Aller au contenu

richard1208

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    12

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    francais

richard1208's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. richard1208
    bonjour, je tiens à te remercier pour ton aide voici donc le rapport cordialement Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 5175 Windows 6.1.7600 Internet Explorer 9.0.7930.16406 29/11/2010 08:42:35 mbam-log-2010-11-29 (08-42-35).txt Type d'examen: Examen complet (C:\|D:\|E:\|) Elément(s) analysé(s): 292944 Temps écoulé: 2 heure(s), 49 minute(s), 31 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Program Files (x86)\Electronic Arts\Medal of Honor\Binaries\loader.dll (Riskware.Tool.CK) -> No action taken.
  2. richard1208
    bonjour, je tiens à te remercier pour ton aide !!! voici les deux rapports le scan ======= RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 11/11/10 à 11:40 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: TeamXscript : AD-Remover - FindyKill - UsbFix C:\Program Files (x86)\Ad-Remover\main.exe (SCAN [2]) -> Lancé à 12:54:32 le 28/11/2010, Mode sans echec Microsoft Windows 7 Édition Familiale Premium (X64) yoann@YOANN-PC (Hewlett-Packard HP Pavilion dv7 Notebook PC) ============== RECHERCHE ============== Dossier trouvé: C:\Program Files (x86)\Conduit Dossier trouvé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barre d'outils Crawler Dossier trouvé: C:\Program Files (x86)\Crawler Clé trouvée: HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Clé trouvée: HKCU\Software\AppDataLow\Software\Conduit ============== SCAN ADDITIONNEL ============== ** Internet Explorer Version [9.0.7930.16406] ** [HKCU\Software\Microsoft\Internet Explorer\Main] Default_Page_URL: hxxp://g.uk.msn.com/HPNOT/3 Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\Windows\system32\blank.htm Search bar: Preserve Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Show_ToolBar: yes Start Page: hxxp://www.google.fr/ [HKLM\Software\Microsoft\Internet Explorer\Main] AutoHide: yes Default_Page_URL: hxxp://g.uk.msn.com/HPNOT/3 Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Delete_Temp_Files_On_Exit: yes Local Page: C:\Windows\system32\blank.htm Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Start Page: hxxp://g.uk.msn.com/HPNOT/3 [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] Blank: res://mshtml.dll/blank.htm ======================================== C:\Program Files (x86)\Ad-Remover\Quarantine: 0 Fichier(s) C:\Program Files (x86)\Ad-Remover\Backup: 2 Fichier(s) C:\Ad-Report-SCAN[1].txt - 28/11/2010 (1995 Octet(s)) C:\Ad-Report-SCAN[2].txt - 28/11/2010 (0 Octet(s)) Fin à: 12:55:50, 28/11/2010 ============== E.O.F ============== le nettoyage ======= RAPPORT D'AD-REMOVER 2.0.0.2,B | UNIQUEMENT XP/VISTA/7 ======= Mis à jour par TeamXscript le 11/11/10 à 11:40 Contact: AdRemover[DOT]contact[AT]gmail[DOT]com Site web: TeamXscript : AD-Remover - FindyKill - UsbFix C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 12:57:00 le 28/11/2010, Mode sans echec Microsoft Windows 7 Édition Familiale Premium (X64) yoann@YOANN-PC (Hewlett-Packard HP Pavilion dv7 Notebook PC) ============== ACTION(S) ============== Dossier supprimé: C:\Program Files (x86)\Conduit Dossier supprimé: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barre d'outils Crawler Dossier supprimé: C:\Program Files (x86)\Crawler (!) -- Fichiers temporaires supprimés. Clé supprimée: HKLM\Software\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit ============== SCAN ADDITIONNEL ============== ** Internet Explorer Version [9.0.7930.16406] ** [HKCU\Software\Microsoft\Internet Explorer\Main] Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\Windows\system32\blank.htm Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\Main] AutoHide: yes Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896 Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Local Page: C:\Windows\system32\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm ======================================== C:\Program Files (x86)\Ad-Remover\Quarantine: 28 Fichier(s) C:\Program Files (x86)\Ad-Remover\Backup: 16 Fichier(s) C:\Ad-Report-CLEAN[1].txt - 28/11/2010 (0 Octet(s)) C:\Ad-Report-SCAN[1].txt - 28/11/2010 (1995 Octet(s)) C:\Ad-Report-SCAN[2].txt - 28/11/2010 (2052 Octet(s)) Fin à: 12:58:15, 28/11/2010 ============== E.O.F ============== et voila
  3. richard1208
    bonjour, j'ai mon pc sous windows 7 qui plante. il met 15 min avant de s'allumer, explorer plante. j'ai fait un test avec HijackThis et voici le resultat. pouvez vous m'aidez svp !!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:32:21, on 25/11/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v9.00 (9.00.7930.16406) Boot mode: Normal Running processes: C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files (x86)\Glary Utilities\memdefrag.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\ccSvcHst.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe C:\Users\yoann\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\yoann\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\yoann\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\yoann\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\yoann\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\yoann\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hp-notebook | MSN.fr R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hp-notebook | MSN.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hp-notebook | MSN.fr R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\IPSBHO.DLL O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\coIEPlg.dll O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler O4 - HKCU\..\Run: [Google Update] "C:\Users\yoann\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Glary Memory Optimizer] "C:\Program Files (x86)\Glary Utilities\memdefrag.exe" /autostart O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU') O4 - Startup: OneNote 2010 - Capture d’écran et lancement.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe O8 - Extra context menu item: &Envoyer à OneNote - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: Notes &liées OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files (x86)\ma-config.com\maconfservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\ccSvcHst.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: O&O Defrag - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Intel® Turbo Boost Technology Monitor (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 14107 bytes
  4. richard1208
    merci de tous vos conseils mais en faite j'ai changé d'ordinateur donc voila maintenant j'ai un nouveau disque externe merci bcp cordialement yoann richard
  5. richard1208
    merci de vous occuper de moi je vous passe donc le rapport __________________________________________________ ewido anti-spyware online scanner http://www.ewido.net __________________________________________________ Name: TrackingCookie.Adviva Path: :mozilla.21:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.24:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.25:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.26:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Smartadserver Path: :mozilla.27:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Tradedoubler Path: :mozilla.29:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Mediaplex Path: :mozilla.38:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Doubleclick Path: :mozilla.50:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Googleadservices Path: :mozilla.61:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Weborama Path: :mozilla.65:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Hitbox Path: :mozilla.93:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.100:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.101:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.102:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.103:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Yieldmanager Path: :mozilla.104:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Zedo Path: :mozilla.120:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Zedo Path: :mozilla.121:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Zedo Path: :mozilla.122:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.123:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.124:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Adbrite Path: :mozilla.125:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Atdmt Path: :mozilla.126:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.128:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.130:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: :mozilla.141:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.160:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.161:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.162:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Advertising Path: :mozilla.163:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Webtrends Path: :mozilla.204:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Googleadservices Path: :mozilla.210:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.Safer-networking Path: :mozilla.211:C:\Documents and Settings\richard.TEST.000\Application Data\Mozilla\Firefox\Profiles\2dzy12t3.default\cookies.txt Risk: Medium Name: TrackingCookie.2o7 Path: C:\Documents and Settings\richard.TEST.000\Cookies\richard@paypal.112.2o7[1].txt Risk: Medium Name: Downloader.Swizzor.af Path: C:\Program Files\Messenger Plus! 2\Setup.dat/70000011.exe Risk: High qu'en pensez vous ?
