Azaze1st

J'ai pas de parefeu car je suis derrière un routers. On m'a donc dit que sa donnait rien

Merci beaucoup. J'ai changé de PC pour ne pas me faire avoir. Voici dans l'ordre ===SDFix=== SDFix: Version 1.96 Run by Ofoe-Larocque on 2007-08-06 at 21:44 Microsoft Windows XP [Version 5.1.2600] Running From: C:\SDfix\SDFix Safe Mode: Checking Services: Name: core ImagePath: system32\drivers\core.sys core - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Trojan Files Found: C:\WINDOWS\b122.exe - Deleted C:\WINDOWS\b136.exe - Deleted C:\WINDOWS\retadpu1000520.exe - Deleted C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted C:\WINDOWS\system32\drivers\core.sys - Deleted C:\WINDOWS\wr.txt - Deleted Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "%SystemDir%\\winsecurityxp\\mswinup.exe"="%SystemDir%\\winsecurityxp\\mswinup.exe:*:Enabled:Internet Explorer" "C:\\WINDOWS\\system32\\winjews16.exe"="C:\\WINDOWS\\system32\\winjews16.exe:*:Enabled:Windows Systems16" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" Remaining Files: --------------- Backups Folder: - C:\SDfix\SDFix\backups\backups.zip Files with Hidden Attributes: C:\Documents and Settings\Ofoe-Larocque\Local Settings\Application Data\Microsoft\Messenger\eyofoe@hotmail.com\Sharing Folders\azazel1st@hotmail.com\Thumbs.db C:\Documents and Settings\Ofoe-Larocque\Local Settings\Application Data\Microsoft\Messenger\eyofoe@hotmail.com\Sharing Folders\master_j79@hotmail.com\Mims - Music Is My Savior\Thumbs.db C:\Documents and Settings\Ofoe-Larocque\Local Settings\Application Data\Microsoft\Messenger\eyofoe@hotmail.com\Sharing Folders\master_j79@hotmail.com\TLC - FanMail\Thumbs.db C:\Documents and Settings\Ofoe-Larocque\Local Settings\Application Data\Microsoft\Messenger\eyofoe@hotmail.com\Sharing Folders\pichou1st@hotmail.com\Thumbs.db C:\Documents and Settings\Ofoe-Larocque\My Documents\My Pictures\FEMMES\200-Babes-Wallpaper(www.space-board.com)\Thumbs.db C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp Finished ========== Highjackthis =============== Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 22:04:57, on 2007-08-06 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\notepad.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Microsoft ActiveSync\WCESMgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Documents and Settings\Ofoe-Larocque\Desktop\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Program Files\D-Link\AirPlus XtremeG\AirPlusCFG.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [VIP Organizer] "C:\Program Files\VIP Quality Software\VIP Organizer\VIP Organizer.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164490235718 O17 - HKLM\System\CCS\Services\Tcpip\..\{BEDD6E3F-6E20-4CEA-8DA7-630C92EA4FB1}: NameServer = 24.200.241.37,24.200.243.189 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 7405 bytes =========== DiagHelp ====== DiagHelp version v1.1.2 - http://www.malekal.com excute le 2007-08-06 à 22:09:41,53 Liste des derniers fichies modifies/crees dans windir\system32 C:\WINDOWS\System32/drivers\NSDriver.sys -->2007-06-04 15:18:48 C:\WINDOWS\System32/drivers\AWRTRD.sys -->2007-06-04 15:17:02 C:\WINDOWS\System32/drivers\AWRTPD.sys -->2007-06-04 15:14:56 C:\WINDOWS\System32/drivers\AvgAsCln.sys -->2007-05-30 08:10:42 C:\WINDOWS\System32/drivers\scdemu.sys -->2007-04-09 08:27:07 C:\WINDOWS\System32/drivers\sptd.sys -->2006-12-05 21:16:31 C:\WINDOWS\System32/drivers\pfc.sys -->2006-11-26 03:44:00 C:\WINDOWS\System32\nvapps.xml -->2007-08-06 22:04:25 C:\WINDOWS\System32\wpa.dbl -->2007-08-06 17:17:59 C:\WINDOWS\System32\ANIWZCS{BEDD6E3F-6E20-4CEA-8DA7-630C92EA4FB1} -->2007-07-28 11:04:01 C:\WINDOWS\System32\atmtd.dll.tmp -->2007-07-28 10:59:28 C:\WINDOWS\System32\QuickTimeVR.qtx -->2007-06-29 06:24:58 C:\WINDOWS\System32\QuickTime.qts -->2007-06-29 06:24:58 C:\WINDOWS\System32\PerfStringBackup.INI -->2007-04-28 21:08:39 C:\WINDOWS\System32\perfh009.dat -->2007-04-28 21:08:39 C:\WINDOWS\System32\perfc009.dat -->2007-04-28 21:08:39 C:\WINDOWS\System32\lsdelete.exe -->2007-04-13 15:19:52 C:\WINDOWS\System32\FNTCACHE.DAT -->2007-03-17 16:17:53 C:\WINDOWS\System32\gdsmux.exe -->2007-02-26 17:24:30 C:\WINDOWS\System32\dxr.dll -->2007-02-26 17:24:20 C:\WINDOWS\System32\dsmux.exe -->2007-02-26 17:23:36 C:\WINDOWS\System32\splitter.ax -->2007-02-26 17:23:18 C:\WINDOWS\System32\mkx.dll -->2007-02-26 17:22:42 C:\WINDOWS\System32\avi.dll -->2007-02-26 17:22:36 C:\WINDOWS\System32\avss.dll -->2007-02-26 17:22:34 C:\WINDOWS\System32\mp4.dll -->2007-02-26 17:22:30 C:\WINDOWS\System32\ogm.dll -->2007-02-26 17:22:24 C:\WINDOWS\System32\mmfinfo.dll -->2007-02-26 17:22:14 C:\WINDOWS\System32\mkv2vfr.exe -->2007-02-26 17:22:08 C:\WINDOWS\System32\ts.dll -->2007-02-26 17:22:04 C:\WINDOWS\System32\avs.dll -->2007-02-26 17:21:46 C:\WINDOWS\System32\mkzlib.dll -->2007-02-26 17:21:38 C:\WINDOWS.log -->2007-08-06 21:51:06 C:\WINDOWS\WindowsUpdate.log -->2007-08-06 21:50:22 C:\WINDOWS\wiadebug.log -->2007-08-06 21:50:21 C:\WINDOWS\wiaservc.log -->2007-08-06 21:50:20 C:\WINDOWS\bootstat.dat -->2007-08-06 21:50:05 C:\WINDOWS\Thumbs.db -->2007-08-06 21:42:51 C:\WINDOWS\NeroDigital.ini -->2007-08-06 21:42:51 C:\WINDOWS\ntbtlog.txt -->2007-08-06 21:41:59 C:\WINDOWS\SchedLgU.Txt -->2007-08-06 21:39:06 C:\WINDOWS\setupapi.log -->2007-08-06 21:31:41 C:\WINDOWS\mozver.dat -->2007-08-05 22:20:23 C:\WINDOWS\wmsetup.log -->2007-08-05 15:32:15 C:\WINDOWS\nsreg.dat -->2007-08-04 13:23:09 C:\WINDOWS\win.ini -->2007-06-13 07:59:03 C:\WINDOWS\dasetup.log -->2007-06-11 23:26:16 Volume in drive C is WINDOWS Volume Serial Number is 9CCC-91EC Directory of C:\WINDOWS\system32 2004-08-04 08:00 6 144 csrss.exe 1 File(s) 6 144 bytes 0 Dir(s) 15 385 747 456 bytes free Contenu de Downloaded Program Files Volume in drive C is WINDOWS Volume Serial Number is 9CCC-91EC Directory of C:\WINDOWS\Downloaded Program Files 2007-08-06 18:10 <DIR> . 2007-08-06 18:10 <DIR> .. 2006-11-25 12:18 65 desktop.ini 2006-10-12 05:07 896 jinstall-1_5_0_09.inf 2006-12-11 17:44 367 LegitCheckControl.inf 2006-06-20 16:44 117 560 PURen-us.dll 2002-05-31 10:20 117 328 purfr-ca.dll 2006-12-04 16:16 144 QTPlugin.inf 2006-11-09 15:36 5 019 swflash.inf 2005-05-26 05:19 291 wuweb.inf 8 File(s) 241 670 bytes Total Files Listed: 8 File(s) 241 670 bytes 2 Dir(s) 15 385 747 456 bytes free Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus" "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "%SystemDir%\\winsecurityxp\\mswinup.exe"="%SystemDir%\\winsecurityxp\\mswinup.exe:*:Enabled:Internet Explorer" "C:\\WINDOWS\\system32\\winjews16.exe"="C:\\WINDOWS\\system32\\winjews16.exe:*:Enabled:Windows Systems16" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" Export de la clef SharedTaskScheduler [sharedTaskScheduler] Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-06 22:09:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:346a1251 "s2"=dword:594b27b7 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\CfgD79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\CfgD79C293C1ED61418462E24595C90D04] "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\" scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 332 - wmpnetwk.exe 524 - avgas.exe 608 - csrss.exe 632 - winlogon.exe 676 - services.exe 688 - lsass.exe 836 - svchost.exe 928 - svchost.exe 964 - svchost.exe 1096 - svchost.exe 1248 - spoolsv.exe 1356 - aawservice.exe 1392 - guard.exe 1452 - svchost.exe 1472 - MDM.EXE 1516 - nvsvc32.exe 1584 - HPZipm12.exe 1600 - alg.exe 1848 - svchost.exe 2148 - AirPlusCFG.exe 2164 - ctfmon.exe 2536 - explorer.exe 2616 - msnmsgr.exe 2620 - NMBgMonitor.exe 2760 - NMIndexStoreSvr 2876 - wcescomm.exe 2900 - wmpnscfg.exe 3012 - rapimgr.exe 3036 - cmd.exe 3720 - WCESMgr.exe 3812 - usnsvc.exe Total number of processes = 32 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntoskrnl.exe 806EC000 - \WINDOWS\system32\hal.dll F7A2F000 - \WINDOWS\system32\KDCOM.DLL F793F000 - \WINDOWS\system32\BOOTVID.dll F7437000 - sptd.sys F7A31000 - \WINDOWS\System32\Drivers\WMILIB.SYS F741F000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS F73F1000 - ACPI.sys F73E0000 - pci.sys F752F000 - ohci1394.sys F753F000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F754F000 - isapnp.sys F7AF7000 - pciide.sys F77AF000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F755F000 - MountMgr.sys F73C1000 - ftdisk.sys F7A33000 - dmload.sys F739B000 - dmio.sys F77B7000 - PartMgr.sys F756F000 - VolSnap.sys F7383000 - atapi.sys F757F000 - disk.sys F758F000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F7363000 - fltMgr.sys F7351000 - sr.sys F77BF000 - PxHelp20.sys F733A000 - KSecDD.sys F72AD000 - Ntfs.sys F7280000 - NDIS.sys F7265000 - Mup.sys F75FF000 - \SystemRoot\system32\DRIVERS\amdk7.sys F78B7000 - \SystemRoot\system32\DRIVERS\usbohci.sys F61E2000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F78BF000 - \SystemRoot\system32\DRIVERS\usbehci.sys F61C0000 - \SystemRoot\system32\drivers\hercspud.sys F7A57000 - \SystemRoot\system32\drivers\hercos.sys F619D000 - \SystemRoot\system32\drivers\ks.sys F612F000 - \SystemRoot\system32\DRIVERS\A3AB.sys F760F000 - \SystemRoot\system32\DRIVERS\imapi.sys F761F000 - \SystemRoot\System32\Drivers\AFS2K.SYS F7A27000 - \SystemRoot\system32\drivers\pfc.sys F762F000 - \SystemRoot\system32\DRIVERS\cdrom.sys F763F000 - \SystemRoot\system32\DRIVERS\redbook.sys F5D5F000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys F5D02000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F78C7000 - \SystemRoot\system32\DRIVERS\fdc.sys F764F000 - \SystemRoot\system32\DRIVERS\serial.sys F723D000 - \SystemRoot\system32\DRIVERS\serenum.sys F5CEE000 - \SystemRoot\system32\DRIVERS\parport.sys F7B7D000 - \SystemRoot\system32\drivers\msmpu401.sys F5CCA000 - \SystemRoot\system32\drivers\portcls.sys F765F000 - \SystemRoot\system32\drivers\drmk.sys F7239000 - \SystemRoot\system32\DRIVERS\gameenum.sys F7B7E000 - \SystemRoot\system32\DRIVERS\audstub.sys F6295000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F7235000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F5CB3000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F6285000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F6275000 - \SystemRoot\system32\DRIVERS\raspptp.sys F78CF000 - \SystemRoot\system32\DRIVERS\TDI.SYS F5CA2000 - \SystemRoot\system32\DRIVERS\psched.sys F6265000 - \SystemRoot\system32\DRIVERS\msgpc.sys F78DF000 - \SystemRoot\system32\DRIVERS\ptilink.sys F78E7000 - \SystemRoot\system32\DRIVERS\raspti.sys F5C71000 - \SystemRoot\system32\DRIVERS\rdpdr.sys F6255000 - \SystemRoot\system32\DRIVERS\termdd.sys F78EF000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F78F7000 - \SystemRoot\system32\DRIVERS\mouclass.sys F7A59000 - \SystemRoot\system32\DRIVERS\swenum.sys F5C3D000 - \SystemRoot\system32\DRIVERS\update.sys F7219000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F6245000 - \SystemRoot\system32\DRIVERS\usbhub.sys F7A5B000 - \SystemRoot\system32\DRIVERS\USBD.SYS F6235000 - \SystemRoot\System32\Drivers\NDProxy.SYS F5AA3000 - \SystemRoot\system32\drivers\hercwdm.sys F78FF000 - \SystemRoot\system32\DRIVERS\flpydisk.sys F7A5D000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7B3F000 - \SystemRoot\System32\Drivers\Null.SYS F7A5F000 - \SystemRoot\System32\Drivers\Beep.SYS F7B1C000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys F790F000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F7917000 - \SystemRoot\System32\drivers\vga.sys F7A63000 - \SystemRoot\System32\Drivers\mnmdd.SYS F7A65000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F791F000 - \SystemRoot\System32\Drivers\Msfs.SYS F7927000 - \SystemRoot\System32\Drivers\Npfs.SYS F6A0C000 - \SystemRoot\system32\DRIVERS\rasacd.sys F4970000 - \SystemRoot\system32\DRIVERS\ipsec.sys F4918000 - \SystemRoot\system32\DRIVERS\tcpip.sys F48F0000 - \SystemRoot\system32\DRIVERS\netbt.sys F48CE000 - \SystemRoot\System32\drivers\afd.sys F6205000 - \SystemRoot\system32\DRIVERS\netbios.sys F792F000 - \SystemRoot\System32\Drivers\SCDEmu.SYS F487B000 - \SystemRoot\system32\DRIVERS\rdbss.sys F7B4E000 - \SystemRoot\System32\Drivers\PQNTDrv.SYS F480C000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F766F000 - \SystemRoot\System32\Drivers\Fips.SYS F47EB000 - \SystemRoot\system32\DRIVERS\ipnat.sys F767F000 - \SystemRoot\system32\DRIVERS\wanarp.sys F7B53000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys F77DF000 - \SystemRoot\system32\DRIVERS\usbccgp.sys F7A23000 - \SystemRoot\system32\DRIVERS\hidusb.sys F769F000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS F77EF000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS F5C2D000 - \SystemRoot\system32\DRIVERS\mouhid.sys F5C29000 - \SystemRoot\system32\DRIVERS\kbdhid.sys F76BF000 - \SystemRoot\System32\Drivers\Cdfs.SYS F47AB000 - \SystemRoot\System32\Drivers\dump_atapi.sys F7A75000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F7205000 - \SystemRoot\System32\drivers\Dxapi.sys F77F7000 - \SystemRoot\System32\watchdog.sys BF000000 - \SystemRoot\System32\drivers\dxg.sys F7BC4000 - \SystemRoot\System32\drivers\dxgthk.sys BF012000 - \SystemRoot\System32\nv4_disp.dll BFFA0000 - \SystemRoot\System32\ATMFD.DLL BA518000 - \SystemRoot\system32\DRIVERS\ndisuio.sys B9B53000 - \SystemRoot\system32\DRIVERS\mrxdav.sys F7AAF000 - \SystemRoot\System32\Drivers\ParVdm.SYS F7817000 - \??\C:\WINDOWS\system32\ANIO.SYS B9A22000 - \SystemRoot\System32\Drivers\HTTP.sys B98B8000 - \SystemRoot\system32\DRIVERS\srv.sys B8D0B000 - \SystemRoot\system32\drivers\wdmaud.sys B9598000 - \SystemRoot\system32\drivers\sysaudio.sys F7A39000 - \SystemRoot\system32\drivers\splitter.sys B8CE8000 - \SystemRoot\system32\drivers\aec.sys B997A000 - \SystemRoot\system32\drivers\swmidi.sys B9BF8000 - \SystemRoot\system32\drivers\DMusic.sys B8C1D000 - \SystemRoot\system32\drivers\kmixer.sys F7BAD000 - \SystemRoot\system32\drivers\drmkaud.sys F7C06000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 131 Liste des programmes installes 1600 1600_Help 1600Trb ACDSee Pro ActivePerl 5.8.8 Build 819 Ad-Aware 2007 Adobe Bridge 1.0 Adobe Common File Installer Adobe Flash Player 9 ActiveX Adobe Help Center 1.0 Adobe Photoshop CS2 Adobe Photoshop CS2 Adobe Reader 7.0.5 Language Support Adobe Reader 7.0.9 Adobe Stock Photos 1.0 AiO_Scan AiOSoftware AirPlus XtremeG AirPlus XtremeG ANIO Service ANIWZCS2 Service Archiveur WinRAR AutoUpdate AVG Anti-Spyware 7.5 Azureus BitTorrent 5.0.1 BufferChm CCleaner (remove only) Cole2k Media - Codec Pack (Standard) 6.0.9 Combined Community Codec Pack 2007-02-22 Copy CP_AtenaShokunin1Config cp_dwShrek2Albums1 cp_dwShrek2Cards1 CreativeProjects CreativeProjectsTemplates CueTour D-Link 11Mbps Wireless LAN for Windows Destinations Director DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player DocProc DocumentViewer DVD Shrink 3.2 EasyRecovery Professional EasyRecovery Professional Fax FHL Tools FHLSim.com Fantasy Hockey League Simulator FLV Player 1.3.3 Free WMA to MP3 Converter 1.16 FTP Expert 3 Handmark® Monopoly® for Pocket PC Hercules Crystal Sound Cards HijackThis 2.0.0 Hotfix for Windows XP (KB896344) Hotfix for Windows XP (KB909394) Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) HP Driver Diagnostics HP Extended Capabilities 4.7 HP Image Zone 4.7 HP Memories Disc HP Product Assistant HP PSC & OfficeJet 4.7 HP Software Update HPSystemDiagnostics InstantShare J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 9 Lecteur Windows Media 11 Magic ISO Maker v5.3 (build 0221) MarketResearch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Microsoft ActiveSync Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office FrontPage 2003 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft XML Parser Mozilla Firefox (2.0) Mp3tag v2.38 MSXML 4.0 SP2 (KB927978) Nero 7 NVIDIA Drivers OpenMG Limited Patch 4.4-06-13-19-01 OpenMG Secure Module 4.4.00 OpenMG Secure Module 4.4.00 PanoStandAlone PartitionMagic PhotoGallery PowerDVD PowerISO PowerQuest PartitionMagic 8.0 ProductContext QFolder QuickTime Readme Scan ScannerCopy Security Update for Microsoft .NET Framework 2.0 (KB917283) Security Update for Microsoft .NET Framework 2.0 (KB922770) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922760) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB926255) SkinsHP1 SonicStage 3.4 TrayApp Ulead DVD MovieFactory 5 Plus Unload Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB908531) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920342) Update for Windows XP (KB920872) Update for Windows XP (KB922582) WebFldrs XP WebReg WinAVIVideoConverter Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Messenger Windows Media Connect Windows Media Encoder 9 Series Windows Media Encoder 9 Series Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 WinZip Volume in drive C is WINDOWS Volume Serial Number is 9CCC-91EC Directory of C:\Program Files 2007-08-06 21:02 <DIR> . 2007-08-06 21:02 <DIR> .. 2006-11-26 03:44 <DIR> ACD Systems 2006-12-01 00:15 <DIR> Adobe 2006-12-12 22:04 <DIR> Alcohol Soft 2006-11-25 12:46 <DIR> ANI 2007-01-27 15:50 <DIR> Azureus 2006-11-25 20:05 <DIR> BitTorrent 2007-08-06 21:02 <DIR> CCleaner 2007-07-14 21:16 <DIR> Combined Community Codec Pack 2007-07-29 00:23 <DIR> Common Files 2006-11-25 12:16 <DIR> ComPlus Applications 2006-11-26 03:33 <DIR> CyberLink 2006-11-25 21:16 <DIR> DivX 2006-11-25 12:46 <DIR> D-Link 2007-08-01 21:14 <DIR> Druide 2006-11-26 03:36 <DIR> DVD Shrink 2006-11-27 00:10 <DIR> Fantasy Hockey League 2007-03-18 01:34 <DIR> FHL Tools 2007-03-18 02:17 <DIR> FLVPlayer 2007-05-27 13:50 <DIR> Free WMA to MP3 Converter 2007-07-30 02:27 <DIR> Google 2007-08-06 18:40 <DIR> Grisoft 2006-11-25 12:50 <DIR> Hercules 2006-12-16 22:06 <DIR> Hewlett-Packard 2007-05-06 18:49 <DIR> HP 2006-11-25 17:58 <DIR> Internet Explorer 2007-03-16 22:19 <DIR> InterVideo 2007-02-14 22:08 <DIR> Java 2007-07-29 00:24 <DIR> Lavasoft 2007-03-16 22:03 <DIR> MagicISO 2006-11-25 17:52 <DIR> Messenger 2007-07-29 19:13 <DIR> Microsoft ActiveSync 2006-11-25 12:19 <DIR> microsoft frontpage 2006-12-04 00:03 <DIR> Microsoft Office 2006-11-25 13:46 <DIR> Microsoft Visual Studio 2006-12-03 23:56 <DIR> Microsoft Visual Studio 8 2006-12-04 00:03 <DIR> Microsoft Works 2006-11-25 13:47 <DIR> Microsoft.NET 2006-11-25 12:17 <DIR> Movie Maker 2007-08-06 21:32 <DIR> Mozilla Firefox 2007-05-03 01:24 <DIR> Mp3tag 2006-12-04 00:03 <DIR> MSBuild 2006-11-25 12:15 <DIR> MSN 2006-11-25 12:15 <DIR> MSN Gaming Zone 2007-02-16 00:25 <DIR> MSN Messenger 2006-12-21 19:11 <DIR> MSXML 4.0 2006-11-25 23:53 <DIR> Nero 2006-11-25 12:17 <DIR> NetMeeting 2006-11-25 12:18 <DIR> Online Services 2006-11-25 15:02 <DIR> Ontrack 2006-12-21 19:11 <DIR> Outlook Express 2007-05-06 01:57 <DIR> PowerISO 2006-11-25 13:05 <DIR> PowerQuest 2007-07-22 21:06 <DIR> QuickTime 2007-06-11 23:29 <DIR> Sony 2007-06-11 23:29 <DIR> Sony Corporation 2007-01-02 03:52 <DIR> Total Training 2007-03-16 22:11 <DIR> Ulead Systems 2006-11-28 23:59 <DIR> Visicom Media 2007-01-11 00:47 <DIR> Win Zip 2007-02-20 23:14 <DIR> WinAVIVideoConverter 2007-03-16 22:12 <DIR> Windows Media Components 2006-11-25 18:07 <DIR> Windows Media Connect 2 2006-11-25 17:45 <DIR> Windows Media Player 2006-11-25 12:15 <DIR> Windows NT 2006-11-27 11:31 <DIR> WinRAR 2006-11-25 12:19 <DIR> xerox 0 File(s) 0 bytes 68 Dir(s) 15 385 260 032 bytes free Volume in drive C is WINDOWS Volume Serial Number is 9CCC-91EC Directory of C:\Program Files\common files 2007-07-29 00:23 <DIR> . 2007-07-29 00:23 <DIR> .. 2006-11-26 03:44 <DIR> ACD Systems 2007-07-17 09:04 <DIR> Adobe 2006-11-25 13:37 <DIR> Adobe Systems Shared 2006-11-25 23:56 <DIR> Ahead 2007-05-19 14:46 <DIR> Blizzard Entertainment 2006-11-25 13:46 <DIR> DESIGNER 2006-11-25 16:49 <DIR> Hewlett-Packard 2006-12-16 21:49 <DIR> HP 2007-03-16 22:19 <DIR> InstallShield 2006-11-25 20:52 <DIR> Java 2007-05-05 02:37 <DIR> Microsoft Shared 2006-11-25 12:17 <DIR> MSSoap 2006-11-25 07:00 <DIR> ODBC 2006-11-25 12:17 <DIR> Services 2007-06-11 23:29 <DIR> Sony Shared 2006-11-25 07:00 <DIR> SpeechEngines 2006-12-21 19:11 <DIR> System 2007-03-16 22:19 <DIR> Ulead Systems 2007-07-29 00:23 <DIR> Wise Installation Wizard 0 File(s) 0 bytes 21 Dir(s) 15 385 260 032 bytes free Volume in drive C is WINDOWS Volume Serial Number is 9CCC-91EC Directory of C:\ 2007-05-12 18:22 68 096 diff.exe 2007-05-12 18:22 103 424 grep.exe 2 File(s) 171 520 bytes 0 Dir(s) 15 385 260 032 bytes free c:\Documents and Settings\Ofoe-Larocque\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe c:\Documents and Settings\Ofoe-Larocque\Application Data\Macromedia\Flash Player\#SharedObjects\BQ7T5RC3\localhost\Program Files\FLVPlayer\flvplayer.exe c:\Documents and Settings\Ofoe-Larocque\Application Data\Microsoft\Installer\{6314D540-E3C1-4F30-AEEB-4154C93375C3}\ARPPRODUCTICON.exe c:\Documents and Settings\Ofoe-Larocque\Application Data\Microsoft\Installer\{A474EA56-5DBD-4181-8230-806A4762EA7F}\IconA474EA561.exe c:\Documents and Settings\Ofoe-Larocque\Application Data\Microsoft\Installer\{C900D6AC-75B1-4B4F-AAA5-C53FC2F99E03}\_132e6f65.exe c:\Documents and Settings\Ofoe-Larocque\Application Data\Microsoft\Installer\{C900D6AC-75B1-4B4F-AAA5-C53FC2F99E03}\_20d67b1c.exe c:\Documents and Settings\Ofoe-Larocque\Application Data\Microsoft\Installer\{C900D6AC-75B1-4B4F-AAA5-C53FC2F99E03}\_38cd349e.exe c:\Documents and Settings\Ofoe-Larocque\Application