Aller au contenu

maxcool99

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    44

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par maxcool99

  1. maxcool99
    Up..
  2. maxcool99
    UP.......... 1 semaine...
  3. maxcool99
    Quasiement 1 semaine... UP...............................
  4. maxcool99
    Up...
  5. maxcool99
    Up! Mon post a descendu en deuxieme page.. donc, j'ai décider de le remonter !
  6. maxcool99
    Bien le bonjour, Voici mon problème, depuis quelques temps, mon internet se déconnecte sans aucune raison. Il arrive qu'il se déconnecte 2 a 3 fois en moins de 5 minutes. Ils mes mêmes arrivés qu'il se deconnecte plus de 10fois en moins d'une heure. Ce problème deviens gêner.. surtout en jouant a des jeux en lignes.. ou tout simplement en naviguant sur internet, sa deviens frustrant! J'ai fais des scans avec : Ad-Aware, Spybot, Antivir.. j'ai nettoyé les registres avec EasyCleaner et CCleaner. Le problème ne provient pas de mon FAI nommé Sympatico .. enfin je ne penses pas, car les proches de ma famille utilise aussi ce FAI et n'ont aucun problème.. peut-être cela viens t-il de mon modem ? Un SPEEDSTREAM 6300.. Enfin, j'espère que vous pourrez résoudre mon problème. Voici le rapport HiJackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:37:21, on 2007-08-16 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe E:\PowerDVD\PDVDServ.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\Office\OSA.EXE C:\Program Files\Microsoft Office\Office\FINDFAST.EXE C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe C:\Program Files\AntiVir PersonalEdition Classic\update.exe D:\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - E:\PROGRA~1\FlashFXP\IEFlash.dll O4 - HKLM\..\Run: [LiveNote] livenote.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [RemoteControl] E:\PowerDVD\PDVDServ.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [bitTorrent] "D:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1175737161640 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/...erInstaller.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: 3Com DMI Agent (3ComDMIService) - 3Com Corporation - C:\WINDOWS\System32\3Com_DMI\3CDMINIC.EXE O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Remote Procedure Call (RPC) MO (RPCSE) - Unknown owner - C:\Program.exe (file missing) -- End of file - 7330 bytes -- J'ai aussi remarque que mon Antivirus ( AntiVir ) ne fais plus ses mises a jours automatiquement et qu'il faut que je les downloads manuellement.. et cela prendre plusieurs minutes.. Aussi, je ne suis pas capable de faire les nouvelles updates pour Ad-Aware.. J'ai aussi remarqué que AntiVir, dans l'onglet Guard, trouves toujours se fichier : Last File Found: C:\WINDOWS\Intel.DLL Last Detection Found: TR/Agent.562688 Cordialement.
  7. maxcool99

    WinXP Pro a WIN98

    maxcool99 a posté un sujet dans Software

    Bonjour, Un de mes amis m'a passé son ordinateur pour le formater et installer Win98 car son ordinateur bug sous WinXP. Le problème c'est que je recherche des tuto sur internet.. mais rien. J'ai fais la disquette de boot de Win98.. et je sais qu'il faut formater en FAT32 .. mais je ne sais pas comment. J'aimerais que quelqu'un me donne un site ou ecrive un tuto, assez simple, pour formater WinXP Pro et installer WIN98. Merci d'avance.
  8. maxcool99
    Bonjour, Depuis hier, en ouvrant mon ordinateur et cliquant sur une de mes sessions, Windows apparait un erreur en disant qu'il doit fermé et qu'il y a un objet infecté ( si je me rapelle bien ). Je clique sur ne pas envoyer et le message disparaît et je peux continuer mon travail, etc.. J'ai fais un scan : Ad-Aware -> Rien Trouvé SpyBot -> 3 Objets Voilà mon rapport HiJackThis : Logfile of HijackThis v1.99.1 Scan saved at 12:28:27, on 28/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe E:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\smax4.exe C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HiJackThis\maxcool99.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [soundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\system32\Explorer.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Clean Traces - E:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - E:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - E:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155414015232 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{69A80283-FCB8-48DB-9EA0-1C6C6D144727}: NameServer = 206.47.244.89 206.47.244.61 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - E:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe Merci d'avance.
  9. maxcool99
    Je viens de faire un analyse en mode sans échec avec AntiVir et il a detecté : WIN95/Blumblebee.1738 ( Je pense qu'il est très dangereux ) et j'ai cliquer sur Delete pour qu'il le supprime Est-il dangereux se WIN95/Blumblebee.1738 ?
  10. maxcool99
    Je recommence a sentir les ralentissements.. et avoir 150ping sur counter-strike.. des 125-1000 ping sur ventrilo.. J'va peter les plombs -_-
  11. maxcool99
    SmitFraudFix v2.102 Rapport fait à 11:22:39,73, 30/09/2006 Executé à partir de C:\Documents and Settings\maxime\Bureau\Nettoyage\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\maxime »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\maxime\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\maxime\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin ------------------------------ FPort v2.0 - TCP/IP Process to Port Mapper Copyright 2000 by Foundstone, Inc. http://www.foundstone.com Pid Process Port Proto Path 452 -> 1028 TCP 1864 -> 1042 TCP 1080 -> 135 TCP 1380 -> 2869 TCP 4 System -> 139 TCP 0 System -> 2108 TCP 0 System -> 2111 TCP 0 System -> 2123 TCP 4 System -> 445 TCP 3232 Ventrilo -> 1378 TCP E:\Program Files\Ventrilo\Ventrilo.exe 324 iexplore -> 2114 TCP C:\Program Files\Internet Explorer\iexplore.exe 324 iexplore -> 2115 TCP C:\Program Files\Internet Explorer\iexplore.exe 324 iexplore -> 2116 TCP C:\Program Files\Internet Explorer\iexplore.exe 324 iexplore -> 2119 TCP C:\Program Files\Internet Explorer\iexplore.exe 324 iexplore -> 2122 TCP C:\Program Files\Internet Explorer\iexplore.exe 1864 -> 1030 UDP 1380 -> 1044 UDP 452 -> 1900 UDP 1080 -> 445 UDP 0 System -> 1098 UDP 0 System -> 123 UDP 0 System -> 137 UDP 0 System -> 1376 UDP 0 System -> 138 UDP 0 System -> 1598 UDP 0 System -> 1900 UDP 4 System -> 500 UDP 4 System -> 53 UDP 3232 Ventrilo -> 1082 UDP E:\Program Files\Ventrilo\Ventrilo.exe 324 iexplore -> 1031 UDP C:\Program Files\Internet Explorer\iexplore.exe 324 iexplore -> 1155 UDP C:\Program Files\Internet Explorer\iexplore.exe 324 iexplore -> 123 UDP C:\Program Files\Internet Explorer\iexplore.exe 324 iexplore -> 4500 UDP C:\Program Files\Internet Explorer\iexplore.exe PsList 1.26 - Process Information Lister Copyright © 1999-2004 Mark Russinovich Sysinternals - www.sysinternals.com Process information for YVES-PSVBU48ITW: Name Pid Pri Thd Hnd VM WS Priv Idle 0 0 2 0 0 16 0 System 4 8 70 621 1904 248 0 smss 648 11 3 21 3828 396 168 csrss 708 13 12 500 66344 5152 1784 winlogon 788 13 15 419 54292 6276 7132 services 832 9 16 284 37524 4464 2032 alg 452 8 6 107 33436 3680 1156 svchost 992 8 17 220 61640 5752 3060 svchost 1080 8 9 286 38156 7260 1804 svchost 1200 8 78 1660 151228 34376 18536 svchost 