Aller au contenu

jeyce

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    23

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par jeyce

  1. jeyce

    WPA linksys

    jeyce a répondu à un(e) sujet de jeyce dans Internet & Réseaux

    salut bronson j'en prends bonne note en fait le wep fait sauter la connexion, je voulais essayer autre chose. Moralité supression du cryptage fini les plantages, meilleure bande passante... le wep est une arnaque qui n'aurait jamais dû être mis sur le marché, sauf peut être pour décrédibiliser la wifi. Si je désélectionne le filtrage NAT est ce que ça rendra le téléchargement genre bittorrent plus rapide? est ce déconseillé? merci d'avance pour vos bins conseils
  2. jeyce
    Salut Charles ingals merci pour les conseils en fait la clé ne prend pas le wpa ce qui est ridicule puisqu'elle était vendue avec le routeur qui a une fonction wpa avec 2 modes par conséquent inutiles. J'ai dernièrement supprimé tout cryptage et au moins ça fonctionne à nouveau nickel... pour combien de temps? tu dis que le codage protège l'ordinateur mais si le wep se décode en moins de deux, c'est uiquement une source de ralentissement qui n'écarte que les zouaves qui ont cliqué par mégarde sur la mauvaise ligne dans la configuration de leur connexion.
  3. jeyce

    WPA linksys

    jeyce a répondu à un(e) sujet de jeyce dans Internet & Réseaux

    [( quoique )] QUE SOUS ENTENDS TU? est ce que ces cryptages sont plus nuisibles qu'utiles à la stabilité de la connection? est ce qu'il existe des logiciels qui détecteraient les parasitages externes de mon réseau sans fil? merci bien
  4. jeyce

    WPA linksys

    jeyce a posté un sujet dans Internet & Réseaux

    bonjour, est ce que quelqu'un sait si l'antenne usb linksys wusb54g accepte le cryptage WPA? Je l'ai achetée avec un routeur de même marque, le wrt54g, qui propose la configuration d'un cryptage WPA. Mais impossible d'accéder à d'autres paramètres que ceux du wep pour le réseau windows et la clé wifi. Il y a un truc qui m'échappe... merci d'avance
  5. jeyce
    Salut charles ingals ok c'est bon j'ignorerai l'alerte dorénavant. Maintenant, j'ai l'impression que c'est le wifi qui me pose problème. c'est pour ça que je suis long à répondre. Je pense qu'on me le pirate parcequ'il ne fonctionne de façon stable pendant quelques temps uniquement quand je change le code wep. En fait je voulais passer en WPA parcequ'il paraît que c'est plus fiable. mais le matos linksys est si mal fichu que l'option wpa n'apparaît que dans la config du routeur, pas dans celle de l'antenne usb ou du réseau windows. Donc j'ai le sentiment que quelque chose cloche tout fonctionne au poil et d'un coup je suis exclu de la connexion wifi au routeur, elle ne se rétablit par accoups que quelques secondes, quelques minutes au mieux avant de foirer à répétition. La clé scanne le réseau mais pas moyen de s'y connecter, alors que tout allais bien depuis un moment sans toucher à rien dans la config. maintenant je dois reconfigurer le routeur sans arrêt, à chaque fois ça remarche pour un temps de plus en plus court. pourtant le routeur a un firewall intégré et et l' adresses mac du client est verrouillée comme la seule autorisée. Comment puis-je savoir si les plantades exponentielles viennent d'un parasitage de l'extérieur? qu'est ce que je risque? On sort peut être un peut du sujet du forum mais je cherche des informations à jour à ce sujet, alors n'hésite pas... tiens, ça plante encore il va me falloir trois plombes pour envoyer ce message merci encore et à bientôt
  6. jeyce
    Salut charles ingals voici le rapport spybot avec les 3 clés de sfonditalia qui persistent en rouge. merci et à bientôt Cache: Cache (206) (Cache, nothing done) Common Dialogs: History (56 files) (Clé du registre, nothing done) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU Cookie: Cookie (46) (Cookie, nothing done) Log: Shutdown: System32\wbem\logs\wmiprov.log (Sauver le fichier, nothing done) C:\WINDOWS\System32\wbem\logs\wmiprov.log Log: Activity: SchedLgU.Txt (Sauver le fichier, nothing done) C:\WINDOWS\SchedLgU.Txt Log: Shutdown: System32\wbem\logs\wbemess.log (Sauver le fichier, nothing done) C:\WINDOWS\System32\wbem\logs\wbemess.log Log: Shutdown: System32\wbem\logs\winmgmt.log (Sauver le fichier, nothing done) C:\WINDOWS\System32\wbem\logs\winmgmt.log MS Office 9.0: Recently used files (67 files) (Répertoire, nothing done) C:\Documents and Settings\jeyce\Application Data\Microsoft\Office\Récents\ Sfonditalia: Réglages (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skymasters.biz\www\*!=W=4 Sfonditalia: Réglages (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\redfunny.com\www\*!=W=4 Sfonditalia: Réglages (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\archiviosex.net\www\*!=W=4 --- Spybot - Search && Destroy version: 1.3 --- 2006-05-19 Includes\Cookies.sbi 2006-05-19 Includes\Dialer.sbi 2006-05-19 Includes\Hijackers.sbi 2006-05-19 Includes\Keyloggers.sbi 2004-11-29 Includes\LSP.sbi 2006-05-19 Includes\Malware.sbi 2006-05-19 Includes\PUPS.sbi 2006-05-19 Includes\Revision.sbi 2006-05-19 Includes\Security.sbi 2006-05-19 Includes\Spybots.sbi 2005-02-17 Includes\Tracks.uti 2006-05-19 Includes\Trojans.sbi
  7. jeyce
    Salut charles ingals pourquoi spybot signale t il toujours sfonditalia comme un problème ? voici le rapport que tu m'as demandé merci et à bientôt 24/05/2006 3:14:02,50 Granting "F(CI)" access for really "Everyone" - adding new entry Granting "F(CI)" access for really "Everyone" - adding new entry Granting "F(CI)" access for really "Everyone" - really "Everyone" has already all permissions you want to grant Granting "F(CI)" access for really "Everyone" - changing existing entry Granting "F(CI)" access for really "Everyone" - changing existing entry Granting "F(CI)" access for really "Everyone" - really "Everyone" has already all permissions you want to grant ========== Effacement de ControlSet003\Services\msdirect L'opération s'est bien déroulée .... Effacement de ControlSet004\Services\msdirect L'opération s'est bien déroulée .... Effacement de CurrentControlSet\Services\msdirect Erreur : le système n'a pas pu trouver la clé ou la valeur de Registre spécifiée .... Effacement de ControlSet003\Enum\Root\LEGACY_MSDIRECT L'opération s'est bien déroulée .... Effacement de ControlSet004\Enum\Root\LEGACY_MSDIRECT L'opération s'est bien déroulée .... Effacement de CurrentControlSet\Enum\Root\LEGACY_MSDIRECT Erreur : le système n'a pas pu trouver la clé ou la valeur de Registre spécifiée ....
