Aller au contenu

mister13el

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    7

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par mister13el

  1. mister13el
    Voila le copier coller je vais finir se que tu m'as demander DiagHelp version v1.1.2 - http://www.malekal.com excute le 30/06/2007 à 19:08:50,00 Liste des derniers fichies modifies/crees dans windir\system32 C:\WINDOWS\System32/drivers\ssmdrv.sys -->27/06/2007 13:21:24 C:\WINDOWS\System32/drivers\avipbb.sys -->27/06/2007 13:21:24 C:\WINDOWS\System32/drivers\sptd.sys -->29/11/2006 15:47:00 C:\WINDOWS\System32/drivers\cdralw2k.sys -->19/05/2006 23:16:24 C:\WINDOWS\System32/drivers\cdr4_xp.sys -->19/05/2006 23:16:24 C:\WINDOWS\System32/drivers\pxhelp20.sys -->16/05/2006 22:23:54 C:\WINDOWS\System32/drivers\alcxwdm.sys -->10/05/2006 15:44:08 C:\WINDOWS\System32\vsconfig.xml -->30/06/2007 12:23:54 C:\WINDOWS\System32\wpa.dbl -->29/06/2007 12:05:32 C:\WINDOWS\System32\zllictbl.dat -->27/06/2007 19:08:16 C:\WINDOWS\System32\CONFIG.NT -->27/06/2007 12:55:22 C:\WINDOWS\System32\PerfStringBackup.INI -->27/06/2007 12:31:16 C:\WINDOWS\System32\perfh00C.dat -->27/06/2007 12:31:16 C:\WINDOWS\System32\perfh009.dat -->27/06/2007 12:31:16 C:\WINDOWS\System32\perfc00C.dat -->27/06/2007 12:31:16 C:\WINDOWS\System32\perfc009.dat -->27/06/2007 12:31:16 C:\WINDOWS\System32\spupdwxp.log -->27/06/2007 12:29:42 C:\WINDOWS\System32\FNTCACHE.DAT -->27/06/2007 12:28:40 C:\WINDOWS\System32\LegitCheckControl.dll -->24/04/2007 11:32:06 C:\WINDOWS\System32\wups.dll -->16/04/2007 22:47:36 C:\WINDOWS\System32\wuaucpl.cpl.mui -->16/04/2007 22:47:26 C:\WINDOWS\System32\wuapi.dll.mui -->16/04/2007 22:46:54 C:\WINDOWS\System32\wuaueng.dll -->16/04/2007 22:45:54 C:\WINDOWS\System32\wuapi.dll -->16/04/2007 22:45:48 C:\WINDOWS\System32\wucltui.dll -->16/04/2007 22:45:42 C:\WINDOWS\System32\wuaueng.dll.mui -->16/04/2007 22:45:42 C:\WINDOWS\System32\wuaucpl.cpl -->16/04/2007 22:45:40 C:\WINDOWS\System32\cdm.dll -->16/04/2007 22:45:28 C:\WINDOWS\System32\wups2.dll -->16/04/2007 22:45:20 C:\WINDOWS\System32\wuauclt.exe -->16/04/2007 22:45:20 C:\WINDOWS\System32\wucltui.dll.mui -->16/04/2007 22:45:06 C:\WINDOWS\System32\wuweb.dll -->16/04/2007 22:43:44 C:\WINDOWS\SchedLgU.Txt -->30/06/2007 19:00:00 C:\WINDOWS\wiadebug.log -->30/06/2007 18:01:24 C:\WINDOWS.log -->30/06/2007 12:24:36 C:\WINDOWS\WindowsUpdate.log -->30/06/2007 12:23:53 C:\WINDOWS\wiaservc.log -->30/06/2007 12:23:50 C:\WINDOWS\bootstat.dat -->30/06/2007 12:23:36 C:\WINDOWS\win.ini -->27/06/2007 23:08:23 C:\WINDOWS\system.ini -->27/06/2007 23:08:23 C:\WINDOWS\setupapi.log -->27/06/2007 22:54:51 C:\WINDOWS\KB892130.log -->27/06/2007 19:56:20 C:\WINDOWS\NeroDigital.ini -->27/06/2007 15:37:24 C:\WINDOWS\setupact.log -->27/06/2007 13:50:01 C:\WINDOWS\DPINST.LOG -->27/06/2007 12:33:16 C:\WINDOWS\OEWABLog.txt -->27/06/2007 12:31:15 C:\WINDOWS\spupdsvc.log -->27/06/2007 12:30:21 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est D016-D4E6 Répertoire de C:\WINDOWS\system32 19/08/2004 16:09 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 21 974 474 752 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est D016-D4E6 Répertoire de C:\WINDOWS\Downloaded Program Files 27/06/2007 20:03 <REP> . 27/06/2007 20:03 <REP> .. 11/04/2007 21:41 <REP> CONFLICT.1 12/06/2005 20:02 65 desktop.ini 24/01/2005 12:38 1 249 erma.inf 13/04/2007 02:14 382 344 GAME_UNO1.dll 17/01/2007 15:44 316 GAME_UNO1.INF 09/05/2006 09:06 2 289 HardwareDetection.inf 25/06/2005 22:08 358 072 kxhcm10.ocx 26/08/2005 15:57 495 LegitCheckControl.inf 29/05/2003 15:00 160 864 messengerstatsclient.dll 06/04/2004 19:03 172 072 MessengerStatsPAClient.dll 20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd 29/05/2003 15:00 84 064 minesweeper.dll 29/05/2003 15:00 77 408 msgrchkr.dll 30/06/2005 15:19 227 MsnMessengerSetupDownloader.inf 14/08/2005 00:26 113 664 MsnMessengerSetupDownloader.ocx 20/06/2006 15:44 379 704 MsnPUpld.dll 19/06/2006 14:40 393 MsnPUpld.inf 16/04/2007 22:50 295 muweb.inf 28/11/2003 00:15 869 nsvplayx_vp6_aac.inf 22/09/2004 15:59 110 592 PURen-us.dll 09/01/2007 08:30 110 592 PURfr-fr.dll 15/10/2004 07:59 110 592 PURfr-xx.dll 09/10/2003 10:32 144 QTPlugin.inf 13/05/2004 08:57 463 setup.inf 03/06/2005 13:24 395 SnapfishActivia1000.inf 03/06/2005 13:24 286 720 SnapfishActivia1000.ocx 28/02/2007 14:21 142 248 SolitaireShowdown.dll 26/03/2007 16:46 5 085 swflash.inf 07/09/2006 13:15 227 UDC6V_0001_D19M0709NetInstaller.inf 08/06/2006 18:19 4 590 496 WebCleaner.dll 08/06/2006 18:33 318 WebCleaner.inf 16/04/2007 22:50 293 wuweb.inf 02/11/2005 18:01 1 777 xscan.inf 02/11/2005 18:07 435 712 xscan53.ocx 15/05/2002 02:25 538 Yahoo! Blackjack.osd 21/07/2004 15:55 536 Yahoo! Checkers.osd 25/07/2006 17:06 1 193 Yahoo! Chess.osd 15/05/2002 03:49 554 Yahoo! Chinese Checkers.osd 19/09/2003 17:41 534 Yahoo! Fleet.osd 12/08/2004 10:48 558 Yahoo! MahJong Solitaire.osd 17/12/2004 09:55 530 Yahoo! Poker.osd 25/07/2006 17:17 1 195 Yahoo! Pool 2.osd 20/12/2002 14:15 538 Yahoo! Pyramids.osd 15/05/2002 02:59 534 Yahoo! Reversi.osd 15/05/2002 11:27 776 Yahoo! Towers 2.0.osd 19/02/2007 11:26 159 128 ZIntro.ocx 45 fichier(s) 7 697 820 octets Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1 11/04/2007 21:41 <REP> . 11/04/2007 21:41 <REP> .. 