may
-
Compteur de contenus
66 -
Inscription
-
Dernière visite
Tout ce qui a été posté par may
-
[Résolu, merci à Thorgal] Quelle marque de PC portabe achete
may a répondu à un(e) sujet de may dans Conseils matériel - Achats & Ventes
Je te remercie Thorgal Bonne soirée -
[Résolu, merci à Thorgal] Quelle marque de PC portabe achete
may a répondu à un(e) sujet de may dans Conseils matériel - Achats & Ventes
Salut, Merci encore pour avoir passé du temps à donner des conseils, je te suis très reconnaissante, et bien tu me recommandes le Dell Permet moi, STP, de te poser d'autres questions Merci et tchaw -
[Résolu, merci à Thorgal] Quelle marque de PC portabe achete
may a répondu à un(e) sujet de may dans Conseils matériel - Achats & Ventes
Salut, Donc, tu me recommandes le Dell. Je te remercie Thorgal pour avoir pris du temps à me conseiller Permet moi de te recontacter au cas ou j'ai une question Merci -
[Résolu, merci à Thorgal] Quelle marque de PC portabe achete
may a répondu à un(e) sujet de may dans Conseils matériel - Achats & Ventes
Salut, Mais est ce que je pourrais par la suite ajouter des barrettes de mémoire pour augmenter la capacité de mon pc que ça soit Dell ou Asus? Pour le lecteur/graveur c pas grave, je peux par la suite acheter un externe Mais, je veux tjr être sure quant à la batterie pour le Dell elle est beaucoup plus inférieure que celle d'Asus, même si ça sera pas 8h ça sera 6h, je crois Merci -
[Résolu, merci à Thorgal] Quelle marque de PC portabe achete
may a répondu à un(e) sujet de may dans Conseils matériel - Achats & Ventes
Salut thorgal, Merci merci Donc, tu penses que ce Dell est performent, mais en le comparant à asus son autonomie de batterie n'est que de 2h30 alors que asus 8h qu'est ce que tu penses s'il te plait dans ce cas? Je peux te demander encore plus de précision, STP, en quoi exactement ce DEll dépasse l'Asus? Autre précision s'il te plaît, pour les barrettes mémoires ce Dell a 1 seule et puis pour emplacement disponible on a mis 0, est ce que ça veut dire que si dans l'avenir je voudrais ajouter une barrette pour augmenter sa capacité je ne pourrais pas le faire? heureuse vie -
[Résolu, merci à Thorgal] Quelle marque de PC portabe achete
may a répondu à un(e) sujet de may dans Conseils matériel - Achats & Ventes
Salut Thorgal, Je te remercie pour tes réponses Tu préfères l'Asus au Dell? j'ai déjà trouvé cet asus, qui je crois se rapproche de celui que tu m'as recommandé, qu'est ce que tu en penses? Achat ASUS Eee PC 1201HA Seashell - Atom Z520 / 1.33 GHz Pour le Dell, qu'en penses tu de celui-ci, quel est le meilleur celui que tu m'as proposé ou celui là? SURCOU INFORMATIQUE - DELL Vostro V13 Je sais que je te dérange mais excuse moi Je te souhaite une très bonne journée Thorgal -
[Résolu, merci à Thorgal] Quelle marque de PC portabe achete
may a répondu à un(e) sujet de may dans Conseils matériel - Achats & Ventes
Salut, En fait, je veux un pc léger mais je crains que l'écran soit trop petite c'est pourquoi je me suis dit que les 13 seront mieux que les 12. Pour l'investissement, je ne veux pas dépasser les 700 Euros. Pour l'usage, je le veux pour la préparation de ma thèse, et il se peut que je vais l'amener à la bibliothèque, càd me déplacer avec Je veux, bien sûr naviguer sur internet Voilà à peu près Merci -
[Résolu, merci à Thorgal] Quelle marque de PC portabe achete
may a répondu à un(e) sujet de may dans Conseils matériel - Achats & Ventes
Bonsoir, Aucun problème, au contraire je te remercie bcp pour avoir consacré de ton temps afin de me répondre. En fait, je regarde les sites marocains car je peux me rendre dans leurs magasins afin d'acheter directement. C'est pourquoi je me rends sur 2 sites: surcou.ma microchoix.ma En fait, je veux bien un pc léger mais trop trop petit càd 13 pouces c bien, sans graveur comme ça il sera encore plus léger, j'aime la marque Toshiba mais je ne sais pas en fait si elle est la meilleure ou bien qu'une marque comme asus est plus fiable. En fait, on a un concessionnaire Toshiba, oici son lien Toshiba Maroc: Multifonctions - Fax - Logiciels Merci de me donner un conseil -
[Résolu, merci à Thorgal] Quelle marque de PC portabe achete
may a répondu à un(e) sujet de may dans Conseils matériel - Achats & Ventes
Salut Thorgal, J'espère que je vous dérange pas, mais j'attends encore votre réponse. Que pensez vous de Toshiba Satellite T135 modèle SU4100? il est 13 et léger (1kg 76 environ)et moins chère SURCOU INFORMATIQUE - Toshiba Satellite T135 Bien que dans le site de Toshiba on parle d'un prob mais je sais pas si ça concerne cette série, Vous pouvez consulter ce lien SVP Rappel des ordinateurs portables Toshiba T135, T135D et Satellite Pro T130 Je vous remercie -
[Résolu, merci à Thorgal] Quelle marque de PC portabe achete
may a répondu à un(e) sujet de may dans Conseils matériel - Achats & Ventes
Salut, Je te remercie beaucoup pour ta réponse. Oui l'asus que tu m'a montré est très bien mais je l'ai pas trouvé ici au Maroc, mais j'ai trouvé cette référence ASUS Eee PC 1201HA Seashell - Atom Z520 / 1.33 GHz http://www.microchoix.ma/fiche-120570-ASUS_Eee_PC_1201HA_Seashell___Atom_Z520___1_33_GHz.html Mais tu m'as aussi conseillé le Toshiba L635, donc, tu penses qu'il est le plus performent, j'ai entendu que les Toshiba commencent à avoir trop de problèmes, je sais pas ce que tu en pense? Quel est le meilleur Toshiba ou Asus (en terme de performence) Merci pour ton aide et bonne année -
Bonjour, J'ai besoin d'acheter un pc portable, mais je veux bien qu'il soit léger, ainsi je veux acheter 13 pouce sans graveur. J'ai vu ces marques, mais je ne sais pas laquelle est la plus performante **DELL Vostro V13 SURCOU INFORMATIQUE - DELL Vostro V13 **Toshiba Satellite L645-S4026 SURCOU INFORMATIQUE - Toshiba Satellite L645-S4026 **Toshiba Satellite L635 SURCOU INFORMATIQUE - Toshiba Satellite L635 **Toshiba Satellite T135 SURCOU INFORMATIQUE - Toshiba Satellite T135 **HP PROBOOK 5310m SURCOU INFORMATIQUE - HP PROBOOK 5310m Je vous prie de m'aider à faire le choix Merci beaucoup et bonne année 2011
-
[Résolu] À quoi correspond l'application gendel32.exe ?