  8. jeyce
    Salut es tu scertain que c'est utile? voici le rapport et il est complet Le volume dans le lecteur C s'appelle WXPsp1 Le num‚ro de s‚rie du volume est 0416-98CB
  9. jeyce
    Salut charles ingals Il y avait bien la totalité du rapport j'ai refait un scan distinct pour chaque entrée msdirect.sys ; dnlsvc ; msdirect voici les 3 rapports à tout bientôt REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 22/05/2006 16:03:38 for strings: ; 'msdirect.sys' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msdirect] ; Contents of value: ; \??\c:\windows\system32\msdirect.sys "ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\ 6d,33,32,5c,6d,73,64,69,72,65,63,74,2e,73,79,73,00 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\msdirect] ; Contents of value: ; \??\c:\windows\system32\msdirect.sys "ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\ 6d,33,32,5c,6d,73,64,69,72,65,63,74,2e,73,79,73,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msdirect] ; Contents of value: ; \??\c:\windows\system32\msdirect.sys "ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\ 6d,33,32,5c,6d,73,64,69,72,65,63,74,2e,73,79,73,00 ; End Of The Log... REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 22/05/2006 16:06:28 for strings: ; 'dnlsvc' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS ; End Of The Log... REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 22/05/2006 16:08:04 for strings: ; 'msdirect' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MSDIRECT] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MSDIRECT\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MSDIRECT\0000] "Service"="msdirect" "DeviceDesc"="msdirect" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MSDIRECT\0000\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MSDIRECT\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msdirect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msdirect] ; Contents of value: ; \??\c:\windows\system32\msdirect.sys "ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\ 6d,33,32,5c,6d,73,64,69,72,65,63,74,2e,73,79,73,00 "DisplayName"="msdirect" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msdirect\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msdirect\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msdirect\Enum] "0"="Root\\LEGACY_MSDIRECT\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_MSDIRECT] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_MSDIRECT\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_MSDIRECT\0000] "Service"="msdirect" "DeviceDesc"="msdirect" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_MSDIRECT\0000\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\msdirect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\msdirect] ; Contents of value: ; \??\c:\windows\system32\msdirect.sys "ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\ 6d,33,32,5c,6d,73,64,69,72,65,63,74,2e,73,79,73,00 "DisplayName"="msdirect" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\msdirect\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT\0000] "Service"="msdirect" "DeviceDesc"="msdirect" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT\0000\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msdirect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msdirect] ; Contents of value: ; \??\c:\windows\system32\msdirect.sys "ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\ 6d,33,32,5c,6d,73,64,69,72,65,63,74,2e,73,79,73,00 "DisplayName"="msdirect" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msdirect\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msdirect\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msdirect\Enum] "0"="Root\\LEGACY_MSDIRECT\\0000" [HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Search Assistant\ACMru\5603] "003"="msdirect" ; End Of The Log...
  10. jeyce
    Salut charles ingals Voici le rapport regsearch quelle est la suite du programme? merci à bientot REGEDIT4 ; Registry Search 2.0 by Bobbi Flekman © 2005 ; Version: 2.0.1.0 ; Results at 22/05/2006 14:55:25 for strings: ; 'msdirect' ; 'msdirect.sys' ; 'dnlsvc' ; Strings excluded from search: ; (None) ; Search in: ; Registry Keys Registry Values Registry Data ; HKEY_LOCAL_MACHINE HKEY_USERS [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MSDIRECT] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MSDIRECT\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MSDIRECT\0000] "Service"="msdirect" "DeviceDesc"="msdirect" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MSDIRECT\0000\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MSDIRECT\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msdirect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msdirect] ; Contents of value: ; \??\c:\windows\system32\msdirect.sys "ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\ 6d,33,32,5c,6d,73,64,69,72,65,63,74,2e,73,79,73,00 "DisplayName"="msdirect" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msdirect\Security] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msdirect\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msdirect\Enum] "0"="Root\\LEGACY_MSDIRECT\\0000" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_MSDIRECT] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_MSDIRECT\0000] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_MSDIRECT\0000] "Service"="msdirect" "DeviceDesc"="msdirect" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_MSDIRECT\0000\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\msdirect] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\msdirect] ; Contents of value: ; \??\c:\windows\system32\msdirect.sys "ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\ 6d,33,32,5c,6d,73,64,69,72,65,63,74,2e,73,79,73,00 "DisplayName"="msdirect" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\msdirect\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT\0000] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT\0000] "Service"="msdirect" "DeviceDesc"="msdirect" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT\0000\LogConf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECT\0000\Control] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msdirect] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msdirect] ; Contents of value: ; \??\c:\windows\system32\msdirect.sys "ImagePath"=hex(2):5c,3f,3f,5c,43,3a,5c,57,49,4e,44,4f,57,53,5c,73,79,73,74,65,\ 6d,33,32,5c,6d,73,64,69,72,65,63,74,2e,73,79,73,00 "DisplayName"="msdirect" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msdirect\Security] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msdirect\Enum] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msdirect\Enum] "0"="Root\\LEGACY_MSDIRECT\\0000" [HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Search Assistant\ACMru\5603] "003"="msdirect" ; End Of The Log...