Data\Microsoft\Installer\{C900D6AC-75B1-4B4F-AAA5-C53FC2F99E03}\_693a2dc2.exe c:\Documents and Settings\Ofoe-Larocque\Application Data\Microsoft\Installer\{C900D6AC-75B1-4B4F-AAA5-C53FC2F99E03}\_71c639d1.exe c:\Documents and Settings\Ofoe-Larocque\Application Data\Microsoft\Installer\{C900D6AC-75B1-4B4F-AAA5-C53FC2F99E03}\_a992df5.exe c:\Documents and Settings\Ofoe-Larocque\Desktop\ATF-Cleaner.exe c:\Documents and Settings\Ofoe-Larocque\Desktop\avgas-setup-7.5.1.43.exe c:\Documents and Settings\Ofoe-Larocque\Desktop\ccsetup141(2).exe c:\Documents and Settings\Ofoe-Larocque\Desktop\ccsetup141.exe c:\Documents and Settings\Ofoe-Larocque\Desktop\HiJackThis_v2.exe c:\Documents and Settings\Ofoe-Larocque\Desktop\Navilog1.exe c:\Documents and Settings\Ofoe-Larocque\Desktop\SDFix.exe c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll c:\Documents and Settings\Azazel1st\Application Data\Mozilla\Firefox\Profilesac4i7ih.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll c:\Documents and Settings\Azazel1st\Application Data\Mozilla\Firefox\Profilesac4i7ih.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll c:\Documents and Settings\Ofoe-Larocque\Application Data\Mozilla\Firefox\Profiles\qu939jf5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll c:\Documents and Settings\Ofoe-Larocque\Application Data\Mozilla\Firefox\Profiles\qu939jf5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll ****** Fin du rapport DiagHelp

Merci, Je fais le tout ce soir (heure MTL) et je te reviens

Bonjour, Depuis quelque temps j'ai fréquament des pop up lorsque je navigue avec IE. J'ai donc fait comme plusieur et je suis passé à fire fox. Rien à faire, un pop up dès la première ouverture. J'ai tenté de faire un Highjackthis en fesant des recherches, mais je n'y arrive pas. Croyez vous pouvoir m'aider? Merci beaucoup de votre aide, fait maintenant 2 semaines que je cherche des solutions. Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 22:24:41, on 2007-08-05 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Documents and Settings\Ofoe-Larocque\Desktop\HiJackThis_v2.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\RunServices: [Windows Systems16] C:\WINDOWS\system32\winjews16.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [VIP Organizer] "C:\Program Files\VIP Quality Software\VIP Organizer\VIP Organizer.exe" O4 - HKUS\S-1-5-21-436374069-484061587-725345543-1004\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Azazel1st') O4 - HKUS\S-1-5-21-436374069-484061587-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Azazel1st') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Azureus.lnk = C:\Program Files\Azureus\Azureus.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200612...ex/qtplugin.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://eyofoe.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164490235718 O17 - HKLM\System\CCS\Services\Tcpip\..\{BEDD6E3F-6E20-4CEA-8DA7-630C92EA4FB1}: NameServer = 24.200.241.37,24.201.245.77 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe -- End of file - 8087 bytes