may a répondu à un(e) sujet de may dans Analyses et éradication malwares
bonjour apollo merciiiiii mille fois pour votre aide et le temps que tu nous consacre :P -
[Résolu] À quoi correspond l'application gendel32.exe ?
may a répondu à un(e) sujet de may dans Analyses et éradication malwares
bonsoir apollo j'ai analyser le fichier avec kaspesky, il n'a rien trouvé , donc je l'ai détruit par MalwareBytes AM merciiiiiiiiiiii beaucoup pour ton aide :P -
[Résolu] À quoi correspond l'application gendel32.exe ?
may a répondu à un(e) sujet de may dans Analyses et éradication malwares
bonjour , voile le rapport de hijakthis pardon j'ai pas fait attention Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:40:12, on 15/05/2010 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\GizmoPlugin\GizmoPlugin.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe C:\Program Files\The Cleaner\tcap.exe C:\Program Files\Menara\dslmon.exe C:\Documents and Settings\Malika\Bureau\Computer.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINDOWS\System32\CrazyTalk.dll,DllServeMediaFile O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" O4 - HKCU\..\Run: [tcactive] C:\Program Files\The Cleaner\tcap.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Program Files\Star Downloader\sdie.htm O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166485824952 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f001.mail.caramail.lycos.fr/app/upl...ileUploader.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3B125A2F-736A-4314-AD0F-7EB0AD267798}: NameServer = 62.251.229.223 62.251.229.237 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: The Cleaner 2011 Helper Service (moohelp) - MooSoft Development LLC - C:\Program Files\The Cleaner\mhelper.exe O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Malika/Mes%20documents/mariam%20nour%20doc/????%20???%20-%20???%20?%20????_files/yingow.gif O24 - Desktop Component 2: YouTube - casa crew -hé 3chiri live mks - -- End of file - 10248 bytes Fait beau chez toi? Pake ici c'est le mois de May mais le chauffage turbine toujours. icon_lol.gif je crois que s'applirait ce gendel32 il n'est pas encore disparue dans mon lecteur. est ce que cette un virus ou spyware!!! merci apollo -
[Résolu] À quoi correspond l'application gendel32.exe ?
may a répondu à un(e) sujet de may dans Analyses et éradication malwares
bonsoir apollo voici les resultats : . ======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 ======= . Mis à jour par C_XX le 07/05/10 à 16:50 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 19:20:10 le 14/05/2010 | Mode normal | Option: SCAN Exécuté de: C:\Ad-Remover\ADR.exe SE: Microsoft® Windows XP™ Service Pack 1 - X86 Nom du PC: COMPUTERAOUU706 Utilisateur actuel: Computer . ============== ÉLÉMENT(S) TROUVÉ(S) ============== . . C:\Program Files\Macrogaming . HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} HKCU\Software\PopCap HKCU\Software\SWEETIE HKLM\Software\Classes\Interface\{115CCBAE-27B0-47C3-BA42-BAB708424393} HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC} HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\AdVantage HKLM\Software\PopCap HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} HKCU\Software\Mozilla\Firefox\Extensions|{A89AED22-9133-424c-88E7-C8235C5FF302} . . ============== SCAN ADDITIONNEL ============== . * Mozilla FireFox Version 3.6.3 (fr) * . C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - browser.download.lastDir: E:\\mes documents\\aichanour\\cd C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - browser.search.defaulturl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms} C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - browser.search.selectedEngine: Yahoo C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - browser.startup.homepage: hxxp://www.google.co.ma C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3 C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q= C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - privacy.popups.showBrowserMessage, false . . * Internet Explorer Version 6.0.2800.1106 * . [HKCU\Software\Microsoft\Internet Explorer\Main] . Do404Search: 0x01000000 Enable Browser Extensions: yes Search bar: hxxp://g.msn.fr/0SEFRFR/SAOS02 Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Show_ToolBar: yes Start Page: hxxp://www.google.co.ma/ Use Custom Search URL: 1 Use Search Asst: no . [HKLM\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: about:blank . [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] . Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm . ======================================== . C:\Ad-Remover\Quarantine: 0 Fichier(s) C:\Ad-Remover\Backup: 1 Fichier(s) . C:\Ad-Report-SCAN[1].txt - 3046 Octet(s) . Fin à: 19:42:41, 14/05/2010 . ============== E.O.F - SCAN[1] ============== . ======= RAPPORT D'AD-REMOVER 2.0.0.0,D | UNIQUEMENT XP/VISTA/7 ======= . Mis à jour par C_XX le 07/05/10 à 16:50 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 19:46:23 le 14/05/2010 | Mode normal | Option: CLEAN Exécuté de: C:\Ad-Remover\ADR.exe SE: Microsoft® Windows XP™ Service Pack 1 - X86 Nom du PC: COMPUTERAOUU706 Utilisateur actuel: Computer . ============== ÉLÉMENT(S) NEUTRALISÉ(S) ============== . . C:\Program Files\Macrogaming (!) -- Fichiers temporaires supprimés. . HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} HKCU\Software\PopCap HKCU\Software\SWEETIE HKLM\Software\Classes\Interface\{115CCBAE-27B0-47C3-BA42-BAB708424393} HKLM\Software\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC} HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\AdVantage HKLM\Software\PopCap HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} HKCU\Software\Mozilla\Firefox\Extensions|{A89AED22-9133-424c-88E7-C8235C5FF302} . (Orpheline) BHO: (Java Plug-In 2 SSV Helper) -{DBC80044-A445-435b-BC74-9C25C1C588A9} - (Fichier manquant) . ============== SCAN ADDITIONNEL ============== . * Mozilla FireFox Version 3.6.3 (fr) * . C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - browser.download.lastDir: E:\\mes documents\\aichanour\\cd C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - browser.search.defaulturl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms} C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - browser.search.selectedEngine: Yahoo C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - browser.startup.homepage: hxxp://www.google.co.ma C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.2.3 C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q= C:\Documents and Settings\Malika\..\h2q881h3.default\prefs.js - privacy.popups.showBrowserMessage, false . . * Internet Explorer Version 6.0.2800.1106 * . [HKCU\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ Use Custom Search URL: 1 Use Search Asst: no . [HKLM\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ . [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] . Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm . ======================================== . C:\Ad-Remover\Quarantine: 0 Fichier(s) C:\Ad-Remover\Backup: 14 Fichier(s) . C:\Ad-Report-CLEAN[1].txt - 3360 Octet(s) C:\Ad-Report-SCAN[1].txt - 3170 Octet(s) . Fin à: 20:09:35, 14/05/2010 . ============== E.O.F - CLEAN[1] ============== merci -
[Résolu] À quoi correspond l'application gendel32.exe ?