  11. jeyce
    Salut charles ingals malheureusement ce fichier est introuvable, impossible de le scanner merci à bientôt
  12. jeyce
    et sinon sfonditalia apparaît toujours dans les problèmes détectés par spybot à bientôt
  13. jeyce
    pardon j'ai mal lu on voit bien que c'est kerio je suis distrait a+
  14. jeyce
    Salut Charles ingals le pc fonctionne correctement bien qu'il y ait encore une drôle de latence dans la connexion wifi. Est ce que il existe d'autres points de restaurations à initialiser par exemple dans avast ou spybot ? voici le rapport de scan hijackthis Il y a beaucoup de ncvhost.exe il paraît que ça sert au réseau mais ça prend dans les 30Mo tout de même. pourrais tu me dire ce que sont kpf4ss.exe et kpf4gui.exe stp? c'est relatif à kaspersky? merci pour des bons conseils a bientôt StartupList report, 20/05/2006, 20:37:24 StartupList version: 1.52.2 Started from : I:\virusclean + otherz\Hijackthis\HijackThis.EXE Detected: Windows XP SP1 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe C:\Program Files\WUSB54G Wireless-G Adapter\WUSB54G.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\hdsp32.exe C:\WINDOWS\System32\hdspmix.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\system32\NOTEPAD.EXE I:\virusclean + otherz\Hijackthis\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\jeyce\Menu Démarrer\Programmes\Démarrage] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage] *No files* Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe HDSPTray1 = hdsp32.exe HDSPTray2 = hdspmix.exe -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ccleaner = "C:\Program Files\CCleaner\ccleaner.exe" /AUTO SpybotSD TeaTimer = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\System32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{306D6C21-C1B6-4629-986C-E59E1875B8AF}] * StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",HideIconsUser [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{8b15971b-5355-4c82-8c07-7e181ea07608}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\ssbezier.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry key not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} -------------------------------------------------- Enumerating Task Scheduler jobs: *No jobs found* -------------------------------------------------- Enumerating Download Program Files: [DirectAnimation Java Classes] CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd [Microsoft XML Parser for Java] CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [CKAVWebScan Object] InProcServer32 = C:\WINDOWS\System32\Kaspersky Lab\Kaspersky On-line Scanner\kavwebscan.dll CODEBASE = http://webscanner.kaspersky.fr/kavwebscan_unicode.cab [ActiveScan Installer Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll Protocol #18: C:\WINDOWS\system32\mswsock.dll Protocol #19: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services Pilote ACPI Microsoft: System32\DRIVERS\ACPI.sys (system) Environnement de prise en charge de réseau AFD: \SystemRoot\System32\drivers\afd.sys (autostart) Filtre de bus AGP Intel: System32\DRIVERS\agp440.sys (system) aic78xx: System32\DRIVERS\aic78xx.sys (system) Avertissement: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start) Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Protocole client ARP 1394: System32\DRIVERS\arp1394.sys (manual start) aslm75: \??\C:\WINDOWS\system32\drivers\aslm75.sys (autostart) AsProbe: \??\C:\WINDOWS\System32\drivers\AsProbe.sys (autostart) aswRdr: \??\C:\WINDOWS\System32\drivers\aswRdr.sys (manual start) avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart) Pilote de média asynchrone RAS: System32\DRIVERS\asyncmac.sys (manual start) Contrôleur de disque dur IDE/ESDI standard: System32\DRIVERS\atapi.sys (system) Protocole client ATM ARP: System32\DRIVERS\atmarpc.sys (manual start) Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote audio Stub: System32\DRIVERS\audstub.sys (manual start) avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart) avast! Mail Scanner: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start) avast! Web Scanner: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (manual start) Service de transfert intelligent en arrière-plan: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Explorateur d'ordinateur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote de CD-ROM: System32\DRIVERS\cdrom.sys (system) Service d'indexation: %SystemRoot%\system32\cisvc.exe (manual start) Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (manual start) Application système COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Client DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote de disque: System32\DRIVERS\disk.sys (system) Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Client DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart) Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Journal des événements: %SystemRoot%\system32\services.exe (autostart) Système d'événements de COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start) ewido security suite control: C:\Program Files\ewido anti-malware\ewidoctrl.exe (autostart) fasttx2k: System32\DRIVERS\fasttx2k.sys (system) Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Fax: %systemroot%\system32\fxssvc.exe (autostart) Pilote de contrôleur de lecteur de disquettes: System32\DRIVERS\fdc.sys (manual start) Pilote de lecteur de disquettes: System32\DRIVERS\flpydisk.sys (manual start) Pilote du Gestionnaire de volume: System32\DRIVERS\ftdisk.sys (system) Firewall Driver: \SystemRoot\system32\drivers\fwdrv.sys (system) GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start) GhostStartService: C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe (autostart) GhostPciScanner: \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys (system) Classificateur de paquets générique: System32\DRIVERS\msgpc.sys (manual start) RME Hammerfall Audio Device: System32\DRIVERS\hdsp.sys (manual start) Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Accès du périphérique d'interface utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Pilote de classe HID Microsoft: System32\DRIVERS\hidusb.sys (manual start) Pilote pour clavier i8042 et souris sur port PS/2: System32\DRIVERS\i8042prt.sys (system) InstallDriver Table Manager: C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe (manual start) Pilote de filtre de gravure CD: System32\DRIVERS\imapi.sys (system) Service COM de gravage de CD IMAPI: C:\WINDOWS\System32\imapi.exe (manual start) Pilote de filtre de trafic IP: System32\DRIVERS\ipfltdrv.sys (manual start) Pilote de tunnelage IP dans IP: System32\DRIVERS\ipinip.sys (manual start) Traducteur d'adresses réseau IP: System32\DRIVERS\ipnat.sys (manual start) iPodService: C:\Program Files\iPod\bin\iPodService.exe (manual start) Pilote IPSEC: System32\DRIVERS\ipsec.sys (system) Service énumérateur IR: System32\DRIVERS\irenum.sys (manual start) Pilote de bus Plug-and-Play ISA/EISA: System32\DRIVERS\isapnp.sys (system) IVI ASPI Shell: system32\drivers\iviaspi.sys (manual start) Pilote de la classe Clavier: System32\DRIVERS\kbdclass.sys (system) Pilote HID de clavier: System32\DRIVERS\kbdhid.sys (system) Kerio HIPS Driver: \SystemRoot\system32\drivers\khips.sys (system) Sunbelt Kerio Personal Firewall 4: C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe (autostart) Serveur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Station de travail: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Assistance TCP/IP NetBIOS: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Affichage des messages: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Partage de Bureau à distance NetMeeting: C:\WINDOWS\System32\mnmsrvc.exe (manual start) Pilote de la classe Souris: System32\DRIVERS\mouclass.sys (system) Pilote HID de souris: System32\DRIVERS\mouhid.sys (manual start) Redirecteur client WebDav: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) msdirect: \??