22/02/2007 23:41 304 544 MessengerStatsPAClient.dll 1 fichier(s) 304 544 octets Total des fichiers listés : 46 fichier(s) 8 002 364 octets 5 Rép(s) 21 974 470 656 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-06-30 19:08:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden files ... scan completed successfully hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 472 - explorer.exe 504 - csrss.exe 532 - winlogon.exe 576 - services.exe 588 - lsass.exe 640 - VM_STI.EXE 716 - avgnt.exe 740 - ati2evxx.exe 752 - svchost.exe 816 - svchost.exe 884 - svchost.exe 892 - HydraMD.exe 988 - svchost.exe 1096 - HydraDM.exe 1272 - qttask.exe 1348 - sched.exe 1360 - avguard.exe 1416 - Runservice.exe 1436 - HPZipm12.exe 1460 - CLI.exe 1560 - svchost.exe 1600 - emule.exe 1636 - soundman.exe 1652 - vsmon.exe 1768 - ati2evxx.exe 1804 - realsched.exe 2040 - atiptaxx.exe 2060 - zlclient.exe 2108 - msnmsgr.exe 2120 - GoogleToolbarNo 2152 - msmsgs.exe 2616 - cmd.exe 2856 - iexplore.exe 2972 - CLI.exe 2980 - CLI.exe 3244 - livecall.exe 3408 - usnsvc.exe Total number of processes = 38 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806CE000 - \WINDOWS\system32\hal.dll F8B65000 - \WINDOWS\system32\KDCOM.DLL F8A75000 - \WINDOWS\system32\BOOTVID.dll F848D000 - sptd.sys F8B67000 - \WINDOWS\System32\Drivers\WMILIB.SYS F8475000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS F8446000 - ACPI.sys F8435000 - pci.sys F8665000 - isapnp.sys F8C2D000 - pciide.sys F88E5000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS F8675000 - MountMgr.sys F8416000 - ftdisk.sys F8B69000 - dmload.sys F83F0000 - dmio.sys F88ED000 - PartMgr.sys F88F5000 - sfsync02.sys F8685000 - VolSnap.sys F83D8000 - atapi.sys F83C4000 - nvatabus.sys F8695000 - disk.sys F86A5000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS F83A5000 - fltmgr.sys F86B5000 - PxHelp20.sys F838E000 - KSecDD.sys F8301000 - Ntfs.sys F82D4000 - NDIS.sys F88FD000 - sfhlp02.sys F82C3000 - sfdrv01.sys F8905000 - nv_agp.sys F82A8000 - Mup.sys F72EE000 - \SystemRoot\System32\DRIVERS\fdc.sys F7166000 - \SystemRoot\System32\DRIVERS\parport.sys F8D9F000 - \SystemRoot\system32\drivers\msmpu401.sys F7142000 - \SystemRoot\system32\drivers\portcls.sys F8785000 - \SystemRoot\system32\drivers\drmk.sys F711F000 - \SystemRoot\system32\drivers\ks.sys F8795000 - \SystemRoot\System32\DRIVERS\i8042prt.sys F72E6000 - \SystemRoot\System32\DRIVERS\kbdclass.sys F72DE000 - \SystemRoot\System32\DRIVERS\mouclass.sys F8B3D000 - \SystemRoot\System32\DRIVERS\gameenum.sys F710E000 - \SystemRoot\System32\DRIVERS\serial.sys F8B41000 - \SystemRoot\System32\DRIVERS\serenum.sys F7276000 - \SystemRoot\System32\DRIVERS\usbohci.sys F70EB000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS F726E000 - \SystemRoot\System32\DRIVERS\usbehci.sys F8B45000 - \SystemRoot\System32\DRIVERS\nvnetbus.sys F70AB000 - \SystemRoot\System32\DRIVERS\NVNRM.SYS F7078000 - \SystemRoot\System32\DRIVERS\NVSNPU.SYS F6CB0000 - \SystemRoot\system32\drivers\ALCXWDM.SYS F87A5000 - \SystemRoot\System32\DRIVERS\imapi.sys F8B49000 - \SystemRoot\system32\drivers\pfc.sys F87B5000 - \SystemRoot\System32\DRIVERS\cdrom.sys F87C5000 - \SystemRoot\System32\DRIVERS\redbook.sys F7266000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys F6B2D000 - \SystemRoot\System32\DRIVERS\ati2mtag.sys F6B19000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS F6ACF000 - \SystemRoot\System32\Drivers\a8v56raa.SYS F87D5000 - \SystemRoot\System32\DRIVERS\processr.sys F8C45000 - \SystemRoot\System32\DRIVERS\audstub.sys F87E5000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys F8274000 - \SystemRoot\System32\DRIVERS\ndistapi.sys F6AB8000 - \SystemRoot\System32\DRIVERS\ndiswan.sys F7A89000 - \SystemRoot\System32\DRIVERS\raspppoe.sys F7A79000 - \SystemRoot\System32\DRIVERS\raspptp.sys F7387000 - \SystemRoot\System32\DRIVERS\TDI.SYS F89F5000 - \SystemRoot\System32\DRIVERS\ptilink.sys F891D000 - \SystemRoot\System32\DRIVERS\raspti.sys F8BC3000 - \SystemRoot\System32\DRIVERS\USBD.SYS F6A87000 - \SystemRoot\System32\DRIVERS\rdpdr.sys F7A69000 - \SystemRoot\System32\DRIVERS\termdd.sys F8BC5000 - \SystemRoot\System32\DRIVERS\swenum.sys F825C000 - \SystemRoot\System32\DRIVERS\mssmbios.sys F7A09000 - \SystemRoot\System32\Drivers\NDProxy.SYS F71CA000 - \SystemRoot\System32\DRIVERS\usbhub.sys F720A000 - \SystemRoot\System32\DRIVERS\NVENETFD.sys AA176000 - \SystemRoot\System32\DRIVERS\flpydisk.sys F8C07000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F8D34000 - \SystemRoot\System32\Drivers\Null.SYS F8C09000 - \SystemRoot\System32\Drivers\Beep.SYS F89A5000 - \SystemRoot\System32\drivers\vga.sys F8C0B000 - \SystemRoot\System32\Drivers\mnmdd.SYS F8C0D000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F731E000 - \SystemRoot\System32\Drivers\Msfs.SYS F8935000 - \SystemRoot\System32\Drivers\Npfs.SYS AAA22000 - \SystemRoot\System32\DRIVERS\rasacd.sys A8DAA000 - \SystemRoot\System32\DRIVERS\ipsec.sys AA683000 - \SystemRoot\System32\DRIVERS\msgpc.sys A8D52000 - \SystemRoot\System32\DRIVERS\tcpip.sys A8D2A000 - \SystemRoot\System32\DRIVERS\netbt.sys A8CE7000 - \SystemRoot\System32\vsdatant.sys AAA12000 - \SystemRoot\System32\drivers\ws2ifsl.sys A8CC5000 - \SystemRoot\System32\drivers\afd.sys AA693000 - \SystemRoot\System32\DRIVERS\netbios.sys F7236000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys F893D000 - \SystemRoot\System32\Drivers\ShldDrv.SYS A8C99000 - \SystemRoot\System32\DRIVERS\rdbss.sys A8C2A000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys AA6F3000 - \SystemRoot\System32\Drivers\Fips.SYS A8C09000 - \SystemRoot\System32\DRIVERS\ipnat.sys F6169000 - \SystemRoot\System32\DRIVERS\wanarp.sys A8BF2000 - \SystemRoot\System32\Drivers\usbVM31b.sys F8705000 - \SystemRoot\System32\Drivers\STREAM.SYS F8855000 - \SystemRoot\system32\DRIVERS\avipbb.sys F8C17000 - \??