1308 8 6 87 30420 3408 1300 svchost 1380 8 20 279 49328 7716 3648 spoolsv 1508 8 11 146 44572 6204 3832 guard 1840 8 8 56 53920 1680 26048 kavsvc 1864 8 0 871 132460 15768 27276 svchost 1924 8 6 129 36312 4424 2384 wdfmgr 1940 8 4 67 14836 1924 1508 svchost 2136 8 8 95 36868 3612 1548 lsass 844 9 20 361 41900 1416 3788 explorer 180 8 23 653 99760 14180 20804 cmd 320 8 1 19 13860 1804 1544 iexplore 324 8 23 676 167696 21080 26400 rundll32 684 8 1 28 26260 2752 1640 kav 692 8 0 114 37708 1708 1692 hpwuSchd2 748 8 1 24 24704 2016 532 jusched 768 8 1 24 18492 2072 472 ctfmon 1064 8 1 67 29796 3188 836 hpqtra08 1228 8 4 165 48872 9352 5160 hpqste08 2600 8 2 208 62364 14352 5528 cmd 2388 8 1 21 13824 1512 1484 pslist 3952 13 2 92 17788 1736 752 Ventrilo 3232 8 12 380 68684 10992 5052 SMax4PNP 3000 8 3 96 36932 3868 2152 ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 180 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path *** Loaded C:\WINDOWS\system32\kernel32.dll differs from file image: *** File timestamp: Wed Jul 05 06:56:38 2006 *** Loaded image timestamp: Wed Jul 05 06:56:39 2006 *** 0x7c800000 0x104000 5.01.2600.2945 C:\WINDOWS\system32\kernel32.dll 0x77ef0000 0x47000 5.01.2600.2818 C:\WINDOWS\system32\GDI32.dll 0x77d10000 0x90000 5.01.2600.2622 C:\WINDOWS\system32\USER32.dll 0x77f40000 0x76000 6.00.2900.2937 C:\WINDOWS\system32\SHLWAPI.dll 0x7c9d0000 0x823000 6.00.2900.2951 C:\WINDOWS\system32\SHELL32.dll 0x774a0000 0x13d000 5.01.2600.2726 C:\WINDOWS\system32\ole32.dll 0x75f10000 0xfd000 6.00.2900.2937 C:\WINDOWS\system32\BROWSEUI.dll 0x77720000 0x16f000 6.00.2900.2937 C:\WINDOWS\system32\SHDOCVW.dll 0x6fee0000 0x54000 5.01.2600.2952 C:\WINDOWS\system32\NETAPI32.dll 0x77aa0000 0xa7000 6.00.2900.2937 C:\WINDOWS\system32\WININET.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76920000 0x8000 5.01.2600.2751 C:\WINDOWS\system32\LINKINFO.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x76d10000 0x19000 5.01.2600.2912 C:\WINDOWS\system32\iphlpapi.dll 0x77170000 0xa0000 6.00.2900.2960 C:\WINDOWS\system32\urlmon.dll 0x01330000 0x2c6000 3.01.4000.2435 C:\WINDOWS\system32\msi.dll 0x72c60000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv 0x0ffd0000 0x28000 5.01.2600.2161 C:\WINDOWS\system32\rsaenh.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x00fb0000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x03960000 0x13000 5.00.0001.0018 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll 0x75be0000 0x6e000 5.06.0000.8831 c:\windows\system32\jscript.dll 0x039d0000 0xc000 5.00.0388.0001 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll 0x039e0000 0xc000 5.00.0388.0000 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll 0x039f0000 0x1d000 5.00.0388.0000 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll 0x03a10000 0x9000 5.00.0388.0001 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll 0x03a20000 0x8000 5.00.0388.0000 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll 0x03a30000 0x24000 5.00.0388.0001 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll 0x20500000 0x11000 5.00.0388.0002 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll 0x03a60000 0x76000 5.00.0388.0001 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll 0x5dd00000 0x20000 5.00.0388.0000 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll 0x03b00000 0x24000 5.00.0388.0000 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl 0x5da00000 0xc000 5.00.0388.0000 c:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl 0x03bb0000 0x17000 5.00.0388.0000 c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl 0x03bd0000 0x18000 5.00.0388.0000 c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl 0x5db00000 0x7000 5.00.0388.0000 c:\program files\kaspersky lab\kaspersky anti-virus personal pro\tempfile.ppl 0x73a80000 0x15000 5.01.2600.2709 C:\WINDOWS\system32\mscms.dll 0x10000000 0x13000 4.00.0000.0172 C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll 0x086d0000 0x246000 10.00.0000.3802 C:\WINDOWS\system32\wmvcore.dll 0x070d0000 0x3a000 10.00.0000.3802 C:\WINDOWS\system32\WMASF.DLL 0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\system32\MSISIP.DLL 0x74e10000 0x10000 5.06.0000.8820 C:\WINDOWS\System32\wshext.dll 0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL 0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL 0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\System32\wshFR.DLL ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ iexplore.exe pid: 324 Command line: "C:\Program Files\Internet Explorer\iexplore.exe" Base Size Version Path *** Loaded C:\WINDOWS\system32\kernel32.dll differs from file image: *** File timestamp: Wed Jul 05 06:56:38 2006 *** Loaded image timestamp: Wed Jul 05 06:56:39 2006 *** 0x7c800000 0x104000 5.01.2600.2945 C:\WINDOWS\system32\kernel32.dll 0x77d10000 0x90000 5.01.2600.2622 C:\WINDOWS\system32\USER32.dll 0x77ef0000 0x47000 5.01.2600.2818 C:\WINDOWS\system32\GDI32.dll 0x77f40000 0x76000 6.00.2900.2937 C:\WINDOWS\system32\SHLWAPI.dll 0x77720000 0x16f000 6.00.2900.2937 C:\WINDOWS\system32\SHDOCVW.dll 0x774a0000 0x13d000 5.01.2600.2726 C:\WINDOWS\system32\ole32.dll 0x6fee0000 0x54000 5.01.2600.2952 C:\WINDOWS\system32\NETAPI32.dll 0x77aa0000 0xa7000 6.00.2900.2937 C:\WINDOWS\system32\WININET.dll 0x7c9d0000 0x823000 6.00.2900.2951 C:\WINDOWS\system32\SHELL32.dll 0x75f10000 0xfd000 6.00.2900.2937 C:\WINDOWS\system32\BROWSEUI.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x77170000 0xa0000 6.00.2900.2960 C:\WINDOWS\system32\urlmon.dll 0x6d600000 0x2d000 5.00.0060.0005 C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll 0x76d10000 0x19000 5.01.2600.2912 C:\WINDOWS\system32\iphlpapi.dll 0x0ffd0000 0x28000 5.01.2600.2161 C:\WINDOWS\system32\rsaenh.dll 0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll 0x76f70000 0x6000 5.01.2600.2938 C:\WINDOWS\system32\rasadhlp.dll 0x7dbf0000 0x2f5000 6.00.2900.2963 C:\WINDOWS\System32\mshtml.dll 0x74630000 0x27000 3.10.0349.0000 C:\WINDOWS\System32\msls31.dll 0x10000000 0x13000 5.00.0001.0018 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrchpg.dll 0x75be0000 0x6e000 5.06.0000.8831 c:\windows\system32\jscript.dll 0x02240000 0xc000 5.00.0388.0001 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\scrch_ag.dll 0x02250000 0xc000 5.00.0388.0000 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\FSSync.dll 0x02260000 0x1d000 5.00.0388.0000 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\pr_rmt.dll 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x02280000 0x9000 5.00.0388.0001 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ccclient.dll 0x02290000 0x8000 5.00.0388.0000 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\klipc.dll 0x022a0000 0x24000 5.00.0388.0001 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\KLUtil.dll 0x20500000 0x11000 5.00.0388.0002 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\rpt.dll 0x20200000 0x76000 5.00.0388.0001 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\CCIFACE.dll 0x5dd00000 0x20000 5.00.0388.0000 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prloader.dll 0x023f0000 0x24000 5.00.0388.0000 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\prkernel.ppl 0x5da00000 0xc000 5.00.0388.0000 c:\program files\kaspersky lab\kaspersky anti-virus personal pro\prstring.ppl 0x02560000 0x17000 5.00.0388.0000 