  6. richard1208
    merci de t'occuper de moi !!! :P :-? :P :P :P donc voici les rapports SmitFraudFix v2.277 Rapport fait à 20:12:24.60, 2008-01-30 Executé à partir de C:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\adsoowf.dll supprimé Deleting [HKEY_CLASSES_ROOT\CLSID\{13DDD6DD-F49B-466B-A2DB-9E4091325924}] C:\WINDOWS\dntpkwo???.dll supprimé C:\WINDOWS\ffvrdgt.exe supprimé »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix.exe by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Palladia 300/400 Usb Adsl Modem - Trend Micro Common Firewall Miniport DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{B2BF3250-1912-4EEC-9752-74652D1114C1}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{B2BF3250-1912-4EEC-9752-74652D1114C1}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{B2BF3250-1912-4EEC-9752-74652D1114C1}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin DiagHelp version v1.4 - http://www.malekal.com excute le 2008-01-31 à 12:54:04.71 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\System32\drivers\pxhelp20.sys -->2008-01-30 20:35:46 C:\WINDOWS\System32\drivers\vsapint.sys -->2007-12-16 19:50:48 C:\WINDOWS\System32\drivers\TM_CFW.sys -->2007-12-16 19:50:48 C:\WINDOWS\System32\drivers\tmxpflt.sys -->2007-12-16 19:50:48 C:\WINDOWS\System32\drivers\tmtdi.sys -->2007-12-16 19:50:48 C:\WINDOWS\System32\drivers\tmpreflt.sys -->2007-12-16 19:50:48 C:\WINDOWS\System32\drivers\tmevtmgr.sys -->2007-12-16 19:50:48 C:\WINDOWS\System32\nmp.log -->2008-01-31 12:53:12 C:\WINDOWS\System32\app_filter_ui.log -->2008-01-31 10:00:04 C:\WINDOWS\System32\pxhpinst.exe -->2008-01-30 20:35:46 C:\WINDOWS\System32\pxdrv.dll -->2008-01-30 20:35:46 C:\WINDOWS\System32\pxcpyi64.exe -->2008-01-30 20:35:46 C:\WINDOWS\System32\pxcpya64.exe -->2008-01-30 20:35:46 C:\WINDOWS\System32\pxafs.dll -->2008-01-30 20:35:46 C:\WINDOWS\System32\pxwave.dll -->2008-01-30 20:35:45 C:\WINDOWS\System32\pxsfs.dll -->2008-01-30 20:35:45 C:\WINDOWS\System32\pxmas.dll -->2008-01-30 20:35:45 C:\WINDOWS\System32\pxinsi64.exe -->2008-01-30 20:35:45 C:\WINDOWS\System32\pxinsa64.exe -->2008-01-30 20:35:45 C:\WINDOWS\System32\vxblock.dll -->2008-01-30 20:35:42 C:\WINDOWS\System32\px.dll -->2008-01-30 20:35:42 C:\WINDOWS\System32\wpa.dbl -->2008-01-30 20:22:37 C:\WINDOWS\System32\nvapps.xml -->2008-01-30 20:22:22 C:\WINDOWS\System32\_nvidia_xxx_.log -->2008-01-30 20:22:04 C:\WINDOWS\System32\tmp.txt -->2008-01-30 20:12:28 C:\WINDOWS\System32\tmp.reg -->2008-01-30 20:12:28 C:\WINDOWS\System32\mappings.txt -->2008-01-29 23:22:18 C:\WINDOWS\System32\kdfvmgr.exe -->2008-01-29 22:52:07 C:\WINDOWS\System32\kdfmgr.exe -->2008-01-29 22:52:07 C:\WINDOWS\System32\Kdfhok.dll -->2008-01-29 22:52:07 C:\WINDOWS\System32\kdfapi.dll -->2008-01-29 22:52:07 C:\WINDOWS\System32\kdfinj.dll -->2008-01-29 21:51:25 C:\WINDOWS\WindowsUpdate.log -->2008-01-31 11:52:02 C:\WINDOWS\TmComm.log -->2008-01-31 10:18:50 C:\WINDOWS\wiadebug.log -->2008-01-30 20:39:09 C:\WINDOWS\wmsetup.log -->2008-01-30 20:36:07 C:\WINDOWS\setupapi.log -->2008-01-30 20:36:06 C:\WINDOWS\WMSysPr9.prx -->2008-01-30 20:36:03 C:\WINDOWS\ODBCINST.INI -->2008-01-30 20:35:30 C:\WINDOWS.log -->2008-01-30 20:22:25 C:\WINDOWS\wiaservc.log -->2008-01-30 20:22:10 C:\WINDOWS\tmevtmgr.log -->2008-01-30 20:22:10 C:\WINDOWS\bootstat.dat -->2008-01-30 20:21:56 C:\WINDOWS\setupact.log -->2008-01-30 20:12:55 C:\WINDOWS\ntbtlog.txt -->2008-01-30 20:11:23 C:\WINDOWS\TMFilter.log -->2008-01-29 23:20:20 C:\WINDOWS\tsoc.log -->2008-01-29 22:53:01 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 256 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x44080000 0xcf000 7.00.6000.16574 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16574 C:\WINDOWS\system32\iertutil.dll 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x44360000 0x5cd000 7.00.6000.16574 C:\WINDOWS\system32\ieframe.dll 0x44160000 0x127000 7.00.6000.16574 C:\WINDOWS\system32\urlmon.dll 0x442b0000 0x3c000 7.00.6000.16574 C:\WINDOWS\system32\webcheck.dll 0x10000000 0x112000 2.54.0000.0074 C:\Program Files\Messenger Plus! 2\MsgPlusH1.dll 0x501e0000 0x61000 16.00.0005.1015 C:\Program Files\Trend Micro\Internet Security\Tmdshell.dll 0x520d0000 0x10000 16.00.0005.1015 C:\Program Files\Trend Micro\Internet Security\SfPxSt32.dll 0x017b0000 0x29000 C:\Program Files\WinRAR\rarext.dll 0x01950000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll 0x00c80000 0xd000 7.00.0009.0050 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll 0x01f00000 0xd5000 1.04.0000.0000 C:\PROGRA~1\SPYBOT~1\SDHelper.dll 0x6d7c0000 0x79000 6.00.0030.0005 C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 1000 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x01640000 0x3b000 1.07.0018.0007 C:\WINDOWS\system32\WgaLogon.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 38D0-EC4F Répertoire de C:\WINDOWS\system32 2004-08-20 00:09 6,144 csrss.exe 1 fichier(s) 6,144 octets 0 Rép(s) 3,255,803,904 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 38D0-EC4F Répertoire de C:\WINDOWS\Downloaded Program Files 2008-01-28 20:15 <REP> . 2008-01-28 20:15 <REP> .. 2008-01-10 14:06 65 desktop.ini 2007-11-20 16:04 1,523,536 FP_AX_CAB_INSTALLER.exe 2000-01-20 15:25 1,162 Microsoft XML Parser for Java.osd 3 fichier(s) 1,524,763 octets Total des fichiers listés : 3 fichier(s) 1,524,763 octets 2 Rép(s) 3,255,803,904 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 Export de la clef SharedTaskScheduler exports des policies Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-31 12:54:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS] "StateIndex"=dword:00000000 scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 256 - explorer.exe 284 - TSCFPlatformCOM 340 - nvsvc32.exe 396 - SfCtlCom.exe 424 - TmPfw.exe 588 - TmProxy.exe 864 - TMBMSRV.exe 868 - Apache.exe 956 - nSvcAppFlt.exe 976 - csrss.exe 1000 - winlogon.exe 1044 - services.exe 1056 - lsass.exe 1252 - svchost.exe 1300 - svchost.exe 1468 - svchost.exe 1516 - svchost.exe 1648 - svchost.exe 1984 - nSvcIp.exe 2908 - MsgPlus.exe 3016 - ctfmon.exe 3020 - firefox.exe 3036 - CursorXP.exe 3044 - TMAS_OEMon.exe 3588 - HSChkProxyExe.e 4432 - wmiprvse.exe 5608 - PhotoshopElemen 5980 - cmd.exe Total number of processes = 29 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806CE000 - \WINDOWS\system32\hal.dll BADA8000 - \WINDOWS\system32\KDCOM.DLL BACB8000 - \WINDOWS\system32\BOOTVID.dll BA784000 - xmasbus.sys BA762000 - d343bus.sys BA733000 - ACPI.sys BADAA000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS BA722000 - pci.sys BA8A8000 - isapnp.sys BAE70000 - pciide.sys BAB28000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS BA8B8000 - MountMgr.sys BA703000 - ftdisk.sys BADAC000 - dmload.sys BA6DD000 - dmio.sys BAB30000 - PartMgr.sys BA8C8000 - VolSnap.sys BA6C5000 - atapi.sys BADAE000 - d343port.sys BA6AD000 - \WINDOWS\System32\DRIVERS\SCSIPORT.SYS BADB0000 - xmasscsi.sys BA696000 - nvata.sys BA8D8000 - disk.sys BA8E8000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS BA676000 - fltmgr.sys BA664000 - sr.sys BA8F8000 - PxHelp20.sys BA64D000 - KSecDD.sys BA5C0000 - Ntfs.sys BA593000 - NDIS.sys BA578000 - Mup.sys BAD64000 - \SystemRoot\system32\DRIVERS\tunmp.sys BA928000 - \SystemRoot\System32\DRIVERS\processr.sys BAC08000 - \SystemRoot\System32\DRIVERS\usbohci.sys BA4E5000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS BAC38000 - \SystemRoot\System32\DRIVERS\usbehci.sys BA2B4000 - \SystemRoot\system32\drivers\ALCXWDM.SYS BA290000 - \SystemRoot\system32\drivers\portcls.sys BA938000 - \SystemRoot\system32\drivers\drmk.sys BA26D000 - \SystemRoot\system32\drivers\ks.sys BA948000 - \SystemRoot\System32\DRIVERS\imapi.sys BA958000 - \SystemRoot\System32\DRIVERS\cdrom.sys BA968000 - \SystemRoot\System32\DRIVERS\redbook.sys BAD7C000 - \SystemRoot\System32\DRIVERS\nvnetbus.sys BA22D000 - \SystemRoot\System32\DRIVERS\NVNRM.SYS BA1FA000 - \SystemRoot\System32\DRIVERS\NVSNPU.SYS B9EAE000 - \SystemRoot\System32\DRIVERS\nv4_mini.sys B9E9A000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS BADBA000 - \SystemRoot\System32\DRIVERS\ASACPI.sys BABC0000 - \SystemRoot\System32\DRIVERS\fdc.sys B9E89000 - \SystemRoot\System32\DRIVERS\serial.sys BAD9C000 - \SystemRoot\System32\DRIVERS\serenum.sys B9E75000 - \SystemRoot\System32\DRIVERS\parport.sys BA978000 - \SystemRoot\System32\DRIVERS\i8042prt.sys BAC00000 - \SystemRoot\System32\DRIVERS\kbdclass.sys BAEE6000 - \SystemRoot\system32\drivers\msmpu401.sys BA554000 - \SystemRoot\System32\DRIVERS\gameenum.sys BAE83000 - \SystemRoot\System32\DRIVERS\audstub.sys BA988000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys BA54C000 - \SystemRoot\System32\DRIVERS\ndistapi.sys B9E5E000 - \SystemRoot\System32\DRIVERS\ndiswan.sys BA998000 - \SystemRoot\System32\DRIVERS\raspppoe.sys BA9A8000 - \SystemRoot\System32\DRIVERS\raspptp.sys BAC58000 - \SystemRoot\System32\DRIVERS\TDI.SYS BAC68000 - \SystemRoot\System32\DRIVERS\ptilink.sys BAC78000 - \SystemRoot\System32\DRIVERS\raspti.sys B9E2D000 - \SystemRoot\System32\DRIVERS\rdpdr.sys BA9B8000 - \SystemRoot\System32\DRIVERS\termdd.sys BAB50000 - \SystemRoot\System32\DRIVERS\mouclass.sys BADC0000 - \SystemRoot\System32\DRIVERS\swenum.sys BA528000 - \SystemRoot\System32\DRIVERS\mssmbios.sys B9C4E000 - \SystemRoot\system32\DRIVERS\TM_CFW.sys BA9C8000 - \SystemRoot\System32\DRIVERS\usbhub.sys BADCA000 - \SystemRoot\System32\DRIVERS\USBD.SYS BA9D8000 - \SystemRoot\System32\Drivers\NDProxy.SYS BA9E8000 - \SystemRoot\System32\DRIVERS\NVENETFD.sys BAC48000 - \SystemRoot\System32\DRIVERS\flpydisk.sys BADD0000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS BAF2E000 - \SystemRoot\System32\Drivers\Null.SYS BADD4000 - \SystemRoot\System32\Drivers\Beep.SYS BAC80000 - \SystemRoot\System32\drivers\vga.sys BADD8000 - \SystemRoot\System32\Drivers\mnmdd.SYS BADDC000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys BAC90000 - \SystemRoot\System32\Drivers\Msfs.SYS BACA0000 - \SystemRoot\System32\Drivers\Npfs.SYS BAD90000 - \SystemRoot\System32\DRIVERS\rasacd.sys B7A53000 - \SystemRoot\System32\DRIVERS\ipsec.sys BAA08000 - \SystemRoot\System32\DRIVERS\msgpc.sys B79FB000 - \SystemRoot\System32\DRIVERS\tcpip.sys B79E2000 - \SystemRoot\System32\DRIVERS\NVTcp.sys B79C1000 - \SystemRoot\System32\DRIVERS\ipnat.sys BAA18000 - \SystemRoot\System32\DRIVERS\wanarp.sys B7971000 - \SystemRoot\System32\DRIVERS\netbt.sys B7939000 - \SystemRoot\system32\DRIVERS\tcpip6.sys B9E25000 - \SystemRoot\System32\drivers\ws2ifsl.sys BACB0000 - \SystemRoot\system32\drivers\ip6fw.sys B7917000 - \SystemRoot\System32\drivers\afd.sys BAA28000 - \SystemRoot\System32\DRIVERS\netbios.sys BAA38000 - \SystemRoot\system32\DRIVERS\tmtdi.sys B78EC000 - \SystemRoot\System32\DRIVERS\rdbss.sys B787D000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys BAA48000 - \SystemRoot\System32\Drivers\Fips.SYS BAC98000 - \SystemRoot\system32\drivers\atkkbnt.sys BAC30000 - \SystemRoot\System32\DRIVERS\usbccgp.sys B7999000 - \SystemRoot\System32\DRIVERS\hidusb.sys BAA68000 - \SystemRoot\System32\DRIVERS\HIDCLASS.SYS BAB60000 - \SystemRoot\System32\DRIVERS\HIDPARSE.SYS BAB80000 - \SystemRoot\System32\DRIVERS\usbiad.sys BAC70000 - \SystemRoot\System32\DRIVERS\usbprint.sys BACA8000 - \SystemRoot\System32\DRIVERS\USBSTOR.SYS B9E21000 - \SystemRoot\System32\DRIVERS\mouhid.sys BAA78000 - \SystemRoot\system32\drivers\usbaudio.sys BAA88000 - \SystemRoot\System32\Drivers\Cdfs.SYS B783E000 - \SystemRoot\System32\Drivers\dump_nvata.sys BADEC000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys B785D000 - \SystemRoot\System32\drivers\Dxapi.sys BABF8000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys BAEA8000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\atkdisp.dll BFA02000 - \SystemRoot\System32\nv4_disp.dll B781E000 - \SystemRoot\system32\DRIVERS\tmpreflt.sys B64EB000 - \SystemRoot\system32\DRIVERS\vsapint.sys B64A9000 - \SystemRoot\system32\DRIVERS\tmxpflt.sys B5B14000 - \SystemRoot\System32\DRIVERS\mrxdav.sys BAE36000 - \SystemRoot\System32\Drivers\ParVdm.SYS B6415000 - \??\C:\WINDOWS\system32\drivers\EIO.sys B59E7000 - \SystemRoot\system32\drivers\wdmaud.sys B782E000 - \SystemRoot\system32\drivers\sysaudio.sys B56C5000 - \SystemRoot\System32\DRIVERS\srv.sys B5654000 - \??\C:\WINDOWS\system32\drivers\tmcomm.sys B5939000 - \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys B5969000 - \??\C:\WINDOWS\system32\drivers\tmactmon.sys B4DF3000 - \SystemRoot\System32\Drivers\HTTP.sys B2ACE000 - \SystemRoot\System32\Drivers\Fastfat.SYS BAF51000 * --[Hidden]-- Total number of drivers = 138 Liste des programmes installes Ad-aware 6 Personal Adobe Flash Player ActiveX Adobe Photoshop Elements 6.0 Adobe Photoshop Elements 6.0 Adobe Reader 7.0 Alcohol 120% Archiveur WinRAR ASUS Enhanced Display Driver Azureus CCleaner (remove only) CleanUp! Complément Microsoft Word pour Microsoft Works Suite Correctif pour Windows XP (KB918997) CursorXP DAEMON Tools Driver Genius Professional Edition 2005 5.3.016 Encyclopédie Microsoft Encarta 2005 Etherlords II HijackThis 2.0.2 Java 6 Update 3 Kit d'installation Messenger Plus! Microsoft AutoRoute 2005 Microsoft Digital Image Library 9 - Blocker Microsoft Money Microsoft Photo Premium 10 Microsoft Photo Premium 10 Microsoft Picture It! Album 10 Microsoft Works Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615) Mise à niveau de Works Mozilla Firefox (2.0.0.11) MSN Messenger 6.1 MSXML 6.0 Parser Multi Virus Cleaner 2008 Nero 6 Ultra Edition NVIDIA Drivers NVIDIA ForceWare Network Access Manager NVIDIA ForceWare Network Access Manager NVIDIA nTune NVIDIA nTune Picasa 2 Realtek AC'97 Audio Shockwave Spybot - Search & Destroy 1.2 Sélecteur d'installation de Microsoft Works 2005 Trend Micro Internet Security Pro Trend Micro Internet Security Pro USB MODEM Driver VideoLAN VLC media player 0.8.6d WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Internet Explorer 7 Windows Media Format Runtime Yahoo! Install Manager Yahoo! Toolbar Yahoo! Toolbar avec bloqueur de fenêtres pop-up Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 38D0-EC4F Répertoire de C:\Program Files 2008-01-29 22:55 <REP> . 