------- d-----w C:\Program Files\Alwil Software
2007-12-31 18:27 --------- d-----w C:\Documents and Settings\siegfrield\Application Data\InterVideo
2007-12-31 18:25 --------- d-----w C:\Program Files\Texas Instruments Inc
2007-12-31 18:25 --------- d-----w C:\Program Files\Broadcom
2007-12-31 18:24 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
2007-12-31 18:22 --------- d-----w C:\Program Files\NetWaiting
2007-12-31 18:22 --------- d-----w C:\Program Files\CONEXANT
2007-12-31 18:17 --------- d-----w C:\Program Files\SP31763
2007-12-31 18:17 --------- d-----w C:\Program Files\Apoint2K
2007-12-31 17:31 --------- d-----w C:\Program Files\HPQ
2007-12-31 17:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\hpqwmi
2007-12-31 17:29 --------- d-----w C:\Program Files\Synaptics
2007-12-31 17:03 --------- d-----w C:\Program Files\Easy Internet signup
2007-12-31 17:02 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-12-31 16:59 --------- d-----w C:\Program Files\ATI Technologies
2007-12-31 15:26 --------- d-----w C:\Program Files\AMD
2007-12-31 15:13 --------- d---a-w C:\Documents and Settings\siegfrield\Application Data\gtopala
2007-12-31 15:13 --------- d---a-w C:\Documents and Settings\siegfrield\Application Data\aignes
2007-12-31 15:08 --------- d-----w C:\Program Files\Fichiers communs\Java
2007-12-31 15:07 --------- d-----w C:\Program Files\WMV9_VCM
2007-12-31 15:06 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-31 14:51 --------- d-----w C:\Program Files\MSXML 4.0
2007-12-31 14:46 --------- d-----w C:\Program Files\WSTARTUP
2007-12-31 14:46 --------- d-----w C:\Program Files\UTILS
2007-12-31 14:46 --------- d-----w C:\Program Files\JEUX
2007-12-31 14:38 --------- d-----w C:\Program Files\microsoft frontpage
.

------- Sigcheck -------

2979b03d5382a602623c0535b16ab9c0 C:\WINDOWS\system32\svchost.exe
----a-w 14,336 2004-08-19 16:10:03 C:\WINDOWS\system32\svchost.exe
-c--a-w 14,336 2004-08-19 16:10:03 C:\WINDOWS\system32\dllcache\svchost.exe

4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\system32\user32.dll
-c----w 578,048 2006-12-13 11:48:43 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
----a-w 579,072 2007-03-08 15:50:30 C:\WINDOWS\system32\user32.dll
-c--a-w 579,072 2007-03-08 15:50:30 C:\WINDOWS\system32\dllcache\user32.dll

eed74b969b2ca1acc558ff60fb420e28 C:\WINDOWS\system32\ws2_32.dll
----a-w 82,944 2004-08-19 16:09:49 C:\WINDOWS\system32\ws2_32.dll
-c--a-w 82,944 2004-08-19 16:09:49 C:\WINDOWS\system32\dllcache\ws2_32.dll

02fe4156ffba75a9ec0187469aee2f3c C:\WINDOWS\system32\wininet.dll
----a-w 825,344 2007-10-10 23:22:19 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
----a-w 825,344 2007-12-07 01:42:22 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
-c----w 818,688 2006-12-13 11:46:27 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
-c----w 824,832 2007-10-10 23:49:45 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
----a-w 1,259,008 2007-12-07 02:08:34 C:\WINDOWS\system32\wininet.dll
-c--a-w 1,259,008 2007-12-07 02:08:34 C:\WINDOWS\system32\dllcache\wininet.dll

90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys
----a-w 360,832 2007-10-30 16:53:32 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
-c----w 359,808 2006-11-11 13:02:01 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
-c----w 360,064 2007-10-30 17:20:55 C:\WINDOWS\system32\dllcache\tcpip.sys
----a-w 360,064 2007-10-30 17:20:55 C:\WINDOWS\system32\drivers\tcpip.sys

123eea158f74d0f67a51dcdf065d1091 C:\WINDOWS\system32\winlogon.exe
----a-w 506,368 2004-08-19 16:10:05 C:\WINDOWS\system32\winlogon.exe
-c--a-w 506,368 2004-08-19 16:10:05 C:\WINDOWS\system32\dllcache\winlogon.exe

558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys
-c--a-w 182,912 2004-08-03 23:14:29 C:\WINDOWS\system32\dllcache\ndis.sys
----a-w 182,912 2004-08-03 23:14:29 C:\WINDOWS\system32\drivers\ndis.sys