c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_srv.ppl 0x02580000 0x18000 5.00.0388.0000 c:\program files\kaspersky lab\kaspersky anti-virus personal pro\pr_clnt.ppl 0x5db00000 0x7000 5.00.0388.0000 c:\program files\kaspersky lab\kaspersky anti-virus personal pro\tempfile.ppl 0x672b0000 0x40000 6.00.2900.2937 C:\WINDOWS\System32\iepeers.dll 0x30000000 0x2de000 9.00.0016.0000 C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx 0x72c60000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv 0x07510000 0x549000 10.00.0000.4036 C:\WINDOWS\system32\wmp.dll 0x08260000 0x344000 10.00.0000.3646 C:\WINDOWS\system32\wmploc.dll 0x73250000 0x67000 5.06.0000.8820 C:\WINDOWS\system32\vbscript.dll 0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL 0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL 0x79000000 0x45000 2.00.50727.0042 C:\WINDOWS\system32\mscoree.dll 0x63f00000 0xc000 2.00.50727.0042 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll 0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll 0x05190000 0x8000 5.01.2600.2937 C:\WINDOWS\system32\xpsp3res.dll 0x761c0000 0x71000 6.00.2900.2937 C:\WINDOWS\System32\mshtmled.dll 0x748f0000 0x130000 8.50.2162.0000 C:\WINDOWS\System32\msxml3.dll 0x7df30000 0x89000 5.02.3790.2744 C:\WINDOWS\System32\hhctrl.ocx 0x68d60000 0x19000 4.74.9273.0000 C:\WINDOWS\System32\mui\000c\hhctrlui.dll 0x68100000 0x24000 5.01.2600.2133 C:\WINDOWS\system32\dssenh.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x76920000 0x8000 5.01.2600.2751 C:\WINDOWS\system32\LINKINFO.dll 0x73220000 0x5000 5.131.2600.0000 C:\WINDOWS\system32\SOFTPUB.DLL 0x6c270000 0x36000 6.03.2900.2937 C:\WINDOWS\System32\dxtrans.dll 0x6c2b0000 0x5a000 6.03.2900.2937 C:\WINDOWS\System32\dxtmsft.dll 0x506a0000 0x74000 5.08.0000.2469 C:\WINDOWS\System32\wuapi.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 788 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe *** Loaded C:\WINDOWS\system32\kernel32.dll differs from file image: *** File timestamp: Wed Jul 05 06:56:38 2006 *** Loaded image timestamp: Wed Jul 05 06:56:39 2006 *** 0x7c800000 0x104000 5.01.2600.2945 C:\WINDOWS\system32\kernel32.dll 0x77680000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll 0x77d10000 0x90000 5.01.2600.2622 C:\WINDOWS\system32\USER32.dll 0x77ef0000 0x47000 5.01.2600.2818 C:\WINDOWS\system32\GDI32.dll 0x6fee0000 0x54000 5.01.2600.2952 C:\WINDOWS\system32\NETAPI32.dll 0x7c9d0000 0x823000 6.00.2900.2951 C:\WINDOWS\system32\SHELL32.dll 0x77f40000 0x76000 6.00.2900.2937 C:\WINDOWS\system32\SHLWAPI.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x774a0000 0x13d000 5.01.2600.2726 C:\WINDOWS\system32\ole32.dll 0x0ffd0000 0x28000 5.01.2600.2161 C:\WINDOWS\system32\rsaenh.dll 0x011d0000 0xae000 1.05.0540.0000 C:\WINDOWS\system32\WgaLogon.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76d10000 0x19000 5.01.2600.2912 C:\WINDOWS\system32\iphlpapi.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x72c60000 0x8000 5.01.2600.0000 C:\WINDOWS\system32\msacm32.drv ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ services.exe pid: 832 Command line: C:\WINDOWS\system32\services.exe Base Size Version Path *** Loaded C:\WINDOWS\system32\kernel32.dll differs from file image: *** File timestamp: Wed Jul 05 06:56:38 2006 *** Loaded image timestamp: Wed Jul 05 06:56:39 2006 *** 0x7c800000 0x104000 5.01.2600.2945 C:\WINDOWS\system32\kernel32.dll 0x77d10000 0x90000 5.01.2600.2622 C:\WINDOWS\system32\USER32.dll 0x77ef0000 0x47000 5.01.2600.2818 C:\WINDOWS\system32\GDI32.dll 0x77680000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll 0x7dbc0000 0x21000 5.01.2600.2744 C:\WINDOWS\system32\umpnpmgr.dll 0x6fee0000 0x54000 5.01.2600.2952 C:\WINDOWS\system32\NETAPI32.dll 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x774a0000 0x13d000 5.01.2600.2726 C:\WINDOWS\system32\ole32.dll 0x7c9d0000 0x823000 6.00.2900.2951 C:\WINDOWS\system32\SHELL32.dll 0x77f40000 0x76000 6.00.2900.2937 C:\WINDOWS\system32\SHLWAPI.dll Le volume dans le lecteur C n'a pas de nom. Le num‚ro de s‚rie du volume est 789D-D796 R‚pertoire de C:\Program Files 29/09/2006 16:16 <REP> . 29/09/2006 16:16 <REP> .. 02/09/2006 14:35 <REP> Adobe 12/08/2006 09:36 <REP> Analog Devices 12/08/2006 17:58 <REP> AssistantInternet 23/09/2006 15:44 <REP> BeClean 12/08/2006 10:12 <REP> Common Files 12/08/2006 09:22 <REP> ComPlus Applications 29/09/2006 22:17 <REP> ewido anti-spyware 4.0 13/09/2006 07:41 <REP> Fichiers communs 29/09/2006 16:24 <REP> Free Download Manager 09/09/2006 19:23 <REP> Hasbro 13/08/2006 17:31 <REP> Hewlett-Packard 30/09/2006 09:11 <REP> HiJackThis 14/08/2006 23:15 <REP> HP 12/08/2006 09:33 <REP> Intel 29/09/2006 22:18 <REP> Internet Explorer 02/09/2006 09:58 <REP> Java 13/08/2006 10:13 <REP> Kaspersky Lab 12/09/2006 16:27 <REP> KSIGN 26/08/2006 23:28 <REP> Lavasoft 12/08/2006 21:12 <REP> Messenger 12/08/2006 09:24 <REP> microsoft frontpage 20/08/2006 17:22 <REP> Microsoft Office 29/08/2006 15:46 <REP> Microsoft SQL Server 12/08/2006 10:12 <REP> Motive 12/08/2006 16:42 <REP> Movie Maker 12/08/2006 09:22 <REP> MSN 12/08/2006 09:21 <REP> MSN Gaming Zone 30/08/2006 17:22 <REP> MSN Messenger 12/08/2006 16:41 <REP> NetMeeting 13/09/2006 07:40 <REP> Nexon 12/08/2006 21:11 <REP> Outlook Express 13/09/2006 19:38 <REP> RegCleaner 12/08/2006 09:22 <REP> Services en ligne 23/09/2006 13:39 <REP> Spybot - Search & Destroy 23/09/2006 15:49 <REP> Symantec 16/08/2006 12:37 <REP> Teamspeak2_RC2 29/09/2006 16:16 <REP> ToniArts 29/08/2006 15:46 <REP> Vstplugins 12/08/2006 20:40 <REP> Winamp 20/08/2006 17:16 <REP> Windows Media Player 12/08/2006 16:41 <REP> Windows NT 12/08/2006 09:24 <REP> xerox 0 fichier(s) 0 octets 44 R‚p(s) 12ÿ749ÿ377ÿ536 octets libres C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Bases\Patches\patch_ppro_5.0.388_390_to_5.0.391.exe C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem2700_symnet$20consumer_5.0.0_english\Message.exe C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem2700_symnet$20consumer_5.0.0_english\setup.exe C:\Documents and Settings\maxime\Application Data\LimeWire\.NetworkShare\LimeWireWin4.12.6-fixed.exe C:\Documents and Settings\maxime\Application Data\LimeWire\.NetworkShare\LimeWireWin4.12.6-nopack2.exe C:\Documents and Settings\maxime\Bureau\ATF-Cleaner.exe C:\Documents and Settings\maxime\Bureau\Nettoyage\blbeta.exe C:\Documents and Settings\maxime\Bureau\Nettoyage\ewido-setup_4.0.0.172b.exe C:\Documents and Settings\maxime\Bureau\Nettoyage\Fixwareout.exe C:\Documents and Settings\maxime\Bureau\Nettoyage\SmitfraudFix\dumphive.exe C:\Documents and Settings\maxime\Bureau\Nettoyage\SmitfraudFix\GenericRenosFix.exe C:\Documents and Settings\maxime\Bureau\Nettoyage\SmitfraudFix\Process.exe C:\Documents and Settings\maxime\Bureau\Nettoyage\SmitfraudFix\Reboot.exe C:\Documents and Settings\maxime\Bureau\Nettoyage\SmitfraudFix\restart.exe C:\Documents and Settings\maxime\Bureau\Nettoyage\SmitfraudFix\SmiUpdate.exe C:\Documents and Settings\maxime\Bureau\Nettoyage\SmitfraudFix\SrchSTS.exe C:\Documents and Settings\maxime\Bureau\Nettoyage\SmitfraudFix\swreg.exe C:\Documents and Settings\maxime\Bureau\Nettoyage\SmitfraudFix\swsc.exe C:\Documents and Settings\maxime\Bureau\Nettoyage\SmitfraudFix\unzip.exe C:\Documents and Settings\maxime\Local Settings\Temporary Internet Files\Content.IE5\89ATCDEF\blbeta[1].exe C:\Documents and Settings\maxime\Mes documents\Mes fichiers re‡us\Kaspersky Anti-Virus Personal Pro 5.0.390[www.yahaa.org]\Kaspersky Anti-Virus Personal Pro 5.0.390[www.yahaa.org]\kav5.0.388_personalproen.exe C:\Documents and Settings\yves\Mes documents\RegCleaner.exe -------------------------- Voila ! Je sens déjà moins de ralentissement !
  12. maxcool99
    "Silent Runners.vbs", revision 48, http://www.silentrunners.org/ Operating System: Windows XP SP2 Output limited to non-default values, except where indicated by "{++}" Startup items buried in registry: --------------------------------- HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "Steam" = (empty string) "ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} "SoundMax" = ""C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray" ["Analog Devices, Inc."] "NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup" [MS] "nwiz" = "nwiz.exe /install" ["NVIDIA Corporation"] "NvMediaCenter" = "RunDLL32.exe NvMCTray.dll,NvTaskbarInit" [MS] "KAVPersonal50" = ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize" ["Kaspersky Lab"] "HP Software Update" = "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" ["Hewlett-Packard Co."] "SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."] "IMJPMIG8.1" = ""C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32" [MS] "MSPY2002" = "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC" [null data] "PHIME2002ASync" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [MS] "PHIME2002A" = "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided) -> {HKLM...CLSID} = "SSVHelper Class" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ "{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration" -> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration" \InProcServer32\(Default) = "deskpan.dll" [file not found] "{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal" -> {HKLM...CLSID} = "HyperTerminal Icon Ext" \InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."] "{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer" -> {HKLM...CLSID} = "Desktop Explorer" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] "{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders" -> {HKLM...CLSID} = "Mes dossiers de partage" \InProcServer32\(Default) = "C:\Program Files\MSN Messenger\fsshext.8.0.0812.00.dll" [MS] "{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class" -> {HKLM...CLSID} = "DesktopContext Class" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper" -> {HKLM...CLSID} = "NVIDIA CPL Extension" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvcpl.dll" ["NVIDIA Corporation"] "{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu" -> {HKLM...CLSID} = "nView Desktop Context Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\nvshell.dll" ["NVIDIA Corporation"] "{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band" -> {HKLM...CLSID} = "Shell Search Band" \InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS] "{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices" -> {HKLM...CLSID} = "Portable Media Devices" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu" -> {HKLM...CLSID} = "Portable Media Devices Menu" \InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS] "{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References" -> {HKLM...CLSID} = "ShellLink for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] "{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References" -> {HKLM...CLSID} = "Shell Icon Handler for Application References" \InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\ INFECTION WARNING! "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "ewido anti-spyware 4.0" -> {HKLM...CLSID} = "CShellExecuteHookImpl Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll" ["Anti-Malware Development a.s."] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ "System" = (value not set) HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."] Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\shellex.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ ewido anti-spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}" -> {HKLM...CLSID} = "CContextScan Object" \InProcServer32\(Default) = "C:\Program Files\ewido anti-spyware 4.0\context.dll" ["Anti-Malware Development a.s."] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}" -> {HKLM...CLSID} = (no title provided) \InProcServer32\(Default) = "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\shellex.dll" ["Kaspersky Lab"] WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}" -> {HKLM...CLSID} = "WinRAR" \InProcServer32\(Default) = "D:\Program Files\WinRAR\rarext.dll" [null data] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ "Wallpaper" = "C:\WINDOWS\web\wallpaper\Colline verdoyante.bmp" Enabled Screen Saver: --------------------- HKCU\Control Panel\Desktop\ "SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS] Startup items in "maxime" & "All Users" startup folders: -------------------------------------------------------- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage "HP Digital Imaging Monitor" -> shortcut to: "D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] 000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS] 000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range: %SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15 %SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05 Toolbars, Explorer Bars, Extensions: ------------------------------------ Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ "MenuText" = "Console Java (Sun)" "CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}" -> {HKCU...CLSID} = "Java Plug-in" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."] -> {HKLM...CLSID} = "Java Plug-in 1.5.0_06" \InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."] {FB5F1910-F110-11D2-BB9E-00C04F795683}\ "ButtonText" = "Messenger" "MenuText" = "Windows Messenger" "Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS] Miscellaneous IE Hijack Points ------------------------------ C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings") Added lines (compared with English-language version): [strings]: SAFESITE_VALUE="http://home.microsoft.com/intl/fr/" Missing lines (compared with English-language version): [strings]: 1 line Running Services (Display Name, Service Name, Path {Service DLL}): ------------------------------------------------------------------ ewido anti-spyware 4.0 guard, ewido anti-spyware 4.0 guard, "C:\Program Files\ewido anti-spyware 4.0\guard.exe" ["Anti-Malware Development a.s."] HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]} kavsvc, kavsvc, ""C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe"" ["Kaspersky Lab"] Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS] Print Monitors: --------------- HKLM\System\CurrentControlSet\Control\Print\Monitors\ hpzsnt12\Driver = "hpzsnt12.dll" ["HP"] ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + To search all directories of local fixed drives for DESKTOP.INI DLL launch points and all Registry CLSIDs for dormant Explorer Bars, use the -supp parameter or answer "No" at the first message box. ---------- (total run time: 26 seconds, including 3 seconds for message boxes) ---------------------- F-Secure n'a rien trouvé.
  13. maxcool99
    Oui, mon FAI est au Canada. J'ai tout fais, sauf l'upload.. que j'attends encore.. STATUS: QUEUEDYour file "winsys.dat" is queued in position: 78. Estimated start time is between 18 and 26 minutes. ^^ Logfile of HijackThis v1.99.1 Scan saved at 09:11:29, on 30/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDLL32.exe D:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\svchost.exe D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe E:\Program Files\VideoLAN\VLC\vlc.exe C:\Program Files\HiJackThis\maxcool99.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [soundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155414015232 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{69A80283-FCB8-48DB-9EA0-1C6C6D144727}: NameServer = 206.47.244.89 206.47.244.61 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -------------------- STATUS: FINISHEDComplete scanning result of "winsys.dat", received in VirusTotal at 09.30.2006, 14:45:51 (CET). Antivirus Version Update Result AntiVir 7.2.0.22 09.30.2006 no virus found Authentium 4.93.8 09.29.2006 no virus found Avast 4.7.892.0 09.29.2006 no virus found AVG 386 09.29.2006 no virus found BitDefender 7.2 09.30.2006 no virus found CAT-QuickHeal 8.00 09.30.2006 no virus found ClamAV devel-20060426 09.30.2006 no virus found eTrust-InoculateIT 23.73.10 09.30.2006 no virus found eTrust-Vet 30.3.3106 09.30.2006 no virus found DrWeb 4.33 09.30.2006 no virus found Ewido 4.0 09.30.2006 no virus found Fortinet 2.82.0.0 09.29.2006 no virus found F-Prot 3.16f 09.29.2006 no virus found F-Prot4 4.2.1.29 09.29.2006 no virus found Ikarus 0.2.65.0 09.29.2006 no virus found Kaspersky 4.0.2.24 09.30.2006 no virus found McAfee 4863 09.29.2006 no virus found Microsoft 1.1603 09.30.2006 no virus found NOD32v2 1.1784 09.29.2006 no virus found Norman 5.80.02 09.29.2006 no virus found Panda 9.0.0.4 09.29.2006 no virus found Sophos 4.10.0 09.30.2006 no virus found Symantec 8.0 09.30.2006 no virus found TheHacker 6.0.1.087 09.30.2006 no virus found UNA 1.83 09.29.2006 no virus found VBA32 3.11.1 09.29.2006 no virus found VirusBuster 4.3.7:9 09.29.2006 no virus found --------------------------- Et, je sens toujours du ralentissement..
  14. maxcool99
    Logfile of HijackThis v1.99.1 Scan saved at 22:38:58, on 29/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\smax4.exe C:\WINDOWS\system32\RunDLL32.exe D:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe D:\Program Files\Winamp\winamp.exe C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [soundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [winsys] C:\WINDOWS\system32\msmsgs.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155414015232 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{69A80283-FCB8-48DB-9EA0-1C6C6D144727}: NameServer = 206.47.244.89 206.47.244.61 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe ------------------------------------ --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 22:02:24 29/09/2006 + Scan result: Nothing found. ::Report end ---------------------------------------- Incident Statut Analyse Adware:adware/popuper No Désinfecté c:\windows\system32\msmsgs.exe Adware:adware/megatds No Désinfecté Registre Windows -------------------------- O17 - HKLM\System\CCS\Services\Tcpip\..\{69A80283-FCB8-48DB-9EA0-1C6C6D144727}: NameServer = 206.47.244.89 206.47.244.61 : Je viens de remarquer qu'il est la seulement quand je suis connecte ^^
  15. maxcool99
    Enfin, voici les rapports : Fixwareout ver 1.003 Last edited 8/11/2006 Post this report in the forums please Reg Entries that were deleted ... Microsoft ® Windows Script Host Version 5.6 Random Runs removed from HKLM ... PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Searching by size/names... »»»»» Search five digit cs, dm and jb files. This WILL/CAN also list Legit Files, Submit them at Virustotal Other suspects. Directory of C:\WINDOWS\system32 »»»»» Misc files. »»»»» Checking for older varients covered by the Rem3 tool. -------------------------- Logfile of HijackThis v1.99.1 Scan saved at 15:59:11, on 29/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Analog Devices\SoundMAX\smax4.exe C:\WINDOWS\system32\RunDLL32.exe D:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [soundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155414015232 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://cabalonline.net/com/KALogoutComponent.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe ------------------ C:\WINDOWS\System32\nvapps.xml -->29/09/2006 15:54:39 C:\WINDOWS\System32\wpa.dbl -->29/09/2006 15:50:31 C:\WINDOWS\System32\FNTCACHE.DAT -->12/09/2006 17:37:21 C:\WINDOWS\System32\MRT.exe -->11/09/2006 13:37:21 C:\WINDOWS\System32\PerfStringBackup.INI -->10/09/2006 18:18:46 C:\WINDOWS\System32\perfh00C.dat -->10/09/2006 18:18:46 C:\WINDOWS\System32\perfh009.dat -->10/09/2006 18:18:46 C:\WINDOWS\System32\perfc00C.dat -->10/09/2006 18:18:46 C:\WINDOWS\System32\perfc009.dat -->10/09/2006 18:18:46 C:\WINDOWS\System32\jupdate-1.5.0_06-b05.log -->02/09/2006 09:58:49 C:\WINDOWS\System32\fltlib.dll -->21/08/2006 08:26:15 C:\WINDOWS\System32\fltmc.exe -->21/08/2006 05:14:58 C:\WINDOWS\System32\nscompat.tlb -->20/08/2006 17:16:17 C:\WINDOWS\System32\amcompat.tlb -->20/08/2006 17:16:17 C:\WINDOWS\System32\mlfcache.dat -->20/08/2006 11:08:01 C:\WINDOWS\System32\lhacm.acm -->15/08/2006 15:45:58 C:\WINDOWS\System32\hpzjrd01.dll -->14/08/2006 23:10:54 C:\WINDOWS\System32\mapisvc.inf -->14/08/2006 16:04:47 C:\WINDOWS\System32\jupdate-1.5.0_03-b07.log -->14/08/2006 13:05:37 C:\WINDOWS\System32\SysPr.prx -->13/08/2006 22:49:17 C:\WINDOWS\System32\winsys.dat -->13/08/2006 22:34:13 C:\WINDOWS\System32\wbocx.ocx -->13/08/2006 09:55:06 C:\WINDOWS\System32\wbhelp2.dll -->13/08/2006 09:55:06 C:\WINDOWS\System32\AniGIF.ocx -->13/08/2006 09:55:06 C:\WINDOWS\System32\wpa.bak -->12/08/2006 21:02:02 C:\WINDOWS\wiadebug.log -->29/09/2006 15:50:24 C:\WINDOWS\0.log -->29/09/2006 15:50:24 C:\WINDOWS\WindowsUpdate.log -->29/09/2006 15:50:23 C:\WINDOWS\wiaservc.log -->29/09/2006 15:50:20 C:\WINDOWS\bootstat.dat -->29/09/2006 15:50:11 C:\WINDOWS\SchedLgU.Txt -->29/09/2006 15:49:14 C:\WINDOWS\FYAHTZEE.INI -->28/09/2006 22:38:55 C:\WINDOWS\win.ini -->28/09/2006 18:50:10 C:\WINDOWS\system.ini -->28/09/2006 18:50:10 C:\WINDOWS\Sti_Trace.log -->24/09/2006 09:24:23 C:\WINDOWS\yahtzee.ini -->09/09/2006 19:36:21 C:\WINDOWS\DeIsL1.isu -->09/09/2006 19:24:12 C:\WINDOWS\HP_48BitScanUpdatePatch.ini -->14/08/2006 23:13:57 C:\WINDOWS\HPGdiPlus.ini -->14/08/2006 23:12:01 C:\WINDOWS\HP_RedboxHprblog_HPSU.ini -->14/08/2006 23:11:04 C:\WINDOWS\ANVUNIS.exe |12/08/2006 09:45:33 C:\WINDOWS\Fraps.v2.7.0.WinALL.Retail-D@S.exe |18/08/2006 09:32:47 C:\WINDOWS\unin040c.exe |09/09/2006 19:08:59 C:\WINDOWS\system32\append.exe |24/04/2003 08:00:00 C:\WINDOWS\system32\debug.exe |24/04/2003 08:00:00 C:\WINDOWS\system32\dosx.exe |24/04/2003 08:00:00 C:\WINDOWS\system32\dvdplay.exe |23/08/2001 13:47:34 C:\WINDOWS\system32\edlin.exe |24/04/2003 08:00:00 C:\WINDOWS\system32\exe2bin.exe |24/04/2003 08:00:00 C:\WINDOWS\system32\fastopen.exe |24/04/2003 08:00:00 C:\WINDOWS\system32\keystone.exe |12/08/2006 09:46:07 C:\WINDOWS\system32\mem.exe |24/04/2003 08:00:00 C:\WINDOWS\system32\mscdexnt.exe |24/04/2003 08:00:00 C:\WINDOWS\system32\nlsfunc.exe |24/04/2003 08:00:00 C:\WINDOWS\system32\nvappbar.exe |01/06/2006 17:22:00 C:\WINDOWS\system32\nvdspsch.exe |01/06/2006 17:22:00 C:\WINDOWS\system32\nwiz.exe |12/08/2006 09:46:07 C:\WINDOWS\system32\redir.exe |24/04/2003 08:00:00 C:\WINDOWS\system32\setver.exe |24/04/2003 08:00:00 C:\WINDOWS\system32\share.exe |24/04/2003 08:00:00 C:\WINDOWS\system32\UnInstall_KAccess.exe |12/09/2006 16:27:04 C:\WINDOWS\system32\amstream.dll |12/08/2006 09:47:47 C:\WINDOWS\system32\compatui.dll |24/04/2003 08:00:00 C:\WINDOWS\system32\DOCOBJ.DLL |29/08/1997 00:00:00 C:\WINDOWS\system32\encdec.dll |24/04/2003 08:00:00 C:\WINDOWS\system32\HLINKPRX.DLL |29/08/1997 00:00:00 C:\WINDOWS\system32\ieencode.dll |12/08/2006 16:43:02 C:\WINDOWS\system32\ir32_32.dll |24/04/2003 08:00:00 C:\WINDOWS\system32\msdmo.dll |12/08/2006 09:47:47 C:\WINDOWS\system32\msencode.dll |24/04/2003 08:00:00 C:\WINDOWS\system32\nvapi.dll |01/06/2006 17:22:00 C:\WINDOWS\system32\nvhwvid.dll |01/06/2006 17:22:00 C:\WINDOWS\system32\nview.dll |12/08/2006 09:46:06 C:\WINDOWS\system32\nvnt4cpl.dll |01/06/2006 17:22:00 C:\WINDOWS\system32\nvshell.dll |12/08/2006 09:46:07 C:\WINDOWS\system32\nvwdmcpl.dll |01/06/2006 17:22:00 C:\WINDOWS\system32\nvwimg.dll |01/06/2006 17:22:00 C:\WINDOWS\system32\paqsp.dll |23/08/2001 13:47:16 C:\WINDOWS\system32\psisdecd.dll |12/08/2006 09:47:48 C:\WINDOWS\system32\qedwipes.dll |12/08/2006 09:47:47 C:\WINDOWS\system32\sbe.dll |24/04/2003 08:00:00 C:\WINDOWS\system32\tsd32.dll |24/04/2003 08:00:00 C:\WINDOWS\system32\win87em.dll |24/04/2003 08:00:00 C:\WINDOWS\Fraps.v2.7.0.WinALL.Retail-D@S.exe |18/08/2006 09:32:47 C:\WINDOWS\unin040c.exe |09/09/2006 19:08:59 C:\WINDOWS\system32\append.exe |24/04/2003 08:00:00 C:\WINDOWS\system32\debug.exe |24/04/2003 08:00:00 C:\WINDOWS\system32\dosx.exe |24/04/2003 08:00:00 C:\WINDOWS\system32\edlin.exe |24/04/2003 08:00:00 C:\WINDOWS\system32\exe2bin.exe |24/04/2003 08:00:00 C:\WINDOWS\system32\fastopen.exe |24/04/2003 08:00:00 C:\WINDOWS\system32\keystone.exe |12/08/2006 09:46:07 C:\WINDOWS\system32\mem.exe |24/04/2003 08:00:00 C:\WINDOWS\system32\mscdexnt.exe |24/04/2003 08:00:00 C:\WINDOWS\system32\nlsfunc.exe |24/04/2003 08:00:00 C:\WINDOWS\system32\nvappbar.exe |01/06/2006 17:22:00 C:\WINDOWS\system32\nvdspsch.exe |01/06/2006 17:22:00 C:\WINDOWS\system32\nwiz.exe |12/08/2006 09:46:07 C:\WINDOWS\system32\redir.exe |24/04/2003 08:00:00 C:\WINDOWS\system32\setver.exe |24/04/2003 08:00:00 C:\WINDOWS\system32\share.exe |24/04/2003 08:00:00 C:\WINDOWS\system32\amstream.dll |12/08/2006 09:47:47 C:\WINDOWS\system32\DOCOBJ.DLL |29/08/1997 00:00:00 C:\WINDOWS\system32\encdec.dll |24/04/2003 08:00:00 C:\WINDOWS\system32\HLINKPRX.DLL |29/08/1997 00:00:00 C:\WINDOWS\system32\ieencode.dll |12/08/2006 16:43:02 C:\WINDOWS\system32\ir32_32.dll |24/04/2003 08:00:00 C:\WINDOWS\system32\msdmo.dll |12/08/2006 09:47:47 C:\WINDOWS\system32\msencode.dll |24/04/2003 08:00:00 C:\WINDOWS\system32\nvapi.dll |01/06/2006 17:22:00 C:\WINDOWS\system32\nvhwvid.dll |01/06/2006 17:22:00 C:\WINDOWS\system32\nview.dll |12/08/2006 09:46:06 C:\WINDOWS\system32\nvnt4cpl.dll |01/06/2006 17:22:00 C:\WINDOWS\system32\nvshell.dll |12/08/2006 09:46:07 C:\WINDOWS\system32\nvwdmcpl.dll |01/06/2006 17:22:00 C:\WINDOWS\system32\nvwimg.dll |01/06/2006 17:22:00 C:\WINDOWS\system32\psisdecd.dll |12/08/2006 09:47:48 C:\WINDOWS\system32\qedwipes.dll |12/08/2006 09:47:47 C:\WINDOWS\system32\sbe.dll |24/04/2003 08:00:00 C:\WINDOWS\system32\tsd32.dll |24/04/2003 08:00:00 C:\WINDOWS\system32\win87em.dll |24/04/2003 08:00:00 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 789D-D796 Répertoire de C:\WINDOWS\system32 19/08/2004 16:09 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 14 414 602 240 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 789D-D796 Répertoire de C:\WINDOWS\Downloaded Program Files 26/09/2006 21:11 <REP> . 26/09/2006 21:11 <REP> .. 