2008-01-29 22:55 <REP> .. 2008-01-29 22:55 <REP> ACW 2008-01-30 20:36 <REP> Adobe 2003-12-19 12:54 <REP> Ahead 2008-01-10 15:26 <REP> Alcohol Soft 2008-01-28 21:41 <REP> Alwil Software 2008-01-04 19:55 <REP> AMD 2008-01-04 20:01 <REP> ASUS 2007-09-20 00:47 <REP> ASUSTeK 2008-01-04 16:45 <REP> AviSynth 2.5 2008-01-10 19:06 <REP> AvRack 2008-01-20 14:15 <REP> AxBx 2008-01-30 02:15 <REP> Azureus 2008-01-04 16:45 <REP> Brother 2008-01-28 20:14 <REP> CCleaner 2008-01-28 09:01 <REP> CleanUp! 2007-09-19 23:01 <REP> Common Files 2007-09-19 22:16 <REP> ComPlus Applications 2008-01-10 18:51 <REP> DreamCatcher 2008-01-10 19:02 <REP> Driver-Soft 2008-01-04 18:15 <REP> D-Tools 2008-01-30 22:58 <REP> eMule 2008-01-27 20:50 <REP> Encarta 2008-01-30 20:38 <REP> Fichiers communs 2008-01-04 18:16 <REP> FlashFXP 2008-01-30 23:08 <REP> FlashGet 2008-01-24 13:13 <REP> Google 2008-01-18 21:15 <REP> Internet Explorer 2008-01-25 23:46 <REP> Java 2008-01-10 19:25 <REP> Kit ADSL 2008-01-04 16:44 <REP> KompoZer 2008-01-04 18:15 <REP> Lavasoft 2008-01-15 19:59 <REP> messenger 2003-12-20 23:31 <REP> Messenger Plus! 2 2008-01-04 16:44 <REP> Microsoft ActiveSync 2008-01-27 20:53 <REP> Microsoft AutoRoute 2007-09-19 22:18 <REP> microsoft frontpage 2008-01-27 20:43 <REP> microsoft money 2005 2008-01-27 20:38 <REP> Microsoft Office 2008-01-27 20:39 <REP> Microsoft Works 2008-01-27 20:27 <REP> Microsoft Works Suite 2005 2008-01-07 21:03 <REP> movie maker 2008-01-31 12:50 <REP> Mozilla Firefox 2008-01-18 22:51 <REP> Mozilla.org 2008-01-03 21:27 <REP> MSBuild 2008-01-10 14:07 <REP> msn gaming zone 2008-01-10 19:29 <REP> MSN Messenger 2007-10-14 22:32 <REP> MSXML 4.0 2008-01-04 16:44 <REP> MSXML 6.0 2007-10-31 03:56 <REP> Nero 2008-01-13 16:56 <REP> NetMeeting 2008-01-04 20:03 <REP> NVIDIA Corporation 2008-01-15 19:58 <REP> Outlook Express 2008-01-24 13:13 <REP> Picasa2 2008-01-27 20:48 <REP> Picture It! Premium 10 2007-10-21 03:46 <REP> Realtek 2007-09-19 23:57 <REP> Realtek Sound Manager 2008-01-03 21:24 <REP> Reference Assemblies 2008-01-28 20:19 <REP> RegCleaner 2008-01-04 18:02 <REP> Services en ligne 2008-01-17 17:12 <REP> Spybot - Search & Destroy 2008-01-29 20:51 <REP> Trend Micro 2007-09-19 23:22 <REP> USB Driver-Express 2008-01-04 23:52 <REP> uTorrent 2008-01-04 20:21 <REP> VGA USB Camera 2007-09-20 00:18 <REP> VideoLAN 2008-01-04 16:44 <REP> VSO 2008-01-04 16:44 <REP> Windows Defender 2008-01-30 20:36 <REP> windows media player 2007-12-18 22:08 <REP> Windows Mobile Device Handbook 2008-01-13 16:56 <REP> Windows NT 2008-01-10 15:25 <REP> WinRAR 2007-09-19 22:18 <REP> xerox 2008-01-28 20:14 <REP> Yahoo! 0 fichier(s) 0 octets 75 Rép(s) 3,253,035,008 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 38D0-EC4F Répertoire de C:\Program Files\fichiers communs 2008-01-30 20:38 <REP> . 2008-01-30 20:38 <REP> .. 2008-01-30 20:38 <REP> Adobe 2008-01-04 18:14 <REP> Ahead 2008-01-04 19:51 <REP> InstallShield 2007-10-31 17:06 <REP> Java 2008-01-30 20:38 <REP> Macrovision Shared 2008-01-29 23:54 <REP> Microsoft Shared 2007-09-19 22:17 <REP> MSSoap 2008-01-04 16:45 <REP> Nero 2008-01-04 16:45 <REP> NVIDIA Shared 2007-09-19 22:18 <REP> ODBC 2008-01-04 16:45 <REP> PCSuite 2008-01-04 18:01 <REP> Services 2007-09-19 22:18 <REP> speechengines 2008-01-15 19:58 <REP> System 2008-01-28 20:41 <REP> Wise Installation Wizard 0 fichier(s) 0 octets 17 Rép(s) 3,253,035,008 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 38D0-EC4F Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 2008-01-29 23:54 <REP> . 2008-01-29 23:54 <REP> .. 2008-01-27 20:39 <REP> 1033 2008-01-29 23:54 <REP> 1036 2001-02-15 05:45 1,318,912 MSONSEXT.DLL 1999-06-03 14:09 122,937 MSOWS409.DLL 2001-03-07 09:00 127,033 MSOWS40c.DLL 2001-01-22 03:25 86,016 PKMWS.DLL 4 fichier(s) 1,654,898 octets 4 Rép(s) 3,253,035,008 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 38D0-EC4F Répertoire de C:\Program Files\common files 2007-09-19 23:01 <REP> . 2007-09-19 23:01 <REP> .. 2008-01-04 16:45 <REP> Download Manager 2008-01-04 16:45 <REP> InstallShield 2008-01-10 15:23 <REP> System 0 fichier(s) 0 octets 5 Rép(s) 3,253,035,008 octets libres c:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe\Photoshop Elements\6.0\Flash Galleries\Dynamic\flashplayer\windows\SAFlashPlayer.exe c:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe\Photoshop Elements\6.0\Flash Galleries\GeoWeb Gallery\gallery\resources\AuthSWF.exe c:\Documents and Settings\richard.TEST.000\.housecall6.6\getMac.exe c:\Documents and Settings\richard.TEST.000\.housecall6.6\patch.exe c:\Documents and Settings\richard.TEST.000\.housecall6.6\TSC.exe c:\Documents and Settings\richard.TEST.000\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe c:\Documents and Settings\richard.TEST.000\Bureau\AdbeRdr709_en_US.exe c:\Documents and Settings\richard.TEST.000\Bureau\CleanUp40.exe c:\Documents and Settings\richard.TEST.000\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\richard.TEST.000\Bureau\DiagHelp\diff.exe c:\Documents and Settings\richard.TEST.000\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\richard.TEST.000\Bureau\DiagHelp\find2.exe c:\Documents and Settings\richard.TEST.000\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\richard.TEST.000\Bureau\DiagHelp\grep.exe c:\Documents and Settings\richard.TEST.000\Bureau\DiagHelp\gzip.exe c:\Documents and Settings\richard.TEST.000\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\richard.TEST.000\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\richard.TEST.000\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\richard.TEST.000\Bureau\DiagHelp\md5sums.exe c:\Documents and Settings\richard.TEST.000\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\richard.TEST.000\Bureau\DiagHelp\sigcheck.exe c:\Documents and Settings\richard.TEST.000\Bureau\DiagHelp\streams.exe c:\Documents and Settings\richard.TEST.000\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\richard.TEST.000\Bureau\DiagHelp\tar.exe c:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix\exit.exe c:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix\HostsChk.exe c:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix\IEDFix.exe c:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix\Process.exe c:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix\restart.exe c:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix\SmitfraudFix.exe c:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix\SmiUpdate.exe c:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix\swreg.exe c:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix\swsc.exe c:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix\unzip.exe c:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix\VCCLSID.exe c:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix\WS2Fix.exe c:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix\SmitfraudFix\exit.exe c:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix\SmitfraudFix\HostsChk.exe c:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix\SmitfraudFix\IEDFix.exe c:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix\SmitfraudFix\Process.exe c:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix\SmitfraudFix\restart.exe c:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix\SmitfraudFix\SmiUpdate.exe c:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix\SmitfraudFix\swreg.exe c:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix\SmitfraudFix\swsc.exe c:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix\SmitfraudFix\unzip.exe c:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix\SmitfraudFix\VCCLSID.exe c:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix\SmitfraudFix\WS2Fix.exe c:\Documents and Settings\richard.TEST.000\Local Settings\Application Data\WindowsXP-KB918997-v6-x86.exe c:\Documents and Settings\richard.TEST.000\Mes documents\Azureus Downloads\Adobe.Photoshop.Elements.6.0.FRENCH.MULTiLANGUAGE.Lastest.Incl.Keygen-BRiOCHE\keygen.exe c:\Documents and Settings\richard.TEST.000\Mes documents\Azureus Downloads\Adobe.Photoshop.Elements.6.0.FRENCH.MULTiLANGUAGE.Lastest.Incl.Keygen-BRiOCHE\Keygen.Photoshop.6.0.exe c:\Documents and Settings\richard.TEST.000\Mes documents\Azureus Downloads\Adobe.Photoshop.Elements.6.0.FRENCH.MULTiLANGUAGE.Lastest.Incl.Keygen-BRiOCHE\Setup.exe c:\Documents and Settings\richard.TEST.000\Mes documents\Azureus Downloads\Adobe.Photoshop.Elements.6.0.FRENCH.MULTiLANGUAGE.Lastest.Incl.Keygen-BRiOCHE\directx9\dxsetup.exe c:\Documents and Settings\richard.TEST.000\Mes documents\Azureus Downloads\World-Of-Warcraft+TBC+Patches+FreeServer\(A) World of warcraft\Installer.exe c:\Documents and Settings\richard.TEST.000\SmitfraudFix\exit.exe c:\Documents and Settings\richard.TEST.000\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\richard.TEST.000\SmitfraudFix\HostsChk.exe c:\Documents and Settings\richard.TEST.000\SmitfraudFix\IEDFix.exe c:\Documents and Settings\richard.TEST.000\SmitfraudFix\Process.exe c:\Documents and Settings\richard.TEST.000\SmitfraudFix\restart.exe c:\Documents and Settings\richard.TEST.000\SmitfraudFix\SmiUpdate.exe c:\Documents and Settings\richard.TEST.000\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\richard.TEST.000\SmitfraudFix\swreg.exe c:\Documents and Settings\richard.TEST.000\SmitfraudFix\swsc.exe c:\Documents and Settings\richard.TEST.000\SmitfraudFix\unzip.exe c:\Documents and Settings\richard.TEST.000\SmitfraudFix\VCCLSID.exe c:\Documents and Settings\richard.TEST.000\SmitfraudFix\WS2Fix.exe c:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{DEDBCA50-B72B-4AAC-98CF-AB8C283B6AD0}\mpengine.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_TEST.tar.gz a l'adresse http://upload.malekal.com donc voila maintenant que dois je faire :P :P
  7. richard1208
    merci pour ta reponse!!! voici le rapport SmitFraudFix v2.277 Rapport fait à 20:11:52.90, 2008-01-30 Executé à partir de C:\Documents and Settings\richard.TEST.000\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS C:\WINDOWS\adsoowf.dll PRESENT ! C:\WINDOWS\dntpkwo???.dll PRESENT ! C:\WINDOWS\ffvrdgt.exe PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\richard.TEST.000 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\richard.TEST.000\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\RICHAR~1.000\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix.exe by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Palladia 300/400 Usb Adsl Modem - Trend Micro Common Firewall Miniport DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{B2BF3250-1912-4EEC-9752-74652D1114C1}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{B2BF3250-1912-4EEC-9752-74652D1114C1}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{B2BF3250-1912-4EEC-9752-74652D1114C1}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin je me doutais k j'avais un virus maintenant reste a voir les degats mais ni antivir ni avast m'ont trouver quelque chose
  8. richard1208
    svp est ce que quelqu'un pourrez m'aidez il y a quelque jours, je ne sais pourquoi mon internet explorer m'ouvrait plein de page internet vers des sites de t"l"chargement de logiciels de sécurité (anti spyware) je ne c pas si cela a avoir avec mon problème mais ma connexion internet n'arrête pas de ce couper sur mon ordi mais pas sur celui de mon amie, en plus je n'ai plus accès à mes mis à jours je vous post le rapports hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:40, on 2008-01-29 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Messenger Plus! 2\MsgPlus.exe C:\Program Files\D-Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\themeGold55\CursorXP\CursorXP.exe C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\Dependent\HSChkProxyExe.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: SXG Advisor - {AF7FCB20-E32A-41D8-B2ED-BC1EA8C11E90} - C:\WINDOWS\dntpkwokpr.dll O2 - BHO: TransactionProtector BHO - {C1656CCA-D2EA-4A32-94AE-AE0B180E6449} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: (no name) - {C87444C3-8B83-4A48-91DE-95F9A3D61070} - (no file) O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [Ad-aware] "C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" +c O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ufSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CursorXP] C:\themeGold55\CursorXP\CursorXP.exe -s O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr O21 - SSODL: adsoowf - {13DDD6DD-F49B-466B-A2DB-9E4091325924} - C:\WINDOWS\adsoowf.dll O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- End of file - 7767 bytes merci d'avance pour votre aide
  9. richard1208
    voici le rapport DiagHelp version v1.2 - http://www.malekal.com excute le ven. 21/09/2007 à 21:15:24,37 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\System32\drivers\NSDriver.sys -->20/09/2007 0:24:00 C:\WINDOWS\System32\drivers\AWRTRD.sys -->20/09/2007 0:24:00 C:\WINDOWS\System32\drivers\avipbb.sys -->7/09/2007 12:05:20 C:\WINDOWS\System32\drivers\avgntdd.sys -->9/08/2007 13:04:12 C:\WINDOWS\System32\drivers\avgntmgr.sys -->18/07/2007 14:22:20 C:\WINDOWS\System32\drivers\AWRTPD.sys -->4/06/2007 15:14:56 C:\WINDOWS\System32\drivers\ssmdrv.sys -->1/03/2007 10:34:38 C:\WINDOWS\System32\nmp.log -->21/09/2007 21:11:54 C:\WINDOWS\System32\_nvidia_xxx_.log -->21/09/2007 21:09:38 C:\WINDOWS\System32\nvapps.xml -->21/09/2007 21:09:28 C:\WINDOWS\System32\PerfStringBackup.INI -->21/09/2007 3:47:42 C:\WINDOWS\System32\perfh00C.dat -->21/09/2007 3:47:42 C:\WINDOWS\System32\perfc00C.dat -->21/09/2007 3:47:42 C:\WINDOWS\System32\perfh009.dat -->21/09/2007 3:47:42 C:\WINDOWS\System32\perfc009.dat -->21/09/2007 3:47:42 C:\WINDOWS\System32\FNTCACHE.DAT -->21/09/2007 3:43:06 C:\WINDOWS\System32\settings.aaw -->21/09/2007 3:42:36 C:\WINDOWS\System32\history.aaw -->21/09/2007 3:42:36 C:\WINDOWS\System32\TZLog.log -->21/09/2007 3:02:12 C:\WINDOWS\System32\wpa.dbl -->20/09/2007 15:19:44 C:\WINDOWS\System32\spupdwxp.log -->20/09/2007 15:19:32 C:\WINDOWS\System32\tmp.txt -->20/09/2007 3:21:22 C:\WINDOWS\System32\tmp.reg -->20/09/2007 3:21:22 C:\WINDOWS\System32\app_filter_ui.log -->20/09/2007 0:04:44 C:\WINDOWS\System32\amcompat.tlb -->19/09/2007 23:56:56 C:\WINDOWS\System32\nscompat.tlb -->19/09/2007 23:56:56 C:\WINDOWS\System32\oeminfo.ini -->19/09/2007 22:58:40 C:\WINDOWS\System32\$winnt$.inf -->19/09/2007 22:20:50 C:\WINDOWS\System32\CONFIG.NT -->19/09/2007 22:18:46 C:\WINDOWS\System32\WindowsLogon.manifest -->19/09/2007 22:18:16 C:\WINDOWS\System32\logonui.exe.manifest -->19/09/2007 22:18:16 C:\WINDOWS\System32\cdplayer.exe.manifest -->19/09/2007 22:18:14 C:\WINDOWS\bootstat.dat -->21/09/2007 21:09:14 C:\WINDOWS\WindowsUpdate.log -->21/09/2007 21:08:32 C:\WINDOWS\War3Unin.dat -->20/09/2007 18:35:08 C:\WINDOWS\War3Unin.pif -->20/09/2007 18:30:44 C:\WINDOWS\War3Unin.exe -->20/09/2007 18:30:44 C:\WINDOWS\WMSysPr9.prx -->20/09/2007 15:19:38 C:\WINDOWS\WMSysPrx.prx -->20/09/2007 14:46:08 C:\WINDOWS\Setup1.exe -->20/09/2007 3:31:06 C:\WINDOWS\ST6UNST.EXE -->20/09/2007 3:31:06 C:\WINDOWS\A8NE1013.zip -->20/09/2007 0:19:06 C:\WINDOWS\Ascd_tmp.ini -->20/09/2007 0:05:54 C:\WINDOWS\Nomdefichier -->19/09/2007 23:58:00 C:\WINDOWS\win.ini -->19/09/2007 23:56:56 C:\WINDOWS\setupapi.log.0.old -->19/09/2007 23:35:04 C:\WINDOWS\REGLOCS.OLD -->19/09/2007 22:21:32 MD5 des fichiers sensibles tcpip.sys 1dbf125862891817f374f407626967f4 ndis.sys 558635d3af1c7546d26067d5d9b6959e null.sys 73c1e1f395918bc2c6dd67af7591a3ad svchost.exe 2979b03d5382a602623c0535b16ab9c0 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est EC25-19C5 Répertoire de C:\WINDOWS\system32 20/08/2004 01:09 6.144 csrss.exe 1 fichier(s) 6.144 octets 0 Rép(s) 12.596.543.488 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est EC25-19C5 Répertoire de C:\WINDOWS\Downloaded Program Files 19/09/2007 22:18 <REP> . 19/09/2007 22:18 <REP> .. 19/09/2007 22:18 65 desktop.ini 30/07/2007 19:24 293 wuweb.inf 11/06/2007 12:21 5.021 swflash.inf 20/01/2000 15:25 1.162 Microsoft XML Parser for Java.osd 4 fichier(s) 6.541 octets Total des fichiers listés : 4 fichier(s) 6.541 octets 2 Rép(s) 12.596.543.488 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III" "C:\\Program Files\\Warcraft III\\War3.exe"="C:\\Program Files\\Warcraft III\\War3.exe:*:Enabled:Warcraft III" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... 127.0.0.1 activexupdate.com 127.0.0.1 www.activexupdate.com 127.0.0.1 msupdater.net 127.0.0.1 www.msupdater.net 127.0.0.1 www.malwarewipeupdate.com 127.0.0.1 spyfalconupdate.com 127.0.0.1 www.spyfalconupdate.com 127.0.0.1 spyaxeupdate.com 127.0.0.1 www.spyaxeupdate.com 127.0.0.1 necessaryupdates.com 127.0.0.1 www.necessaryupdates.com 127.0.0.1 systemupdates.net 127.0.0.1 www.systemupdates.net 127.0.0.1 updates.spywarequake.com 127.0.0.1 urgentsystemupdate.com 127.0.0.1 www.urgentsystemupdate.com 127.0.0.1 urgentsystemupdate.biz 127.0.0.1 www.urgentsystemupdate.biz 127.0.0.1 trial.updates.winsoftware.com 127.0.0.1 lavasoftupdate.com 127.0.0.1 www.lavasoftupdate.com 127.0.0.1 windupdates.com 127.0.0.1 securityupdatesite.com 127.0.0.1 www.securityupdatesite.com 127.0.0.1 newupdates.lzio.com 127.0.0.1 msupdate.net 127.0.0.1 www.msupdate.net 127.0.0.1 redirect.msupdate.net 127.0.0.1 eupdatepage.com 127.0.0.1 www.eupdatepage.com 127.0.0.1 updatemysettings.com 127.0.0.1 www.updatemysettings.com 127.0.0.1 settings.updatemysettings.com 127.0.0.1 search.keyword.exeupdate.com 127.0.0.1 client.exeupdate.com 127.0.0.1 www.exeupdate.com 127.0.0.1 hotwinupdates.com 127.0.0.1 www.hotwinupdates.com 127.0.0.1 avpcheckupdate.com 127.0.0.1 www.avpcheckupdate.com 127.0.0.1 exeupdate.com 127.0.0.1 malwarewipeupdate.com 127.0.0.1 pandaantivirus-2007.com 127.0.0.1 www.pandaantivirus-2007.com 127.0.0.1 pandadownload-now.com 127.0.0.1 www.pandadownload-now.com 127.0.0.1 panda-hq.com 127.0.0.1 www.panda-hq.com catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-09-21 21:15:29 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 152 - sched.exe 204 - ATKKBService.ex 380 - nSvcIp.exe 536 - csrss.exe 540 - nvsvc32.exe 560 - winlogon.exe 604 - services.exe 616 - lsass.exe 768 - svchost.exe 828 - svchost.exe 920 - svchost.exe 1108 - aawservice.exe 1164 - nSvcAppFlt.exe 1252 - apache.exe 1356 - Explorer.EXE 1428 - avguard.exe 1628 - MsgPlus.exe 1652 - nTrayFw.exe 1672 - avgnt.exe 1704 - ctfmon.exe 1712 - CursorXP.exe 1728 - TeaTimer.exe 1824 - eMule.exe 1856 - RocketDock.exe 3300 - wmiprvse.exe 3424 - alg.exe 3916 - cmd.exe Total number of processes = 28 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806CE000 - \WINDOWS\system32\hal.dll F7ADC000 - \WINDOWS\system32\KDCOM.DLL F79EC000 - \WINDOWS\system32\BOOTVID.dll F74B8000 - xmasbus.sys F7496000 - d343bus.sys F7467000 - ACPI.sys F7ADE000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS F7456000 - pci.sys F75DC000 - isapnp.sys F7BA4000 - pciide.sys F785C000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS F75EC000 - MountMgr.sys F7437000 - ftdisk.sys F7AE0000 - dmload.sys F7411000 - dmio.sys F7864000 - PartMgr.sys F75FC000 - VolSnap.sys F73F9000 - atapi.sys F7AE2000 - d343port.sys F73E1000 - \WINDOWS\System32\DRIVERS\SCSIPORT.SYS F7AE4000 - xmasscsi.sys F73CA000 - nvata.sys F760C000 - disk.sys F761C000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS F73AA000 - fltmgr.sys F7398000 - sr.sys F762C000 - avgntmgr.sys F7375000 - Fastfat.sys F735E000 - KSecDD.sys F7331000 - NDIS.sys F7316000 - Mup.sys F765C000 - \SystemRoot\System32\DRIVERS\AmdK8.sys F794C000 - \SystemRoot\System32\DRIVERS\usbohci.sys F7283000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS F797C000 - \SystemRoot\System32\DRIVERS\usbehci.sys F7052000 - \SystemRoot\system32\drivers\ALCXWDM.SYS F702E000 - \SystemRoot\system32\drivers\portcls.sys F766C000 - \SystemRoot\system32\drivers\drmk.sys F700B000 - \SystemRoot\system32\drivers\ks.sys F767C000 - \SystemRoot\System32\DRIVERS\imapi.sys F768C000 - \SystemRoot\System32\DRIVERS\cdrom.sys F769C000 - \SystemRoot\System32\DRIVERS\redbook.sys F7AB8000 - \SystemRoot\System32\DRIVERS\nvnetbus.sys F6FCB000 - \SystemRoot\System32\DRIVERS\NVNRM.SYS F6F98000 - \SystemRoot\System32\DRIVERS\NVSNPU.SYS F6C4C000 - \SystemRoot\System32\DRIVERS\nv4_mini.sys F6C38000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS F7AE8000 - \SystemRoot\System32\DRIVERS\ASACPI.sys F790C000 - \SystemRoot\System32\DRIVERS\fdc.sys F6C27000 - \SystemRoot\System32\DRIVERS\serial.sys F7ACC000 - \SystemRoot\System32\DRIVERS\serenum.sys F6C13000 - \SystemRoot\System32\DRIVERS\parport.sys F76AC000 - \SystemRoot\System32\DRIVERS\i8042prt.sys F7954000 - \SystemRoot\System32\DRIVERS\kbdclass.sys F7CE8000 - \SystemRoot\system32\drivers\msmpu401.sys F7AD8000 - \SystemRoot\System32\DRIVERS\gameenum.sys F7CEB000 - \SystemRoot\System32\DRIVERS\audstub.sys F76BC000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys F72EE000 - \SystemRoot\System32\DRIVERS\ndistapi.sys F6BFC000 - \SystemRoot\System32\DRIVERS\ndiswan.sys F76CC000 - \SystemRoot\System32\DRIVERS\raspppoe.sys F76DC000 - \SystemRoot\System32\DRIVERS\raspptp.sys F79A4000 - \SystemRoot\System32\DRIVERS\TDI.SYS F79B4000 - \SystemRoot\System32\DRIVERS\ptilink.sys F79C4000 - \SystemRoot\System32\DRIVERS\raspti.sys F6BCB000 - \SystemRoot\System32\DRIVERS\rdpdr.sys F76EC000 - \SystemRoot\System32\DRIVERS\termdd.sys F7894000 - \SystemRoot\System32\DRIVERS\mouclass.sys F7AEE000 - \SystemRoot\System32\DRIVERS\swenum.sys F72C2000 - \SystemRoot\System32\DRIVERS\mssmbios.sys F76FC000 - \SystemRoot\System32\DRIVERS\usbhub.sys F7AF2000 - \SystemRoot\System32\DRIVERS\USBD.SYS F770C000 - \SystemRoot\System32\Drivers\NDProxy.SYS F771C000 - \SystemRoot\System32\DRIVERS\NVENETFD.sys F78D4000 - \SystemRoot\System32\DRIVERS\flpydisk.sys F773C000 - \SystemRoot\SYSTEM32\DRIVERS\avgntdd.sys F7AFA000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7BAA000 - \SystemRoot\System32\Drivers\Null.SYS F7AFE000 - \SystemRoot\System32\Drivers\Beep.SYS F7904000 - \SystemRoot\System32\drivers\vga.sys F7B02000 - \SystemRoot\System32\Drivers\mnmdd.SYS F7B06000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F791C000 - \SystemRoot\System32\Drivers\Msfs.SYS F792C000 - \SystemRoot\System32\Drivers\Npfs.SYS F7AA8000 - \SystemRoot\System32\DRIVERS\rasacd.sys F49A8000 - \SystemRoot\System32\DRIVERS\ipsec.sys F774C000 - \SystemRoot\System32\DRIVERS\msgpc.sys F4950000 - \SystemRoot\System32\DRIVERS\tcpip.sys F4937000 - \SystemRoot\System32\DRIVERS\NVTcp.sys F4916000 - \SystemRoot\System32\DRIVERS\ipnat.sys F775C000 - \SystemRoot\System32\DRIVERS\wanarp.sys F48EE000 - \SystemRoot\System32\DRIVERS\netbt.sys F7AD4000 - \SystemRoot\System32\drivers\ws2ifsl.sys F48CC000 - \SystemRoot\System32\drivers\afd.sys F776C000 - \SystemRoot\System32\DRIVERS\netbios.sys F7934000 - \SystemRoot\System32\DRIVERS\ssmdrv.sys F48A1000 - \SystemRoot\System32\DRIVERS\rdbss.sys F4832000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys F778C000 - \SystemRoot\System32\Drivers\Fips.SYS F779C000 - \SystemRoot\System32\DRIVERS\avipbb.sys F78E4000 - \SystemRoot\system32\drivers\atkkbnt.sys F7B0E000 - \SystemRoot\system32\drivers\AsIO.sys F477D000 - \SystemRoot\System32\Drivers\Ntfs.SYS F78F4000 - \SystemRoot\System32\DRIVERS\usbiad.sys F481E000 - \SystemRoot\System32\DRIVERS\hidusb.sys F77BC000 - \SystemRoot\System32\DRIVERS\HIDCLASS.SYS F7924000 - \SystemRoot\System32\DRIVERS\HIDPARSE.SYS F7944000 - \SystemRoot\System32\DRIVERS\usbccgp.sys F4816000 - \SystemRoot\System32\DRIVERS\mouhid.sys F77CC000 - \SystemRoot\system32\drivers\usbaudio.sys F7974000 - \SystemRoot\System32\DRIVERS\usbprint.sys F798C000 - \SystemRoot\System32\DRIVERS\USBSTOR.SYS F77DC000 - \SystemRoot\System32\Drivers\Cdfs.SYS F46C6000 - \SystemRoot\System32\Drivers\dump_nvata.sys F7B24000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F6BA7000 - \SystemRoot\System32\drivers\Dxapi.sys F78BC000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F7C49000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\atkdisp.dll BFA02000 - \SystemRoot\System32\nv4_disp.dll F3559000 - \SystemRoot\System32\DRIVERS\ndisuio.sys F2AB8000 - \SystemRoot\system32\drivers\wdmaud.sys F474D000 - \SystemRoot\system32\drivers\sysaudio.sys F2885000 - \SystemRoot\System32\DRIVERS\mrxdav.sys F7B5A000 - \SystemRoot\System32\Drivers\ParVdm.SYS F7CFC000 - \??\C:\WINDOWS\system32\drivers\AsInsHelp32.sys F277D000 - \??\C:\WINDOWS\system32\drivers\EIO.sys F25DB000 - \SystemRoot\System32\DRIVERS\srv.sys F7BE0000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 132 Liste des programmes installes Ad-Aware 2007 Adobe Reader 7.0 Ai Booster Ai Selector Alcohol 120% Archiveur WinRAR ASUS Enhanced Display Driver ASUSUpdate Athlon 64 Processor Driver Avira AntiVir PersonalEdition Classic CCleaner (remove only) Cool & Quiet CursorXP DAEMON Tools Driver Genius Professional Edition 2005 5.3.016 eMule K-Lite Codec Pack 2.20 Full Kit d'installation Messenger Plus! Mise à jour de sécurité pour Windows XP (KB904706) Nero 6 Ultra Edition NVIDIA Drivers NVIDIA ForceWare Network Access Manager NVIDIA ForceWare Network Access Manager NVIDIA nTune NVIDIA nTune Optimisation Windows Realtek AC'97 Audio RocketDock 1.3.5 Shockwave Spybot - Search & Destroy Spybot - Search & Destroy 1.2 Switch Off USB MODEM Driver VideoLAN VLC media player 0.8.6c WebFldrs XP Winamp (remove only) Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) Windows Live Messenger Windows XP Service Pack 2 WinISO 5.3 Zeb-Utility 1.2 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est EC25-19C5 Répertoire de C:\Program Files 19/09/2007 19:19 <REP> . 19/09/2007 19:19 <REP> .. 19/09/2007 23:05 <REP> Adobe 19/12/2003 12:54 <REP> Ahead 19/09/2007 23:06 <REP> Alcohol Soft 19/09/2007 23:56 <REP> AMD 19/09/2007 23:59 <REP> ASUS 20/09/2007 00:47 <REP> ASUSTeK 20/09/2007 00:24 <REP> Avira 19/09/2007 23:56 <REP> AvRack 20/09/2007 13:30 <REP> CCleaner 19/09/2007 23:01 <REP> Common Files 19/09/2007 22:16 <REP> ComPlus Applications 21/09/2007 11:49 <REP> Driver-Soft 19/09/2007 23:05 <REP> D-Tools 23/12/2003 23:48 <REP> eMule 19/09/2007 19:19 <REP> Fichiers communs 19/09/2007 22:16 <REP> Internet Explorer 19/09/2007 23:22 <REP> Kit ADSL 19/09/2007 23:06 <REP> K-Lite Codec Pack 20/09/2007 00:21 <REP> Lavasoft 20/09/2007 14:45 <REP> messenger 20/12/2003 23:31 <REP> Messenger Plus! 2 19/09/2007 22:18 <REP> microsoft frontpage 19/09/2007 22:18 <REP> movie maker 19/09/2007 22:18 <REP> msn gaming zone 19/09/2007 23:06 <REP> MSN Messenger 19/09/2007 22:16 <REP> NetMeeting 19/09/2007 23:56 <REP> NVIDIA Corporation 20/09/2007 03:31 <REP> Optimisation Windows 19/09/2007 22:16 <REP> Outlook Express 19/09/2007 23:57 <REP> Realtek Sound Manager 20/09/2007 13:34 <REP> RocketDock 19/09/2007 22:18 <REP> Services en ligne 19/09/2007 23:07 <REP> Spybot - Search & Destroy 19/09/2007 23:08 <REP> Switch Off 19/09/2007 23:22 <REP> USB Driver-Express 20/09/2007 00:18 <REP> VideoLAN 20/09/2007 01:36 <REP> Warcraft III 24/12/2003 00:15 <REP> Winamp 19/09/2007 22:18 <REP> windows media player 19/09/2007 22:16 <REP> Windows NT 24/12/2003 00:02 <REP> WinISO 19/09/2007 23:05 <REP> WinRAR 19/09/2007 22:18 <REP> xerox 20/09/2007 13:30 <REP> Yahoo! 20/09/2007 13:21 <REP> Zeb-Utility 0 fichier(s) 0 octets 47 Rép(s) 12.595.986.432 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est EC25-19C5 Répertoire de C:\Program Files\fichiers communs 19/09/2007 19:19 <REP> . 19/09/2007 19:19 <REP> .. 19/09/2007 22:16 <REP> Microsoft Shared 19/09/2007 22:16 <REP> System 19/09/2007 22:17 <REP> MSSoap 19/09/2007 22:17 <REP> Services 19/09/2007 22:18 <REP> ODBC 19/09/2007 22:18 <REP> speechengines 19/09/2007 23:05 <REP> Ahead 19/09/2007 23:21 <REP> InstallShield 20/09/2007 00:02 <REP> Adobe 20/09/2007 00:21 <REP> Wise Installation Wizard 0 fichier(s) 0 octets 12 Rép(s) 12.596.494.336 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est EC25-19C5 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 19/09/2007 23:10 <REP> . 19/09/2007 23:10 <REP> .. 18/05/2001 17:57 561.209 MSONSEXT.DLL 07/03/2001 09:00 127.033 MSOWS40c.DLL 03/06/1999 14:09 122.937 MSOWS409.DLL 3 fichier(s) 811.179 octets 2 Rép(s) 12.596.494.336 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est EC25-19C5 Répertoire de C:\Program Files\common files 19/09/2007 23:01 <REP> . 19/09/2007 23:01 <REP> .. 19/09/2007 23:01 <REP> System 0 fichier(s) 0 octets 3 Rép(s) 12.596.494.336 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est EC25-19C5 Répertoire de C:\ 20/09/2007 11:06 1.308.216 HiJackThis_v2.exe 1 fichier(s) 1.308.216 octets 0 Rép(s) 12.596.494.336 octets libres c:\Documents and Settings\richard\Bureau\antivir_workstation_win7u_en_h.exe c:\Documents and Settings\richard\Bureau\eMule0.48a-Installer.exe c:\Documents and Settings\richard\Bureau\Setup_Zeb-Utility.exe c:\Documents and Settings\richard\Bureau\SmitfraudFix\dumphive.exe c:\Documents and Settings\richard\Bureau\SmitfraudFix\exit.exe c:\Documents and Settings\richard\Bureau\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\richard\Bureau\SmitfraudFix\HostsChk.exe c:\Documents and Settings\richard\Bureau\SmitfraudFix\Process.exe c:\Documents and Settings\richard\Bureau\SmitfraudFix\Reboot.exe c:\Documents and Settings\richard\Bureau\SmitfraudFix\restart.exe c:\Documents and Settings\richard\Bureau\SmitfraudFix\SmiUpdate.exe c:\Documents and Settings\richard\Bureau\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\richard\Bureau\SmitfraudFix\swreg.exe c:\Documents and Settings\richard\Bureau\SmitfraudFix\swsc.exe c:\Documents and Settings\richard\Bureau\SmitfraudFix\swxcacls.exe c:\Documents and Settings\richard\Bureau\SmitfraudFix\unzip.exe c:\Documents and Settings\richard\Bureau\SmitfraudFix\VCCLSID.exe c:\Documents and Settings\richard\Bureau\logiciel\aaw2007.exe c:\Documents and Settings\richard\Bureau\logiciel\ccsetup200.exe c:\Documents and Settings\richard\Bureau\logiciel\RocketDock-v1.3.5.exe c:\Documents and Settings\richard\Bureau\logiciel\spybotsd15.exe c:\Documents and Settings\richard\Bureau\logiciel\vlc-0.8.6c-win32.exe c:\Documents and Settings\richard\Bureau\logiciel\ZebProtect.exe c:\Documents and Settings\richard\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\richard\Bureau\DiagHelp\diff.exe c:\Documents and Settings\richard\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\richard\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\richard\Bureau\DiagHelp\find2.exe c:\Documents and Settings\richard\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\richard\Bureau\DiagHelp\grep.exe c:\Documents and Settings\richard\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\richard\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\richard\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\richard\Bureau\DiagHelp\md5sums.exe c:\Documents and Settings\richard\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\richard\Bureau\DiagHelp\streams.exe c:\Documents and Settings\richard\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\avewin32.dll ****** Fin du rapport DiagHelp
  10. richard1208
    merci de me repondre XP1 ... tu n'es pas à jour puis je savoir pourquoi c juste que j'ai reinstaller mon win trop lent trop encombre simple efficace suis je infecte
  11. richard1208
    hello tous le monde les gens. j'ai un probleme. comme tous le monde, nous avons des films sur notre ordi, bah moi des j'ouvre mes dossiers films mes fenetres se ferment authomatiquement. est ce du à un virus ou un autre probleme voici ma config win xp 2 eme version amd athlon 64 bit 3000+ 1 go ram je vous passe le rapports hijackthis Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 11:07:06, on 20/09/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\D-Tools\daemon.exe C:\Program Files\Messenger Plus! 2\MsgPlus.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\WINDOWS\System32\ctfmon.exe C:\themeGold55\CursorXP\CursorXP.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\eMule\emule.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\NOTEPAD.EXE C:\WINDOWS\NOTEPAD.EXE C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\richard\Bureau\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\\nTune.exe" clear O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [Launch Ai Booster] "C:\Program Files\ASUS\Ai Booster\OverClk.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [CursorXP] C:\themeGold55\CursorXP\CursorXP.exe -s O4 - HKCU\..\Run: [MessengerPlus2] "C:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1190237356500 O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe -- End of file - 7700 bytes
×
×
  • Créer...