4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys
-c--a-w 29,056 2004-08-03 23:00:07 C:\WINDOWS\system32\dllcache\ip6fw.sys
----a-w 29,056 2004-08-03 23:00:07 C:\WINDOWS\system32\drivers\ip6fw.sys

7a56a64eb50399613587e90292dd2aab C:\WINDOWS\system32\ntkrnlpa.exe
-c----w 2,059,520 2005-09-29 18:28:42 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
------w 2,061,440 2007-02-28 16:08:25 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
----a-w 2,061,440 2007-02-28 16:08:25 C:\WINDOWS\system32\ntkrnlpa.exe
-c----w 2,061,440 2007-02-28 16:08:25 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\system32\ntoskrnl.exe
-c----w 2,182,272 2005-09-29 18:29:05 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
------w 2,184,192 2007-02-28 16:08:21 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
----a-w 2,184,192 2007-02-28 16:08:21 C:\WINDOWS\system32\ntoskrnl.exe
-c----w 2,184,192 2007-02-28 16:08:21 C:\WINDOWS\system32\dllcache\ntoskrnl.exe

d47db3366ecc9e9de86fb24eaa10b411 C:\WINDOWS\explorer.exe
----a-w 3,199,488 2007-06-13 13:22:28 C:\WINDOWS\explorer.exe
----a-w 1,037,312 2007-06-13 13:10:53 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
-c----w 1,035,264 2006-11-18 22:59:06 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
-c--a-w 2,716,160 2007-06-13 13:22:28 C:\WINDOWS\system32\dllcache\explorer.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
2007-12-06 11:58 1198432 --a------ C:\Program Files\Search Settings\kb125\SearchSettings.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-02-29 04:59 651264]
"RocketDock"="C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe" [2006-05-14 21:47 344064]
"Le Petit Robert Hyperappel"="C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe" [2001-10-11 12:11 22560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-02-17 14:01 233534]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-11 10:00 339968]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 13:12 102492]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 13:11 692316]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 15:11 794624]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2005-02-08 16:38 159744]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2007-12-06 11:58 1069920]
"FLMOFFICE4DMOUSE"="C:\Program Files\Browser Mouse\moffice.exe" [2008-01-29 21:09 806912]
"PROMT Integrator"="C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" [2001-09-03 14:48 49152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-02-29 04:59 79224]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2006-12-13 12:51 172544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 0 (0x0)
"LockTaskbar"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoResolveSearch"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMFUprogramsList"= 0 (0x0)
"NoUserNameInStartMenu"= 0 (0x0)
"NoStartMenuMorePrograms"= 0 (0x0)
"MaxRecentDocs"= 15 (0xf)
"NoInstrumentation"= 0 (0x0)
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"DisallowCpl"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Ask Harrap's Shorter.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Ask Harrap's Shorter.lnk
backup=C:\WINDOWS\pss\Ask Harrap's Shorter.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DVD Check.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DVD Check.lnk
backup=C:\WINDOWS\pss\DVD Check.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Hyperappel du Petit Larousse 2007.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Hyperappel du Petit Larousse 2007.lnk
backup=C:\WINDOWS\pss\Hyperappel du Petit Larousse 2007.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^siegfrield^Menu Démarrer^Programmes^Démarrage^IcoSauve.lnk]
path=C:\Documents and Settings\siegfrield\Menu Démarrer\Programmes\Démarrage\IcoSauve.lnk
backup=C:\WINDOWS\pss\IcoSauve.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^siegfrield^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.3.lnk]
path=C:\Documents and Settings\siegfrield\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.3.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.3.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2007-12-15 11:02 482760 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\eMule\\emule.exe"=


.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-29 05:43:32
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Le Petit Robert Hyperappel = C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe??????????????????????????????????????????????????????????????????????????????????????????????????????????\??? /??\??????????????????????|? ??\???Q??|x???m??|????????\??????|Z????????????,K??????d?????

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-29 5:48:34
ComboFix-quarantined-files.txt 2008-02-29 04:48:27
.
2008-02-16 06:08:55 --- E O F ---

HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:44, on 29/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Browser Mouse\moffice.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
C:\Program Files\Browser Mouse\MOUSE32A.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll
O3 - Toolbar: Systran40stand.IEPlugIn - {EDDEB5CF-6CC3-11D6-ABAA-00B0D094B576} - C:\Program Files\Systran\4_0\Standard\IEPlugIn.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\moffice.exe
O4 - HKLM\..\Run: [PROMT Integrator] "C:\Program Files\PROMT5\INTEGRAL\PinStart.exe" /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide1] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE RÉSEAU')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU)
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8523 bytes

Autres pages sur : laide virus bagle retour

Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS