Aller au contenu

platinium22

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    46

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par platinium22

  1. platinium22
    en effet c'est lui... Rapport SD 1; desole pour celui la mais explorer s'est ferme et le rapport a ete remplace par le 2 Rapport SD 2 : -----------\\ ToolBar S&D 1.0.7 XP/Vista [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : Patrick ] [ "C:\Toolbar SD" ] [ Selection : 2 ] [ lun. 04/08/2008 | 22:48:21,46 ] [ PC : MON-4YHF1S8JLYR ] [ MAJ : 25-07-2008 | 17:35 ] -----------\\ SUPPRESSION Supprime! - C:\DOCUME~1\Patrick\APPLIC~1\ShoppingReport\cs Supprime! - C:\Program Files\ShoppingReport\Bin Supprime! - C:\Program Files\ShoppingReport\cs Supprime! - C:\Program Files\ShoppingReport\Uninst.exe Supprime! - C:\DOCUME~1\Patrick\MENUDM~1\PROGRA~1\WhenU Supprime! - C:\Program Files\MSN Messenger\msimg32.dll Supprime! - C:\DOCUME~1\Patrick\APPLIC~1\ShoppingReport Supprime! - C:\Program Files\ShoppingReport -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ Extensions (Patrick) - {4892b5dc-4df3-11dc-8314-0800200c9a66} => cleveland_browns-1.00-fx (Patrick) - {a45e6b3a-725d-4b20-afde-e7486bfe317c} => aluminum_kai (Patrick) - {c1dffba0-628e-11d9-9669-0800200c9a66} => pitchdark_for_fx-2.0.2-fx -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.google.be/" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" -----------\\ Fin du rapport a 22:50:23,31 Rapport LopR: --------------------\\ Lop S&D 4.2.2-5 XP/Vista [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : Patrick ] [ "C:\Lop SD" ] [ Selection : 1 ] [ lun. 04/08/2008 | 23:00:21,45 ] [ PC : MON-4YHF1S8JLYR ] [ MAJ : 01-08-2008 | 01:40 ] --------------------\\ Listing des dossiers dans APPLIC~1 [18/01/2005|23:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini [19/01/2005|01:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft [22/05/2008|18:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [22/05/2008|18:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe(2) [31/07/2008|20:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AUDIO SCR BIAS POP [24/09/2007|03:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender [18/01/2005|23:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini [18/03/2007|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink [05/01/2006|17:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard [21/08/2007|15:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log [29/07/2008|06:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt [24/05/2008|18:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [03/11/2007|02:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! [22/05/2008|19:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [20/11/2006|07:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN Search Toolbar [07/04/2006|14:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6 [19/01/2005|22:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles [24/09/2007|04:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Plan Admin Browse Does [22/01/2005|16:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime [22/09/2007|00:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [05/05/2008|22:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom [15/04/2006|19:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL [06/10/2007|23:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [28/02/2008|15:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [18/01/2005|23:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini [01/12/2007|00:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [06/04/2006|20:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [20/11/2006|08:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec [01/12/2007|00:58] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [31/07/2008|20:15] C:\DOCUME~1\Patrick\APPLIC~1\2FordBase [26/07/2008|18:49] C:\DOCUME~1\Patrick\APPLIC~1\Adobe [13/05/2008|09:36] C:\DOCUME~1\Patrick\APPLIC~1\AdobeUM [02/08/2007|13:20] C:\DOCUME~1\Patrick\APPLIC~1\Ahead [05/04/2008|19:14] C:\DOCUME~1\Patrick\APPLIC~1\ArcSoft [24/09/2007|03:10] C:\DOCUME~1\Patrick\APPLIC~1\BitDefender [20/04/2008|18:57] C:\DOCUME~1\Patrick\APPLIC~1\BitTorrent [30/12/2006|03:58] C:\DOCUME~1\Patrick\APPLIC~1\Creative [12/01/2008|01:04] C:\DOCUME~1\Patrick\APPLIC~1\Creative ASR2 [18/01/2005|23:18] C:\DOCUME~1\Patrick\APPLIC~1\desktop.ini [05/04/2006|23:03] C:\DOCUME~1\Patrick\APPLIC~1\EPSON [30/01/2008|21:23] C:\DOCUME~1\Patrick\APPLIC~1\GDIPFONTCACHEV1.DAT [22/03/2007|20:47] C:\DOCUME~1\Patrick\APPLIC~1\Google [20/08/2007|13:21] C:\DOCUME~1\Patrick\APPLIC~1\Help [19/01/2005|01:15] C:\DOCUME~1\Patrick\APPLIC~1\Identities [13/02/2005|14:48] C:\DOCUME~1\Patrick\APPLIC~1\InterVideo [06/04/2006|18:31] C:\DOCUME~1\Patrick\APPLIC~1\Macromedia [09/08/2006|15:08] C:\DOCUME~1\Patrick\APPLIC~1\Media Player Classic [28/02/2008|15:59] C:\DOCUME~1\Patrick\APPLIC~1\Microsoft [18/07/2006|12:48] C:\DOCUME~1\Patrick\APPLIC~1\Mozilla [20/11/2006|07:45] C:\DOCUME~1\Patrick\APPLIC~1\MSN Search Toolbar [27/06/2007|01:58] C:\DOCUME~1\Patrick\APPLIC~1\MSN6 [22/01/2005|15:56] C:\DOCUME~1\Patrick\APPLIC~1\Nikon [04/01/2007|18:57] C:\DOCUME~1\Patrick\APPLIC~1\Samsung [04/08/2006|20:50] C:\DOCUME~1\Patrick\APPLIC~1\Symantec [18/07/2006|12:49] C:\DOCUME~1\Patrick\APPLIC~1\Talkback [15/08/2006|15:58] C:\DOCUME~1\Patrick\APPLIC~1\Template [05/05/2008|22:44] C:\DOCUME~1\Patrick\APPLIC~1\TomTom [14/03/2008|18:29] C:\DOCUME~1\Patrick\APPLIC~1\U3 [13/04/2008|13:28] C:\DOCUME~1\Patrick\APPLIC~1\wklnhst.dat --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [04/08/2008 23:00][--ah-----] C:\WINDOWS\tasks\A6952D55918AA5BD.job [04/08/2008 22:23][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job [04/08/2008 17:15][--ah-----] C:\WINDOWS\tasks\SA.DAT [28/08/2001 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini ( A6952D55918AA5BD.job )=( c:\docume~1\patrick\applic~1\2fordb~1\Slowmailremote.exe ) --------------------\\ Listing des dossiers dans C:\Program Files [23/07/2008|11:30] C:\Program Files\2FordBase [26/07/2008|18:49] C:\Program Files\Adobe [02/11/2007|12:11] C:\Program Files\Adverts [19/01/2005|01:56] C:\Program Files\Ahead [12/02/2005|16:11] C:\Program Files\Alcohol Soft [29/04/2008|11:15] C:\Program Files\Apex [05/04/2008|19:09] C:\Program Files\ArcSoft [22/05/2008|18:29] C:\Program Files\AviSynth 2.5 [04/06/2006|15:41] C:\Program Files\axvlc.oca [24/09/2007|02:51] C:\Program Files\BitDefender [06/04/2008|02:20] C:\Program Files\Circle Developement [19/01/2005|01:07] C:\Program Files\ComPlus Applications [19/01/2005|01:35] C:\Program Files\Creative [19/01/2005|01:49] C:\Program Files\CyberLink [19/01/2005|02:02] C:\Program Files\directx [21/08/2007|15:38] C:\Program Files\DVD Shrink [20/11/2006|08:58] C:\Program Files\Eidos Interactive [12/02/2005|15:51] C:\Program Files\Elaborate Bytes [27/07/2008|21:35] C:\Program Files\eMule [07/05/2006|21:24] C:\Program Files\EN.lng [15/04/2006|19:45] C:\Program Files\EPSON [26/03/2008|01:08] C:\Program Files\Fichiers communs [07/05/2006|21:23] C:\Program Files\FR.lng [05/01/2006|17:41] C:\Program Files\Hewlett-Packard [21/08/2007|15:36] C:\Program Files\HP [05/04/2008|19:09] C:\Program Files\InstallShield Installation Information [11/06/2008|22:21] C:\Program Files\Internet Explorer [13/02/2005|14:40] C:\Program Files\InterVideo [09/08/2006|15:07] C:\Program Files\K-Lite Codec Pack [24/05/2008|18:42] C:\Program Files\Lavasoft [23/01/2005|21:10] C:\Program Files\Maxis [20/11/2006|08:57] C:\Program Files\MaxSoftware [03/04/2008|11:19] C:\Program Files\Messenger Plus! Live [28/02/2008|16:22] C:\Program Files\Microsoft CAPICOM 2.1.0.2 [19/01/2005|01:10] C:\Program Files\microsoft frontpage [12/02/2005|16:43] C:\Program Files\Microsoft Games [05/01/2006|19:20] C:\Program Files\Microsoft IntelliPoint [12/08/2005|15:22] C:\Program Files\Microsoft IntelliType Pro [15/08/2006|12:54] C:\Program Files\Microsoft Office [28/02/2008|15:19] C:\Program Files\Microsoft SQL Server Compact Edition [19/01/2005|22:41] C:\Program Files\Microsoft Visual Studio [15/05/2008|16:31] C:\Program Files\Microsoft Works [15/05/2008|16:31] C:\Program Files\Movie Maker [31/07/2008|19:19] C:\Program Files\Mozilla Firefox [22/08/2007|23:25] C:\Program Files\MSECACHE [19/01/2005|01:06] C:\Program Files\MSN Gaming Zone [04/08/2008|22:48] C:\Program Files\MSN Messenger [20/11/2006|07:45] C:\Program Files\MSN Toolbar Suite [10/05/2006|11:49] C:\Program Files\MSXML 4.0 [15/05/2008|16:31] C:\Program Files\NetMeeting [22/01/2005|15:56] C:\Program Files\Nikon [22/09/2007|10:29] C:\Program Files\Outlook Express [22/05/2008|18:24] C:\Program Files\PhotoViewer [20/11/2006|08:57] C:\Program Files\plugins [02/03/2008|14:11] C:\Program Files\quake 3 [15/05/2008|16:31] C:\Program Files\QuickTime [25/08/2007|14:00] C:\Program Files\RALINK [04/01/2007|18:47] C:\Program Files\Samsung [19/01/2005|19:09] C:\Program Files\SEC [09/08/2007|18:00] C:\Program Files\Services en ligne [27/08/2005|00:42] C:\Program Files\SMSC [07/06/2007|19:35] C:\Program Files\Soldier of Fortune II - Double Helix [22/09/2007|00:23] C:\Program Files\Symantec [21/08/2007|15:33] C:\Program Files\Uninstall [19/01/2005|01:15] C:\Program Files\Uninstall Information [22/05/2008|18:29] C:\Program Files\WinASPI [22/08/2007|23:25] C:\Program Files\Windows Installer Clean Up [01/03/2008|01:25] C:\Program Files\Windows Live [28/02/2008|15:18] C:\Program Files\Windows Live Favorites [28/02/2008|15:18] C:\Program Files\Windows Live Toolbar [06/10/2007|23:51] C:\Program Files\Windows Media Connect 2 [06/10/2007|23:51] C:\Program Files\Windows Media Player [09/07/2006|17:37] C:\Program Files\Windows NT [26/04/2006|12:19] C:\Program Files\WindowsUpdate [12/02/2005|16:15] C:\Program Files\WinRAR [19/01/2005|01:10] C:\Program Files\xerox --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [26/07/2008|18:49] C:\Program Files\Fichiers communs\Adobe [19/01/2005|01:55] C:\Program Files\Fichiers communs\Ahead [18/08/2006|09:39] C:\Program