\C:\WINDOWS\system32\msdirect.sys (autostart) Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start) Pilote TAPI NDIS d'accès distant: System32\DRIVERS\ndistapi.sys (manual start) NDIS mode utilisateur E/S Protocole: System32\DRIVERS\ndisuio.sys (manual start) Pilote réseau étendu NDIS d'accès distant: System32\DRIVERS\ndiswan.sys (manual start) Interface NetBIOS: System32\DRIVERS\netbios.sys (system) NetBIOS sur TCP/IP: System32\DRIVERS\netbt.sys (system) DDE réseau: %SystemRoot%\system32\netdde.exe (manual start) DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (manual start) Ouverture de session réseau: %SystemRoot%\System32\lsass.exe (manual start) Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote réseau 1394: System32\DRIVERS\nic1394.sys (manual start) NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\System32\lsass.exe (manual start) Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) nv: System32\DRIVERS\nv4_mini.sys (manual start) NVIDIA Driver Helper Service: %SystemRoot%\System32\nvsvc32.exe (autostart) Pilote de filtre de trafic IPX: System32\DRIVERS\nwlnkflt.sys (manual start) Pilote de transfert de trafic IPX: System32\DRIVERS\nwlnkfwd.sys (manual start) Contrôleur hôte compatible IEE 1394 VIA OHCI: System32\DRIVERS\ohci1394.sys (system) Pilote de port parallèle: System32\DRIVERS\parport.sys (manual start) Pilote de bus PCI: System32\DRIVERS\pci.sys (system) PCIIde: System32\DRIVERS\pciide.sys (system) Padus Aspi Shell: system32\drivers\pfc.sys (system) Plug-and-Play: %SystemRoot%\system32\services.exe (autostart) Services IPSEC: %SystemRoot%\System32\lsass.exe (autostart) Miniport réseau étendu (PPTP): System32\DRIVERS\raspptp.sys (manual start) 802.11a/g USB Driver: System32\DRIVERS\WUSB20XP.sys (manual start) D-Link Air Wireless USB Adapter Driver: System32\DRIVERS\PRISMUSB.sys (manual start) Pilote processeur: System32\DRIVERS\processr.sys (system) Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart) Planificateur de paquets QoS: System32\DRIVERS\psched.sys (manual start) Pilote de liaison parallèle directe: System32\DRIVERS\ptilink.sys (manual start) Pilote de connexion automatique d'accès distant: System32\DRIVERS\rasacd.sys (system) Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Miniport réseau étendu (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) Gestionnaire de connexions d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote PPPOE d'accès à distance: System32\DRIVERS\raspppoe.sys (manual start) Parallèle direct: System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start) Pilote de filtre de lecture digitale de CD audio: System32\DRIVERS\redbook.sys (system) Routage et accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Localisateur d'appels de procédure distante (RPC): %SystemRoot%\System32\locator.exe (manual start) Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C): System32\DRIVERS\RTL8139.SYS (manual start) Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart) Prise en charge des cartes à puces: %SystemRoot%\System32\SCardSvr.exe (manual start) Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start) Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: System32\DRIVERS\secdrv.sys (autostart) Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Sentinel: \SystemRoot\System32\Drivers\SENTINEL.SYS (autostart) Pilote de filtre Serenum: System32\DRIVERS\serenum.sys (manual start) Pilote de port série: System32\DRIVERS\AvidXPSerial.sys (system) Pare-feu de connexion Internet (ICF) / Partage de connexion Internet (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart) Pilote de filtre de restauration système: System32\DRIVERS\sr.sys (system) Service de restauration système: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Srv: System32\DRIVERS\srv.sys (manual start) Service de découvertes SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Acquisition d'image Windows (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart) Pilote de bus logiciel: System32\DRIVERS\swenum.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{F43D96A3-6C91-41AD-8768-62F4EAA49BC4} (manual start) Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start) Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote du protocole TCP/IP: System32\DRIVERS\tcpip.sys (system) Pilote de périphérique terminal: System32\DRIVERS\termdd.sys (system) Services Terminal Server: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) UlSata: System32\DRIVERS\ulsata.sys (system) Pilote de mise à jour microcode: System32\DRIVERS\update.sys (manual start) Gestionnaire de téléchargement: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Hôte de périphérique universel Plug-and-Play: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Onduleur: %SystemRoot%\System32\ups.exe (manual start) Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft: System32\DRIVERS\usbehci.sys (manual start) Concentrateur USB2: System32\DRIVERS\usbhub.sys (manual start) Pilote de scanneur USB: System32\DRIVERS\usbscan.sys (manual start) Pilote de stockage de masse USB: System32\DRIVERS\USBSTOR.SYS (manual start) Pilote miniport de contrôleur hôte universel USB Microsoft: System32\DRIVERS\usbuhci.sys (manual start) VgaSave: \SystemRoot\System32\drivers\vga.sys (system) Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start) Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote ARP IP d'accès distant: System32\DRIVERS\wanarp.sys (manual start) Winbond GPIO Driver1: System32\drivers\WBHWDOCT.sys (manual start) WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Numéro de série du média portable: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Carte de performance WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start) Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (autostart) WUSB54GSVC: "C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe" "WUSB54G.exe" (autostart) Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter: System32\DRIVERS\yukonx86.sys (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck xmnt2001 /bat=C:\WINDOWS\System32\PQ_BATCH.PQB /dbg=C:\WINDOWS\System32\PQ_DEBUG.TXT /ver=262144 /prd="PartitionMagic Pro" Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *No values found* -------------------------------------------------- End of report, 32 158 bytes Report generated in 0,156 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only
  15. jeyce
    salut charles ingals windrv.exe reste introuvable même en sans échec. effectivement les popup ont disparu voici les deux scans, kasper a trouvé des trucs et winpfind je ne sais qu'en dire merci à bientôt WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600 Internet Explorer Version: 6.0.2800.1106 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... UPX! 18/05/2006 16:43:32 850 C:\log.txt PEC2 18/05/2006 16:43:32 850 C:\log.txt UPX! 18/05/2006 16:36:56 77 C:\start.txt UPX! 18/05/2006 16:40:40 293 C:\win.txt PEC2 18/05/2006 16:40:40 293 C:\win.txt Checking %ProgramFilesDir% folder... Checking %WinDir% folder... Checking %System% folder... UPX! 27/04/2006 19:50:00 597504 C:\WINDOWS\SYSTEM32\aswBoot.exe PEC2 30/08/2002 14:00:00 41131 C:\WINDOWS\SYSTEM32\dfrg.msc Umonitor 30/08/2002 14:00:00 658944 C:\WINDOWS\SYSTEM32\rasdlg.dll UPX! 25/11/2005 17:48:28 40960 C:\WINDOWS\SYSTEM32\swsc.exe winsync 30/08/2002 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu Checking %System%\Drivers folder and sub-folders... Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 20/05/2006 04:10:38 S 2048 C:\WINDOWS\bootstat.dat 17/05/2006 15:56:08 H 0 C:\WINDOWS\LastGood\INF\oem0.inf 17/05/2006 15:56:08 H 0 C:\WINDOWS\LastGood\INF\oem0.PNF 08/08/2031 21:46:04 HS 1537 C:\WINDOWS\page files\maxmeg.sys 20/05/2006 04:12:42 H 1024 C:\WINDOWS\system32\config\default.LOG 20/05/2006 04:10:40 H 1024 C:\WINDOWS\system32\config\SAM.LOG 20/05/2006 04:11:30 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG 20/05/2006 04:15:26 H 1024 C:\WINDOWS\system32\config\software.LOG 20/05/2006 04:16:08 H 1024 C:\WINDOWS\system32\config\system.LOG 12/04/2006 16:28:48 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\518ebe9b-dc0c-45d7-8e86-0b65ee293f3b 12/04/2006 16:28:48 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 20/05/2006 04:10:40 H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... Microsoft Corporation 30/08/2002 14:00:00 69120 C:\WINDOWS\SYSTEM32\access.cpl Microsoft Corporation 30/08/2002 14:00:00 583680 C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation 30/08/2002 14:00:00 132096 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 30/08/2002 14:00:00 152064 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation 30/08/2002 14:00:00 293888 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 30/08/2002 14:00:00 126464 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 30/08/2002 14:00:00 66560 C:\WINDOWS\SYSTEM32\joy.cpl Microsoft Corporation 30/08/2002 14:00:00 189952 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 30/08/2002 14:00:00 567296 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 30/08/2002 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 30/08/2002 14:00:00 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl NVIDIA Corporation 28/07/2003 14:19:00 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl Microsoft Corporation 30/08/2002 14:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 30/08/2002 14:00:00 112640 C:\WINDOWS\SYSTEM32\powercfg.cpl Microsoft Corporation 30/08/2002 14:00:00 274944 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 30/08/2002 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 30/08/2002 14:00:00 90112 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 03/08/2004 15:02:28 169240 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 30/08/2002 14:00:00 69120 C:\WINDOWS\SYSTEM32\dllcache\access.cpl Microsoft Corporation 30/08/2002 14:00:00 583680 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl Microsoft Corporation 30/08/2002 14:00:00 132096 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl Microsoft Corporation 30/08/2002 14:00:00 152064 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl Microsoft Corporation 30/08/2002 14:00:00 293888 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl Microsoft Corporation 30/08/2002 14:00:00 126464 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl Microsoft Corporation 30/08/2002 14:00:00 66560 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl Microsoft Corporation 30/08/2002 14:00:00 189952 C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation 30/08/2002 14:00:00 567296 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl Microsoft Corporation 30/08/2002 14:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation 30/08/2002 14:00:00 260096 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl Microsoft Corporation 30/08/2002 14:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl Microsoft Corporation 30/08/2002 14:00:00 112640 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl Microsoft Corporation 30/08/2002 14:00:00 151552 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl Microsoft Corporation 30/08/2002 14:00:00 274944 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl Microsoft Corporation 30/08/2002 14:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Microsoft Corporation 30/08/2002 14:00:00 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 14/01/2005 01:22:50 HS 84 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini Checking files in %ALLUSERSPROFILE%\Application Data folder... 03/05/2006 07:15:38 305 C:\Documents and Settings\All Users\Application Data\addr_file.html 14/01/2005 01:12:56 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini 09/03/2006 02:38:26 1755 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache Checking files in %USERPROFILE%\Startup folder... 14/01/2005 01:22:50 HS 84 C:\Documents and Settings\jeyce\Menu Démarrer\Programmes\Démarrage\desktop.ini Checking files in %USERPROFILE%\Application Data folder... 14/01/2005 01:12:56 HS 62 C:\Documents and Settings\jeyce\Application Data\desktop.ini »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] Sgrunt|V109|403|S68589771|dialno = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\7-Zip {23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zipn.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\avast {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Épingle du menu Démarrer = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip {23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zipn.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip {23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zipn.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F} = C:\PROGRA~1\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Astuce du jour = %SystemRoot%\System32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38} Bande de recherche = %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} Media Band = %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} Bandeau de recherche de l'Explorateur = %SystemRoot%\system32\SHELL32.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} Favorites Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} History Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} Explorer Band = %SystemRoot%\System32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Liens : %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] avast! C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe HDSPTray1 hdsp32.exe HDSPTray2 hdspmix.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ccleaner "C:\Program Files\CCleaner\ccleaner.exe" /AUTO SpybotSD TeaTimer C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\FICHIE~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 145 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, Shell = Explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 20/05/2006 04:18:55 ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER - RAPPORT samedi 20 mai 2006 05:51:56 Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600) Version de Kaspersky On-line Scanner: 5.0.78.0 Dernière mise à jour de la base antivirus Kaspersky : 20/05/2006 Enregistrements dans la base antivirus Kaspersky : 183455 ------------------------------------------------------------------------------- Paramètres d'analyse: Analyser avec la base antivirus suivante: standard Analyser les archives: vrai Analyser les bases de messagerie.: vrai Cible de l'analyse - Poste de travail: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ Statistiques de l'analyse: Total d'objets analysés :: 73344 Nombre de virus trouvés: 3 Nombre d'objets infectés: 12 Nombre d'objets suspects: 0 Durée de l'analyse: 00:29:02 Nom de l'objet infecté / Nom du virus / Dernière action C:\System Volume Information\_restore{8120414F-466A-45D0-8F7A-7359779A4A0F}\RP295\A0071608.sys Infecté: Backdoor.Win32.ForBot.af ignoré C:\System Volume Information\_restore{8120414F-466A-45D0-8F7A-7359779A4A0F}\RP295\A0071614.sys Infecté: Backdoor.Win32.ForBot.af ignoré C:\System Volume Information\_restore{8120414F-466A-45D0-8F7A-7359779A4A0F}\RP297\A0071664.sys Infecté: Backdoor.Win32.ForBot.af ignoré C:\System Volume Information\_restore{8120414F-466A-45D0-8F7A-7359779A4A0F}\RP297\A0071672.sys Infecté: Backdoor.Win32.ForBot.af ignoré C:\System Volume Information\_restore{8120414F-466A-45D0-8F7A-7359779A4A0F}\RP297\A0071679.sys Infecté: Backdoor.Win32.ForBot.af ignoré C:\System Volume Information\_restore{8120414F-466A-45D0-8F7A-7359779A4A0F}\RP298\A0071696.sys Infecté: Backdoor.Win32.ForBot.af ignoré C:\System Volume Information\_restore{8120414F-466A-45D0-8F7A-7359779A4A0F}\RP298\A0071766.sys Infecté: Backdoor.Win32.ForBot.af ignoré C:\System Volume Information\_restore{8120414F-466A-45D0-8F7A-7359779A4A0F}\RP298\A0071771.exe Infecté: Trojan-Downloader.Win32.Tiny.bn ignoré C:\System Volume Information\_restore{8120414F-466A-45D0-8F7A-7359779A4A0F}\RP300\A0071792.sys Infecté: Backdoor.Win32.ForBot.af ignoré C:\System Volume Information\_restore{8120414F-466A-45D0-8F7A-7359779A4A0F}\RP303\A0072139.exe Infecté: Trojan-Clicker.Win32.Delf.fj ignoré C:\System Volume Information\_restore{8120414F-466A-45D0-8F7A-7359779A4A0F}\RP303\A0072163.exe Infecté: Trojan-Downloader.Win32.Tiny.bn ignoré C:\System Volume Information\_restore{8120414F-466A-45D0-8F7A-7359779A4A0F}\RP303\A0072191.sys Infecté: Backdoor.Win32.ForBot.af ignoré Analyse terminée.