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys AA540000 - \SystemRoot\System32\Drivers\Cdfs.SYS 9FF5E000 - \SystemRoot\System32\Drivers\Udfs.SYS 9FF4A000 - \SystemRoot\System32\Drivers\dump_nvatabus.sys A165D000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys A047C000 - \SystemRoot\System32\watchdog.sys A04C4000 - \SystemRoot\System32\drivers\Dxapi.sys BF9C1000 - \SystemRoot\System32\drivers\dxg.sys A414C000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D3000 - \SystemRoot\System32\ati2dvag.dll BFA16000 - \SystemRoot\System32\ati2cqag.dll BFA55000 - \SystemRoot\System32\atikvmag.dll BFA8B000 - \SystemRoot\System32\ati3duag.dll BFD16000 - \SystemRoot\System32\ativvaxx.dll 9D49F000 - \SystemRoot\System32\DRIVERS\nwlnkipx.sys F8875000 - \SystemRoot\System32\DRIVERS\nwlnknb.sys 9D477000 - \SystemRoot\System32\DRIVERS\nwrdr.sys 9D44A000 - \SystemRoot\System32\DRIVERS\mrxdav.sys A15A7000 - \SystemRoot\System32\DRIVERS\nwlnkspx.sys F8BD5000 - \SystemRoot\System32\Drivers\ParVdm.SYS 9D3F9000 - \??\C:\WINDOWS\System32\DRIVERS\PavProc.sys F8A55000 - \SystemRoot\System32\DRIVERS\secdrv.sys 9D37E000 - \SystemRoot\System32\DRIVERS\srv.sys F8DB9000 - \??\C:\WINDOWS\System32\SVKP.sys 9D2CB000 - \??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys 9D126000 - \SystemRoot\system32\drivers\wdmaud.sys A4AB1000 - \SystemRoot\system32\drivers\sysaudio.sys 9CD76000 - \SystemRoot\System32\Drivers\HTTP.sys F8D25000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 135 Liste des programmes installes Adobe Flash Player 9 ActiveX Adobe Reader 8 - Français Adobe Reader Chinese Traditional Fonts Adobe® Photoshop® Album Edition Découverte 3.0 AI RoboForm (All Users) aMSN Apple Software Update Archiveur WinRAR AsusUpdate ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Control Panel ATI Display Driver ATI HydraVision ATI Parental Control & Encoder Avira AntiVir PersonalEdition Classic AXIS Media Control Caesar 3 ChessPartner 5.2 CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 ÓÎÏ·²èÔ·´óÌü2005 ÓÎÏ·²èÔ·ÔÚÏßÓÎÏ·-̨Çò ÓÎÏ·²èÔ·ÔÚÏßÓÎÏ·-Ë«¿Û1.1 eMule Free - Kit de connexion GdiplusUpgrade Google Toolbar for Internet Explorer HijackThis 1.99.1 iPod for Windows 2006-06-28 iPod for Windows 2006-06-28 iTunes iTunes J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 9 JourneySoftwarePromo LG PhoneManager LG SyncManager LG USB Modem driver Macromedia Shockwave Player Messenger Plus! Live Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Microsoft DirectX Transform optional components Microsoft Office Excel Viewer 2003 Microsoft Office Professional Edition 2003 Microsoft Windows Journal Viewer mIRC Mise à jour pour Windows XP (KB898461) Mozilla Firefox (1.5.0.12) Need for Speed™ Carbon Nero OEM NeroVision Express 2 NJStar Communicator NVIDIA Drivers NvMixer QQ»ðÆ´Ë«¿Û QQË«¿Û QQÁ¬Á¬¿´ÓÎÏ· QQÎå×ÓÆåÓÎÏ· QQÏóÆåÓÎÏ· QQ2004II Standard Version QQж·µØÖ÷ QQÓÎÏ· QuickTime RealPlayer Realtek AC'97 Audio SAMSUNG Mobile USB Modem 1.0 Software Samsung PC Studio Samsung PC Studio 3 USB Driver Installer Shockwave Skype 2.5 Spybot - Search & Destroy 1.4 TeamSpeak 2 RC2 TeLL me More TeLL me More Anglais prestige Tencent Traveler 3.0 TitanTV Client components for ATI Utilitaires Sierra VideoLAN VLC media player 0.8.5 Vimicro USB PC Camera WebFldrs XP Winamp (remove only) Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Live Messenger Windows Live Sign-in Assistant Windows Media Encoder 9 Series Windows Media Encoder 9 Series Windows Media Format Runtime Windows XP Service Pack 2 ZoneAlarm Pro Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est D016-D4E6 Répertoire de C:\Program Files 28/06/2007 13:37 <REP> . 28/06/2007 13:37 <REP> .. 23/02/1999 19:45 296 674 _INST32I.EX_ 27/10/1998 21:06 27 648 _ISDEL.EXE 30/09/1998 01:34 34 816 _SETUP.DLL 01/06/2005 11:58 4 173 _sys1.hdr 01/06/2005 11:58 4 637 _user1.hdr 02/12/2006 21:01 <REP> 3DO 03/05/2006 21:24 <REP> 802.11 Wireless LAN 12/06/2005 17:08 <REP> ACD Systems 07/04/2007 19:40 <REP> Adobe 30/03/2006 09:37 <REP> Ahead 27/03/2007 17:25 <REP> Alwil Software 19/04/2006 23:39 <REP> AMSN 29/06/2007 13:07 <REP> AntiVir PersonalEdition Classic 12/02/2007 18:17 <REP> Apple Software Update 18/06/2005 11:37 <REP> ASUS 08/06/2006 16:46 <REP> ATI Technologies 25/06/2005 21:58 <REP> Axis Communications 18/06/2005 11:38 438 660 bios_1009_2495.zip 06/10/2006 13:12 <REP> Black Isle 12/06/2005 17:01 <REP> Common Files 12/06/2005 16:46 <REP> ComPlus Applications 27/03/2007 21:07 <REP> DAEMON Tools 01/06/2005 11:58 111 DATA.TAG 01/06/2005 11:58 3 656 data1.hdr 30/06/2005 16:02 <REP> directx 02/12/2006 21:02 <REP> DivX 03/07/2005 21:39 7 769 912 DivXPlay.exe 25/04/2007 18:39 <REP> Electronic Arts 30/06/2007 16:29 <REP> eMule 08/04/2007 11:13 <REP> Everstrike Software 24/04/2007 17:49 <REP> Fichiers communs 17/11/2006 21:18 <REP> FileZilla 30/06/2005 13:02 <REP> Free.fr 01/09/2005 12:41 <REP> GAME 16/08/2006 11:48 <REP> gametea 26/03/2007 20:08 <REP> Google 08/07/2004 20:07 94 208 GwSetup.exe 06/06/2006 20:15 <REP> hardwaredetection 28/06/2007 14:13 <REP> Hijackthis 26/05/2006 14:58 <REP> HP 27/06/2007 12:28 <REP> Internet Explorer 08/01/2007 14:20 <REP> iPod 03/04/2006 09:21 <REP> iRiver 08/01/2007 17:40 <REP> iTunes 21/03/2007 13:34 <REP> Java 18/06/2005 11:24 290 742 K8_XP64bit_SATA1002.exe 12/01/1999 19:34 23 541 LANG.DAT 01/06/2005 11:58 610 layout.bin 16/04/2007 22:12 <REP> LG Electronics 16/04/2007 22:18 <REP> LG PC Suite 08/06/2007 23:06 <REP> Lokasoft 27/06/2007 12:20 <REP> messenger 26/03/2007 20:47 <REP> Messenger Plus! Live 03/04/2006 10:09 <REP> microsoft frontpage 03/04/2006 09:40 <REP> Microsoft Office 30/03/2006 09:22 <REP> Microsoft.NET 24/06/2007 17:05 <REP> mIRC 27/06/2007 12:19 <REP> movie maker 23/06/2007 14:43 <REP> Mozilla Firefox 27/03/2007 18:08 <REP> MP3 Player Utilities 3.57 15/06/2005 15:18 13 122 160 MPSetup.exe 03/09/2005 21:34 <REP> MSN Games 12/06/2005 20:03 <REP> msn gaming zone 27/06/2007 12:33 <REP> MSN Messenger 27/06/2007 12:15 <REP> NetMeeting 17/05/2006 19:57 <REP> NJStar Communicator 06/06/2006 20:20 <REP> NVIDIA Corporation 06/04/2007 14:09 <REP> Object Software 15/06/2005 13:22 <REP> OPENGL 28/07/1998 01:41 450 OS.DAT 27/06/2007 12:15 <REP> Outlook Express 19/06/2005 12:51 15 118 152 pilote_ati_radeon_catalyst_5.2_win9x_8.03_1736.exe 19/06/2005 12:42 8 749 189 pilote_ati_radeon_xfree_v4.2.0_8.14.13_2305.rpm 18/06/2005 11:36 2 259 336 pilote_audio_realtek_a3.0_2311.zip 18/06/2005 11:37 14 511 989 pilote_audio_realtek_a3.73_970.exe 26/03/2007 20:08 <REP> QuickTime 18/06/2005 14:50 <REP> Real 06/06/2006 21:11 <REP> Realtek AC97 03/05/2006 21:47 <REP> Samsung 12/06/2005 16:47 <REP> Services en ligne 12/01/1999 20:42 73 728 SETUP.EXE 01/06/2005 11:58 99 SETUP.INI 12/01/2005 16:16 62 561 setup.ins 07/06/2002 00:39 343 setup.iss 01/06/2005 11:58 49 setup.lid 08/03/2007 18:22 <REP> Siber Systems 25/04/2007 14:52 <REP> Sierra On-Line 17/08/2006 19:59 <REP> Skype 28/06/2007 13:34 <REP> Spybot - Search & Destroy 13/04/2007 17:05 <REP> Strategy First 05/05/2007 13:40 <REP> Teamspeak2_RC2 23/09/2006 23:16 <REP> Tencent 04/06/2006 23:28 <REP> TitanTV 02/12/2006 21:50 <REP> Ubisoft 24/06/2006 20:13 <REP> VideoLAN 16/08/2005 08:15 <REP> Vimicro 16/11/1999 14:55 48 VSSVER.SCC 12/02/2007 13:34 <REP> Webteh 24/04/2006 21:04 <REP> WildTangent 17/09/2006 19:05 <REP> Winamp 08/10/2005 18:26 <REP> Windows Journal Viewer 04/06/2006 23:27 <REP> Windows Media Components 27/06/2007 12:19 <REP> windows media player 27/06/2007 12:15 <REP> Windows NT 26/03/2007 20:08 <REP> WinRAR 26/11/2006 23:35 <REP> WinZip 12/06/2005 16:49 <REP> xerox 27/06/2007 13:11 <REP> Zone Labs 25 fichier(s) 62 887 492 octets 85 Rép(s) 21 974 454 272 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est D016-D4E6 Répertoire de C:\Program Files\fichiers communs 24/04/2007 17:49 <REP> . 24/04/2007 17:49 <REP> .. 12/06/2005 17:08 <REP> ACD Systems 07/04/2007 19:41 <REP> Adobe 30/03/2006 09:36 <REP> Ahead 08/06/2006 16:44 <REP> ATI Technologies 30/03/2006 09:21 <REP> DESIGNER 02/04/2007 14:56 <REP> DirectX 30/10/2006 16:50 <REP> Everstrike Software 26/05/2006 14:56 <REP> Hewlett-Packard 23/04/2006 22:22 <REP> iGame 01/09/2005 12:37 <REP> InstallShield 04/09/2006 14:09 <REP> Java 06/05/2006 20:53 <REP> Microsoft Shared 12/06/2005 16:46 <REP> MSSoap 27/08/2006 18:51 <REP> NSV 06/06/2006 20:20 <REP> NVIDIA Shared 12/06/2005 16:48 <REP> ODBC 05/12/2005 14:07 <REP> Real 12/06/2005 16:47 <REP> Services 12/06/2005 16:49 <REP> speechengines 17/08/2006 22:39 <REP> Synacast 27/06/2007 12:14 <REP> System 05/12/2005 14:07 <REP> xing shared 0 fichier(s) 0 octets 24 Rép(s) 21 974 450 176 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est D016-D4E6 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 12/06/2005 17:31 <REP> . 12/06/2005 17:31 <REP> .. 30/03/2006 09:21 <REP> 1033 30/03/2006 09:21 <REP> 1036 11/07/2003 10:15 1 292 872 MSONSEXT.DLL 15/07/2003 06:52 35 896 MSOSV.DLL 03/06/1999 14:09 122 937 MSOWS409.DLL 07/03/2001 09:00 127 033 MSOWS40c.DLL 11/07/2003 02:25 80 448 PKMWS.DLL 18/03/1999 07:37 593 977 RAGENT.DLL 6 fichier(s) 2 253 163 octets 4 Rép(s) 21 974 450 176 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est D016-D4E6 Répertoire de C:\Program Files\common files 12/06/2005 17:01 <REP> . 12/06/2005 17:01 <REP> .. 06/05/2006 20:53 <REP> System 0 fichier(s) 0 octets 3 Rép(s) 21 974 450 176 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est D016-D4E6 Répertoire de C:\ 17/06/2005 14:13 22 606 384 AdbeRdr70_fra_full.exe 12/05/2007 18:22 68 096 diff.exe 12/05/2007 18:22 103 424 grep.exe 17/06/2005 14:32 26 167 640 pilote_ati_catalyst_5.6_8.14_3025.exe 15/06/2005 22:03 12 188 424 qq2004ii_eng.exe 5 fichier(s) 61 133 968 octets 0 Rép(s) 21 974 450 176 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est D016-D4E6 Répertoire de C:\ c:\Documents and Settings\jianya.TEST\Application Data\Macromedia\Flash Player\#SharedObjects\WMLMGS3F\localhost\Documents and Settings\jianya.TEST\Bureau\JGF\jgf.exe c:\Documents and Settings\jianya.TEST\Application Data\Macromedia\Flash Player\#SharedObjects\WMLMGS3F\localhost\Program Files\FLVPlayer\flvplayer.exe c:\Documents and Settings\jianya.TEST\Application Data\PPLive\Update\Update.exe c:\Documents and Settings\jianya.TEST\Bureau\AiRoboForm.exe c:\Documents and Settings\jianya.TEST\Bureau\antivir_workstation_win7u_en_h.exe c:\Documents and Settings\jianya.TEST\Bureau\avwinsfx.exe c:\Documents and Settings\jianya.TEST\Bureau\act war\Act Of War - Direct Action\Fichiers d'intallation\Autorun.exe c:\Documents and Settings\jianya.TEST\Bureau\act war\Act Of War - Direct Action\Fichiers d'intallation\setup.exe c:\Documents and Settings\jianya.TEST\Bureau\act war\Act Of War - Direct Action\Fichiers d'intallation\DirectX\dxsetup.exe c:\Documents and Settings\jianya.TEST\Bureau\act war\Act Of War - Direct Action\Fichiers d'intallation\VIDEO\mplayerc.exe c:\Documents and Settings\jianya.TEST\Bureau\Ch\omgipwn.exe c:\Documents and Settings\jianya.TEST\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\jianya.TEST\Bureau\DiagHelp\diff.exe c:\Documents and Settings\jianya.TEST\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\jianya.TEST\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\jianya.TEST\Bureau\DiagHelp\find2.exe c:\Documents and Settings\jianya.TEST\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\jianya.TEST\Bureau\DiagHelp\grep.exe c:\Documents and Settings\jianya.TEST\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\jianya.TEST\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\jianya.TEST\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\jianya.TEST\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\jianya.TEST\Bureau\DiagHelp\streams.exe c:\Documents and Settings\jianya.TEST\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\jianya.TEST\Bureau\flv converteur\ffmpeg.exe c:\Documents and Settings\jianya.TEST\Bureau\flv converteur\FLV-CONVERTER.exe c:\Documents and Settings\jianya.TEST\Bureau\igowin\igowin.exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE51A70TAN\Firefox Setup 1.5.0.9[1].exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5T6J8927\ilobby[1].exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5XWHM7S5\Amys_Fantasies[1].exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5XWHM7S5\antivir_workstation_win7u_en_h[2].exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5XWHM7S5\aresregular209_installer[1].exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5XWHM7S5\installer-19582-17-Ares-Tube-2-0-9-French[1].exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5XWHM7S5\mirc616[1].exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5XWHM7S5\WindowsXP-KB835935-SP2-FRA[1].exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5XWHM7S5\xfire_installer_26107[1].exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5\29JG1WJM\Azureus_2.5.0.4_Win32.setup[1].exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5\29JG1WJM\wrar361fr[1].exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5\ARW18NK7\antivir_workstation_win7u_en_h[1].exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5\ARW18NK7\Defenza[1].exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5\ARW18NK7\eMule0.47c-Installer[1].exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5\ARW18NK7\setupeng[1].exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5\BFXNZ50W\Matroska_Playback_Pack_0.5[1].exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5\E9CVYXWD\MPSetup[1].exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5\E9CVYXWD\wmp11-windowsxp-x86-FR-FR[1].exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5\EDSBA1Q5\ilobby[1].exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5\EDSBA1Q5\ts2_client_rc2_2032[1].exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5\GZJFYSLT\eMule0.47c-Installer[1].exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5\IBAZYL6B\eMule0.47c-Installer[1].exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5\IBAZYL6B\zapSetup_70_337_000_en[1].exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5\M94NM525\AdbeRdr80_fr_FR.exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5\M94NM525\psa30se_fr_fr.exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5\QL0943OR\AiO_071_000_201_000_CDA_DriverOnly_Network_enu[1].exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5\S9E7SDM3\installation[1].exe c:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5\SPI30927\setup214[1].exe c:\Documents and Settings\JIANYA~1~TES\LOCALS~1\Temp\pftA~tmp\alcchkid.exe c:\Documents and Settings\JIANYA~1~TES\LOCALS~1\Temp\pftA~tmp\alcrmv.exe c:\Documents and Settings\JIANYA~1~TES\LOCALS~1\Temp\pftA~tmp\alcrmv64.exe c:\Documents and Settings\JIANYA~1~TES\LOCALS~1\Temp\pftA~tmp\alcrmv9x.exe c:\Documents and Settings\JIANYA~1~TES\LOCALS~1\Temp\pftA~tmp\alcupd.exe c:\Documents and Settings\JIANYA~1~TES\LOCALS~1\Temp\pftA~tmp\AlcUpd64.exe c:\Documents and Settings\JIANYA~1~TES\LOCALS~1\Temp\pftA~tmp\ALCXDEV.EXE c:\Documents and Settings\JIANYA~1~TES\LOCALS~1\Temp\pftA~tmp\ChCfg.exe c:\Documents and Settings\JIANYA~1~TES\LOCALS~1\Temp\pftA~tmp\GETDXVER.EXE c:\Documents and Settings\JIANYA~1~TES\LOCALS~1\Temp\pftA~tmp\SetCDfmt.exe c:\Documents and Settings\JIANYA~1~TES\LOCALS~1\Temp\pftA~tmp\setup.exe c:\Documents and Settings\JIANYA~1~TES\LOCALS~1\Temp\pftA~tmp\WDM\CPLUtl64.exe c:\Documents and Settings\JIANYA~1~TES\LOCALS~1\Temp\pftA~tmp\WDM\RTLCPL.EXE c:\Documents and Settings\JIANYA~1~TES\LOCALS~1\Temp\pftA~tmp\WDM\SoundMan.exe c:\Documents and Settings\All Users.WINDOWS\Application Data\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\avewin32.dll c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\jianya.TEST\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\jianya.TEST\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll c:\Documents and Settings\jianya.TEST\Application Data\Mozilla\Firefox\Profiles\8yk6xlxo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll c:\Documents and Settings\jianya.TEST\Application Data\Mozilla\Firefox\Profiles\8yk6xlxo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll ****** Fin du rapport DiagHelp
  2. mister13el
    Bonsoir Gof ^^ Je suis en tr1 de faire se que tu m'a conseillé je voulais juste précisé qua j'ai aussi telechargé spybot, et que apres son scan ( spybot ) j'ai put supprimer 71 danger potentielle
  3. mister13el
    Merci du conseil, mais j'aimerais savoir si mes favoris resteront si je supprime internet explorer et que je le réinstalle :/ Si non comment garder mes favoris. Si oui euh.. comment je desinstalle internet explorer ? lol , je le trouve pas dans "ajouter ou supprimer des programmes"
  4. mister13el
    Et voila le scan du hijackthis 1.99.0.1 Logfile of HijackThis v1.99.1 Scan saved at 14:13:32, on 28/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\runservice.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\eMule\emule.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\MSN Messenger\livecall.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.198.251.66:8000 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Windows Update] mdos.exe O4 - HKLM\..\Run: [NMGameX_AutoRun] C:\WINDOWS\System32\Rundll32.exe NMGameX.dll,LiveProcess /aa O4 - HKLM\..\Run: [9899] c:\netp.exe O4 - HKLM\..\Run: [2507] C:\netp.exe O4 - HKLM\..\Run: [4499] C:\netp.exe O4 - HKLM\..\Run: [7409] C:\netp.exe O4 - HKLM\..\Run: [2256] C:\netp.exe O4 - HKLM\..\Run: [6641] C:\netp.exe O4 - HKLM\..\Run: [5266] C:\netp.exe O4 - HKLM\..\Run: [4548] C:\netp.exe O4 - HKLM\..\Run: [1436] C:\netp.exe O4 - HKLM\..\Run: [4297] C:\netp.exe O4 - HKLM\..\Run: [1477] C:\netp.exe O4 - HKLM\..\Run: [8476] C:\netp.exe O4 - HKLM\..\Run: [2001] C:\netp.exe O4 - HKLM\..\Run: [7949] C:\netp.exe O4 - HKLM\..\Run: [4327] C:\netp.exe O4 - HKLM\..\Run: [2967] c:\netp.exe O4 - HKLM\..\Run: [9502] C:\netp.exe O4 - HKLM\..\Run: [1900] C:\netp.exe O4 - HKLM\..\Run: [1952] C:\netp.exe O4 - HKLM\..\Run: [2053] C:\netp.exe O4 - HKLM\..\Run: [2716] C:\netp.exe O4 - HKLM\..\Run: [2342] C:\netp.exe O4 - HKLM\..\Run: [4791] C:\netp.exe O4 - HKLM\..\Run: [5200] C:\netp.exe O4 - HKLM\..\Run: [5252] C:\netp.exe O4 - HKLM\..\Run: [6068] C:\netp.exe O4 - HKLM\..\Run: [6120] C:\netp.exe O4 - HKLM\..\Run: [6169] C:\netp.exe O4 - HKLM\..\Run: [2552] C:\netp.exe O4 - HKLM\..\Run: [4244] C:\netp.exe O4 - HKLM\..\Run: [4907] C:\netp.exe O4 - HKLM\..\Run: [6323] C:\netp.exe O4 - HKLM\..\Run: [7079] C:\netp.exe O4 - HKLM\..\Run: [2324] C:\netp.exe O4 - HKLM\..\Run: [552] C:\netp.exe O4 - HKLM\..\Run: [2230] C:\netp.exe O4 - HKLM\..\Run: [3200] C:\netp.exe O4 - HKLM\..\Run: [492] C:\netp.exe O4 - HKLM\..\Run: [4990] C:\netp.exe O4 - HKLM\..\Run: [9435] C:\netp.exe O4 - HKLM\..\Run: [5192] C:\netp.exe O4 - HKLM\..\Run: [7244] C:\netp.exe O4 - HKLM\..\Run: [410] C:\netp.exe O4 - HKLM\..\Run: [548] C:\netp.exe O4 - HKLM\..\Run: [256] C:\netp.exe O4 - HKLM\..\Run: [update WinFix] mdblvavtutsl.exe O4 - HKLM\..\Run: [Network Host Service] vdvshub32.exe O4 - HKLM\..\Run: [Microsoft Update news ] backup32.exe O4 - HKLM\..\Run: [Windows Reg Services] C:\WINDOWS\System32\ffservice.exe O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe O4 - HKLM\..\Run: [HydraVisionViewport] C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [LanzarT2006] "C:\DOCUME~1\JIANYA~1.TES\LOCALS~1\Temp\{CB485E79-B84A-4618-B1A1-3FDE225F9423}\{98032D6F-3EE6-4646-B68C-40BF012AC89B}\..\..\T2006tmp\Install.exe" /SETUP:"/l0x040c" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\RunServices: [Windows Update] mdos.exe O4 - HKLM\..\RunServices: [update WinFix] mdblvavtutsl.exe O4 - HKLM\..\RunServices: [Network Host Service] vdvshub32.exe O4 - HKLM\..\RunServices: [Microsoft Update news ] backup32.exe O4 - HKLM\..\RunServices: [Windowsz] rwnt.exe O4 - HKLM\..\RunServices: [RealPlaer.exe] ylwakllmm.exe O4 - HKCU\..\Run: [Windows Update] mdos.exe O4 - HKCU\..\Run: [Microsoft Update news ] backup32.exe O4 - HKCU\..\Run: [Windows Reg Services] C:\WINDOWS\System32\ffservice.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\RunServices: [Windows Update] mdos.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: Add to QQ Emoticons - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: Send the Picture by QQ MMS - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct4_x.cab O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/games/clients/y/cct0_x.cab O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/poth_x.cab O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart_fr.cab O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://domecam.bbox.ch/kxhcm10.ocx O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab O16 - DPF: {4F1D0C59-5ECC-4028-87F3-482191D2230F} (AxisRTPSrcFilter) - http://152.1.131.130/activex/AMC.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://unamedpascal.spaces.live.com//Photo...ad/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182967365890 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1182967246890 O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://62.164.202.118/activex/AMC.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version= O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.scany.info/nsvplayx_vp6_aac.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IpManager (IPtable) - Unknown owner - C:\WINDOWS\ipconfg32.exe (file missing) O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: Word Process (msproc) - Unknown owner - C:\WINDOWS\mswinpad.exe (file missing) O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  5. mister13el
    Oui j'ai gardé le report ( dsl , je me disais bien que sa allait faire beaucoup de boulot ^^' ) le voici: AntiVir PersonalEdition Classic Report file date: mercredi 27 juin 2007 15:43 Scanning for 847581 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: jianya Computer name: TEST Version information: BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00 AVSCAN.EXE : 7.0.4.15 282664 Bytes 27/06/2007 11:21:18 AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/06/2007 11:21:18 LUKE.DLL : 7.0.4.11 143400 Bytes 27/06/2007 11:21:18 LUKERES.DLL : 7.0.4.0 10280 Bytes 27/06/2007 11:21:18 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 11:21:21 ANTIVIR1.VDF : 6.38.1.170 5569024 Bytes 21/05/2007 11:21:21 ANTIVIR2.VDF : 6.39.0.51 779776 Bytes 25/06/2007 11:21:22 ANTIVIR3.VDF : 6.39.0.65 110592 Bytes 27/06/2007 11:21:22 AVEWIN32.DLL : 7.4.0.34 2478592 Bytes 27/06/2007 11:21:23 AVWINLL.DLL : 1.0.0.7 14376 Bytes 27/06/2007 11:21:18 AVPREF.DLL : 7.0.2.1 24616 Bytes 27/06/2007 11:21:18 AVREP.DLL : 7.0.0.1 155688 Bytes 27/06/2007 11:21:22 AVPACK32.DLL : 7.3.0.12 360488 Bytes 27/06/2007 11:21:23 AVREG.DLL : 7.0.1.2 31784 Bytes 27/06/2007 11:21:18 AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/06/2007 11:21:16 AVARKT.DLL : 1.0.0.17 278568 Bytes 27/06/2007 11:21:16 NETNT.DLL : 7.0.0.0 7720 Bytes 27/06/2007 11:21:18 RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 27/06/2007 11:20:57 RCTEXT.DLL : 7.0.45.0 86056 Bytes 27/06/2007 11:20:57 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\Documents and Settings\All Users.WINDOWS\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: high Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: mercredi 27 juin 2007 15:43 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 12 processes with 12 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '24' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\jianya.TEST\Local Settings\Temporary Internet Files\Content.IE5\BFXNZ50W\bsplayer214[1].942_clip.exe [DETECTION] Contains signature of the dropper DR/WhenU.A.8 [iNFO] The file was deleted! C:\WINDOWS\system32\5alQnVND.exe [DETECTION] Is the Trojan horse TR/Hijack.Explor.3467 [iNFO] The file was moved to '46ee9490.qua'! C:\WINDOWS\system32\wservice.exe [DETECTION] Contains suspicious code HEUR/Crypted [iNFO] The file was moved to '46e7950f.qua'! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll [DETECTION] Contains signature of the SPR/WildTangent.B.1 program [iNFO] The file was moved to '46f99546.qua'! End of the scan: mercredi 27 juin 2007 18:48 Used time: 3:04:31 min The scan has been done completely. 6739 Scanning directories 708591 Files were scanned 4 viruses and/or unwanted programs were found 1 classified as suspicious: 1 files were deleted 0 files were repaired 3 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 708586 Files not concerned 2046 Archives were scanned 2 Warnings 2 Notes 0 Hidden objects were found
  6. mister13el
    Mon problème a commencé lorsque j'ai installé mozilla et que j'ai accepté qu'il soit mon navigateur principal car par la suite je l'ai supprimé et j'ai voulu revenir a internet explorer. A ce jour quand je clique sur un lien http , tout ce que cela donne c'est une page blanche du navigateur avec rien dans la case addresse .. mais parfois cela marche .. parfois non, enfaite sa depend d'ou vient le lien ( si on le trouve sur msn ou sur un lien que propose windows ) Si vous avez besoin de plus de précision vous n'avez qu'à la demander Merci ^^ ps: remarque la page vierge du navigateur : le navigateur en question c'est internet explorer
  7. mister13el
    J'ai fait exactement se qui avait été écrit dans le post Pré-Nettoyage d'un PC infecté j'avait un problème où avast, à chaque démarage me signaler win32:ctx, qu'on dit que c'est un faux positif de panda. jai fait le prenetoyage conseillé par le post en tete et jai opter pour antivir ( jai aussi pro alarm comme firewall ) Voici le scan de hijackthis merci de bien vouloir lanalyser, le scan etant incompréhensible par moi même Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 19:24:19, on 27/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\runservice.exe C:\WINDOWS\System32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\SYSTEM32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\eMule\emule.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\MSN Messenger\livecall.exe C:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\Winamp\Winamp.exe C:\Program Files\Hijackthis\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.198.251.66:8000 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file) O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Windows Update] mdos.exe O4 - HKLM\..\Run: [NMGameX_AutoRun] C:\WINDOWS\System32\Rundll32.exe NMGameX.dll,LiveProcess /aa O4 - HKLM\..\Run: [9899] c:\netp.exe O4 - HKLM\..\Run: [2507] C:\netp.exe O4 - HKLM\..\Run: [4499] C:\netp.exe O4 - HKLM\..