Aller au contenu

Vels6

Membres
  • Compteur de contenus

    71
  • Inscription

  • Dernière visite

Tout ce qui a été posté par Vels6

  1. Vels6

    nouveau materiel

    * 1 x Carte Mère ASUS P5W-DH Deluxe - Socket 775 pour Intel Pentium D / P4 / Core 2 Duo / Celeron D * 1 x Processeur INTEL Core 2 Duo E6600 - 2.4 GHz * 1 x Alimentation StealthXStream 600 Watts - Ventilateur 12 cm * 1 x Mémoire Kit de 2 Barrettes CORSAIR DDR2 PC2-6400 - 2 x 1 Go (2 Go) 800 MHz - CAS 4 - XMS2 - TWIN2X2048-6400C4 * 1 x Carte Graphique Radeon X1950PRO - 512 Mo GDDR3 - PCI-Express 16X - TV - Dual DVI * 1 x Boîtier PC ASUS TA-210 (Sans Alimentation) voilà pour le materiel et j'ai fais monter le tout ! quels sont les logs necessaires svp ?
  2. Vels6

    nouveau materiel

    Merci pour vos premières reponses ! Voui j'ai bien lu le topic et à ce propos mon FPO c : L712B103 à 1.35V max.... Aussi je me demandais si cela pouvait changer quelquechose ou pas ? a propos de ma corsair comment puis savoir si elle st compatible ? merci starjojo je m'y mets de suite;)
  3. Vels6

    nouveau materiel

    Bonjour ! je viens de recevoir mon nouvel ordinateur dont voici les caracteristiques : intel core 2 duo e6600 2.40ghz / carte mere asus p5wdh deluxe / corsair twin xms 2.go pc6400 800 mghz cas4 / carte graph sapphire raedon x1950x pro 512 / chipset 975x Mes activités principales sur ordi sont les simulateurs de vols tel que Flight simulateur2004 ou lock on par exemple/ World of Warcraft / et surf web ! Je souhaite donc avor conseil pour booster mon pc un maximum ! merci d'avance !
  4. Bonsoir Gof ! Comment vas tu ? Voici les rapports demandés a propos de cette ligne je nai pas de lexmark et jai pourtant trouvé ds system32 2 fichiers tel que celui là je les ai supprimé O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE (file missing) a propos de avg j'ai sauvé le rapport puis jai appliquer toutes les actions ! je suis desolé ! en tous cas tout a été supprimé sauf purityscan qui a été mis en quarantaine pour finir avg m'a fait desinstall Eiwido car sinon avg ne pouvait pas sinstaller ! Merci a toi --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 22:43:55 12/01/2007 + Résultat de l'analyse: C:\System Volume Information\_restore{D5D89400-4AFC-4208-9B3B-929F42320FF5}\RP9\A0010708.exe -> Downloader.PurityScan : Aucune action entreprise. :mozilla.6:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise. :mozilla.7:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise. :mozilla.8:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise. :mozilla.9:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise. :mozilla.10:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise. :mozilla.11:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise. :mozilla.12:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise. :mozilla.13:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise. :mozilla.14:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise. :mozilla.181:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise. C:\Documents and Settings\Hugo\Cookies\hugo@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise. :mozilla.22:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise. :mozilla.23:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise. C:\Documents and Settings\Hugo\Cookies\hugo@bluestreak[2].txt -> TrackingCookie.Bluestreak : Aucune action entreprise. :mozilla.307:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise. :mozilla.308:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise. :mozilla.309:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise. :mozilla.100:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Estat : Aucune action entreprise. :mozilla.288:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Falkag : Aucune action entreprise. :mozilla.34:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Falkag : Aucune action entreprise. :mozilla.35:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Falkag : Aucune action entreprise. :mozilla.36:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Falkag : Aucune action entreprise. :mozilla.37:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Falkag : Aucune action entreprise. :mozilla.359:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Googleadservices : Aucune action entreprise. :mozilla.331:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Onestat : Aucune action entreprise. :mozilla.332:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Onestat : Aucune action entreprise. :mozilla.204:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Questionmarket : Aucune action entreprise. :mozilla.205:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Questionmarket : Aucune action entreprise. :mozilla.206:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Questionmarket : Aucune action entreprise. :mozilla.220:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise. :mozilla.221:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise. :mozilla.222:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise. :mozilla.223:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise. :mozilla.224:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise. :mozilla.314:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Sitestat : Aucune action entreprise. :mozilla.387:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise. :mozilla.388:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise. :mozilla.389:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise. C:\Documents and Settings\Hugo\Cookies\hugo@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise. :mozilla.235:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise. :mozilla.236:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise. :mozilla.244:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise. :mozilla.245:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise. :mozilla.246:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise. :mozilla.247:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise. :mozilla.256:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise. :mozilla.257:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise. :mozilla.258:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise. :mozilla.279:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise. :mozilla.270:C:\Documents and Settings\Estel\Application Data\Mozilla\Firefox\Profiles\kk8868xk.default\cookies.txt -> TrackingCookie.Zedo : Aucune action entreprise. Fin du rapport Logfile of HijackThis v1.99.1 Scan saved at 23:24:19, on 12/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9F81408E-E240-4A89-BC63-3B65FF2DF572}: NameServer = 80.118.192.100 80.118.196.36 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Unknown owner - C:\WINDOWS\system32\LEXBCES.EXE (file missing) O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe 01/12/07 22:57:58 [info]: BlackLight Engine 1.0.55 initialized 01/12/07 22:57:58 [info]: OS: 5.1 build 2600 (Service Pack 2) 01/12/07 22:57:58 [Note]: 7019 4 01/12/07 22:57:58 [Note]: 7005 0 01/12/07 22:58:36 [Note]: 7006 0 01/12/07 22:58:36 [Note]: 7011 1580 01/12/07 22:58:36 [Note]: 7026 0 01/12/07 22:58:36 [Note]: 7026 0 01/12/07 22:58:48 [Note]: FSRAW library version 1.7.1021 01/12/07 23:21:07 [Note]: 7007 0 rapport uninstall list 737-300 Pilot in Command Adobe Photoshop Album 2.0 Edition Découverte Adobe Reader 7.0.7 - Français Adobe Reader 7.0.8 Adobe® Photoshop® Album Starter Edition 3.0 Adobe® Photoshop® Album Starter Edition 3.0.1 aerosoft's - Marseille2005 - FS2004 aerosoft's - New Spanish Airports - FS2004 AIDA32 v3.93 Airbus A330 PRO Series 2.004.01 Airbus A340 PRO Series 2.004.01 Airbus PRO Series 2.004.01 Antilles 2004 v1.3 Archiveur WinRAR ArcSoft PhotoStudio 5.5 ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Display Driver AVG Anti-Spyware 7.5 Barre d'outils MSN Boeing 737-200 American Airlines Canon CanoScan Toolbox 4.9 Canon iP2200 Canon PhotoRecord Canon ScanGear Starter Canon Utilities Easy-PhotoPrint Canon Utilities Easy-PrintToolBox Carenado Beechcraft T-34 Mentor CCleaner (remove only) CleanUp! C-Media 3D Audio Configurateur Serveur Eurovol 1.0 Correctif pour Windows XP (KB914440) Correctif pour Windows XP (KB928388) Correctif pour Windows XP (KB929120) Correctif Windows XP - KB834707 Correctif Windows XP - KB867282 Correctif Windows XP - KB873333 Correctif Windows XP - KB873339 Correctif Windows XP - KB885250 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB886185 Correctif Windows XP - KB887742 Correctif Windows XP - KB887797 Correctif Windows XP - KB888113 Correctif Windows XP - KB888302 Correctif Windows XP - KB890047 Correctif Windows XP - KB890175 Correctif Windows XP - KB890859 Correctif Windows XP - KB890923 Correctif Windows XP - KB891781 Correctif Windows XP - KB893066 Correctif Windows XP - KB893086 DASSAULT FALCON 50 DeHavilland Dash-8-300 2.004.01 DFX for Windows Media Player DivX DivX Codec DivX Player Driver Cleaner 3 Driver Detective Easy-WebPrint EditVoicepack EVEREST Home Edition v2.20 Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP F/A-18E FSFDT FSCopilot FSFDT FSInn FSFDT FSInn FSFDT VIP Standard 2004 FSInn sur Maniacair FSNavigator Google Earth Google Toolbar for Internet Explorer Google Video Player Ground Vehicles for FSInn v1 Grumman F-14B Tomcat HardwareDetection HijackThis 1.99.1 Hijackthis Version Française Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) iAPP CR-e500(CR-i500) Icons and Drivers IKEA Home Planner Kitchen IKEA HomePlanner Kitchen Inchon Intl Airport -The Winged City- v1.0 iTunes J2SE Runtime Environment 5.0 Update 6 Kaspersky Anti-Virus 6.0 Kaspersky Online Scanner K-Lite Codec Pack 2.81 Full Lecteur Windows Media 11 Level-D Simulations 767-300 LOCKHEED MARTIN F-16 Fighting Falcon Lotus SmartSuite Version 9.5 Macromedia Shockwave Player Manual CanoScan LiDE 25 Manuel's Service Pack 3 Manuel's Service Pack 3 (C:\Program Files\Manuel Database Creator v1.0\) McDonnell Douglas MD-11 Complet MediaShow 3.0 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft .NET Framework 2.0 Microsoft Baseline Security Analyzer 2.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Windows Vista Upgrade Advisor Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) Mise à jour de sécurité pour Windows XP (KB883939) Mise à jour de sécurité pour Windows XP (KB890046) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896422) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB896688) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899588) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901190) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB903235) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB905915) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB908531) Mise à jour de sécurité pour Windows XP (KB911280) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911567) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912812) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913446) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB916281) Mise à jour de sécurité pour Windows XP (KB917159) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB918899) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920214) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB921883) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour de sécurité pour Windows XP (KB922760) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB923694) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924496) Mise à jour de sécurité pour Windows XP (KB925486) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB896727) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB900930) Mise à jour pour Windows XP (KB904942) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920342) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA MonProduit Motorola Software Update Mozilla Firefox (1.5.0.9) MRAI Install Wizard v1.23 MSN Gaming Zone MSN Messenger 7.0 MSXML 4.0 SP2 (KB927978) MultiRes (remove only) MUSICMATCH® Jukebox Navigraph nDAC 2.0 OmniPage SE 2.0 Panda ActiveScan Panneau de contrôle ATI PMDG747_400 Queen of the Skies Power2Go 4.0 PowerBackup 1.0 PowerDirector Express PowerDVD PowerDVD Copy 1.0 PowerProducer PowerStarter PSS B777 Professional 2004 (777-ALL) 2.1 PSS Boeing 757 Pro 2006 1.1 Quick Zip 3.06.3 QuickTime RadLinker RealPlayer Security Update for Microsoft .NET Framework 2.0 (KB917283) Security Update pour Microsoft .NET Framework 2.0 (KB922770) Smart Link 56K Voice Modem Spybot - Search & Destroy 1.4 Spyware Terminator SpywareBlaster v3.5.1 TeamSpeak 2 RC2 TeamSpeak 2 Server RC2 TomTom HOME TTS_Technology TuneUp Utilities 2004 Ultimate Traffic Uniblue Registry Booster vasFMC 1.10 Viewpoint Media Player (Remove Only) Visionneuse Journal Windows Microsoft Wilco Fleet : A380 Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Messenger Windows Live Sign-in Assistant Windows Media Connect Windows Media Player 11 Windows XP Service Pack 2 World of Warcraft YAFSScreen et voilà bonne analyse ! Merci mille fois
  5. Bonsoir ! voici le rapport demandé (mode normal) Merci d'avance Logfile of HijackThis v1.99.1 Scan saved at 20:01:33, on 10/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9F81408E-E240-4A89-BC63-3B65FF2DF572}: NameServer = 80.118.192.100 80.118.196.36 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe meci
  6. et volà le rapport demandé en mode normal ! Merci d'avance Logfile of HijackThis v1.99.1 Scan saved at 20:01:33, on 10/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9F81408E-E240-4A89-BC63-3B65FF2DF572}: NameServer = 80.118.192.100 80.118.196.36 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  7. quelqun pourrait pour m'aider ou analyser mes rapports svp ? merci d'avance
  8. Bonjour ! aujourd'hui un nouvo processus dans le gestionnaire de tâche : wscntfy.exe svp aidé moi merci d'avance
  9. Ce soir j'ai encore un phénomène nouveau : les icones de mon bureau disparaissent complètement lorque j'ouvre ma session ! le bureau est completement vide et je suis obligé de rdemarrer pour que mes icones reviennent sur le bureau ! j'espère que vous pourrez m'aider merci d'avance ! et ptit clin d'oeil à Charles Ingalls qui m'avait déjà bien aider il y a quelque mois ! Charles si t dans le coin...