  16. jeyce
    Salut charles ingals c'est le genre de symptomes qu'il y avait voici le rapport black light 05/19/06 20:23:56 [info]: BlackLight Engine 1.0.36 initialized 05/19/06 20:23:56 [info]: OS: 5.1 build 2600 (Service Pack 1) 05/19/06 20:23:56 [Note]: 7019 4 05/19/06 20:23:56 [Note]: 7005 0 05/19/06 20:24:18 [Note]: 7006 0 05/19/06 20:24:18 [Note]: 7011 212 05/19/06 20:24:18 [Note]: 7026 0 05/19/06 20:24:18 [Note]: 7026 0 05/19/06 20:24:22 [Note]: FSRAW library version 1.7.1015 05/19/06 20:24:50 [Note]: 2000 1006 05/19/06 20:26:08 [Note]: 7007 0
  17. jeyce
    salut charles ingals là je crois que oui on touche le genre de truc que je comprends pas du tout du tout du tout. j'ai bien compris ce que tu disais mais en fait la direction c:driverload n'existe pas. windrv.exe n'est pas non plus dans \system32. j'ai bien vérifié les options d'affichage des fichiers cachés, de toute façon je ne masque jamais rien. Avant de te joindre j'avais déja eu des problèmes avec des processus windrv.exe qui démarraient et s'accumulaient. Idem avec ces trucs " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run DriverLoad DriverCheck SystemDriverLoad Winhost Winhost1 Winhost2 Winhost3 Winhost4 SystemDriver c:\DriverLoad\windrv.exe FDriver c:\DriverLoad\windrv.exe ADriver c:\DriverLoad\windrv.exe CDriver c:\DriverLoad\windrv.exe DDriver c:\DriverLoad\windrv.exe J'ai déja vu ces cochonneries encombrer ma liste de processus actifs, revenir sans cesse en plus gros etc... Il est possible que j'ai tenté sur le coup un effacement instinctif à l'arrache de fichiers et dossiers suspects. Je ne sais plus très bien quelle manip j'ai fait mais peut être que ça t'aidera à m'expliquer pourquoi l'adresse n'apparaît pas. je n'ai donc pas pu la scanner. Merci d'avance pour ton opiniatreté.
  18. jeyce
    Ok c'est fait . A propos du rapport spybot, [tu dis que Spybot a détecté sfonditalia mais qu'il n'a pas réussi à l'éliminer:on ne voit rien dans le rapport que tu as posté!(pas d'alertes!) ] pourtant j'y lis ces trois lignes . [/sfonditalia: Réglages (Modification du registre, fixed) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skymasters.biz\www\*!=W=4 Sfonditalia: Réglages (Modification du registre, fixed) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\redfunny.com\www\*!=W=4 Sfonditalia: Réglages (Modification du registre, fixed) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\archiviosex.net\www\*!=W=4 ] J'ai peut être mal saisi ? merci en tous cas et voici rapport winpfind WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600 Internet Explorer Version: 6.0.2800.1106 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... UPX! 18/05/2006 16:43:32 850 C:\log.txt PEC2 18/05/2006 16:43:32 850 C:\log.txt UPX! 18/05/2006 16:36:56 77 C:\start.txt UPX! 18/05/2006 16:40:40 293 C:\win.txt PEC2 18/05/2006 16:40:40 293 C:\win.txt Checking %ProgramFilesDir% folder... Checking %WinDir% folder... Checking %System% folder... UPX! 27/04/2006 19:50:00 597504 C:\WINDOWS\SYSTEM32\aswBoot.exe PEC2 30/08/2002 14:00:00 41131 C:\WINDOWS\SYSTEM32\dfrg.msc Umonitor 30/08/2002 14:00:00 658944 C:\WINDOWS\SYSTEM32\rasdlg.dll UPX! 25/11/2005 17:48:28 40960 C:\WINDOWS\SYSTEM32\swsc.exe winsync 30/08/2002 14:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu Checking %System%\Drivers folder and sub-folders... Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 19/05/2006 05:48:02 S 2048 C:\WINDOWS\bootstat.dat 17/05/2006 15:56:08 H 0 C:\WINDOWS\LastGood\INF\oem0.inf 17/05/2006 15:56:08 H 0 C:\WINDOWS\LastGood\INF\oem0.PNF 08/08/2031 21:46:04 HS 1537 C:\WINDOWS\page files\maxmeg.sys 19/05/2006 05:52:40 H 1024 C:\WINDOWS\system32\config\default.LOG 19/05/2006 05:48:06 H 1024 C:\WINDOWS\system32\config\SAM.LOG 19/05/2006 05:48:44 H 1024 C:\WINDOWS\system32\config\SECURITY.LOG 19/05/2006 05:52:08 H 1024 C:\WINDOWS\system32\config\software.LOG 19/05/2006 05:48:52 H 1024 C:\WINDOWS\system32\config\system.LOG 12/04/2006 16:28:48 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\518ebe9b-dc0c-45d7-8e86-0b65ee293f3b 12/04/2006 16:28:48 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 19/05/2006 05:48:06 H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... Microsoft Corporation 30/08/2002 14:00:00 69120 C:\WINDOWS\SYSTEM32\access.cpl Microsoft Corporation 30/08/2002 14:00:00 583680 C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation 30/08/2002 14:00:00 132096 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 30/08/2002 14:00:00 152064 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation 30/08/2002 14:00:00 293888 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 30/08/2002 14:00:00 126464 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 30/08/2002 14:00:00 66560 C:\WINDOWS\SYSTEM32\joy.cpl Microsoft Corporation 30/08/2002 14:00:00 189952 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 30/08/2002 14:00:00 567296 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 30/08/2002 14:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 30/08/2002 14:00:00 260096 C:\WINDOWS\SYSTEM32\nusrmgr.cpl NVIDIA Corporation 28/07/2003 14:19:00 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl Microsoft Corporation 30/08/2002 14:00:00 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 30/08/2002 14:00:00 112640 C:\WINDOWS\SYSTEM32\powercfg.cpl Microsoft Corporation 30/08/2002 14:00:00 274944 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 30/08/2002 14:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 30/08/2002 14:00:00 90112 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 03/08/2004 15:02:28 169240 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 30/08/2002 14:00:00 69120 C:\WINDOWS\SYSTEM32\dllcache\access.cpl Microsoft Corporation 30/08/2002 14:00:00 583680 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl Microsoft Corporation 30/08/2002 14:00:00 132096 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl Microsoft Corporation 30/08/2002 14:00:00 152064 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl Microsoft Corporation 30/08/2002 14:00:00 293888 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl Microsoft Corporation 30/08/2002 14:00:00 126464 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl Microsoft Corporation 30/08/2002 14:00:00 66560 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl Microsoft Corporation 30/08/2002 14:00:00 189952 C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation 30/08/2002 14:00:00 567296 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl Microsoft Corporation 30/08/2002 14:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation 30/08/2002 14:00:00 260096 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl Microsoft Corporation 30/08/2002 14:00:00 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl Microsoft Corporation 30/08/2002 14:00:00 112640 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl Microsoft Corporation 30/08/2002 14:00:00 151552 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl Microsoft Corporation 30/08/2002 14:00:00 274944 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl Microsoft Corporation 30/08/2002 14:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Microsoft Corporation 30/08/2002 14:00:00 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 14/01/2005 01:22:50 HS 84 C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini Checking files in %ALLUSERSPROFILE%\Application Data folder... 03/05/2006 07:15:38 305 C:\Documents and Settings\All Users\Application Data\addr_file.html 14/01/2005 01:12:56 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini 09/03/2006 02:38:26 1755 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache Checking files in %USERPROFILE%\Startup folder... 14/01/2005 01:22:50 HS 84 C:\Documents and Settings\jeyce\Menu Démarrer\Programmes\Démarrage\desktop.ini Checking files in %USERPROFILE%\Application Data folder... 14/01/2005 01:12:56 HS 62 C:\Documents and Settings\jeyce\Application Data\desktop.ini »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] Sgrunt|V109|403|S68589771|dialno = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\7-Zip {23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zipn.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\avast {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Épingle du menu Démarrer = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip {23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zipn.