\Run: [7409] C:\netp.exe O4 - HKLM\..\Run: [2256] C:\netp.exe O4 - HKLM\..\Run: [6641] C:\netp.exe O4 - HKLM\..\Run: [5266] C:\netp.exe O4 - HKLM\..\Run: [4548] C:\netp.exe O4 - HKLM\..\Run: [1436] C:\netp.exe O4 - HKLM\..\Run: [4297] C:\netp.exe O4 - HKLM\..\Run: [1477] C:\netp.exe O4 - HKLM\..\Run: [8476] C:\netp.exe O4 - HKLM\..\Run: [2001] C:\netp.exe O4 - HKLM\..\Run: [7949] C:\netp.exe O4 - HKLM\..\Run: [4327] C:\netp.exe O4 - HKLM\..\Run: [2967] c:\netp.exe O4 - HKLM\..\Run: [9502] C:\netp.exe O4 - HKLM\..\Run: [1900] C:\netp.exe O4 - HKLM\..\Run: [1952] C:\netp.exe O4 - HKLM\..\Run: [2053] C:\netp.exe O4 - HKLM\..\Run: [2716] C:\netp.exe O4 - HKLM\..\Run: [2342] C:\netp.exe O4 - HKLM\..\Run: [4791] C:\netp.exe O4 - HKLM\..\Run: [5200] C:\netp.exe O4 - HKLM\..\Run: [5252] C:\netp.exe O4 - HKLM\..\Run: [6068] C:\netp.exe O4 - HKLM\..\Run: [6120] C:\netp.exe O4 - HKLM\..\Run: [6169] C:\netp.exe O4 - HKLM\..\Run: [2552] C:\netp.exe O4 - HKLM\..\Run: [4244] C:\netp.exe O4 - HKLM\..\Run: [4907] C:\netp.exe O4 - HKLM\..\Run: [6323] C:\netp.exe O4 - HKLM\..\Run: [7079] C:\netp.exe O4 - HKLM\..\Run: [2324] C:\netp.exe O4 - HKLM\..\Run: [552] C:\netp.exe O4 - HKLM\..\Run: [2230] C:\netp.exe O4 - HKLM\..\Run: [3200] C:\netp.exe O4 - HKLM\..\Run: [492] C:\netp.exe O4 - HKLM\..\Run: [4990] C:\netp.exe O4 - HKLM\..\Run: [9435] C:\netp.exe O4 - HKLM\..\Run: [5192] C:\netp.exe O4 - HKLM\..\Run: [7244] C:\netp.exe O4 - HKLM\..\Run: [410] C:\netp.exe O4 - HKLM\..\Run: [548] C:\netp.exe O4 - HKLM\..\Run: [256] C:\netp.exe O4 - HKLM\..\Run: [update WinFix] mdblvavtutsl.exe O4 - HKLM\..\Run: [Network Host Service] vdvshub32.exe O4 - HKLM\..\Run: [Microsoft Update news ] backup32.exe O4 - HKLM\..\Run: [Windows Reg Services] C:\WINDOWS\System32\ffservice.exe O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe O4 - HKLM\..\Run: [HydraVisionViewport] C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [LanzarT2006] "C:\DOCUME~1\JIANYA~1.TES\LOCALS~1\Temp\{CB485E79-B84A-4618-B1A1-3FDE225F9423}\{98032D6F-3EE6-4646-B68C-40BF012AC89B}\..\..\T2006tmp\Install.exe" /SETUP:"/l0x040c" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\RunServices: [Windows Update] mdos.exe O4 - HKLM\..\RunServices: [update WinFix] mdblvavtutsl.exe O4 - HKLM\..\RunServices: [Network Host Service] vdvshub32.exe O4 - HKLM\..\RunServices: [Microsoft Update news ] backup32.exe O4 - HKLM\..\RunServices: [Windowsz] rwnt.exe O4 - HKLM\..\RunServices: [RealPlaer.exe] ylwakllmm.exe O4 - HKCU\..\Run: [Windows Update] mdos.exe O4 - HKCU\..\Run: [Microsoft Update news ] backup32.exe O4 - HKCU\..\Run: [Windows Reg Services] C:\WINDOWS\System32\ffservice.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\RunServices: [Windows Update] mdos.exe O4 - HKLM\..\Policies\Explorer\Run: [Windows Reg Services] C:\WINDOWS\System32\ffservice.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunServices: [Windows Update] mdos.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunServices: [Windows Update] mdos.exe (User 'Default user') O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: Add to QQ Customized Panel - C:\Program Files\Tencent\QQ\AddPanel.htm O8 - Extra context menu item: Add to QQ Emoticons - C:\Program Files\Tencent\QQ\AddEmotion.htm O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Send picture by MMS - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: Send the Picture by QQ MMS - C:\Program Files\Tencent\QQ\SendMMS.htm O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct4_x.cab O16 - DPF: Yahoo! Chinese Checkers - http://download.games.yahoo.com/games/clients/y/cct0_x.cab O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x.cab O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/poth_x.cab O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab O16 - DPF: Yahoo! Reversi - http://download.games.yahoo.com/games/clients/y/rt0_x.cab O16 - DPF: Yahoo! Towers 2.0 - http://download.games.yahoo.com/games/clients/y/ywt0_x.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.drivecleaner.com/installdrivecleanerstart_fr.cab O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://domecam.bbox.ch/kxhcm10.ocx O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www3.snapfish.fr/SnapfishActivia.cab O16 - DPF: {4F1D0C59-5ECC-4028-87F3-482191D2230F} (AxisRTPSrcFilter) - http://152.1.131.130/activex/AMC.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://unamedpascal.spaces.live.com//Photo...ad/MsnPUpld.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1128788073500 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1162290100328 O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://62.164.202.118/activex/AMC.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/telecharger.php?id=2&version= O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697519} (NsvPlayX Control) - http://www.scany.info/nsvplayx_vp6_aac.cab O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IpManager (IPtable) - Unknown owner - C:\WINDOWS\ipconfg32.exe (file missing) O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe O23 - Service: Word Process (msproc) - Unknown owner - C:\WINDOWS\mswinpad.exe (file missing) O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Fichiers communs\Panda Software\PavShld\pavprsrv.exe (file missing) O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe -- End of file - 17371 bytes
×
×
  • Créer...