12/08/2006 09:24 65 desktop.ini 25/06/2006 12:50 1 793 erma.inf 27/07/2005 22:38 366 KALogoutComponent.inf 08/08/2006 11:45 576 kavwebscan.inf 29/05/2003 15:00 160 864 messengerstatsclient.dll 29/05/2003 15:00 84 064 minesweeper.dll 6 fichier(s) 247 728 octets Total des fichiers listés : 6 fichier(s) 247 728 octets 2 Rép(s) 14 414 602 240 octets libres Liste des programmes installes 1400 1400_Help 1400Trb 3Com DMI Agent Ad-Aware SE Personal Adobe Download Manager 2.0 (Supprimer uniquement) Adobe Flash Player 9 ActiveX Adobe Shockwave Player AiO_Scan AiOSoftware Assistant Internet BitComet 0.70 BufferChm CamStudio 2.0 Fr CCleaner (remove only) Correctif Windows XP - KB873333 Correctif Windows XP - KB873339 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB888302 Correctif Windows XP - KB890859 Correctif Windows XP - KB891781 CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 Destinations DeviceManagementQFolder DocProc eSupportQFolder ewido anti-spyware 4.0 Fax Free Download Manager 2.1 GdiplusUpgrade Half-Life Dedicated Server Update Tool HijackThis 1.99.1 HP Imaging Device Functions 5.3 HP Photosmart Essential HP PSC & OfficeJet 5.3.B HP Software Update HP Solution Center & Imaging Support Tools 5.3 HPProductAssistant J2SE Runtime Environment 5.0 Update 3 J2SE Runtime Environment 5.0 Update 6 Kaspersky Anti-Virus Personal Pro Kaspersky Online Scanner KSignAccessToolkit v1.0 Language Pack for Ad-aware 6 Lecteur Windows Media 10 LimeWire 4.12.6 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Language Pack - FRA Microsoft Office PowerPoint Viewer 2003 Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) mIRC Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565) Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734) Mise à jour de sécurité pour Windows XP (KB890046) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901190) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911567) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913433) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB917159) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB918899) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920214) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB921883) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour de sécurité pour Windows XP (KB925486) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB904942) Mise à jour pour Windows XP (KB908531) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB911280) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA NewCopy No-IP.com DUC (remove only) NVIDIA Drivers NVIDIA WDM Drivers ProductContext Readme Scan ScannerCopy Security Update pour Microsoft .NET Framework 2.0 (KB917283) SolutionCenter Sony Media Manager 2.0 Sony Vegas 6.0d SoundMAX Spybot - Search & Destroy 1.4 Status Steam TeamSpeak 2 RC2 TrayApp Unload Ventrilo Client VideoLAN VLC media player 0.8.5 WebFldrs XP WebReg Winamp (remove only) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Live Messenger Windows Media Format Runtime Windows XP Service Pack 2 WinRAR archiver Yahtzee Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 789D-D796 Répertoire de C:\Program Files 26/09/2006 23:13 <REP> . 26/09/2006 23:13 <REP> .. 02/09/2006 14:35 <REP> Adobe 12/08/2006 09:36 <REP> Analog Devices 12/08/2006 17:58 <REP> AssistantInternet 23/09/2006 15:44 <REP> BeClean 12/08/2006 10:12 <REP> Common Files 12/08/2006 09:22 <REP> ComPlus Applications 24/09/2006 08:34 <REP> ewido anti-spyware 4.0 13/09/2006 07:41 <REP> Fichiers communs 27/09/2006 18:46 <REP> Free Download Manager 09/09/2006 19:23 <REP> Hasbro 13/08/2006 17:31 <REP> Hewlett-Packard 29/09/2006 15:59 <REP> HiJackThis 14/08/2006 23:15 <REP> HP 12/08/2006 09:33 <REP> Intel 12/08/2006 21:12 <REP> Internet Explorer 02/09/2006 09:58 <REP> Java 13/08/2006 10:13 <REP> Kaspersky Lab 12/09/2006 16:27 <REP> KSIGN 26/08/2006 23:28 <REP> Lavasoft 12/08/2006 21:12 <REP> Messenger 12/08/2006 09:24 <REP> microsoft frontpage 20/08/2006 17:22 <REP> Microsoft Office 29/08/2006 15:46 <REP> Microsoft SQL Server 12/08/2006 10:12 <REP> Motive 12/08/2006 16:42 <REP> Movie Maker 12/08/2006 09:22 <REP> MSN 12/08/2006 09:21 <REP> MSN Gaming Zone 30/08/2006 17:22 <REP> MSN Messenger 12/08/2006 16:41 <REP> NetMeeting 13/09/2006 07:40 <REP> Nexon 12/08/2006 21:11 <REP> Outlook Express 13/09/2006 19:38 <REP> RegCleaner 12/08/2006 09:22 <REP> Services en ligne 23/09/2006 13:39 <REP> Spybot - Search & Destroy 23/09/2006 15:49 <REP> Symantec 16/08/2006 12:37 <REP> Teamspeak2_RC2 29/08/2006 15:46 <REP> Vstplugins 12/08/2006 20:40 <REP> Winamp 20/08/2006 17:16 <REP> Windows Media Player 12/08/2006 16:41 <REP> Windows NT 12/08/2006 09:24 <REP> xerox 0 fichier(s) 0 octets 43 Rép(s) 14 414 581 760 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 789D-D796 Répertoire de C:\Program Files\fichiers communs 13/09/2006 07:41 <REP> . 13/09/2006 07:41 <REP> .. 02/09/2006 14:32 <REP> Adobe 13/08/2006 17:30 <REP> Hewlett-Packard 14/08/2006 23:15 <REP> HP 12/08/2006 21:08 <REP> InstallShield 14/08/2006 13:04 <REP> Java 14/08/2006 16:17 <REP> Microsoft Shared 12/08/2006 09:23 <REP> MSSoap 12/08/2006 10:17 <REP> ODBC 12/08/2006 09:23 <REP> Services 12/08/2006 10:17 <REP> SpeechEngines 23/09/2006 15:49 <REP> Symantec Shared 12/08/2006 21:11 <REP> System 12/08/2006 20:12 <REP> Wise Installation Wizard 0 fichier(s) 0 octets 15 Rép(s) 14 414 581 760 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 789D-D796 Répertoire de C:\Program Files\common files 12/08/2006 10:12 <REP> . 12/08/2006 10:12 <REP> .. 