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast {472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu {85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip {23170F69-40C1-278A-1000-000100020000} = C:\Program Files\7-Zip\7-zipn.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR {B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F} = C:\PROGRA~1\SPYBOT~1\SDHelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Astuce du jour = %SystemRoot%\System32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38} Bande de recherche = %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} Media Band = %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} Bandeau de recherche de l'Explorateur = %SystemRoot%\system32\SHELL32.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} Favorites Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} History Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} Explorer Band = %SystemRoot%\System32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Adresse : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Liens : %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] avast! C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe HDSPTray1 hdsp32.exe HDSPTray2 hdspmix.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] SystemDriverLoad DriverLoad DriverCheck ccleaner "C:\Program Files\CCleaner\ccleaner.exe" /AUTO SpybotSD TeaTimer C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run DriverLoad DriverCheck SystemDriverLoad Winhost Winhost1 Winhost2 Winhost3 Winhost4 SystemDriver c:\DriverLoad\windrv.exe FDriver c:\DriverLoad\windrv.exe ADriver c:\DriverLoad\windrv.exe CDriver c:\DriverLoad\windrv.exe DDriver c:\DriverLoad\windrv.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\FICHIE~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 145 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, Shell = Explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 19/05/2006 05:56:09
  19. jeyce
    salut charles ingals J'ai le cable spybot était bien à jour et avait bien été lancé en mode sans échec voici les deux rapports merci et à bientôt Cookie: Cookie (13) (Cookie, nothing done) 7-Zip: Last used folder (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\7-ZIP\FM\PanelPath0!= 7-Zip: Folder history (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\7-ZIP\FM\FolderHistory Adobe Photoshop 7.0: Last used folder (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Adobe\Photoshop\7.0\VisitedDirs\STARTUPIMAGEDIRECTORY!= Common Dialogs: History (36 files) (Clé du registre, nothing done) HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU Internet Explorer: User agent (Modification du registre, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32) Internet Explorer: Download directory (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Internet Explorer\Download Directory!= Internet Explorer: Typed URL list (6 files) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Internet Explorer\TypedURLs Internet Explorer: User agent (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32) Internet Explorer: User agent (Modification du registre, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent!=Mozilla/4.0 (compatible; MSIE; Win32) Log: Shutdown: System32\wbem\logs\wmiprov.log (Sauver le fichier, nothing done) C:\WINDOWS\System32\wbem\logs\wmiprov.log Log: Activity: ntbtlog.txt (Sauver le fichier, nothing done) C:\WINDOWS\ntbtlog.txt Log: Activity: SchedLgU.Txt (Sauver le fichier, nothing done) C:\WINDOWS\SchedLgU.Txt Log: Shutdown: System32\wbem\logs\wbemess.log (Sauver le fichier, nothing done) C:\WINDOWS\System32\wbem\logs\wbemess.log Log: Shutdown: System32\wbem\logs\winmgmt.log (Sauver le fichier, nothing done) C:\WINDOWS\System32\wbem\logs\winmgmt.log MS Direct3D: Most recent application (Modification du registre, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name!= MS DirectDraw: Most recent application (Modification du registre, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name!= MS DirectInput: Most recent application ID (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\DirectInput\MostRecentApplication\Id!= MS DirectInput: Most recent application (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\DirectInput\MostRecentApplication\Name!= MS Management Console: Recent command list (1 files) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Microsoft Management Console\Recent File List MS Media Player: Last opened playlist (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist MS Media Player: Application data file (global) () (Fichier, nothing done) C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db MS Media Player: Recent open directory (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\MediaPlayer\Player\Settings\OpenDir!= MS Office 9.0 (Excel): Recent files (1 files) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Office\9.0\Excel\Recent Files MS Office 9.0 (Word): Recently used file list (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Office\9.0\Word\Data\Settings MS Office 9.0: Internet history (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Office\9.0\Common\Internet\LocationOfComponents MS Office 9.0: Recently used files (67 files) (Répertoire, nothing done) C:\Documents and Settings\jeyce\Application Data\Microsoft\Office\Récents\ MS Regedit: Recent open key (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey!= MS Search Assistant: Typed search terms history (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Search Assistant\ACMru Sfonditalia: Réglages (Modification du registre, fixed) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skymasters.biz\www\*!=W=4 Sfonditalia: Réglages (Modification du registre, fixed) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\redfunny.com\www\*!=W=4 Sfonditalia: Réglages (Modification du registre, fixed) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\archiviosex.net\www\*!=W=4 Windows Explorer: Recent file global history (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Windows Explorer: Last visited history (8 files) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU Windows Explorer: Recent wallpaper list (45 files) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU Windows Explorer: Run history (3 files) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU Windows Explorer: Stream history (4 files) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU Windows Explorer: User Assistant history files (1 files) (Clé du registre, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count Windows Explorer: User Assistant history files (69 files) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count Windows Explorer: User Assistant history files (1 files) (Clé du registre, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count Windows Explorer: User Assistant history IE (1 files) (Clé du registre, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count Windows Explorer: User Assistant history IE (36 files) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count Windows Explorer: User Assistant history IE (1 files) (Clé du registre, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count Windows Media SDK: Volume serial number (Valeur du registre, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber Windows Media SDK: Computer name (Modification du registre, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName Windows Media SDK: Computer name (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName Windows Media SDK: Computer name (Modification du registre, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName!=ComputerName Windows Media SDK: Unique ID (Modification du registre, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000} Windows Media SDK: Unique ID (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000} Windows Media SDK: Unique ID (Modification du registre, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID!={00000000-0000-0000-0000-000000000000} Windows Media SDK: Volume serial number (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber Windows Media SDK: Volume serial number (Valeur du registre, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber Windows.OpenWith: Open with list - .CSS extension (2 files) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSS\OpenWithList Windows.OpenWith: Open with list - .AI extension (3 files) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AI\OpenWithList Windows.OpenWith: Open with list - .AIF extension (5 files) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AIF\OpenWithList Windows.OpenWith: Open with list - .ALS extension (2 files) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ALS\OpenWithList Windows.OpenWith: Open with list - .AVI extension (6 files) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList Windows.OpenWith: Open with list - .BIN extension (3 files) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BIN\OpenWithList Windows.OpenWith: Open with list - .BMP extension (7 files) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList Windows.OpenWith: Open with list - .BNK extension (2 files) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BNK\OpenWithList Windows.OpenWith: Open with list - .CDA extension (3 files) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList Windows.OpenWith: Open with list - .CDI extension (2 files) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDI\OpenWithList Windows.OpenWith: Open with list - .CFG extension (2 files) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CFG\OpenWithList Windows.OpenWith: Open with list - .CPF extension (2 files) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CPF\OpenWithList Windows.OpenWith: Open with list - .CPR extension (2 files) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CPR\OpenWithList Windows: Drivers installation paths (Modification du registre, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources!= WinRAR: Last used directory (Modification du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\WinRAR\General\LastFolder!= WinRAR: Recent file list (2 files) (Clé du registre, nothing done) HKEY_USERS\S-1-5-21-1078081533-1979792683-1801674531-1004\Software\WinRAR\ArcHistory --- Spybot - Search && Destroy version: 1.3 --- 2006-05-12 Includes\Cookies.sbi 2006-05-12 Includes\Dialer.sbi 2006-05-12 Includes\Hijackers.sbi 2006-05-12 Includes\Keyloggers.sbi 2004-11-29 Includes\LSP.sbi 2006-05-15 Includes\Malware.sbi 2006-05-12 Includes\PUPS.sbi 2006-05-12 Includes\Revision.sbi 2006-05-12 Includes\Security.sbi 2006-05-12 Includes\Spybots.sbi 2005-02-17 Includes\Tracks.uti 2006-05-12 Includes\Trojans.sbi PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. Files Found in system Folder............ ------------------------ C:\WINDOWS\system32\aswBoot.exe: UPX!t$ C:\WINDOWS\system32\swsc.exe: UPX! C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213 C:\WINDOWS\system32\dfrg.msc: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAwGpEc213 Files Found in all users startup Folder............ ------------------------ C:\WINDOWS\system32\aswBoot.exe: UPX!t$ C:\WINDOWS\system32\swsc.exe: UPX! Files Found in all users windows Folder............ ------------------------ Finished bye
  20. jeyce
    merci pour tous ces bons conseils scrupuleusement suivis. J'avais bien mis ewido à jour, pas de pb. J'ai installé kerio mais impossible de surfer quand le filtrage web des publicités est activé. Par ailleurs spybot trouve un truc nommé sfonditalia et ne parvient pas à le corriger , il revient après chaque redémarage. Voici les rapports de scan de panda et de hijackthis. Incident Statut Analyse Adware:adware/sgrunt No Désinfecté C:\Documents and Settings\jeyce\Application Data\sgrunt Dialer:dialer.akd No Désinfecté hkey_local_machine\software\microsoft\windows\currentversion\TTunim Adware:adware/dopewars No Désinfecté Registre Windows Adware:adware/picsplace No Désinfecté Registre Windows Virus:Trj/Lowzones.BV Désinfecté C:\Documents and Settings\jeyce\Application Data\sgrunt\disinstalla.htm Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\jeyce\Cookies\jeyce@xiti[1].txt Logfile of HijackThis v1.99.1 Scan saved at 23:19:21, on 17/05/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\hdsp32.exe C:\WINDOWS\System32\hdspmix.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4gui.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe I:\virusclean + otherz\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.free.fr/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall 4\kpf4ss.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WUSB54GSVC - Unknown owner - C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe" "WUSB54G.exe (file missing)
  21. jeyce
    Merci de ton aide j'ai tout fait comme indiqué voici les deux rapports. (j'avais voulu dire que avast et antivir ne faisaient pas planter mon ordi quand ils étaient ensemble parceque la protection résidente de l'un se désactive quand l'autre fonctionne. Mais ça libère des ressources de pas en avoir plusieurs. S'il faut n'en garder qu'un, conseilles- tu avast ou antivir?) à bientôt Logfile of HijackThis v1.99.1 Scan saved at 19:41:18, on 16/05/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe C:\Program Files\WUSB54G Wireless-G Adapter\WUSB54G.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Asus\Asus Probe V2.64.03\AsusProb.exe C:\WINDOWS\System32\hdsp32.exe C:\WINDOWS\System32\hdspmix.exe I:\virusclean + otherz\Hijackthis\HijackThis.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\System32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.free.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\Asus\Asus Probe V2.64.03\AsusProb.exe O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe O4 - HKCU\..\Run: [HijackThis startup scan] I:\virusclean + otherz\Hijackthis\HijackThis.exe /startupscan O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WUSB54GSVC - Unknown owner - C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe" "WUSB54G.exe (file missing) --------------------------------------------------------- ewido anti-malware - Rapport de scan --------------------------------------------------------- + Créé le: 19:37:05, 16/05/2006 + Somme de contrôle: 4C6A84C8 + Résultats du scan: Pas de fichiers infectés trouvés! ::Fin du rapport
  22. jeyce
    Merci charles ingals pour ton aide j'aurais voulu répondre plus vite mais je suis effectivement encore infecté, tellement que la connexion wifi saute sans arrêt et rend le surf très aléatoire. J'ai suivi tes instructions. J'ai désontallé antivir mais je ne suis me^me pas certain que ce soit indispensable puisque les services redondants se désactivaient au démarrage. Enfin j'ai suivi l'orthodoxie voila le rapport qu'en dire? HAXFIX logfile - by Marckie -------------- version 2.42 15/05/2006 16:07:21,03 checking for a3d files.... a3d files not found checking for matching notify keys.... no matching notify keys found checking for matching services.... matching services found Aspi32 checking for matching safeboot services.... no matching safeboot services found
  23. jeyce
    infesté de spy j'ai suivi la procédure recommendée sur votre site donc j'en suis à la dernière étape, je vous envoie le log et j'espère que vous pourrez me dire si mon ordi est enfin clean. Merci d'avance pour votre aide Logfile of HijackThis v1.99.1 Scan saved at 01:24:29, on 04/05/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe C:\Program Files\WUSB54G Wireless-G Adapter\WUSB54G.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Asus\Asus Probe V2.64.03\AsusProb.exe C:\WINDOWS\System32\hdsp32.exe C:\WINDOWS\System32\hdspmix.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe I:\virusclean + otherz\Hijackthis\HijackThis.exe C:\WINDOWS\System32\wuauclt.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.free.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\Asus\Asus Probe V2.64.03\AsusProb.exe O4 - HKLM\..\Run: [HDSPTray1] hdsp32.exe O4 - HKLM\..\Run: [HDSPTray2] hdspmix.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [HijackThis startup scan] I:\virusclean + otherz\Hijackthis\HijackThis.exe /startupscan O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - Startup: Check For Dope Wars Updates.lnk.disabled O4 - Global Startup: Adobe Gamma Loader.lnk.disabled O4 - Global Startup: InterVideo WinCinema Manager.lnk.disabled O4 - Global Startup: Microsoft Office.lnk.disabled O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: MS Software Shadow Download Provider (dnlsvc) - Unknown owner - C:\DOCUME~1\jeyce\LOCALS~1\Temp\dnlsvc.exe (file missing) O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: WUSB54GSVC - Unknown owner - C:\Program Files\WUSB54G Wireless-G Adapter\WLService.exe" "WUSB54G.exe (file missing)
×
×
  • Créer...