may a répondu à un(e) sujet de may dans Analyses et éradication malwares
bonjour voila Logfile of random's system information tool 1.07 (written by random/random) Run by Computer at 2010-05-14 13:05:26 Microsoft Windows XP Professionnel Service Pack 1 System drive C: has 6 GB (29%) free of 20 GB Total RAM: 159 MB (7% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:06:53, on 14/05/2010 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\GizmoPlugin\GizmoPlugin.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe C:\Program Files\The Cleaner\tcap.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Malika\Bureau\RSIT.exe C:\Documents and Settings\Malika\Bureau\Computer.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.ma/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINDOWS\System32\CrazyTalk.dll,DllServeMediaFile O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" O4 - HKCU\..\Run: [tcactive] C:\Program Files\The Cleaner\tcap.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Télécharger avec Star Downloader - C:\Program Files\Star Downloader\sdie.htm O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166485824952 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f001.mail.caramail.lycos.fr/app/upl...ileUploader.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3B125A2F-736A-4314-AD0F-7EB0AD267798}: NameServer = 62.251.229.223 62.251.229.237 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: The Cleaner 2011 Helper Service (moohelp) - MooSoft Development LLC - C:\Program Files\The Cleaner\mhelper.exe O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Malika/Mes%20documents/mariam%20nour%20doc/????%20???%20-%20???%20?%20????_files/yingow.gif O24 - Desktop Component 2: YouTube - casa crew -hé 3chiri live mks - -- End of file - 10246 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Maintenance en 1 clic.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}] HP Print Enhancer - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll [2007-03-02 1298024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{053F9267-DC04-4294-A72C-58F732D338C0}] HP Print Clips - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-03-02 177768] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-03 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - c:\program files\real\realplayer\rpbrowserrecordplugin.dll [2010-01-06 329312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C920E44A-7F78-4E64-BDD7-A57026E7FEB7}] WOT Helper - C:\Program Files\WOT\WOT.dll [2010-03-03 1274016] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2002-08-29 846364] {71576546-354D-41c9-AAE8-31F2EC22BF0D} - WOT - C:\Program Files\WOT\WOT.dll [2010-03-03 1274016] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "CrazyTalk Serve"=C:\WINDOWS\System32\CrazyTalk.dll [2009-08-07 983040] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720] "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2010-01-06 198160] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272] "Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-09-04 6856704] "PopUpStopperFreeEdition"=C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe [2003-04-29 524288] "tcactive"=C:\Program Files\The Cleaner\tcap.exe [2010-03-29 2951680] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage] C:\Program Files\AdVantage\AdVantage.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] C:\Program Files\Ares\Ares.exe [2009-02-03 1004544] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe [2002-08-29 13312] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FortKnoxPersonalFirewall] C:\Program Files\NETGATE\FortKnox Personal Firewall 2008\FortKnoxGUI.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2002-08-28 208953] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] C:\Program Files\Ahead\InCD\InCD.exe [2005-01-27 1381376] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2006-06-14 278528] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-09-04 6856704] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\xtras\mssysmgr.exe [2005-02-26 212992] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition] C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe [2003-04-29 524288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2007-06-29 286720] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3] C:\WINDOWS\vsnpstd3.exe [2005-09-05 339968] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] D:\program files\Spybot - Search & Destroy\TeaTimer.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2010-01-06 198160] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Torrent2Exe[41c7095795dcdfc1abc45c36bcc10a7eba2924ef]] C:\Documents and Settings\Malika\Mes documents\sad.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Torrent2Exe[f500ca1593dc4c16ed35f43546e20a5a50e8b03a]] C:\Documents and Settings\Malika\Bureau\musica.exe [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3] C:\WINDOWS\tsnpstd3.exe [2005-11-04 90112] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.exe.lnk] C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2004-02-16 113664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk] C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2004-02-16 113664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk] C:\PROGRA~1\Menara\dslmon.exe [2006-02-03 966756] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^EyeLoveU.lnk] C:\WINDOWS\Installer\{44526086-6CF2-4C15-AE8C-DA4893F82B60}\Icon44526086.exe [2008-03-16 19456] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2007-03-11 210520] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Orbit.lnk] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Malika^Menu Démarrer^Programmes^Démarrage^Yahoo! Widgets.lnk] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ERSvc"=2 "RDSessMgr"=3 "mnmsrvc"=3 "wuauserv"=2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] WgaLogon.dll [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7dc25c0-de93-11da-b8b6-806d6172696f}] shell\play\command - "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" ======List of files/folders created in the last 1 months====== 2010-05-14 13:05:26 ----D---- C:\rsit 2010-05-13 21:47:00 ----D---- C:\Documents and Settings\Malika\Application Data\Malwarebytes 2010-05-13 21:46:22 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-05-13 21:46:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-05-11 20:38:55 ----D---- C:\Documents and Settings\Malika\Application Data\Summitsoft 2010-05-11 20:18:31 ----D---- C:\WINDOWS\Logo Design Studio Trial 2010-05-11 20:18:30 ----D---- C:\Program Files\Summitsoft 2010-05-11 20:17:23 ----A---- C:\WINDOWS\Logo Design Studio Trial Setup Log.txt 2010-05-07 18:18:17 ----A---- C:\WINDOWS\Speed Video Converter.INI 2010-05-07 18:14:26 ----D---- C:\speed_converter 2010-05-05 17:04:45 ----A---- C:\gendel32.exe 2010-05-05 16:46:00 ----A---- C:\WINDOWS\System32\cpumeter.dll 2010-05-05 16:45:59 ----A---- C:\WINDOWS\System32\kernel.dll 2010-05-04 17:16:23 ----D---- C:\Documents and Settings\Malika\Application Data\Auslogics 2010-05-04 17:16:06 ----D---- C:\Program Files\Auslogics 2010-05-04 14:52:29 ----D---- C:\Program Files\Sog_Video_Converter_Platium 2010-05-03 18:55:26 ----D---- C:\Program Files\WOT 2010-04-25 14:42:09 ----D---- C:\Program Files\SpywareBlaster 2010-04-23 12:53:14 ----D---- C:\WINDOWS\XSxS 2010-04-23 12:53:14 ----D---- C:\Program Files\Xenocode 2010-04-19 23:14:22 ----D---- C:\Documents and Settings\Malika\Application Data\thecleaner 2010-04-19 23:12:45 ----D---- C:\Program Files\The Cleaner 2010-04-17 22:46:32 ----D---- C:\Documents and Settings\Malika\Application Data\vlc 2010-04-17 22:39:57 ----D---- C:\Program Files\VideoLAN 2010-04-16 18:06:11 ----D---- C:\Program Files\Avira 2010-04-16 17:34:36 ----HD---- C:\WINDOWS\msdownld.tmp 2010-04-16 17:30:36 ----D---- C:\Program Files\ConvertHelper 2010-04-16 17:30:11 ----D---- C:\Program Files\Xvid 2010-04-15 23:34:29 ----D---- C:\Program Files\Star Downloader ======List of files/folders modified in the last 1 months====== 2010-05-14 13:05:16 ----D---- C:\WINDOWS\Prefetch 2010-05-14 00:57:35 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-05-14 00:14:30 ----D---- C:\WINDOWS\System32\drivers 2010-05-14 00:11:44 ----D---- C:\WINDOWS\system32 2010-05-14 00:11:44 ----D---- C:\Program Files 2010-05-13 22:02:50 ----SHD---- C:\WINDOWS\Installer 2010-05-13 22:02:43 ----HD---- C:\Config.Msi 2010-05-13 21:59:25 ----D---- C:\Program Files\Fichiers communs\Adobe 2010-05-13 21:55:01 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2010-05-13 21:53:53 ----D---- C:\Program Files\Adobe 2010-05-13 19:11:31 ----D---- C:\WINDOWS\temp 2010-05-12 16:03:58 ----D---- C:\WINDOWS\Favoris 2010-05-12 13:52:06 ----A---- C:\WINDOWS\IE4 Error Log.txt 2010-05-12 00:46:13 ----D---- C:\WINDOWS\Help 2010-05-11 20:18:59 ----RSD---- C:\WINDOWS\Fonts 2010-05-11 20:18:31 ----D---- C:\WINDOWS 2010-05-10 15:20:16 ----D---- C:\Documents and Settings\Malika\Application Data\Skype 2010-05-10 15:09:38 ----D---- C:\Documents and Settings\Malika\Application Data\skypePM 2010-05-10 14:03:05 ----D---- C:\WINDOWS\System32\CatRoot2 2010-05-09 22:57:25 ----A---- C:\WINDOWS\NeroDigital.ini 2010-05-09 21:45:32 ----D---- C:\Program Files\NCH Swift Sound 2010-05-09 21:43:11 ----D---- C:\Program Files\Arovax AntiSpyware 2010-05-06 18:10:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2010-05-06 15:18:43 ----D---- C:\Documents and Settings\Malika\Application Data\Uniblue 2010-05-05 17:04:45 ----A---- C:\WINDOWS\wininit.ini 2010-05-03 18:55:46 ----SD---- C:\Documents and Settings\Malika\Application Data\Microsoft 2010-05-01 19:11:52 ----A---- C:\WINDOWS\System32\TubeFinder.exe 2010-05-01 00:21:59 ----D---- C:\Program Files\Smarty Uninstaller Pro 2010-04-23 22:47:39 ----D---- C:\hijackthis 2010-04-19 22:32:47 ----D---- C:\Program Files\Mozilla Firefox 2010-04-17 22:11:32 ----D---- C:\WINDOWS\System32\CatRoot 2010-04-16 18:06:11 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2010-04-16 18:03:04 ----D---- C:\WINDOWS\WinSxS 2010-04-16 17:36:36 ----D---- C:\WINDOWS\System32\config 2010-04-16 17:36:12 ----D---- C:\WINDOWS\System32\wbem 2010-04-16 17:36:09 ----D---- C:\WINDOWS\Registration 2010-04-16 17:35:33 ----D---- C:\Documents and Settings\Malika\Application Data\FlashGetBHO 2010-04-16 17:35:32 ----D---- C:\Documents and Settings\Malika\Application Data\BITS 2010-04-16 17:35:02 ----D---- C:\Documents and Settings\Malika\Application Data\FlashgetSetup 2010-04-16 17:34:50 ----SHD---- C:\found.000 2010-04-16 17:33:57 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee 2010-04-16 17:33:55 ----HD---- C:\WINDOWS\inf 2010-04-16 17:33:44 ----DC---- C:\WINDOWS\System32\DRVSTORE 2010-04-16 17:32:10 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2010-04-16 17:30:50 ----D---- C:\Program Files\Avira(2) 2010-04-16 17:29:52 ----D---- C:\Download 2010-04-16 17:29:51 ----D---- C:\Documents and Settings\Malika\Application Data\Adobe 2010-04-16 17:29:39 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\avgntdd.sys [2009-02-13 45416] R1 avipbb;avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-01-27 28928] R1 incdrm;InCD Reader; C:\WINDOWS\System32\drivers\incdrm.sys [2005-01-27 27776] R1 P3;Pilote processeur Intel Pentium III; C:\WINDOWS\System32\DRIVERS\p3.sys [2002-08-29 40320] R1 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\System32\DRIVERS\adiusbaw.sys [2005-06-21 125913] R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2002-08-29 450432] R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2002-08-28 51968] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-28 21760] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2002-08-28 19328] R3 VIAudio;Contrôleur audio VIA AC'97 (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2002-08-28 84480] R3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944] R4 InCDfs;InCD File System; C:\WINDOWS\System32\drivers\InCDfs.sys [2005-01-27 99200] S1 SABKUTIL;SABKUTIL; \??\D:\program files\SABKUTIL.sys [] S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2004-03-02 50007] S3 avfwim;AvFw Packet Filter Miniport; C:\WINDOWS\System32\DRIVERS\avfwim.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2002-08-29 16384] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2007-03-08 49920] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2007-03-08 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2007-03-08 21568] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-08-29 4992] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2001-08-17 83712] S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2008-04-10 26112] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2001-08-17 8064] S3 SABProcEnum;SABProcEnum; \??\D:\program files\SABProcEnum.sys [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2001-08-17 10752] S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\System32\DRIVERS\snpstd3.sys [2005-11-07 788480] S3 StillCam;Pilote d'appareil photo numérique série; C:\WINDOWS\System32\DRIVERS\serscan.sys [2001-08-23 6912] S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2001-08-17 14592] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2002-08-29 28160] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2001-08-17 18560] S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys [] S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089] R2 Gizmo Plugin;Gizmo VoIP Service; C:\Program Files\GizmoPlugin\GizmoPlugin.exe [2008-08-14 962048] R2 hpqddsvc;Service HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2001-08-28 12800] R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-01-27 856064] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2001-08-28 12800] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2001-08-28 12800] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912] R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2001-08-28 12800] R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2001-08-28 12800] S2 InCDsrvR;InCD Helper (read only); C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-01-27 856064] S2 moohelp;The Cleaner 2011 Helper Service; C:\Program Files\The Cleaner\mhelper.exe [2010-03-29 813056] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-06-14 323584] S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe [2005-01-16 68096] -----------------EOF----------------- pour info text: info.txt logfile of random's system information tool 1.06 2010-05-14 13:07:19 ======Uninstall list====== -->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\WINDOWS\NuNInst.exe /UNINSTALL -->C:\WINDOWS\unmrw.exe /UNINSTALL -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL -->C:\WINDOWS\UNNMP.exe /UNINSTALL -->C:\WINDOWS\UNNVEContent.exe /UNINSTALL -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7} Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll" Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.3.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001} Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Ares 2.1.1-->"C:\Program Files\Ares\uninstall.exe" Audacity 1.2.3-->"C:\Program Files\Audacity\unins000.exe" Auslogics Disk Defrag-->"C:\Program Files\Auslogics\Auslogics Disk Defrag\unins000.exe" Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} ConvertHelper 2.2-->"C:\Program Files\ConvertHelper\unins000.exe" Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]-->C:\WINDOWS\$NtUninstallQ828026$\spuninst\spuninst.exe Correctif Windows XP - KB822603-->C:\WINDOWS\$NtUninstallKB822603$\spuninst\spuninst.exe CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe EasyCleaner-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly EyeLoveU 3.5.4-->MsiExec.exe /I{44526086-6CF2-4C15-AE8C-DA4893F82B60} Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe Gizmo Plugin-->C:\Program Files\GizmoPlugin\uninstall.exe HijackThis 1.99.1-->C:\hijackthis\HijackThis.exe /uninstall HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat HP OCR Software 9.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat HP Photosmart All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{B22C19AE-6A67-4f28-B541-5AE72FB17A25}\setup\hpzscr01.exe -datfile hposcr15.dat HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7} HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134} HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3} iTunes-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{54C0D94A-F467-4ABC-9D02-6E58748668D4} /l1036 jv16 PowerTools 1.3-->"C:\Program Files\jv16 PowerTools 2006\unins000.exe" Kit de Connexion MENARA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB25E068-C7A2-482F-A3BC-588A5869844D}\setup.exe" -l0x40c ControlPanel K-Lite Codec Pack 5.3.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Kodak One-Touch Printing Solution SDK-->C:\KODAKO~1\UNWISE.EXE C:\KODAKO~1\INSTALL.LOG Logo Design Studio Trial-->"C:\WINDOWS\Logo Design Studio Trial\uninstall.exe" "/U:C:\Program Files\Summitsoft\Logo Design Studio Trial\Uninstall\uninstallLDSTrial.xml" Macromedia Flash MX 2004-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2F353D44-73BB-4971-B31D-F7642E9E9531}\Setup.exe" -l0x40c UNINSTALL Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSN Messenger 7.0-->MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600820} Nero PhotoShow Express-->"C:\Program Files\Nero\data\Xtras\Uninstall.exe" Nero Suite-->C:\Program Files\Fichiers communs\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID="" OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74} PC Camera LI360-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\Setup.exe" -l0x9 Photo-Brush 3.1-->"C:\Program Files\PhotoBrush\unins000.exe" PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe" Pop-Up Stopper Free Edition-->C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall QuickTime for Windows (32-bit)-->C:\WINDOWS\QTW32DEL.EXE QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC} RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0 Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748} Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36} SmartSound Quicktracks Plugin-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} SpywareBlaster 4.3-->"C:\Program Files\SpywareBlaster\unins000.exe" The Cleaner 2011-->"C:\Program Files\The Cleaner\unins000.exe" Themen aktuell 1-->C:\WINDOWS\APCBTUn.exe Themen aktuell 1 VSO Image Resizer 2.2.0.4-->"C:\Program Files\VSO\Image Resizer\unins000.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall WOT pour Internet Explorer-->MsiExec.exe /X{DB0BB9FA-1B60-4036-8E29-3D56D8085256} Xvid 1.1.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe" ZebHelpProcess 2.23-->"C:\Program Files\ZebHelpProcess 2\unins000.exe" ======System event log====== Computer Name: COMPUTERAOUU706 Event Code: 7 Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux. Record Number: 13450 Source Name: Cdrom Time Written: 20100422182809.000000+000 Event Type: erreur User: Computer Name: COMPUTERAOUU706 Event Code: 7 Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux. Record Number: 13449 Source Name: Cdrom Time Written: 20100422182809.000000+000 Event Type: erreur User: Computer Name: COMPUTERAOUU706 Event Code: 7 Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux. Record Number: 13448 Source Name: Cdrom Time Written: 20100422182808.000000+000 Event Type: erreur User: Computer Name: COMPUTERAOUU706 Event Code: 7 Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux. Record Number: 13447 Source Name: Cdrom Time Written: 20100422182807.000000+000 Event Type: erreur User: Computer Name: COMPUTERAOUU706 Event Code: 7 Message: Le périphérique \Device\CdRom0 comporte un bloc défectueux. Record Number: 13446 Source Name: Cdrom Time Written: 20100422182806.000000+000 Event Type: erreur User: =====Application event log===== Computer Name: COMPUTERAOUU706 Event Code: 1 Message: Record Number: 1907 Source Name: Gizmo VoIP Service Time Written: 20100301165258.000000+000 Event Type: Informations User: Computer Name: COMPUTERAOUU706 Event Code: 4096 Message: Record Number: 1906 Source Name: InCDsrvR Time Written: 20100301165246.000000+000 Event Type: Informations User: Computer Name: COMPUTERAOUU706 Event Code: 0 Message: Record Number: 1905 Source Name: hpqcxs08 Time Written: 20100301161842.000000+000 Event Type: Informations User: Computer Name: COMPUTERAOUU706 Event Code: 4096 Message: Le service AntiVir a bien démarré! Record Number: 1904 Source Name: Avira AntiVir Time Written: 20100301161838.000000+000 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: COMPUTERAOUU706 Event Code: 0 Message: Record Number: 1903 Source Name: hpqddsvc Time Written: 20100301161754.000000+000 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Fichiers communs\Ulead Systems\MPEG "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=0806 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_15\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\j2re1.4.2_15\lib\ext\QTJava.zip -----------------EOF----------------- merci apollo -
[Résolu] À quoi correspond l'application gendel32.exe ?
may a répondu à un(e) sujet de may dans Analyses et éradication malwares
bonsoir apollo, voici le rapport Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4097 Windows 5.1.2600 Service Pack 1 Internet Explorer 6.0.2800.1106 14/05/2010 00:11:45 mbam-log-2010-05-14 (00-11-45).txt Type d'examen: Examen complet (C:\|D:\|E:\|H:\|) Elément(s) analysé(s): 197203 Temps écoulé: 1 heure(s), 58 minute(s), 5 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 36 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 2 Fichier(s) infecté(s): 7 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\abu showg 2.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adobe photoshop 8.0 me.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\adobe_premiere .mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\autocad.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\frontpage.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\gnucdna.core (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{2850bdc7-2330-4e31-9fa0-88268846539a} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{0be385a3-85a5-4722-b677-68dae891ff21} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{272c0d60-0561-4c83-b3db-eb0a71f9d2eb} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{284477e4-a7cb-4055-9e1b-0ea7cba28945} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{70ca4938-6a0f-4641-a9a9-c936e4c1e7de} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{7468213e-010e-4ec6-a17d-642e909ba7ec} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{89dc33a2-f86f-42a1-8b5f-d4d1943efc9c} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{a916af3c-976d-4358-8736-95bea0b5fd2c} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{b86f4810-19a9-4050-9ac9-b5cf60b5799a} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{bb5b7e14-f8b4-4365-a24d-f4965c33e1ee} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{be45f056-e005-437b-be88-23acf70b0b6a} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{c13d4627-02f5-4b03-897a-bf6a90022dd2} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{c636f1fc-6ae4-4e6a-90ab-6d61d821a0dd} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cb971ac0-6408-40da-a540-92f9f256f51f} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{d5694dfe-43b6-4e05-aa29-8c556c968973} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e2032ec2-a9ac-4ed7-9bdb-ebecacf076f2} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{ebab4a71-8c34-461a-b57d-dd041d439555} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f06fea43-0cc3-4bf6-a85b-5efb1c07aa4b} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fc94a0f7-9c7c-4ae2-9106-5c212332b209} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f02c0ae1-d796-42c9-81e1-084d88f79b8e} (Adware.WhenU) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\jehad.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\making_photoshop_styles.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\pcbook.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\runcommands.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\wright-writing.mynshandler (Spyware.AdaEbook) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e8cfc029-8420-4eae-adef-915bdc77e1dc} (Spyware.AdaEbook) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e90ff652-3dfe-4c20-8e22-1ae22cc7f71d} (Rogue.RegAdmin) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\luckytender (Adware.LuckyTender) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\System32\GnucDNA.dll (Adware.WhenU) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Program Files\LuckyTender (Adware.LuckyTender) -> Quarantined and deleted successfully. C:\Program Files\LuckyTender\1.3.0 (Adware.LuckyTender) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\system32\GnucDNA.dll (Adware.WhenU) -> Quarantined and deleted successfully. C:\32788R22FWJFW\catchme.cfexe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Download\jehad.exe (Spyware.AdaEbook) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F1361350-8DF0-4E64-A622-18BA5D877D54}\RP617\A0815978.exe (Spyware.AdaEbook) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{F1361350-8DF0-4E64-A622-18BA5D877D54}\RP632\A0837220.exe (Spyware.AdaEbook) -> Quarantined and deleted successfully. C:\Program Files\LuckyTender\uninst.exe (Adware.LuckyTender) -> Quarantined and deleted successfully. C:\Program Files\setup.exe (Rogue.Installer) -> Quarantined and deleted successfully. le rapport de hijakthis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:27:02, on 14/05/2010 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\GizmoPlugin\GizmoPlugin.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Fichierscommuns\Real\Update_OB\realsched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Panicware\Pop-Up Stopper FreeEdition\PSFree.exe C:\Program Files\The Cleaner\tcap.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Malika\Bureau\HiJackThis.exe R1 - HKCU\Software\Microsoft\InternetExplorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,StartPage = http://www.google.co.ma/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,StartPage = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,LocalPage = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,LocalPage = R0 - HKCU\Software\Microsoft\InternetExplorer\Toolbar,LinksFolderName = Liens O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart WebPrinting\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart WebPrinting\hpswp_framework.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichierscommuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\ProgramFiles\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: RealPlayer Download and Record Plugin forInternet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programfiles\real\realplayer\rpbrowserrecordplugin.dll O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll O4 - HKLM\..\Run: [CrazyTalk Serve] rundll32.exe C:\WINDOWS\System32\CrazyTalk.dll,DllServeMediaFile O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\ProgramFiles\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichierscommuns\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVirDesktop\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichierscommuns\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSNMessenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\ProgramFiles\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" O4 - HKCU\..\Run: [tcactive] C:\Program Files\TheCleaner\tcap.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel -res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Télécharger avec StarDownloader - C:\Program Files\Star Downloader\sdie.htm O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\ProgramFiles\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for InternetExplorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\InternetExplorer\SkypeIEPlugin.dll O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\SmartWeb Printing\hpswp_extensions.dll O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\ProgramFiles\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\InternetExplorer\SkypeIEPlugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE(file missing) O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\ProgramFiles\Messenger\MSMSGS.EXE (file missing) O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/p...IEGetPlugin.ocx O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166485824952 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f001.mail.caramail.lycos.fr/app/upl...ileUploader.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3B125A2F-736A-4314-AD0F-7EB0AD267798}: NameServer = 62.251.229.22362.251.229.237 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\ProgramFiles\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - AviraGmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Service d'administration du Gestionnaire dedisque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) -Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gizmo VoIP Service (Gizmo Plugin) -SIPphone, Inc. - C:\ProgramFiles\GizmoPlugin\GizmoPlugin.exe O23 - Service: InstallDriver Table Manager (IDriverT) -Macrovision Corporation - C:\Program Files\Fichierscommuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG- C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknownowner - C:\Program Files\Fichiers communs\MacromediaShared\Service\Macromedia Licensing.exe O23 - Service: The Cleaner 2011 Helper Service (moohelp) -MooSoft Development LLC - C:\Program Files\TheCleaner\mhelper.exe O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknownowner - C:\WINDOWS\system32\netdde.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner -C:\WINDOWS\system32\services.exe O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner -C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) -Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) -Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe O24 - Desktop Component 0: (no name) - file:///C:/Documents%20and%20Settings/Malika/Mes%20documents/mariam%20nour%20doc/????%20???%20-%20???%20?%20????_files/yingow.gif O24 - Desktop Component 2: YouTube - casa crew -hé 3chiri live mks - -- End of file - 10198 bytes pour le gendel 32 il est encore dans lecteur C !!! Merci pour ton aide -
[Résolu] À quoi correspond l'application gendel32.exe ?