  10. Dautres parts alors que ma session internet est deja lancée a chaque fois que je lance une application qui requiert internet on me demande si je veux me connectzer ou pas alors quavant tout ça se faisait automatiquement !! merci davance
  11. ah oui j'ai oublié de vous dire que mon navigateur par defaut c firefox et pas internet explorer comme decrit dans le rapport ! je ne sais pas pourquoi dansle rapport il parle de internet explorer
  12. Bonjour depuis 2 jours jai un message qui m'averti que dautres utilisateurs sont connectes à ma session et dans la liste prcessus j'ai un des nouveaux ^processus comme avp.ex ou encore lexmark (je suis tout en canon) et du svpool ! pourriez vous m'aider svp j'ai fais in pre desiinfection comme decris suer zebulon et voici les rapports ! merci d'avance Logfile of HijackThis v1.99.1 Scan saved at 20:08:41, on 08/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe AntiVir PersonalEdition Classic Report file date: lundi 8 janvier 2007 15:38 Scanning for 619674 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Alexandre Computer name: ESTELLE Version information: BUILD.DAT : 217 12749 Bytes 05/12/2006 17:00:00 AVSCAN.EXE : 7.0.3.4 208936 Bytes 08/01/2007 12:26:59 AVSCAN.DLL : 7.0.3.1 35880 Bytes 05/12/2006 16:00:22 LUKE.DLL : 7.0.3.2 143400 Bytes 31/10/2006 16:07:46 LUKERES.DLL : 7.0.2.0 9256 Bytes 05/12/2006 16:00:22 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 15:30:06 ANTIVIR1.VDF : 6.36.1.24 2212864 Bytes 14/11/2006 09:12:08 ANTIVIR2.VDF : 6.37.0.114 874496 Bytes 07/01/2007 12:27:01 ANTIVIR3.VDF : 6.37.0.119 12288 Bytes 08/01/2007 12:27:01 AVEWIN32.DLL : 7.3.0.21 1999360 Bytes 08/01/2007 12:27:01 AVPREF.DLL : 7.0.2.0 23592 Bytes 03/11/2006 10:53:44 AVREP.DLL : 6.37.0.119 1052712 Bytes 08/01/2007 12:27:01 AVRPBASE.DLL : 7.0.0.0 2162728 Bytes 30/03/2006 08:43:31 AVPACK32.DLL : 7.2.0.5 368680 Bytes 23/10/2006 15:21:31 AVREG.DLL : 7.0.1.1 30760 Bytes 23/10/2006 10:52:27 NETNT.DLL : No Information! RCIMAGE.DLL : 7.0.1.3 2097192 Bytes 08/11/2006 12:26:26 RCTEXT.DLL : 7.0.12.1 77864 Bytes 05/12/2006 16:00:21 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Skipped archive types............: BSD Mailbox, Netscape/Mozilla Mailbox, Eudora Mailbox, Squid cache, Pegasus Mailbox, MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Different risk categories........: +GAME,+JOKE,+PCK,+SPR, Expanded search settings.........: 0x00007000 Start of the scan: lundi 8 janvier 2007 15:38 The scan of running processes will be started Scan process 'avscan.exe' - '1' Modules have been scanned Scan process 'avcenter.exe' - '1' Modules have been scanned Scan process 'ctfmon.exe' - '1' Modules have been scanned Scan process 'explorer.exe' - '1' Modules have been scanned Scan process 'svchost.exe' - '1' Modules have been scanned Scan process 'svchost.exe' - '1' Modules have been scanned Scan process 'svchost.exe' - '1' Modules have been scanned Scan process 'lsass.exe' - '1' Modules have been scanned Scan process 'services.exe' - '1' Modules have been scanned Scan process 'winlogon.exe' - '1' Modules have been scanned Scan process 'csrss.exe' - '1' Modules have been scanned Scan process 'smss.exe' - '1' Modules have been scanned 12 processes with 12 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'A:\' [NOTE] In the drive 'A:\' no data medium is inserted! Starting to scan the registry. The registry was scanned ( 15 files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Program Files\FSFDT\euv.exe [DETECTION] Contains signature of the joke program JOKE/MovingMouse.D [iNFO] The file was moved to '46186106.qua'! C:\Program Files\Wanadoo\Utilisateur1\smit\SmitfraudFix\restart.exe [DETECTION] Contains signature of the SPR/Tool.Hardoff.A program [iNFO] The file was deleted! C:\Program Files\Wanadoo\Utilisateur1\smit\SmitfraudFix\SmitfraudFix\restart.exe [DETECTION] Contains signature of the SPR/Tool.Hardoff.A program [iNFO] The file was deleted! C:\WINDOWS\$NtUninstallKB824141$\user32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB824141$\win32k.sys [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\accwiz.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\crypt32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\hh.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\itss.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\locator.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\magnify.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\migwiz.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\msconv97.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\narrator.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\newdev.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\ntdll.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\osk.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\pchshell.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\raspptp.sys [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\shell32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\shmedia.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\srrstr.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\srv.sys [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\user32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\win32k.sys [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826942$\ndis.sys [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826942$\netshell.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\colbact.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\comuid.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\es.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\ole32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB828741$\txflog.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB833998$\shell32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB833998$\sxs.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\callcont.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\msgina.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\mst120.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB835732$\schannel.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB839645$\shell32.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB839645$\sxs.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll [WARNING] The file could not be opened! C:\WINDOWS\$NtUninstallQ828026$\wmp.dll [WARNING] The file could not be opened! C:\WINDOWS\system32\ActiveScan\pskavs.dll [DETECTION] Contains signature of the Windows virus W95/Blumblebee.1738 [iNFO] The file was deleted! C:\WINDOWS\system32\ΑppPatch\svchost.exe [DETECTION] Is the Trojan horse TR/Dldr.PurityScan.M [iNFO] The file was deleted! Begin scan in 'A:\' <C:\> The path A:\ could not be found! Le périphérique n'est pas prêt. Begin scan in 'E:\' <A:\> The path E:\ could not be found! Le périphérique n'est pas prêt. End of the scan: lundi 8 janvier 2007 19:39 Used time: 4:01:24 min The scan has been done completely. 11966 Scanning directories 524774 Files were scanned 5 viruses and/or unwanted programs were found 4 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 80 Files cannot be scanned 524769 Files not concerned 7477 Archives were scanned 80 Warnings 5 Notes
  13. Salut Charles ! comment vas tu ? Voici les rapports hitjackthis et il me semble qu'il ya sasser " C:\WINDOWS\system32\lsass.exe " StartupList report, 05/09/2006, 23:17:07 StartupList version: 1.52.2 Started from : C:\PROGRA~1\Wanadoo\Utilisateur1\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Wanadoo\Utilisateur1\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Alexandre\Menu Démarrer\Programmes\Démarrage] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage] Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\Userinit.exe [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime OpwareSE2 = "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" TkBellExe = "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot kav = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd ATIPTA = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ATICCC = "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime SpywareTerminator = "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\System32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install [{8b15971b-5355-4c82-8c07-7e181ea07608}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run= HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= sockspy.dll sockspy.dll sockspy.dll sockspy.dll -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} (no name) - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} (no name) - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -------------------------------------------------- Enumerating Task Scheduler jobs: Maintenance en 1 clic.job -------------------------------------------------- Enumerating Download Program Files: [DirectAnimation Java Classes] CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd [Microsoft XML Parser for Java] CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [ActiveScan Installer Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab [Hotmail Attachments Control] InProcServer32 = C:\WINDOWS\Downloaded Program Files\HMAtchmt.ocx CODEBASE = http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll Protocol #18: C:\WINDOWS\system32\mswsock.dll Protocol #19: C:\WINDOWS\system32\mswsock.dll Protocol #20: C:\WINDOWS\system32\mswsock.dll Protocol #21: C:\WINDOWS\system32\mswsock.dll Protocol #22: C:\WINDOWS\system32\mswsock.dll Protocol #23: C:\WINDOWS\system32\mswsock.dll Protocol #24: C:\WINDOWS\system32\mswsock.dll Protocol #25: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services Pilote ACPI Microsoft: System32\DRIVERS\ACPI.sys (system) Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start) Environnement de prise en charge de réseau AFD: \SystemRoot\System32\drivers\afd.sys (system) Avertissement: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start) Pilote de processeur AMD K7: System32\DRIVERS\amdk7.sys (system) Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Protocole client ARP 1394: System32\DRIVERS\arp1394.sys (manual start) Service d'état ASP.NET: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start) Pilote de média asynchrone RAS: System32\DRIVERS\asyncmac.sys (manual start) Contrôleur de disque dur IDE/ESDI standard: System32\DRIVERS\atapi.sys (system) Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart) ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart) ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start) ATI T200 Unified AVStream service: system32\DRIVERS\atinavt2.sys (manual start) ATI WDM Rage Theater Video NSP: system32\DRIVERS\atinevxx.sys (manual start) Protocole client ATM ARP: System32\DRIVERS\atmarpc.sys (manual start) Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote audio Stub: System32\DRIVERS\audstub.sys (manual start) Kaspersky Anti-Virus 6.0: "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (autostart) Service de transfert intelligent en arrière-plan: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Explorateur d'ordinateur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Décodeur sous-titre fermé: system32\DRIVERS\CCDECODE.sys (manual start) Pilote de CD-ROM: System32\DRIVERS\cdrom.sys (system) Service d'indexation: %SystemRoot%\system32\cisvc.exe (manual start) Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (disabled) .NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start) C-Media WDM Audio Interface: system32\drivers\cmuda.sys (manual start) Application système COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Lanceur de processus serveur DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) Client DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote de disque: System32\DRIVERS\disk.sys (system) Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start) Client DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart) driverhardwarev2: \??\C:\Program Files\HardwareDetection\driverhardwarev2.sys (manual start) Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start) ENTECH: \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys (manual start) Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Journal des événements: %SystemRoot%\system32\services.exe (autostart) Système d'événements de COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start) ewido anti-spyware 4.0 driver: \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys (system) ewido anti-spyware 4.0 guard: C:\Program Files\ewido anti-spyware 4.0\guard.exe (autostart) Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Fax: %systemroot%\system32\fxssvc.exe (autostart) Pilote de contrôleur de lecteur de disquettes: System32\DRIVERS\fdc.sys (manual start) Pilote de lecteur de disquettes: System32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\drivers\fltmgr.sys (system) Pilote du Gestionnaire de volume: System32\DRIVERS\ftdisk.sys (system) Énumérateur de port jeu: System32\DRIVERS\gameenum.sys (manual start) Pilote de filtre Microsoft SideWinder Value Add: System32\DRIVERS\GcKernel.sys (manual start) GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start) Scroll Mouse Driver: system32\DRIVERS\gmfiltr.sys (manual start) Classificateur de paquets générique: System32\DRIVERS\msgpc.sys (manual start) Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Accès du périphérique d'interface utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Minipilote de périphérique Microsoft SideWinder HID virtuel: System32\DRIVERS\HIDSwvd.sys (manual start) Pilote de classe HID Microsoft: System32\DRIVERS\hidusb.sys (manual start) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) Pilote pour clavier i8042 et souris sur port PS/2: System32\DRIVERS\i8042prt.sys (system) InstallDriver Table Manager: "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start) Pilote de filtre de gravure CD: System32\DRIVERS\imapi.sys (system) Service COM de gravage de CD IMAPI: C:\WINDOWS\System32\imapi.exe (manual start) Pilote du pare-feu Windows IPv6: system32\drivers\ip6fw.sys (manual start) Pilote de filtre de trafic IP: System32\DRIVERS\ipfltdrv.sys (manual start) Pilote de tunnelage IP dans IP: System32\DRIVERS\ipinip.sys (manual start) Traducteur d'adresses réseau IP: System32\DRIVERS\ipnat.sys (manual start) iPodService: C:\Program Files\iPod\bin\iPodService.exe (manual start) Pilote IPSEC: System32\DRIVERS\ipsec.sys (system) Service énumérateur IR: System32\DRIVERS\irenum.sys (manual start) Pilote de bus Plug-and-Play ISA/EISA: System32\DRIVERS\isapnp.sys (system) Sony Ericsson 750 driver (WDM): system32\DRIVERS\k750bus.sys (manual start) Sony Ericsson 750 USB WMC Modem Filter: system32\DRIVERS\k750mdfl.sys (manual start) Sony Ericsson 750 USB WMC Modem Drivers: system32\DRIVERS\k750mdm.sys (manual start) Sony Ericsson 750 USB WMC Device Management Drivers: system32\DRIVERS\k750mgmt.sys (manual start) Sony Ericsson 750 USB WMC OBEX Interface Drivers: system32\DRIVERS\k750obex.sys (manual start) Pilote de la classe Clavier: System32\DRIVERS\kbdclass.sys (system) Pilote HID de clavier: System32\DRIVERS\kbdhid.sys (system) Kl1: system32\drivers\kl1.sys (system) Klif: \??\C:\WINDOWS\system32\drivers\klif.sys (system) Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start) Serveur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Station de travail: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) LexBce Server: C:\WINDOWS\system32\LEXBCES.EXE (autostart) Assistance TCP/IP NetBIOS: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Affichage des messages: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Partage de Bureau à distance NetMeeting: C:\WINDOWS\System32\mnmsrvc.exe (manual start) Périphérique de filtrage de flux Unimodem: system32\drivers\MODEMCSA.sys (manual start) Pilote de la classe Souris: System32\DRIVERS\mouclass.sys (system) Filtre BDA MPE: system32\DRIVERS\MPE.sys (manual start) Redirecteur client WebDav: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start) Activateur de port HID vers manette de jeu Sidewinder: system32\DRIVERS\msgame.sys (manual start) Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start) Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start) Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start) Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start) Pilote BIOS de gestion de systèmes Microsoft: System32\DRIVERS\mssmbios.sys (manual start) Convertisseur en T/site-à-site de répartition Microsoft: system32\drivers\MSTEE.sys (manual start) Pilote UART MIDI MPU-401 Microsoft: system32\drivers\msmpu401.sys (manual start) Mtlmnt5: System32\DRIVERS\Mtlmnt5.sys (manual start) Mtlstrm: System32\DRIVERS\Mtlstrm.sys (manual start) ATI WDM Specialized MVD Codec: system32\DRIVERS\atinmdxx.sys (manual start) Codec NABTS/FEC VBI: system32\DRIVERS\NABTSFEC.sys (manual start) Connection TV/vidéo Microsoft: system32\DRIVERS\NdisIP.sys (manual start) Pilote TAPI NDIS d'accès distant: System32\DRIVERS\ndistapi.sys (manual start) NDIS mode utilisateur E/S Protocole: System32\DRIVERS\ndisuio.sys (manual start) Pilote réseau étendu NDIS d'accès distant: System32\DRIVERS\ndiswan.sys (manual start) Interface NetBIOS: System32\DRIVERS\netbios.sys (system) NetBIOS sur TCP/IP: System32\DRIVERS\netbt.sys (system) DDE réseau: %SystemRoot%\system32\netdde.exe (disabled) DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (disabled) Ouverture de session réseau: %SystemRoot%\System32\lsass.exe (manual start) Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote réseau 1394: System32\DRIVERS\nic1394.sys (manual start) Norman API-hooking helper: C:\NORMAN\Nvc\BIN\nipsvc.exe (manual start) NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\System32\lsass.exe (manual start) Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) NtMtlFax: System32\DRIVERS\NtMtlFax.sys (manual start) Pilote de filtre de trafic IPX: System32\DRIVERS\nwlnkflt.sys (manual start) Pilote de transfert de trafic IPX: System32\DRIVERS\nwlnkfwd.sys (manual start) Contrôleurs hôte IEEE 1394 compatible OHCI: System32\DRIVERS\ohci1394.sys (system) oreans32: \??\C:\WINDOWS\system32\drivers\oreans32.sys (system) Pilote de port parallèle: System32\DRIVERS\parport.sys (manual start) PCI Bus Driver: System32\DRIVERS\pci.sys (system) Plug-and-Play: %SystemRoot%\system32\services.exe (autostart) Services IPSEC: %SystemRoot%\System32\lsass.exe (autostart) Miniport réseau étendu (PPTP): System32\DRIVERS\raspptp.sys (manual start) Pilote processeur: System32\DRIVERS\processr.sys (system) Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart) Planificateur de paquets QoS: System32\DRIVERS\psched.sys (manual start) Pilote de liaison parallèle directe: System32\DRIVERS\ptilink.sys (manual start) Radeon Probe Driver: system32\DRIVERS\RadProbe.sys (manual start) Pilote de connexion automatique d'accès distant: System32\DRIVERS\rasacd.sys (system) Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Miniport réseau étendu (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) Gestionnaire de connexions d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote PPPOE d'accès à distance: System32\DRIVERS\raspppoe.sys (manual start) Parallèle direct: System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start) RecAgent: System32\DRIVERS\RecAgent.sys (system) Pilote de filtre de lecture digitale de CD audio: System32\DRIVERS\redbook.sys (system) Routage et accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Localisateur d'appels de procédure distante (RPC): %SystemRoot%\System32\locator.exe (manual start) Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start) Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver: System32\DRIVERS\Rtlnicxp.sys (manual start) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C): System32\DRIVERS\RTL8139.SYS (manual start) Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart) Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start) Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: System32\DRIVERS\secdrv.sys (autostart) Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de filtre Serenum: System32\DRIVERS\serenum.sys (manual start) Pilote de port série: System32\DRIVERS\serial.sys (system) Pare-feu Windows / Partage de connexion Internet: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Détrameur décalage BDA: system32\DRIVERS\SLIP.sys (manual start) SmartLink AMR_PCI Driver: System32\DRIVERS\slntamr.sys (manual start) SlNtHal: System32\DRIVERS\Slnthal.sys (manual start) SmartLinkService: slserv.exe (autostart) SlWdmSup: System32\DRIVERS\SlWdmSup.sys (manual start) Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start) Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart) Spyware Terminator Driver 2: \??\C:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdrv2.sys (system) Pilote de filtre de restauration système: System32\DRIVERS\sr.sys (system) Service de restauration système: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Srv: System32\DRIVERS\srv.sys (manual start) Service de découvertes SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Acquisition d'image Windows (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart) BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start) Pilote de bus logiciel: System32\DRIVERS\swenum.sys (manual start) Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{C3DAB6D2-0539-4224-BD10-2BD8A07E1355} (manual start) Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start) Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start) Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote du protocole TCP/IP: System32\DRIVERS\tcpip.sys (system) Pilote de périphérique terminal: System32\DRIVERS\termdd.sys (system) Services Terminal Server: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) TSP: \??\C:\WINDOWS\system32\drivers\klif.sys (manual start) TuneUp WinStyler Theme Service: "C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe" (manual start) TVICHW32: \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS (manual start) Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart) Pilote de mise à jour microcode: System32\DRIVERS\update.sys (manual start) Hôte de périphérique universel Plug-and-Play: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Onduleur: %SystemRoot%\System32\ups.exe (manual start) Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft: System32\DRIVERS\usbehci.sys (manual start) Concentrateur USB2: System32\DRIVERS\usbhub.sys (manual start) Pilote de scanneur USB: system32\DRIVERS\usbscan.sys (manual start) Pilote de stockage de masse USB: System32\DRIVERS\USBSTOR.SYS (manual start) Pilote miniport de contrôleur hôte universel USB Microsoft: System32\DRIVERS\usbuhci.sys (manual start) Service Messenger Sharing USN Journal Reader: C:\WINDOWS\system32\svchost.exe -k usnsvc (manual start) Carte vidéo VGA.: \SystemRoot\System32\drivers\vga.sys (system) VIA AGP Filter: System32\DRIVERS\viaagp1.sys (system) ViaIde: System32\DRIVERS\viaide.sys (system) Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start) Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote ARP IP d'accès distant: System32\DRIVERS\wanarp.sys (manual start) WAN Miniport (ATW): System32\DRIVERS\wanatw4.sys (manual start) WAN Miniport (ATW) Service: "C:\WINDOWS\wanmpsvc.exe" (autostart) Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Service Windows Media Connect: C:\Program Files\Windows Media Connect 2\wmccds.exe (manual start) Service de numéro de série du lecteur multimédia portable: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Carte de performance WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start) Centre de sécurité: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Codec Teletext standard: system32\DRIVERS\WSTCODEC.SYS (manual start) Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Service d'approvisionnement réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *No values found* -------------------------------------------------- End of report, 36 790 bytes Report generated in 0,156 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Logfile of HijackThis v1.99.1 Scan saved at 23:18:08, on 05/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\Wanadoo\Utilisateur1\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{9F81408E-E240-4A89-BC63-3B65FF2DF572}: NameServer = 80.118.192.100 80.118.196.36 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe et voilà merci à toi
  14. Salut Charles ! net brodcaster apparait a la fermeture d'une session ou lorsque je demande l'arret de l'ordi juste 1 ou 2 seconde avt que l'ecran devienne noir. En cas de changement utilisateur cette fenetre n'apparrait pas. Aujourd'hui bizzaremment les sessions acceptent de se fermer et pas uniqement la session principale comme c'était le cas hier ! Par contre j'ai perdu mon image d'arriere plan! Voilà pour les nouvelles ! bonne nuit ciao
  15. ah oui il y aussi une fenetre qui apparait a la fermeture net.broadcaster ... et je voulais te dire aussi Firefox c carrément super bien
  16. Bonsoir Charles ! Alors voilà jinstalle petit a petit tout ce que tu m'as conseillé mais je suis confronté à un nouveau problème ! il y a plusieures sessions sur mon ordi et seule la mienne accepte de se fermer ! les autres session (mafemmme et mes gosses) acceptent le changement d'utilisateur mais ne veulent pas se fermer lorsque je le demande meme avec le commande logoff ! Saurais tu me dire ce qu'il se passe stp ? Merci d'avance
  17. Bonsoir Charles ! J'ai bien eu ton message et suis ravi que cela soit terminé ! J'attends donc ton mail final et d'ici là te souhaite une excellente nuit
  18. Bonsoir Charles ! cmdecons je l'avais supprimé et vidé la corbeille aussitot ! le cd d'instal windows nétait pas avec lordi quand je lai acheté et je n'ai jamais pensé à le reclamer a la fnac qui m'on vendu le pc car je savais pas qu'il y avait un cd fourni ! j'ai tenté la procedure http://www.zebulon.fr/articles/console-de-recuperation-1.php sans dique mais un message me dit : la version installée sur votre pc est plus recente que celle du cd aussi si vous souhaitez quand meme faire l'installation inserez le cd ! En ce qui concerne carasex pour autant que je me souvienne c'est un logiciel qui me permettait de me connecter à un site de telechargement video x du meme nom mais j'en suis pas sûr ! tjrs est il que j'en ai plus besoin donc je pense que je peux l'effacer ! Le pc fonctionne correctement ! il ne refuse plus de s'arreter ou de redemarrer ! Les fenetres intempestives et les pop ups n'existent plus ! Quant aux performances je ne me rend pas bien compte mais je pense que ça rame moins. Cepandant Flight Simulator se ferme tout seul alors que je suis en plein vol ou plus frustrant en approche finale juste avant l'aterrissage durdur après un vol de 2h30 par exemple ! mais là je crois que c'est peut etre un probleme de memoire....768 ram seulement. Voila pour les infos ! je suppose que je dois conserver en mode actif en plus de mon anti virus kaspersky le spybot et eiwido ? Alors Charles si cest finit (j'espère) dis moi maintenant si il y un systeme de donate car je suppose que vous avez besoin de fonds pour continuer de nous aider En attendant de ta réponse je te remercie encore mille fois de m'avoir aidé, de ta patience ainsi que pour tes réponses très claires et très bien détaillées ! Je remercie aussi l'ensemble de votre équipe ainsi que Zebulon d'une manière plus générale !
  19. Bonsoir Charles ! Voilà tous les rapports : En mode sans echec j'ai cherché MYWEBSEARCH dans Ajouter ou Supprimer des Programmes introuvable C:\Program Files\MYWEBSEARCH intouvable par contre jai trouvé un zip mywaymywebsearch et des cookies mywebsearch alors je les ai supprimé Par contre j'ai trouvé C\qoobox\purity\windows\smante~1 je l'ai supprimé j'ai aussi trouvé C\cmdcons je l'ai supprimé Rapport Ewido : --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 23:37:56 29/08/2006 + Scan result: HKU\S-1-5-21-1740806130-3832907039-3117313221-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : No action taken. C:\Documents and Settings\Estel\Cookies\estel@sfr.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Hugo\Cookies\hugo@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Estel\Cookies\estel@advertising[2].txt -> TrackingCookie.Advertising : No action taken. C:\Documents and Settings\Estel\Cookies\estel@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken. C:\Documents and Settings\Hugo\Cookies\hugo@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken. C:\Documents and Settings\Estel\Cookies\estel@casalemedia[2].txt -> TrackingCookie.Casalemedia : No action taken. C:\Documents and Settings\Estel\Cookies\estel@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken. C:\Documents and Settings\Estel\Cookies\estel@estat[1].txt -> TrackingCookie.Estat : No action taken. C:\Documents and Settings\Estel\Cookies\estel@as-eu.falkag[1].txt -> TrackingCookie.Falkag : No action taken. C:\Documents and Settings\Estel\Cookies\estel@ehg-neuftelecom.hitbox[1].txt -> TrackingCookie.Hitbox : No action taken. C:\Documents and Settings\Estel\Cookies\estel@hitbox[1].txt -> TrackingCookie.Hitbox : No action taken. C:\Documents and Settings\Estel\Cookies\estel@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken. C:\Documents and Settings\Estel\Cookies\estel@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : No action taken. C:\Documents and Settings\Hugo\Cookies\hugo@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : No action taken. C:\Documents and Settings\Estel\Cookies\estel@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : No action taken. C:\Documents and Settings\Estel\Cookies\estel@valueclick[2].txt -> TrackingCookie.Valueclick : No action taken. C:\Documents and Settings\Estel\Cookies\estel@weborama[2].txt -> TrackingCookie.Weborama : No action taken. ::Report end Rapport Combofix : Alexandre - 06-08-29 23:53:39,50 ComboFix 06.08.27BT - Running from: C:\PROGRA~1\Wanadoo\Utilisateur1 ((((((((((((((((((((((((((((((( Files Created from 2006-07-29 to 2006-08-29 )))))))))))))))))))))))))))))))))) 2006-08-23 21:54 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe 2006-08-22 21:06 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2006-08-17 00:54 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2006-08-17 00:54 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2006-08-15 23:44 31,744 --a------ C:\WINDOWS\system32\fxsroute.dll 2006-08-15 23:44 141,312 --a------ C:\WINDOWS\system32\fxsclntR.dll 2006-08-15 23:44 113,664 --a------ C:\WINDOWS\system32\fxscfgwz.dll 2006-08-15 23:44 11,776 --a------ C:\WINDOWS\system32\fxssend.exe 2006-08-03 00:12 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll 2006-08-03 00:02 73,728 --a------ C:\WINDOWS\system32\Oemdspif.dll 2006-08-03 00:02 46,080 --a------ C:\WINDOWS\system32\ati2evxx.dll 2006-08-03 00:02 39,936 --a------ C:\WINDOWS\system32\ati2edxx.dll 2006-08-03 00:02 25,088 --a------ C:\WINDOWS\system32\Ati2mdxx.exe 2006-08-03 00:02 106,496 --a------ C:\WINDOWS\system32\atipdlxx.dll 2006-08-03 00:01 376,832 --a------ C:\WINDOWS\system32\ati2evxx.exe 2006-08-03 00:00 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL 2006-08-02 23:49 6,684,672 --a------ C:\WINDOWS\system32\atioglx1.dll 2006-08-02 23:45 4,718,592 --a------ C:\WINDOWS\system32\atioglxx.dll 2006-08-02 23:41 147,456 --a------ C:\WINDOWS\system32\atikvmag.dll 2006-08-02 23:40 258,048 --a------ C:\WINDOWS\system32\ATIDEMGR.dll 2006-08-02 23:40 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll 2006-08-02 10:49 53,760 --a------ C:\WINDOWS\system32\sw_wheel.dll 2006-08-02 10:49 41,472 --a------ C:\WINDOWS\system32\sw_effct.dll 2006-08-01 09:17 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-08-29 23:47 -------- d-------- C:\Program Files\xerox 2006-08-29 21:22 -------- d-------- C:\Program Files\Windows Media Connect 2 2006-08-29 21:20 -------- d-------- C:\Program Files\Now3D 2006-08-29 20:56 -------- d-------- C:\Program Files\ewido anti-spyware 4.0 2006-08-28 23:21 -------- d-------- C:\Program Files\Fichiers communs 2006-08-28 20:45 -------- d-------- C:\Program Files\FSFDT 2006-08-26 17:57 -------- d-------- C:\Documents and Settings\Alexandre\Application Data\ATI 2006-08-26 17:39 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-08-26 17:39 -------- d-------- C:\Program Files\ATI Technologies 2006-08-23 21:49 -------- d-------- C:\Program Files\Driver Cleaner 2006-08-20 22:16 1402 --a------ C:\Documents and Settings\Alexandre\Application Data\AdobeDLM.log 2006-08-20 20:44 1318 --a------ C:\Program Files\RegSearch.txt 2006-08-19 00:53 -------- d-------- C:\Program Files\QuickTime 2006-08-19 00:53 -------- d-------- C:\Program Files\Internet Explorer 2006-08-19 00:53 -------- d-------- C:\Program Files\Google 2006-08-18 02:49 -------- d-------- C:\Program Files\Hijackthis Version Fran‡aise 2006-08-16 23:27 -------- d-------- C:\Program Files\Java 2006-08-16 23:27 -------- d-------- C:\Documents and Settings\Alexandre\Application Data\Sun 2006-08-16 23:25 -------- d-------- C:\Program Files\Fichiers communs\Java 2006-08-10 22:07 -------- d-------- C:\Documents and Settings\Alexandre\Application Data\MSN6 2006-08-07 22:05 -------- d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2 2006-08-03 22:14 -------- d-------- C:\Documents and Settings\Alexandre\Application Data\Google 2006-08-01 12:42 28256 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys 2006-08-01 12:42 -------- d-------- C:\Program Files\MUSICMATCH 2006-08-01 12:41 -------- d-------- C:\Program Files\CyberLink 2006-08-01 12:41 -------- d-------- C:\Documents and Settings\Alexandre\Application Data\CyberLink 2006-07-27 22:26 -------- d-------- C:\Documents and Settings\Alexandre\Application Data\ArcSoft 2006-07-27 21:28 -------- d-------- C:\Program Files\Fichiers communs\ScanSoft Shared 2006-07-27 20:21 -------- d-------- C:\Documents and Settings\Alexandre\Application Data\Canon 2006-07-27 20:11 -------- d-------- C:\Program Files\Canon 2006-07-27 20:08 -------- d-------- C:\Program Files\ScanSoft 2006-07-27 20:08 -------- d-------- C:\Documents and Settings\Alexandre\Application Data\ScanSoft 2006-07-27 20:06 -------- d-------- C:\Program Files\ArcSoft 2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-26 15:31 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2006-07-26 15:31 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll 2006-07-25 00:27 -------- d-------- C:\Program Files\WaterMelon 2006-07-24 23:57 -------- d-------- C:\Program Files\Lavalys 2006-07-24 23:55 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS 2006-07-24 23:31 -------- d-------- C:\Program Files\Fichiers communs\Teleca Shared 2006-07-24 23:10 -------- d-------- C:\Program Files\CCleaner 2006-07-24 19:51 64 --a------ C:\WINDOWS\cdccf.dll 2006-07-24 11:25 -------- d-------- C:\Documents and Settings\Alexandre\Application Data\BitTorrent 2006-07-21 10:27 72704 --a------ C:\WINDOWS\system32\hlink.dll 2006-07-17 17:00 -------- d-------- C:\Program Files\MSN Messenger 2006-07-17 11:56 -------- d-------- C:\Program Files\Kaspersky Lab 2006-07-09 10:30 -------- d-------- C:\Documents and Settings\Alexandre\Application Data\AdobeUM 2006-07-07 03:43 168576 --a------ C:\WINDOWS\system32\drivers\atinavt2.sys 2006-06-16 14:34 48936 --a------ C:\WINDOWS\system32\sirenacm.dll 2006-05-07 18:56 231936 --a------ C:\Program Files\regsearch.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "OpwareSE2"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\"" "OPSE reminder"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\EregFre\\Ereg.exe\" -r \"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\EregFre\\ereg.ini\"" "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot" "kav"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\"" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\"" "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=hex:91,00,00,00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="http://sbx.pagesjaunes.fr/RealMedia/ads/Creatives/20041200478061BMN0001/20041200478061BMN0001_C3.gif"'>http://sbx.pagesjaunes.fr/RealMedia/ads/Creatives/20041200478061BMN0001/20041200478061BMN0001_C3.gif" "SubscribedURL"="http://sbx.pagesjaunes.fr/RealMedia/ads/Creatives/20041200478061BMN0001/20041200478061BMN0001_C3.gif" "FriendlyName"="" "Flags"=dword:00000001 "Position"=hex:2c,00,00,00,6a,02,00,00,eb,00,00,00,d4,01,00,00,3c,00,00,00,e8,\ 03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:01,00,00,00 "OriginalStateInfo"=hex:18,00,00,00,6a,02,00,00,eb,00,00,00,d4,01,00,00,3c,00,\ 00,00,01,00,00,40 "RestoredStateInfo"=hex:14,6d,38,04,41,c0,ab,74,f8,8f,21,00,68,de,38,04,20,6d,\ 38,04,91,be,00,00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,04,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{35B2861B-2B26-4691-9FF0-09083722C736}"="RadExe Extension" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Alexandre^Menu Démarrer^Programmes^Démarrage^carasexe.lnk] "path"="C:\\Documents and Settings\\Alexandre\\Menu Démarrer\\Programmes\\Démarrage\\carasexe.lnk" "backup"="C:\\WINDOWS\\pss\\carasexe.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\carasexe\\carasexe.exe " "item"="carasexe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Adobe Reader Speed Launch.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~2.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Lancement rapide d'Adobe Reader.lnk" "backup"="C:\\WINDOWS\\pss\\Lancement rapide d'Adobe Reader.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~2.EXE " "item"="Lancement rapide d'Adobe Reader" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lotus QuickStart.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Lotus QuickStart.lnk" "backup"="C:\\WINDOWS\\pss\\Lotus QuickStart.lnkCommon Startup" "location"="Common Startup" "command"="C:\\lotus\\wordpro\\ltsstart.exe " "item"="Lotus QuickStart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Adobe Photo Downloader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="apdproxy" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ATICCC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="cli" "hkey"="HKLM" "command"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BDMCon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="bdmcon" "hkey"="HKLM" "command"="C:\\PROGRA~1\\Softwin\\BITDEF~1\\bdmcon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BDNewsAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="bdnagent" "hkey"="HKLM" "command"="\"C:\\PROGRA~1\\Softwin\\BITDEF~1\\bdnagent.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BDOESRV] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="bdoesrv" "hkey"="HKLM" "command"="C:\\Program Files\\Softwin\\BitDefender8\\bdoesrv.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BDSwitchAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="bdswitch" "hkey"="HKLM" "command"="C:\\Program Files\\Softwin\\BitDefender8\\bdswitch.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Cmaudio] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RunDll32 cmicnfg" "hkey"="HKLM" "command"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CTFMON.EXE] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ctfmon" "hkey"="HKCU" "command"="C:\\WINDOWS\\system32\\ctfmon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ImInstaller_IncrediMail] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="incredimail_install[1]" "hkey"="HKLM" "command"="C:\\DOCUME~1\\Isabelle\\LOCALS~1\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe -startup -product IncrediMail" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\InstantTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PCLETray" "hkey"="HKCU" "command"="C:\\Program Files\\Pinnacle\\Shared Files\\InstantCDDVD\\PCLETray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IW_Drop_Icon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iwctrl" "hkey"="HKCU" "command"="C:\\Program Files\\Pinnacle\\InstantCDDVD\\InstantWrite\\iwctrl.exe /DropDisc" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\kav] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="avp" "hkey"="HKLM" "command"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KernelFaultCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dumprep 0 -k" "hkey"="HKLM" "command"="%systemroot%\\system32\\dumprep 0 -k" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mmtask] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mmtask" "hkey"="HKLM" "command"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MMTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mm_tray" "hkey"="HKLM" "command"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mouseElf] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MouseElf" "hkey"="HKLM" "command"="C:\\PROGRA~1\\SCROLL~1\\MouseElf.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MSMSGS" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\msnappau] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnappau" "hkey"="HKLM" "command"="\"C:\\Program Files\\MSN Apps\\Updater\\01.03.0000.1005\\fr\\msnappau.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PinnacleDriverCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PSDrvCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\PSDrvCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Power2GoExpress] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Power2GoExpress" "hkey"="HKCU" "command"="\"C:\\Program Files\\CyberLink\\Power2Go\\Power2GoExpress.exe\" /Startup" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PrinTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="printray" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RealTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RealPlay" "hkey"="HKLM" "command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RemoteControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVDServ" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Seticon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Seticon" "hkey"="HKLM" "command"="C:\\Program Files\\Icons\\Seticon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SideWinderTrayV4] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SWTrayV4" "hkey"="HKLM" "command"="C:\\PROGRA~1\\MICROS~2\\GAMECO~1\\Common\\SWTrayV4.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PBKScheduler" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerBackup\\PBKScheduler.exe\"" "inimapping"="0" Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Maintenance en 1 clic.job Completion time: 29/08/2006 23:55:40.37 ComboFix.txt ComboFix2.txt cdccf : Select file : DistributeSSL STATUS: FINISHEDComplete scanning result of "cdccf.dll", received in VirusTotal at 08.29.2006, 23:57:46 (CET). Antivirus Version Update Result AntiVir 6.35.1.3 08.29.2006 no virus found Authentium 4.93.8 08.29.2006 no virus found Avast 4.7.844.0 08.28.2006 no virus found AVG 386 08.29.2006 no virus found BitDefender 7.2 08.29.2006 no virus found CAT-QuickHeal 8.00 08.29.2006 no virus found ClamAV devel-20060426 08.29.2006 no virus found DrWeb 4.33 08.29.2006 no virus found eTrust-InoculateIT 23.72.109 08.29.2006 no virus found eTrust-Vet 30.3.3047 08.29.2006 no virus found Ewido 4.0 08.25.2006 no virus found Fortinet 2.77.0.0 08.29.2006 no virus found F-Prot 3.16f 08.29.2006 no virus found F-Prot4 4.2.1.29 08.26.2006 no virus found Ikarus 0.2.65.0 08.29.2006 no virus found Kaspersky 4.0.2.24 08.29.2006 no virus found McAfee 4840 08.29.2006 no virus found Microsoft 1.1560 08.29.2006 no virus found NOD32v2 1.1730 08.29.2006 no virus found Norman 5.90.23 08.29.2006 no virus found Panda 9.0.0.4 08.29.2006 no virus found Sophos 4.08.0 08.29.2006 no virus found Symantec 8.0 08.29.2006 no virus found TheHacker 5.9.8.201 08.28.2006 no virus found UNA 1.83 08.29.2006 no virus found VBA32 3.11.1 08.29.2006 no virus found VirusBuster 4.3.7:9 08.29.2006 no virus found Aditional Information File size: 64 bytes MD5: c43d2449b7dfaf0ab6df118c834938ea SHA1: 9046e613c666b96b5cb5bdbecdf39fc3932ec220 Carasex : STATUS: FINISHEDComplete scanning result of "carasexe.exe_", received in VirusTotal at 08.30.2006, 00:21:03 (CET). Antivirus Version Update Result AntiVir n - no virus found Authentium n - no virus found Avast n - no virus found AVG n - no virus found BitDefender n - no virus found CAT-QuickHeal n - no virus found ClamAV n - no virus found DrWeb n - no virus found eTrust-InoculateIT n - no virus found eTrust-Vet n - no virus found Ewido n - no virus found Fortinet n - no virus found F-Prot n - no virus found F-Prot4 n - no virus found Ikarus n - no virus found Kaspersky n - no virus found McAfee n - no virus found Microsoft n - no virus found NOD32v2 n - no virus found Norman n - no virus found Panda n - no virus found Sophos n - no virus found Symantec n - no virus found TheHacker n - no virus found UNA n - no virus found VBA32 n - no virus found VirusBuster n - no virus found Aditional Information File size: 0 bytes MD5: d41d8cd98f00b204e9800998ecf8427e SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 Et voilà Charles !! J'espère qu'on arrive à la fin ! En tous cas merci et encore merci pour toute ton aide ! bonne nuit ciao
  20. C:\Program Files\Fichiers communs\Y1123OU.exe a disparu C:\Program Files\Fichiers communs\Y1123OA.exe est introuvable Combofix n'a pas redemarré l'ordinateur !! Bon signe a priori Et voilà je te souhaite une ecxellent semaine Charles ! à plus tard ! ,)
  21. NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll Protocol #18: C:\WINDOWS\system32\mswsock.dll Protocol #19: C:\WINDOWS\system32\mswsock.dll Protocol #20: C:\WINDOWS\system32\mswsock.dll Protocol #21: C:\WINDOWS\system32\mswsock.dll Protocol #22: C:\WINDOWS\system32\mswsock.dll Protocol #23: C:\WINDOWS\system32\mswsock.dll Protocol #24: C:\WINDOWS\system32\mswsock.dll Protocol #25: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services Pilote ACPI Microsoft: System32\DRIVERS\ACPI.sys (system) Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start) Environnement de prise en charge de réseau AFD: \SystemRoot\System32\drivers\afd.sys (system) Avertissement: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start) Pilote de processeur AMD K7: System32\DRIVERS\amdk7.sys (system) Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Protocole client ARP 1394: System32\DRIVERS\arp1394.sys (manual start) Service d'état ASP.NET: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start) Pilote de média asynchrone RAS: System32\DRIVERS\asyncmac.sys (manual start) Contrôleur de disque dur IDE/ESDI standard: System32\DRIVERS\atapi.sys (system) Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart) ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart) ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start) ATI T200 Unified AVStream service: system32\DRIVERS\atinavt2.sys (manual start) ATI WDM Rage Theater Video NSP: system32\DRIVERS\atinevxx.sys (manual start) Protocole client ATM ARP: System32\DRIVERS\atmarpc.sys (manual start) Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote audio Stub: System32\DRIVERS\audstub.sys (manual start) Kaspersky Anti-Virus 6.0: "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (autostart) Service de transfert intelligent en arrière-plan: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Explorateur d'ordinateur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Décodeur sous-titre fermé: system32\DRIVERS\CCDECODE.sys (manual start) Pilote de CD-ROM: System32\DRIVERS\cdrom.sys (system) Service d'indexation: %SystemRoot%\system32\cisvc.exe (manual start) Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (disabled) .NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start) C-Media WDM Audio Interface: system32\drivers\cmuda.sys (manual start) Application système COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Lanceur de processus serveur DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) Client DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote de disque: System32\DRIVERS\disk.sys (system) Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start) Client DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart) driverhardwarev2: \??\C:\Program Files\HardwareDetection\driverhardwarev2.sys (manual start) Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start) ENTECH: \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys (manual start) Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Journal des événements: %SystemRoot%\system32\services.exe (autostart) Système d'événements de COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start) ewido anti-spyware 4.0 driver: \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys (system) ewido anti-spyware 4.0 guard: C:\Program Files\ewido anti-spyware 4.0\guard.exe (autostart) Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Fax: %systemroot%\system32\fxssvc.exe (autostart) Pilote de contrôleur de lecteur de disquettes: System32\DRIVERS\fdc.sys (manual start) Pilote de lecteur de disquettes: System32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\drivers\fltmgr.sys (system) Pilote du Gestionnaire de volume: System32\DRIVERS\ftdisk.sys (system) Énumérateur de port jeu: System32\DRIVERS\gameenum.sys (manual start) Pilote de filtre Microsoft SideWinder Value Add: System32\DRIVERS\GcKernel.sys (manual start) GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start) Scroll Mouse Driver: system32\DRIVERS\gmfiltr.sys (manual start) Classificateur de paquets générique: System32\DRIVERS\msgpc.sys (manual start) Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Accès du périphérique d'interface utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Minipilote de périphérique Microsoft SideWinder HID virtuel: System32\DRIVERS\HIDSwvd.sys (manual start) Pilote de classe HID Microsoft: System32\DRIVERS\hidusb.sys (manual start) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) Pilote pour clavier i8042 et souris sur port PS/2: System32\DRIVERS\i8042prt.sys (system) InstallDriver Table Manager: "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start) Pilote de filtre de gravure CD: System32\DRIVERS\imapi.sys (system) Service COM de gravage de CD IMAPI: C:\WINDOWS\System32\imapi.exe (manual start) Pilote du pare-feu Windows IPv6: system32\drivers\ip6fw.sys (manual start) Pilote de filtre de trafic IP: System32\DRIVERS\ipfltdrv.sys (manual start) Pilote de tunnelage IP dans IP: System32\DRIVERS\ipinip.sys (manual start) Traducteur d'adresses réseau IP: System32\DRIVERS\ipnat.sys (manual start) iPodService: C:\Program Files\iPod\bin\iPodService.exe (manual start) Pilote IPSEC: System32\DRIVERS\ipsec.sys (system) Service énumérateur IR: System32\DRIVERS\irenum.sys (manual start) Pilote de bus Plug-and-Play ISA/EISA: System32\DRIVERS\isapnp.sys (system) Sony Ericsson 750 driver (WDM): system32\DRIVERS\k750bus.sys (manual start) Sony Ericsson 750 USB WMC Modem Filter: system32\DRIVERS\k750mdfl.sys (manual start) Sony Ericsson 750 USB WMC Modem Drivers: system32\DRIVERS\k750mdm.sys (manual start) Sony Ericsson 750 USB WMC Device Management Drivers: system32\DRIVERS\k750mgmt.sys (manual start) Sony Ericsson 750 USB WMC OBEX Interface Drivers: system32\DRIVERS\k750obex.sys (manual start) Pilote de la classe Clavier: System32\DRIVERS\kbdclass.sys (system) Pilote HID de clavier: System32\DRIVERS\kbdhid.sys (system) Kl1: system32\drivers\kl1.sys (system) Klif: \??\C:\WINDOWS\system32\drivers\klif.sys (system) Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start) Serveur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Station de travail: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) LexBce Server: C:\WINDOWS\system32\LEXBCES.EXE (autostart) Assistance TCP/IP NetBIOS: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Affichage des messages: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Partage de Bureau à distance NetMeeting: C:\WINDOWS\System32\mnmsrvc.exe (manual start) Périphérique de filtrage de flux Unimodem: system32\drivers\MODEMCSA.sys (manual start) Pilote de la classe Souris: System32\DRIVERS\mouclass.sys (system) Filtre BDA MPE: system32\DRIVERS\MPE.sys (manual start) Redirecteur client WebDav: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start) Activateur de port HID vers manette de jeu Sidewinder: system32\DRIVERS\msgame.sys (manual start) Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start) Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start) Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start) Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start) Pilote BIOS de gestion de systèmes Microsoft: System32\DRIVERS\mssmbios.sys (manual start) Convertisseur en T/site-à-site de répartition Microsoft: system32\drivers\MSTEE.sys (manual start) Pilote UART MIDI MPU-401 Microsoft: system32\drivers\msmpu401.sys (manual start) Mtlmnt5: System32\DRIVERS\Mtlmnt5.sys (manual start) Mtlstrm: System32\DRIVERS\Mtlstrm.sys (manual start) ATI WDM Specialized MVD Codec: system32\DRIVERS\atinmdxx.sys (manual start) Codec NABTS/FEC VBI: system32\DRIVERS\NABTSFEC.sys (manual start) Connection TV/vidéo Microsoft: system32\DRIVERS\NdisIP.sys (manual start) Pilote TAPI NDIS d'accès distant: System32\DRIVERS\ndistapi.sys (manual start) NDIS mode utilisateur E/S Protocole: System32\DRIVERS\ndisuio.sys (manual start) Pilote réseau étendu NDIS d'accès distant: System32\DRIVERS\ndiswan.sys (manual start) Interface NetBIOS: System32\DRIVERS\netbios.sys (system) NetBIOS sur TCP/IP: System32\DRIVERS\netbt.sys (system) DDE réseau: %SystemRoot%\system32\netdde.exe (disabled) DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (disabled) Ouverture de session réseau: %SystemRoot%\System32\lsass.exe (manual start) Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote réseau 1394: System32\DRIVERS\nic1394.sys (manual start) Norman API-hooking helper: C:\NORMAN\Nvc\BIN\nipsvc.exe (manual start) NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\System32\lsass.exe (manual start) Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) NtMtlFax: System32\DRIVERS\NtMtlFax.sys (manual start) Pilote de filtre de trafic IPX: System32\DRIVERS\nwlnkflt.sys (manual start) Pilote de transfert de trafic IPX: System32\DRIVERS\nwlnkfwd.sys (manual start) Contrôleurs hôte IEEE 1394 compatible OHCI: System32\DRIVERS\ohci1394.sys (system) oreans32: \??\C:\WINDOWS\system32\drivers\oreans32.sys (system) Pilote de port parallèle: System32\DRIVERS\parport.sys (manual start) PCI Bus Driver: System32\DRIVERS\pci.sys (system) Plug-and-Play: %SystemRoot%\system32\services.exe (autostart) Services IPSEC: %SystemRoot%\System32\lsass.exe (autostart) Miniport réseau étendu (PPTP): System32\DRIVERS\raspptp.sys (manual start) Pilote processeur: System32\DRIVERS\processr.sys (system) Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart) Planificateur de paquets QoS: System32\DRIVERS\psched.sys (manual start) Pilote de liaison parallèle directe: System32\DRIVERS\ptilink.sys (manual start) Radeon Probe Driver: system32\DRIVERS\RadProbe.sys (manual start) Pilote de connexion automatique d'accès distant: System32\DRIVERS\rasacd.sys (system) Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Miniport réseau étendu (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) Gestionnaire de connexions d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote PPPOE d'accès à distance: System32\DRIVERS\raspppoe.sys (manual start) Parallèle direct: System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start) RecAgent: System32\DRIVERS\RecAgent.sys (system) Pilote de filtre de lecture digitale de CD audio: System32\DRIVERS\redbook.sys (system) Routage et accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Localisateur d'appels de procédure distante (RPC): %SystemRoot%\System32\locator.exe (manual start) Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start) Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver: System32\DRIVERS\Rtlnicxp.sys (manual start) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C): System32\DRIVERS\RTL8139.SYS (manual start) Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart) Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start) Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: System32\DRIVERS\secdrv.sys (autostart) Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de filtre Serenum: System32\DRIVERS\serenum.sys (manual start) Pilote de port série: System32\DRIVERS\serial.sys (system) Pare-feu Windows / Partage de connexion Internet: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Détrameur décalage BDA: system32\DRIVERS\SLIP.sys (manual start) SmartLink AMR_PCI Driver: System32\DRIVERS\slntamr.sys (manual start) SlNtHal: System32\DRIVERS\Slnthal.sys (manual start) SmartLinkService: slserv.exe (autostart) SlWdmSup: System32\DRIVERS\SlWdmSup.sys (manual start) Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start) Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart) Pilote de filtre de restauration système: System32\DRIVERS\sr.sys (system) Service de restauration système: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Srv: System32\DRIVERS\srv.sys (manual start) Service de découvertes SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Acquisition d'image Windows (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart) BDA IPSink: system32\DRIVERS\StreamIP.sys (manual start) Pilote de bus logiciel: System32\DRIVERS\swenum.sys (manual start) Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{C3DAB6D2-0539-4224-BD10-2BD8A07E1355} (manual start) Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start) Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start) Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote du protocole TCP/IP: System32\DRIVERS\tcpip.sys (system) Pilote de périphérique terminal: System32\DRIVERS\termdd.sys (system) Services Terminal Server: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) TSP: \??\C:\WINDOWS\system32\drivers\klif.sys (manual start) TuneUp WinStyler Theme Service: "C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe" (manual start) TVICHW32: \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS (manual start) Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart) Pilote de mise à jour microcode: System32\DRIVERS\update.sys (manual start) Hôte de périphérique universel Plug-and-Play: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Onduleur: %SystemRoot%\System32\ups.exe (manual start) Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft: System32\DRIVERS\usbehci.sys (manual start) Concentrateur USB2: System32\DRIVERS\usbhub.sys (manual start) Pilote de scanneur USB: system32\DRIVERS\usbscan.sys (manual start) Pilote de stockage de masse USB: System32\DRIVERS\USBSTOR.SYS (manual start) Pilote miniport de contrôleur hôte universel USB Microsoft: System32\DRIVERS\usbuhci.sys (manual start) Service Messenger Sharing USN Journal Reader: C:\WINDOWS\system32\svchost.exe -k usnsvc (manual start) Carte vidéo VGA.: \SystemRoot\System32\drivers\vga.sys (system) VIA AGP Filter: System32\DRIVERS\viaagp1.sys (system) ViaIde: System32\DRIVERS\viaide.sys (system) Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start) Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote ARP IP d'accès distant: System32\DRIVERS\wanarp.sys (manual start) WAN Miniport (ATW): System32\DRIVERS\wanatw4.sys (manual start) WAN Miniport (ATW) Service: "C:\WINDOWS\wanmpsvc.exe" (autostart) Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Service Windows Media Connect: C:\Program Files\Windows Media Connect 2\wmccds.exe (manual start) Service de numéro de série du lecteur multimédia portable: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Carte de performance WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start) Centre de sécurité: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Codec Teletext standard: system32\DRIVERS\WSTCODEC.SYS (manual start) Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Service d'approvisionnement réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *No values found* -------------------------------------------------- End of report, 36 821 bytes Report generated in 0,313 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only
  22. Bonsoir Charles ! voici les rapports : combo.fix : Alexandre - 06-08-28 23:19:52,90 ComboFix 06.08.27BT - Running from: C:\PROGRA~1\Wanadoo\Utilisateur1 (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files\Fichiers communs\Y1123OU.exe C:\WINDOWS\system32\components ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: C:\QooBox\Purity\WINDOWS\SMANTE~1 ((((((((((((((((((((((((((((((( Files Created from 2006-07-28 to 2006-08-28 )))))))))))))))))))))))))))))))))) 2006-08-23 21:54 516,096 --------- C:\WINDOWS\system32\ati2sgag.exe 2006-08-22 21:06 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2006-08-17 00:54 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll 2006-08-17 00:54 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2006-08-15 23:44 31,744 --a------ C:\WINDOWS\system32\fxsroute.dll 2006-08-15 23:44 141,312 --a------ C:\WINDOWS\system32\fxsclntR.dll 2006-08-15 23:44 113,664 --a------ C:\WINDOWS\system32\fxscfgwz.dll 2006-08-15 23:44 11,776 --a------ C:\WINDOWS\system32\fxssend.exe 2006-08-03 00:12 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll 2006-08-03 00:02 73,728 --a------ C:\WINDOWS\system32\Oemdspif.dll 2006-08-03 00:02 46,080 --a------ C:\WINDOWS\system32\ati2evxx.dll 2006-08-03 00:02 39,936 --a------ C:\WINDOWS\system32\ati2edxx.dll 2006-08-03 00:02 25,088 --a------ C:\WINDOWS\system32\Ati2mdxx.exe 2006-08-03 00:02 106,496 --a------ C:\WINDOWS\system32\atipdlxx.dll 2006-08-03 00:01 376,832 --a------ C:\WINDOWS\system32\ati2evxx.exe 2006-08-03 00:00 53,248 --a------ C:\WINDOWS\system32\ATIDDC.DLL 2006-08-02 23:49 6,684,672 --a------ C:\WINDOWS\system32\atioglx1.dll 2006-08-02 23:45 4,718,592 --a------ C:\WINDOWS\system32\atioglxx.dll 2006-08-02 23:41 147,456 --a------ C:\WINDOWS\system32\atikvmag.dll 2006-08-02 23:40 258,048 --a------ C:\WINDOWS\system32\ATIDEMGR.dll 2006-08-02 23:40 17,408 --a------ C:\WINDOWS\system32\atitvo32.dll 2006-08-02 10:49 53,760 --a------ C:\WINDOWS\system32\sw_wheel.dll 2006-08-02 10:49 41,472 --a------ C:\WINDOWS\system32\sw_effct.dll 2006-08-01 09:17 54,784 --a------ C:\WINDOWS\system32\vfwwdm32.dll (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-08-28 23:21 -------- d-------- C:\Program Files\Fichiers communs 2006-08-28 20:45 -------- d-------- C:\Program Files\FSFDT 2006-08-28 11:32 -------- d-------- C:\Program Files\ewido anti-spyware 4.0 2006-08-26 17:57 -------- d-------- C:\Documents and Settings\Alexandre\Application Data\ATI 2006-08-26 17:39 -------- d--h----- C:\Program Files\InstallShield Installation Information 2006-08-26 17:39 -------- d-------- C:\Program Files\ATI Technologies 2006-08-23 21:49 -------- d-------- C:\Program Files\Driver Cleaner 2006-08-20 22:16 1402 --a------ C:\Documents and Settings\Alexandre\Application Data\AdobeDLM.log 2006-08-20 20:44 1318 --a------ C:\Program Files\RegSearch.txt 2006-08-19 00:53 -------- d-------- C:\Program Files\QuickTime 2006-08-19 00:53 -------- d-------- C:\Program Files\Internet Explorer 2006-08-19 00:53 -------- d-------- C:\Program Files\Google 2006-08-18 02:49 -------- d-------- C:\Program Files\Hijackthis Version Fran‡aise 2006-08-16 23:27 -------- d-------- C:\Program Files\Java 2006-08-16 23:27 -------- d-------- C:\Documents and Settings\Alexandre\Application Data\Sun 2006-08-16 23:25 -------- d-------- C:\Program Files\Fichiers communs\Java 2006-08-16 23:18 -------- d-------- C:\Program Files\Common Files 2006-08-10 22:07 -------- d-------- C:\Documents and Settings\Alexandre\Application Data\MSN6 2006-08-07 22:05 -------- d-------- C:\Program Files\Microsoft Baseline Security Analyzer 2 2006-08-03 22:14 -------- d-------- C:\Documents and Settings\Alexandre\Application Data\Google 2006-08-01 12:42 28256 --a------ C:\WINDOWS\system32\drivers\MxlW2k.sys 2006-08-01 12:42 -------- d-------- C:\Program Files\MUSICMATCH 2006-08-01 12:41 -------- d-------- C:\Program Files\CyberLink 2006-08-01 12:41 -------- d-------- C:\Documents and Settings\Alexandre\Application Data\CyberLink 2006-07-27 22:26 -------- d-------- C:\Documents and Settings\Alexandre\Application Data\ArcSoft 2006-07-27 21:28 -------- d-------- C:\Program Files\Fichiers communs\ScanSoft Shared 2006-07-27 20:21 -------- d-------- C:\Documents and Settings\Alexandre\Application Data\Canon 2006-07-27 20:11 -------- d-------- C:\Program Files\Canon 2006-07-27 20:08 -------- d-------- C:\Program Files\ScanSoft 2006-07-27 20:08 -------- d-------- C:\Documents and Settings\Alexandre\Application Data\ScanSoft 2006-07-27 20:06 -------- d-------- C:\Program Files\ArcSoft 2006-07-27 15:26 679424 --a------ C:\WINDOWS\system32\inetcomm.dll 2006-07-26 15:31 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2006-07-26 15:31 262144 --a------ C:\WINDOWS\system32\wrap_oal.dll 2006-07-26 15:29 -------- d-------- C:\Program Files\Futuremark 2006-07-25 00:27 -------- d-------- C:\Program Files\WaterMelon 2006-07-24 23:57 -------- d-------- C:\Program Files\Lavalys 2006-07-24 23:55 23600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS 2006-07-24 23:31 -------- d-------- C:\Program Files\Fichiers communs\Teleca Shared 2006-07-24 23:10 -------- d-------- C:\Program Files\CCleaner 2006-07-24 19:51 64 --a------ C:\WINDOWS\cdccf.dll 2006-07-24 11:25 -------- d-------- C:\Documents and Settings\Alexandre\Application Data\BitTorrent 2006-07-21 10:27 72704 --a------ C:\WINDOWS\system32\hlink.dll 2006-07-17 17:00 -------- d-------- C:\Program Files\MSN Messenger 2006-07-17 11:56 -------- d-------- C:\Program Files\Kaspersky Lab 2006-07-09 10:30 -------- d-------- C:\Documents and Settings\Alexandre\Application Data\AdobeUM 2006-07-07 03:43 168576 --a------ C:\WINDOWS\system32\drivers\atinavt2.sys 2006-06-16 14:34 48936 --a------ C:\WINDOWS\system32\sirenacm.dll 2006-05-07 18:56 231936 --a------ C:\Program Files\regsearch.exe (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "OpwareSE2"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\OpwareSE2.exe\"" "OPSE reminder"="\"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\EregFre\\Ereg.exe\" -r \"C:\\Program Files\\ScanSoft\\OmniPageSE2.0\\EregFre\\ereg.ini\"" "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot" "kav"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\"" "SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe" "!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "ATIPTA"="\"C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\"" "ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=hex:91,00,00,00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000001 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="http://sbx.pagesjaunes.fr/RealMedia/ads/Creatives/20041200478061BMN0001/20041200478061BMN0001_C3.gif"'>http://sbx.pagesjaunes.fr/RealMedia/ads/Creatives/20041200478061BMN0001/20041200478061BMN0001_C3.gif" "SubscribedURL"="http://sbx.pagesjaunes.fr/RealMedia/ads/Creatives/20041200478061BMN0001/20041200478061BMN0001_C3.gif" "FriendlyName"="" "Flags"=dword:00000001 "Position"=hex:2c,00,00,00,6a,02,00,00,eb,00,00,00,d4,01,00,00,3c,00,00,00,e8,\ 03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:01,00,00,00 "OriginalStateInfo"=hex:18,00,00,00,6a,02,00,00,eb,00,00,00,d4,01,00,00,3c,00,\ 00,00,01,00,00,40 "RestoredStateInfo"=hex:14,6d,38,04,41,c0,ab,74,f8,8f,21,00,68,de,38,04,20,6d,\ 38,04,91,be,00,00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\1] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,00,04,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\ ff,ff,04,00,00,00 "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\ 00,00,01,00,00,00 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{35B2861B-2B26-4691-9FF0-09083722C736}"="RadExe Extension" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^Alexandre^Menu Démarrer^Programmes^Démarrage^carasexe.lnk] "path"="C:\\Documents and Settings\\Alexandre\\Menu Démarrer\\Programmes\\Démarrage\\carasexe.lnk" "backup"="C:\\WINDOWS\\pss\\carasexe.lnkStartup" "location"="Startup" "command"="C:\\PROGRA~1\\carasexe\\carasexe.exe " "item"="carasexe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Adobe Reader Speed Launch.lnk" "backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~2.EXE " "item"="Adobe Reader Speed Launch" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Lancement rapide d'Adobe Reader.lnk" "backup"="C:\\WINDOWS\\pss\\Lancement rapide d'Adobe Reader.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~2.EXE " "item"="Lancement rapide d'Adobe Reader" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lotus QuickStart.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Lotus QuickStart.lnk" "backup"="C:\\WINDOWS\\pss\\Lotus QuickStart.lnkCommon Startup" "location"="Common Startup" "command"="C:\\lotus\\wordpro\\ltsstart.exe " "item"="Lotus QuickStart" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="" "hkey"="HKLM" "command"="" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Adobe Photo Downloader] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="apdproxy" "hkey"="HKLM" "command"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ATICCC] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="cli" "hkey"="HKLM" "command"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\cli.exe\" runtime -Delay" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BDMCon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="bdmcon" "hkey"="HKLM" "command"="C:\\PROGRA~1\\Softwin\\BITDEF~1\\bdmcon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BDNewsAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="bdnagent" "hkey"="HKLM" "command"="\"C:\\PROGRA~1\\Softwin\\BITDEF~1\\bdnagent.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BDOESRV] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="bdoesrv" "hkey"="HKLM" "command"="C:\\Program Files\\Softwin\\BitDefender8\\bdoesrv.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\BDSwitchAgent] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="bdswitch" "hkey"="HKLM" "command"="C:\\Program Files\\Softwin\\BitDefender8\\bdswitch.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Cmaudio] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RunDll32 cmicnfg" "hkey"="HKLM" "command"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\CTFMON.EXE] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="ctfmon" "hkey"="HKCU" "command"="C:\\WINDOWS\\system32\\ctfmon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ImInstaller_IncrediMail] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="incredimail_install[1]" "hkey"="HKLM" "command"="C:\\DOCUME~1\\Isabelle\\LOCALS~1\\Temp\\ImInstaller\\IncrediMail\\incredimail_install[1].exe -startup -product IncrediMail" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\InstantTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PCLETray" "hkey"="HKCU" "command"="C:\\Program Files\\Pinnacle\\Shared Files\\InstantCDDVD\\PCLETray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\iTunesHelper] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iTunesHelper" "hkey"="HKLM" "command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\IW_Drop_Icon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="iwctrl" "hkey"="HKCU" "command"="C:\\Program Files\\Pinnacle\\InstantCDDVD\\InstantWrite\\iwctrl.exe /DropDisc" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\kav] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="avp" "hkey"="HKLM" "command"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\KernelFaultCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="dumprep 0 -k" "hkey"="HKLM" "command"="%systemroot%\\system32\\dumprep 0 -k" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Load] "key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows" "item"="????" "hkey"="HKCU" "command"="????" "inimapping"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mmtask] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mmtask" "hkey"="HKLM" "command"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MMTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mm_tray" "hkey"="HKLM" "command"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\mouseElf] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MouseElf" "hkey"="HKLM" "command"="C:\\PROGRA~1\\SCROLL~1\\MouseElf.EXE" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MSMSGS" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\MSMSGS.EXE\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\msnappau] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msnappau" "hkey"="HKLM" "command"="\"C:\\Program Files\\MSN Apps\\Updater\\01.03.0000.1005\\fr\\msnappau.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\My Web Search Bar] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="MWSBAR" "hkey"="HKLM" "command"="rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\MWSBAR.DLL,S" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MyWebSearch Email Plugin] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="mwsoemon" "hkey"="HKLM" "command"="C:\\PROGRA~1\\MYWEBS~1\\bar\\1.bin\\mwsoemon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PinnacleDriverCheck] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PSDrvCheck" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\PSDrvCheck.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Power2GoExpress] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Power2GoExpress" "hkey"="HKCU" "command"="\"C:\\Program Files\\CyberLink\\Power2Go\\Power2GoExpress.exe\" /Startup" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\PrinTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="printray" "hkey"="HKLM" "command"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\printray.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="qttask" "hkey"="HKLM" "command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RealTray] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="RealPlay" "hkey"="HKLM" "command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\RemoteControl] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PDVDServ" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\"" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Run] "key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows" "item"="????" "hkey"="HKCU" "command"="????" "inimapping"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Seticon] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="Seticon" "hkey"="HKLM" "command"="C:\\Program Files\\Icons\\Seticon.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SideWinderTrayV4] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="SWTrayV4" "hkey"="HKLM" "command"="C:\\PROGRA~1\\MICROS~2\\GAMECO~1\\Common\\SWTrayV4.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="realsched" "hkey"="HKLM" "command"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot" "inimapping"="0" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="PBKScheduler" "hkey"="HKLM" "command"="\"C:\\Program Files\\CyberLink\\PowerBackup\\PBKScheduler.exe\"" "inimapping"="0" ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20060818-235236-715 O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - C:\WINDOWS\system32\urroxtl.dll (file missing) backup-20060818-235236-322 O20 - Winlogon Notify: winpdc32 - winpdc32.dll (file missing) backup-20060818-235236-630 O20 - Winlogon Notify: pmnnk - C:\WINDOWS\system32\pmnnk.dll (file missing) backup-20060818-235236-203 O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab backup-20060818-235236-502 O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) backup-20060818-235236-286 O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\Safety Bar.dll (file missing) backup-20060818-235236-399 O4 - HKCU\..\Run: [Oiaa] "C:\WINDOWS\system32\PPPATC~1\svchost.exe" -vt ndrv backup-20060818-235236-213 O4 - HKCU\..\Run: [HijackThis startup scan] C:\Program Files\Hijackthis Version Française\HijackThis.exe /startupscan backup-20060818-235236-303 O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...29YYFR_ZZzer000 backup-20060818-235236-589 R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) backup-20060818-235236-506 O2 - BHO: (no name) - {0F60FE1E-E974-481E-A45A-4C81E19EAB00} - C:\WINDOWS\system32\pmnnk.dll (file missing) Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Maintenance en 1 clic.job Completion time: 28/08/2006 23:22:02.65 ComboFix.txt Hijackthis.log : Logfile of HijackThis v1.99.1 Scan saved at 23:28:00, on 28/08/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\notepad.exe C:\PROGRA~1\Wanadoo\Utilisateur1\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{9F81408E-E240-4A89-BC63-3B65FF2DF572}: NameServer = 80.118.192.100 80.118.196.36 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: sockspy.dll sockspy.dll sockspy.dll sockspy.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing) O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Startuplist.text : StartupList report, 28/08/2006, 23:27:10 StartupList version: 1.52.2 Started from : C:\PROGRA~1\Wanadoo\Utilisateur1\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\Wanadoo\Utilisateur1\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Alexandre\Menu Démarrer\Programmes\Démarrage] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage] Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\Userinit.exe [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime OpwareSE2 = "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" OPSE reminder = "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini" TkBellExe = "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot kav = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe !ewido = "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd ATIPTA = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ATICCC = "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\System32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install [{8b15971b-5355-4c82-8c07-7e181ea07608}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run= HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= sockspy.dll sockspy.dll sockspy.dll sockspy.dll -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (no name) - c:\program files\google\googletoolbar1.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7} (no name) - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -------------------------------------------------- Enumerating Task Scheduler jobs: Maintenance en 1 clic.job -------------------------------------------------- Enumerating Download Program Files: [DirectAnimation Java Classes] CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd [Microsoft XML Parser for Java] CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd [ActiveScan Installer Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab [Hotmail Attachments Control] InProcServer32 = C:\WINDOWS\Downloaded Program Files\HMAtchmt.ocx CODEBASE = http://by101fd.bay101.hotmail.msn.com/activex/HMAtchmt.ocx -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\Syste
  23. J'oubliais ça aussi Kaspersky m'a sorti ça : le 25 août supprimé : application présentant un risque potentiel not-a-virus:RiskTool.Win32.Reboot.f Le fichier: C:\System Volume Information\_restore{D5D89400-4AFC-4208-9B3B-929F42320FF5}\RP414\A0292226.exe supprimé : application présentant un risque potentiel not-a-virus:RiskTool.Win32.Reboot.f Le fichier: C:\System Volume Information\_restore{D5D89400-4AFC-4208-9B3B-929F42320FF5}\RP414\A0292227.exe
  24. Salut Charles ! Comment vas tu ? Search.bat s'ouvre correctement mais les fichiers sont toujours introuvables. Le Pc fonctionne bien mais de temps en temps il refuse de s'éteindre ou de redemarrer et donc je suis obligé d'utiliser le bouton power de la tour. Voilà pour les news à pluss tard J'oubliais... Un programme est apparu dans C:\Program Files\Fichiers communs et il s'appelle Y1123OU.exe et c'est bizzare car je suis presque certain qu'il n'y était pas il y'a encore quelques jours ! sais tu ce que cela pourrait être ?
  25. Bonsoir Charles ! J'ai réussi a eliminer en mode normal C:\Program Files\Fichiers communs\{54DE9AC5-078B-1036-0721-040119050021} et vider la corbeille atf cleaner en mode normal et après le rapport ci dessous Je repasse tout à l'heure pour te filer le reste qui doit être réalisé en mode sans échec a+ Rapport chercher.cmd en mode normal C:\WINDOWS\System32\wpa.dbl -->24/08/2006 16:12:34 C:\WINDOWS\System32\PerfStringBackup.INI -->23/08/2006 22:06:34 C:\WINDOWS\System32\perfh00C.dat -->23/08/2006 22:06:34 C:\WINDOWS\System32\perfh009.dat -->23/08/2006 22:06:34 C:\WINDOWS\System32\perfc00C.dat -->23/08/2006 22:06:34 C:\WINDOWS\System32\perfc009.dat -->23/08/2006 22:06:34 C:\WINDOWS\System32\d3d8caps.dat -->23/08/2006 21:56:53 C:\WINDOWS\System32\Uninstall.ico -->19/08/2006 01:44:20 C:\WINDOWS\System32\pavas.ico -->19/08/2006 01:44:20 C:\WINDOWS\System32\Help.ico -->19/08/2006 01:44:20 C:\WINDOWS\System32\asfiles.txt -->19/08/2006 00:53:24 C:\WINDOWS\System32\jupdate-1.5.0_06-b05.log -->16/08/2006 23:27:25 C:\WINDOWS\System32\mapisvc.inf -->15/08/2006 23:44:27 C:\WINDOWS\System32\MRT.exe -->03/08/2006 03:22:50 C:\WINDOWS\System32\atiiiexx.dll -->03/08/2006 00:12:18 C:\WINDOWS\System32\ati2dvag.dll -->03/08/2006 00:08:06 C:\WINDOWS\System32\atipdlxx.dll -->03/08/2006 00:02:58 C:\WINDOWS\System32\Oemdspif.dll -->03/08/2006 00:02:42 C:\WINDOWS\System32\Ati2mdxx.exe -->03/08/2006 00:02:36 C:\WINDOWS\System32\ati2edxx.dll -->03/08/2006 00:02:31 C:\WINDOWS\System32\ati2evxx.dll -->03/08/2006 00:02:23 C:\WINDOWS\System32\ati2evxx.exe -->03/08/2006 00:01:21 C:\WINDOWS\System32\ATIDDC.DLL -->03/08/2006 00:00:52 C:\WINDOWS\System32\ati3duag.dll -->02/08/2006 23:55:58 C:\WINDOWS\System32\ativvaxx.dll -->02/08/2006 23:51:50 C:\WINDOWS\WindowsUpdate.log -->24/08/2006 11:35:26 C:\WINDOWS\0.log -->24/08/2006 11:34:32 C:\WINDOWS\ModemLog_Smart Link 56K Voice Modem.txt -->24/08/2006 11:34:28 C:\WINDOWS\wiadebug.log -->24/08/2006 11:34:18 C:\WINDOWS\wiaservc.log -->24/08/2006 11:34:14 C:\WINDOWS\bootstat.dat -->24/08/2006 11:32:39 C:\WINDOWS\SchedLgU.Txt -->23/08/2006 23:53:43 C:\WINDOWS\setupapi.log -->23/08/2006 22:13:34 C:\WINDOWS\ATIWDM.LOG -->23/08/2006 21:55:12 C:\WINDOWS\WININIT.INI -->23/08/2006 21:45:12 C:\WINDOWS\win.ini -->23/08/2006 16:49:42 C:\WINDOWS\system.ini -->23/08/2006 16:49:42 C:\WINDOWS\ntbtlog.txt -->23/08/2006 16:42:17 C:\WINDOWS\wmsetup.log -->22/08/2006 21:06:38 C:\WINDOWS\QTFont.qfn -->19/08/2006 15:12:06 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 54DE-9AC5 Répertoire de C:\WINDOWS\system 17/02/2004 11:51 1 458 176 SmWizard.exe 1 fichier(s) 1 458 176 octets 0 Rép(s) 36 115 333 120 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 54DE-9AC5 Répertoire de C:\WINDOWS\system32 20/08/2004 01:09 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 36 115 333 120 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 54DE-9AC5 Répertoire de C:\WINDOWS\Downloaded Program Files 19/08/2006 01:25 <REP> . 19/08/2006 01:25 <REP> .. 11/04/2006 17:10 135 168 asinst.dll 03/04/2006 11:00 537 asinst.inf 21/09/2005 00:32 180 560 AxisCamControl.ocx 13/07/2004 12:30 65 desktop.ini 14/10/1997 18:52 697 DirectAnimation Java Classes.osd 14/07/2005 18:28 365 f3initialsetup1.0.0.15.inf 16/08/2006 23:10 113 408 HMAtchmt.ocx 02/08/2005 16:48 495 LegitCheckControl.inf 20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd 31/05/2002 10:20 117 328 purfr-fr.dll 15/10/2004 07:59 110 592 PURfr-xx.dll 24/07/2006 23:55 23 600 tvichw32.sys 12 fichier(s) 683 977 octets Total des fichiers listés : 12 fichier(s) 683 977 octets 2 Rép(s) 36 115 333 120 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 54DE-9AC5 Répertoire de C:\Program Files 25/08/2006 00:11 <REP> . 25/08/2006 00:11 <REP> .. 07/08/2005 00:41 <REP> a2 19/02/2006 16:14 <REP> Adobe 07/08/2005 00:29 <REP> AIDA32 - Enterprise System Information 23/11/2005 12:27 <REP> Alcohol Soft 14/08/2005 13:55 443 alexandre_bedeau-flt1utraffic1.key 27/07/2006 20:06 <REP> ArcSoft 22/09/2005 23:48 <REP> ATC Radar Screen v5 23/08/2006 21:54 <REP> ATI Technologies 08/09/2005 01:16 <REP> Bevelstone Production 18/07/2004 18:22 <REP> C-Media 27/07/2006 20:11 <REP> Canon 24/07/2006 23:10 <REP> CCleaner 28/05/2006 13:16 <REP> CDDC-ECalc 22/07/2005 13:55 <REP> CleanUp! 16/08/2006 23:18 <REP> Common Files 13/07/2004 12:29 <REP> ComPlus Applications 01/08/2006 12:41 <REP> CyberLink 31/01/2005 16:47 <REP> DFX 13/12/2005 16:03 <REP> DivX 23/08/2006 21:49 <REP> Driver Cleaner 11/06/2006 15:42 <REP> Drivers Headquarters 31/12/2004 16:22 <REP> Electronic Arts 22/03/2006 19:11 <REP> eMule 24/08/2006 16:15 <REP> ewido anti-spyware 4.0 25/03/2005 22:34 <REP> fdjeux 25/08/2006 00:15 <REP> Fichiers communs 25/03/2006 16:39 <REP> FileZilla 09/09/2005 01:49 4 774 918 FileZilla.zip 08/10/2005 02:49 <REP> FSFDT 24/09/2003 07:45 364 544 FSHostSpy11.exe 26/07/2006 15:29 <REP> Futuremark 19/08/2006 00:53 <REP> Google 28/05/2006 13:02 <REP> HardwareDetection 13/07/2004 14:49 <REP> HighMAT CD Writing Wizard 18/08/2006 02:49 <REP> Hijackthis Version Française 08/08/2004 18:56 <REP> Icons 14/03/2005 10:43 <REP> ICQLite 26/11/2005 11:23 <REP> IKEA Home Planner Kitchen 19/08/2006 00:53 <REP> Internet Explorer 29/05/2006 20:51 <REP> iPod 17/07/2005 13:21 <REP> IrfanView 29/05/2006 20:51 <REP> iTunes 16/08/2006 23:27 <REP> Java 17/07/2006 11:56 <REP> Kaspersky Lab 24/07/2006 23:57 <REP> Lavalys 23/12/2005 00:40 <REP> Lead Pursuit 28/08/2004 10:09 <REP> LotusSAP 20/09/2005 23:32 <REP> Manuel Database Creator v1.0 23/08/2004 23:16 <REP> Maxis 07/08/2006 22:05 <REP> Microsoft Baseline Security Analyzer 2 13/07/2004 12:31 <REP> microsoft frontpage 20/08/2005 03:08 <REP> Microsoft Games 23/08/2004 18:16 <REP> Microsoft Hardware 22/04/2005 04:18 <REP> Movie Maker 13/07/2004 12:28 <REP> MSN 20/04/2005 23:25 <REP> MSN Apps 26/11/2005 11:23 <REP> MSN Gaming Zone 17/07/2006 17:00 <REP> MSN Messenger 14/02/2005 21:20 <REP> MultiRes 01/08/2006 12:42 <REP> MUSICMATCH 21/05/2005 20:46 <REP> Namtuk 27/11/2004 12:00 <REP> NetMeeting 02/09/2005 13:09 <REP> Now3D 08/12/2004 10:46 13 104 312 nvcforwindows.exe 16/04/2006 00:31 <REP> Outlook Express 08/06/2006 14:10 <REP> ppl 14/04/2006 09:59 <REP> Project AI 19/08/2006 00:53 <REP> QuickTime 05/11/2004 22:34 <REP> QuickZip 28/05/2006 13:23 <REP> Radeon Omega Drivers 02/11/2004 23:15 <REP> Real 07/05/2006 18:56 231 936 regsearch.exe 20/08/2006 20:44 1 318 RegSearch.txt 27/07/2006 20:08 <REP> ScanSoft 13/07/2004 12:30 <REP> Services en ligne 19/08/2006 00:53 <REP> Spybot - Search & Destroy 05/01/2006 23:43 <REP> Teamspeak2_RC2 23/08/2005 12:10 <REP> TomTom Go-AK8SQ AAETN 26/11/2005 11:23 <REP> TuneUp Utilities 2004 11/10/2004 22:29 <REP> Ubisoft 14/08/2005 13:40 223 095 825 UltimateTraffic.exe 23/07/2005 16:42 <REP> VIA 03/11/2004 14:02 <REP> Viewpoint 11/08/2005 01:08 <REP> Wanadoo 25/07/2006 00:27 <REP> WaterMelon 13/07/2004 14:53 <REP> Windows Journal Viewer 27/04/2006 11:10 <REP> Windows Media Connect 27/04/2006 11:10 <REP> Windows Media Connect 2 19/02/2006 01:27 <REP> Windows Media Player 27/11/2004 12:00 <REP> Windows NT 23/12/2005 00:33 <REP> WinRAR 13/07/2004 12:31 <REP> xerox 31/05/2005 14:45 <REP> YAFSScreen 7 fichier(s) 241 573 296 octets 88 Rép(s) 36 115 320 832 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 54DE-9AC5 Répertoire de C:\Program Files\fichiers communs 25/08/2006 00:15 <REP> . 25/08/2006 00:15 <REP> .. 02/12/2005 10:35 <REP> Adobe 03/11/2004 14:02 <REP> aolshare 06/09/2005 21:48 <REP> InstallShield 16/08/2006 23:25 <REP> Java 13/07/2004 14:53 <REP> Microsoft Shared 13/07/2004 12:29 <REP> MSSoap 06/04/2005 00:17 <REP> NSV 13/07/2004 13:25 <REP> ODBC 08/05/2006 22:28 <REP> Real 27/07/2006 21:28 <REP> ScanSoft Shared 13/07/2004 12:29 <REP> Services 17/07/2005 13:37 <REP> Softwin 13/07/2004 13:25 <REP> SpeechEngines 16/04/2006 00:31 <REP> System 24/07/2006 23:31 <REP> Teleca Shared 18/11/2005 21:41 <REP> Wise Installation Wizard 08/05/2006 22:28 <REP> xing shared 0 fichier(s) 0 octets 19 Rép(s) 36 115 324 928 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 54DE-9AC5 Répertoire de C:\Program Files\common files 16/08/2006 23:18 <REP> . 16/08/2006 23:18 <REP> .. 06/04/2005 00:17 <REP> Nullsoft 16/08/2006 23:18 <REP> SKS~1 04/08/2004 17:51 <REP> System 0 fichier(s) 0 octets 5 Rép(s) 36 115 324 928 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 54DE-9AC5 Répertoire de C:\ 27/12/2005 20:02 1 716 617 Ramp Start Trainer.exe 1 fichier(s) 1 716 617 octets 0 Rép(s) 36 115 324 928 octets libres c:\Documents and Settings\Alexandre\Application Data\Microsoft\Installer\{1EC65D1D-3911-4F7D-8B6A-63C69EDBFC6E}\_20e36a9a.exe c:\Documents and Settings\Alexandre\Application Data\Microsoft\Installer\{1EC65D1D-3911-4F7D-8B6A-63C69EDBFC6E}\_5a9f4086.exe c:\Documents and Settings\Alexandre\Bureau\AFCAD.exe c:\Documents and Settings\Alexandre\Bureau\LFiles.exe c:\Documents and Settings\Alexandre\Bureau\TrafficLook.exe c:\Documents and Settings\Alexandre\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Bases\avcmhk4.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\USMT\iconlib.dll Vérifications de quelques clefs Recherche de clefs EGDACCESS HKLM\SOFTWARE\Microsoft\Windows\explorer\SharedTaskScheduler
×
×
  • Créer...