12/08/2006 10:12 <REP> Motive 0 fichier(s) 0 octets 3 Rép(s) 14 414 577 664 octets libres c:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Bases\Patches\patch_ppro_5.0.388_390_to_5.0.391.exe c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem2700_symnet$20consumer_5.0.0_english\Message.exe c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem2700_symnet$20consumer_5.0.0_english\setup.exe c:\Documents and Settings\maxime\Application Data\LimeWire\.NetworkShare\LimeWireWin4.12.6-fixed.exe c:\Documents and Settings\maxime\Application Data\LimeWire\.NetworkShare\LimeWireWin4.12.6-nopack2.exe c:\Documents and Settings\maxime\Bureau\Nettoyage\ewido-setup_4.0.0.172b.exe c:\Documents and Settings\maxime\Bureau\Nettoyage\Fixwareout.exe c:\Documents and Settings\maxime\Mes documents\Mes fichiers reçus\Kaspersky Anti-Virus Personal Pro 5.0.390[www.yahaa.org]\Kaspersky Anti-Virus Personal Pro 5.0.390[www.yahaa.org]\kav5.0.388_personalproen.exe c:\Documents and Settings\yves\Local Settings\Temporary Internet Files\Content.IE5\S2X1KFVH\msjavx86[1].exe c:\Documents and Settings\yves\Mes documents\RegCleaner.exe c:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus Personal Pro\5.0\Bases\avcmhk4.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\ExItem2700_symnet$20consumer_5.0.0_english\SymStore.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll Voilà, et j'aimerais savoir comment enlever complètement GoogleToolBar, je l'ai deleter par Ajout/Supression, mais il semble être encore là.. Mais mon PC semble toujours lent après avoir fais ce qu'il a dit ci-dessus. J'ai aussi remarque que quand je redémarre mon PC et que je fais un scan HiJackThis : O17 - HKLM\System\CCS\Services\Tcpip\..\{69A80283-FCB8-48DB-9EA0-1C6C6D144727}: NameServer = 85.255.114.90 85.255.112.92 Reviens toute le temps..
  16. maxcool99
    Bonjour, Mon PC est redevenu encore lent, surtout la connexion ^^ Sous cs, j'obtient des 150 ping ! J'ai Scanner avec : SpyBot, Ad-Aware Personal, Ewido.. Il a trouve quelques petites choses, mais c'est lent encore. Rapport HiJackThis : Logfile of HijackThis v1.99.1 Scan saved at 17:49:34, on 28/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDLL32.exe D:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe E:\Program Files\Ventrilo\Ventrilo.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [soundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155414015232 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://cabalonline.net/com/KALogoutComponent.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{69A80283-FCB8-48DB-9EA0-1C6C6D144727}: NameServer = 85.255.114.90 85.255.112.92 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe --------------------------- Mon problème est survenu lorsque GoogleToolBar c'est installé, moi je l'ai jamais installé et mon père non plus.. Alors, je ne sais pas pourquoi il est là ^^ Et c'est depuis qu'on la qu'on a se problème.
  17. maxcool99
    Voilà, c'est fait ! Non, j'ai pas l'air d'avoir des problèmes. Et est-ce que ce fichier : C:\WINDOWS\system32\csyri.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined). etait beaucoup dangereux ?
  18. maxcool99
    Et voilà, c'est fait ! -------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 09:27:18, on 24/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\smax4.exe C:\WINDOWS\system32\RunDLL32.exe D:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\svchost.exe D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows NT\Accessoires\WORDPAD.EXE C:\Program Files\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O4 - HKLM\..\Run: [soundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Traduire à partir de l'anglais - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Recherche &Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155414015232 O16 - DPF: {D88C7675-7CEE-4C9A-BDD4-7A43EED7794D} (Logout Class) - http://cabalonline.net/com/KALogoutComponent.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe ------------------------------------------- --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 09:21:47 24/09/2006 + Scan result: C:\WINDOWS\system32\csyri.exe -> Downloader.Agent.uj : Cleaned with backup (quarantined). C:\Documents and Settings\maxime\Cookies\maxime@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined). C:\Documents and Settings\mélissa\Cookies\mélissa@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined). C:\Documents and Settings\maxime\Cookies\maxime@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined). C:\Documents and Settings\mélissa\Cookies\mélissa@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined). C:\Documents and Settings\mélissa\Cookies\mélissa@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined). C:\Documents and Settings\mélissa\Cookies\mélissa@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined). C:\Documents and Settings\mélissa\Cookies\mélissa@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined). ::Report end ----------------------------------- Fixwareout ver 1.003 Last edited 8/11/2006 Post this report in the forums please Reg Entries that were deleted HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\}383420FB265E-705B-A3E4-BA23-8F30049A{ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\zrjmd HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1trap HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\2trap ... Microsoft ® Windows Script Host Version 5.6 Random Runs removed from HKLM "dmjrz.exe"=- ... PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE. »»»»» Searching by size/names... »»»»» Search five digit cs, dm and jb files. This WILL/CAN also list Legit Files, Submit them at Virustotal C:\WINDOWS\SYSTEM32\CSYRI.EXE 51 778 2006-09-22 C:\WINDOWS\SYSTEM32\DMJRZ.EXE 62 008 2004-08-19 Other suspects. Directory of C:\WINDOWS\system32 »»»»» Misc files. »»»»» Checking for older varients covered by the Rem3 tool. --------------------------- Merci pour votre aide.
  19. maxcool99
    Merci bien pour votre aide
×
×
  • Créer...