may a répondu à un(e) sujet de may dans Analyses et éradication malwares
bonsoir Appolo, Tu ne donnes pas le chemin complet.... voila on ouvrant le disque local c je le vois comme ça http://ups.imagup.com/10/1273724842.jpg pour le resultat de l\'annalyse de ce fichier : Fichier gendel32.exe reçu le 2010.05.12 14:50:06 (UTC)Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.50 2010.05.10 - AhnLab-V3 2010.05.12.01 2010.05.12 Win-AppCare/Gendel.53248 AntiVir 8.2.1.236 2010.05.12 - Antiy-AVL 2.0.3.7 2010.05.12 RiskTool/Win32.PsKill.gen Authentium 5.2.0.5 2010.05.12 W32/Trojan!00e9 Avast 4.8.1351.0 2010.05.12 - Avast5 5.0.332.0 2010.05.12 - AVG 9.0.0.787 2010.05.12 - BitDefender 7.2 2010.05.12 - CAT-QuickHeal 10.00 2010.05.12 - ClamAV 0.96.0.3-git 2010.05.12 VirTool.Gendel.A Comodo 4828 2010.05.12 TrojWare.Win32.HackTool.Gendel.A DrWeb 5.0.2.03300 2010.05.12 Tool.Gendel eSafe 7.0.17.0 2010.05.11 Win32.Banker eTrust-Vet 35.2.7483 2010.05.12 - F-Prot 4.5.1.85 2010.05.12 W32/Trojan!00e9 F-Secure 9.0.15370.0 2010.05.12 - Fortinet 4.1.133.0 2010.05.12 HackerTool/Generic.8315 GData 21 2010.05.12 - Ikarus T3.1.1.84.0 2010.05.12 - Jiangmin 13.0.900 2010.05.12 - Kaspersky 7.0.0.125 2010.05.12 - McAfee 5.400.0.1158 2010.05.12 - McAfee-GW-Edition 2010.1 2010.05.12 - Microsoft 1.5703 2010.05.12 - NOD32 5108 2010.05.12 Win32/HackTool.Gendel.A Norman 6.04.12 2010.05.12 - nProtect 2010-05-12.01 2010.05.12 Trojan-Spy/W32.HackTool.53248 Panda 10.0.2.7 2010.05.11 HackTool/Gendel.A PCTools 7.0.3.5 2010.05.12 - Prevx 3.0 2010.05.12 High Risk Worm Rising 22.47.02.04 2010.05.12 - Sophos 4.53.0 2010.05.12 - Sunbelt 6294 2010.05.12 - Symantec 20101.1.0.89 2010.05.12 - TheHacker 6.5.2.0.279 2010.05.11 Aplicacion/Riskware.Tool.Gendel TrendMicro 9.120.0.1004 2010.05.12 - TrendMicro-HouseCall 9.120.0.1004 2010.05.12 - VBA32 3.12.12.4 2010.05.12 - ViRobot 2010.5.12.2312 2010.05.12 - VirusBuster 5.0.27.0 2010.05.12 HackTool.Gendel.A Information additionnelle File size: 53248 bytes MD5...: 35bc2808ed08326dac79dc41cdf3d61c SHA1..: 54183157469a030b362bb6d5d6e3b56315d6c0e8 SHA256: 32e8e5edba4aacb769eac1266c360b4abe096566dda199d2fc2e0ac1fffe3208 ssdeep: 1536:vxqZKzqNRoQcIQSDZoIwMPtHy/9H44tsu0:OSeRoQhDaIrti4nu0<BR> PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xab7c<BR>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 8 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>CODE 0x1000 0x9cc8 0x9e00 6.43 08dfd3181c12909f79368832e9f1f7f8<BR>DATA 0xb000 0x2f0 0x400 2.83 066e091049e8836cdcbb3df3c0bc7c3f<BR>BSS 0xc000 0x5e1 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.idata 0xd000 0x7c4 0x800 4.48 3245879556ee3c975247e9a77dfbe6a7<BR>.tls 0xe000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rdata 0xf000 0x18 0x200 0.20 c9f2b5ffa25a8ec9faf6e22605af4996<BR>.reloc 0x10000 0xc98 0xe00 6.29 346bf1a70b5e09fb36d44c43940b8be3<BR>.rsrc 0x11000 0x1200 0x1200 3.58 6cebf1c26a51ab87d5d09f9f1dc3c7d5<BR><BR>( 7 imports ) <BR>> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, VirtualQuery, WideCharToMultiByte, RemoveDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpyA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, ExitProcess, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle<BR>> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>> oleaut32.dll: VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysFreeString, SysAllocStringLen<BR>> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, GetModuleFileNameA<BR>> kernel32.dll: WriteFile, VirtualQuery, SetFilePointer, SetEndOfFile, ReadFile, MoveFileExA, GetWindowsDirectoryA, GetVersionExA, GetThreadLocale, GetShortPathNameA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentThreadId, GetCPInfo, FormatMessageA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, DeleteFileA, CreateFileA, CompareStringA, CloseHandle<BR>> user32.dll: TranslateMessage, PeekMessageA, MessageBoxA, LoadStringA, GetSystemMetrics, DispatchMessageA<BR><BR>( 0 exports ) <BR> RDS...: NSRL Reference Data Set<BR>- trid..: Win32 Executable Borland Delphi 5 (61.3%)<BR>Win32 Executable Borland Delphi 3 (35.6%)<BR>Win32 Executable Generic (1.1%)<BR>Win32 Dynamic Link Library (generic) (1.0%)<BR>Win16/32 Executable Delphi generic (0.2%) pdfid.: - sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR> <a href=\'http://info.prevx.com/aboutprogramtext.asp?PX5=CA38EE54009DEE66D036004F3FA4D3006F9CDC81\' target=\'_blank\'>http://info.prevx.com/aboutprogramtext.asp?PX5=CA38EE54009DEE66D036004F3FA4D3006F9CDC81</a>'>http://info.prevx.com/aboutprogramtext.asp?PX5=CA38EE54009DEE66D036004F3FA4D3006F9CDC81</a> Antivirus Version Dernière mise à jour Résultat a-squared 4.5.0.50 2010.05.10 - AhnLab-V3 2010.05.12.01 2010.05.12 Win-AppCare/Gendel.53248 AntiVir 8.2.1.236 2010.05.12 - Antiy-AVL 2.0.3.7 2010.05.12 RiskTool/Win32.PsKill.gen Authentium 5.2.0.5 2010.05.12 W32/Trojan!00e9 Avast 4.8.1351.0 2010.05.12 - Avast5 5.0.332.0 2010.05.12 - AVG 9.0.0.787 2010.05.12 - BitDefender 7.2 2010.05.12 - CAT-QuickHeal 10.00 2010.05.12 - ClamAV 0.96.0.3-git 2010.05.12 VirTool.Gendel.A Comodo 4828 2010.05.12 TrojWare.Win32.HackTool.Gendel.A DrWeb 5.0.2.03300 2010.05.12 Tool.Gendel eSafe 7.0.17.0 2010.05.11 Win32.Banker eTrust-Vet 35.2.7483 2010.05.12 - F-Prot 4.5.1.85 2010.05.12 W32/Trojan!00e9 F-Secure 9.0.15370.0 2010.05.12 - Fortinet 4.1.133.0 2010.05.12 HackerTool/Generic.8315 GData 21 2010.05.12 - Ikarus T3.1.1.84.0 2010.05.12 - Jiangmin 13.0.900 2010.05.12 - Kaspersky 7.0.0.125 2010.05.12 - McAfee 5.400.0.1158 2010.05.12 - McAfee-GW-Edition 2010.1 2010.05.12 - Microsoft 1.5703 2010.05.12 - NOD32 5108 2010.05.12 Win32/HackTool.Gendel.A Norman 6.04.12 2010.05.12 - nProtect 2010-05-12.01 2010.05.12 Trojan-Spy/W32.HackTool.53248 Panda 10.0.2.7 2010.05.11 HackTool/Gendel.A PCTools 7.0.3.5 2010.05.12 - Prevx 3.0 2010.05.12 High Risk Worm Rising 22.47.02.04 2010.05.12 - Sophos 4.53.0 2010.05.12 - Sunbelt 6294 2010.05.12 - Symantec 20101.1.0.89 2010.05.12 - TheHacker 6.5.2.0.279 2010.05.11 Aplicacion/Riskware.Tool.Gendel TrendMicro 9.120.0.1004 2010.05.12 - TrendMicro-HouseCall 9.120.0.1004 2010.05.12 - VBA32 3.12.12.4 2010.05.12 - ViRobot 2010.5.12.2312 2010.05.12 - VirusBuster 5.0.27.0 2010.05.12 HackTool.Gendel.A Information additionnelle File size: 53248 bytes MD5...: 35bc2808ed08326dac79dc41cdf3d61c SHA1..: 54183157469a030b362bb6d5d6e3b56315d6c0e8 SHA256: 32e8e5edba4aacb769eac1266c360b4abe096566dda199d2fc2e0ac1fffe3208 ssdeep: 1536:vxqZKzqNRoQcIQSDZoIwMPtHy/9H44tsu0:OSeRoQhDaIrti4nu0<BR> PEiD..: - PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xab7c<BR>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 8 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>CODE 0x1000 0x9cc8 0x9e00 6.43 08dfd3181c12909f79368832e9f1f7f8<BR>DATA 0xb000 0x2f0 0x400 2.83 066e091049e8836cdcbb3df3c0bc7c3f<BR>BSS 0xc000 0x5e1 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.idata 0xd000 0x7c4 0x800 4.48 3245879556ee3c975247e9a77dfbe6a7<BR>.tls 0xe000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rdata 0xf000 0x18 0x200 0.20 c9f2b5ffa25a8ec9faf6e22605af4996<BR>.reloc 0x10000 0xc98 0xe00 6.29 346bf1a70b5e09fb36d44c43940b8be3<BR>.rsrc 0x11000 0x1200 0x1200 3.58 6cebf1c26a51ab87d5d09f9f1dc3c7d5<BR><BR>( 7 imports ) <BR>> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, VirtualQuery, WideCharToMultiByte, RemoveDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpyA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, ExitProcess, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle<BR>> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>> oleaut32.dll: VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysFreeString, SysAllocStringLen<BR>> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, GetModuleFileNameA<BR>> kernel32.dll: WriteFile, VirtualQuery, SetFilePointer, SetEndOfFile, ReadFile, MoveFileExA, GetWindowsDirectoryA, GetVersionExA, GetThreadLocale, GetShortPathNameA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentThreadId, GetCPInfo, FormatMessageA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, DeleteFileA, CreateFileA, CompareStringA, CloseHandle<BR>> user32.dll: TranslateMessage, PeekMessageA, MessageBoxA, LoadStringA, GetSystemMetrics, DispatchMessageA<BR><BR>( 0 exports ) <BR> RDS...: NSRL Reference Data Set<BR>- trid..: Win32 Executable Borland Delphi 5 (61.3%)<BR>Win32 Executable Borland Delphi 3 (35.6%)<BR>Win32 Executable Generic (1.1%)<BR>Win32 Dynamic Link Library (generic) (1.0%)<BR>Win16/32 Executable Delphi generic (0.2%) pdfid.: - sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR> <a href=\'http://info.prevx.com/aboutprogramtext.asp?PX5=CA38EE54009DEE66D036004F3FA4D3006F9CDC81\' target=\'_blank\'>http://info.prevx.com/aboutprogramtext.asp?PX5=CA38EE54009DEE66D036004F3FA4D3006F9CDC81</a> merci -
[Résolu] À quoi correspond l'application gendel32.exe ?
may a posté un sujet dans Analyses et éradication malwares
Salut tout le monde, J'ai une application nommée "gendel32.exe" sur mon disque dur. Est-ce que qq'1 sait à quoi ça correspond ? Quand je clique dessus : rien. Faut'il la supprimer ? Merci pour votre aide -
Salut, J'ai fait une analyse hijack pouvez vous me dire s'il y a un problème? merci Logfile of HijackThis v1.99.1 Scan saved at 16:32:00, on 09/09/2008 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\GizmoPlugin\GizmoPlugin.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Menara\dslmon.exe C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Actfile] C:\windows\temp\Actfile.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O12 - Plugin for pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166485824952 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f001.mail.caramail.lycos.fr/app/upl...ileUploader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7ACF8882-929F-4DDB-9BDF-5C051EDE29E5}: NameServer = 196.217.246.210 212.217.0.13 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Gizmo VoIP Service (Gizmo Plugin) - SIPphone, Inc. - C:\Program Files\GizmoPlugin\GizmoPlugin.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
-
je te remercie mon ami Bon Noel
-
Logfile of HijackThis v1.99.1 Scan saved at 21:23:59, on 24/12/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Ares\Ares.exe C:\Program Files\Menara\dslmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\WgaTray.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Messenger\MSMSGS.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Movie Maker\moviemk.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Menara R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - Global Startup: DSLMON.lnk = C:\Program Files\Menara\dslmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/16bbbc9e845a5e...RdxIE601_fr.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166485824952 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f001.mail.caramail.lycos.fr/app/upl...ileUploader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{7ACF8882-929F-4DDB-9BDF-5C051EDE29E5}: NameServer = 196.217.246.210 212.217.0.13 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe merci de votre aide
-
Bonjour Chmart, Daniel et tous les amis, Oui vous avez raison, car moi aussi j'ai ajouté une barrière pour augmenter la capacié de mon pc, mais les messages indiquant que la mémoire vive du pc est insuffisante continuent à apparaitre c'est comme si j'ai rien ajouté. mais je vous rappelle les amis que moi j'ai pas un sp2 car j'ai découvert que la personne qui m'avait vendu ce pc n'a pas installé une version légale de windows
-
Salut Bronson, et comment passer en ethernet? merci beaucoup
-
salut Gof, salut les amis, j'ai fait l'analyse en ligne en voici les résultats: Service load: 0% 100% File: tsnpstd3.exe Status: OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5 79d3c5050d3952506eaf17c4bbad1793 Scan taken on 06 Jun 2007 22:52:42 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing y a quelque chose docteur? merci tout le monde