Files\Fichiers communs\ArcSoft [24/09/2007|03:08] C:\Program Files\Fichiers communs\BitDefender [19/01/2005|22:41] C:\Program Files\Fichiers communs\Designer [05/04/2006|22:46] C:\Program Files\Fichiers communs\InstallShield [28/02/2008|15:06] C:\Program Files\Fichiers communs\Microsoft Shared [19/01/2005|01:07] C:\Program Files\Fichiers communs\MSSoap [18/01/2005|23:19] C:\Program Files\Fichiers communs\ODBC [19/01/2005|01:08] C:\Program Files\Fichiers communs\Services [18/08/2006|09:34] C:\Program Files\Fichiers communs\snpstd3 [18/01/2005|23:19] C:\Program Files\Fichiers communs\SpeechEngines [22/09/2007|02:58] C:\Program Files\Fichiers communs\Symantec Shared [22/09/2007|10:29] C:\Program Files\Fichiers communs\System [28/02/2008|15:14] C:\Program Files\Fichiers communs\WindowsLiveInstaller [24/05/2008|18:40] C:\Program Files\Fichiers communs\Wise Installation Wizard --------------------\\ Process ( 49 Processus ) iexplore.exe ~ [1524] --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop C:\DOCUME~1\ALLUSE~1\APPLIC~1\AUDIO SCR BIAS POP C:\DOCUME~1\Patrick\APPLIC~1\2fordb~1 C:\Program Files\2fordb~1 C:\Program Files\Adverts C:\Program Files\Circle Developement C:\DOCUME~1\Patrick\Cookies\patrick@www.adserver5[1].txt C:\DOCUME~1\Patrick\Cookies\patrick@www.adserver5[2].txt C:\DOCUME~1\Patrick\Cookies\patrick@www.adserver5[3].txt C:\DOCUME~1\Patrick\Cookies\patrick@www.adserver5[4].txt C:\DOCUME~1\Patrick\Cookies\patrick@www.adserver5[5].txt C:\DOCUME~1\Patrick\Cookies\patrick@bigpoint[1].txt C:\DOCUME~1\Patrick\Cookies\patrick@bigpoint[3].txt C:\DOCUME~1\Patrick\Cookies\patrick@fr1.seafight.bigpoint[1].txt C:\DOCUME~1\Patrick\Cookies\patrick@fr1.seafight.bigpoint[2].txt C:\DOCUME~1\Patrick\Cookies\patrick@banner.cotedazurpalace[2].txt C:\DOCUME~1\Patrick\Cookies\patrick@cotedazurpalace[1].txt C:\DOCUME~1\Patrick\Cookies\patrick@fr1.seafight.bigpoint[1].txt C:\DOCUME~1\Patrick\Cookies\patrick@fr1.seafight.bigpoint[2].txt C:\DOCUME~1\Patrick\Cookies\patrick@32vegas[1].txt C:\DOCUME~1\Patrick\Cookies\patrick@32vegas[2].txt C:\DOCUME~1\Patrick\Cookies\patrick@32vegas[4].txt C:\DOCUME~1\Patrick\Cookies\patrick@banner.32vegas[1].txt C:\DOCUME~1\Patrick\Cookies\patrick@www.lop[1].txt C:\DOCUME~1\Patrick\Cookies\patrick@www.lop[2].txt C:\DOCUME~1\Patrick\Cookies\patrick@www.lop[3].txt C:\DOCUME~1\Patrick\Cookies\patrick@www.lop[5].txt C:\DOCUME~1\Patrick\Cookies\patrick@888[2].txt C:\WINDOWS\Tasks\A6952D55918AA5BD.job --------------------\\ Verification du Registre [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Objbike"="C:\\DOCUME~1\\Patrick\\APPLIC~1\\2FORDB~1\\anti tray window.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bias Pop Amok Team"="C:\\Documents and Settings\\All Users\\Application Data\\AUDIO SCR BIAS POP\\Wma Ref.exe" --------------------\\ Verification du fichier Hosts Fichier Hosts MODIFIE 127.0.0.1 bin.errorprotector.com ## added by CiD 127.0.0.1 br.errorsafe.com ## added by CiD 127.0.0.1 br.winantivirus.com ## added by CiD 127.0.0.1 br.winfixer.com ## added by CiD 127.0.0.1 cdn.drivecleaner.com ## added by CiD 127.0.0.1 cdn.errorsafe.com ## added by CiD 127.0.0.1 cdn.winsoftware.com ## added by CiD 127.0.0.1 de.errorsafe.com ## added by CiD 127.0.0.1 de.winantivirus.com ## added by CiD 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD 127.0.0.1 download.cdn.errorsafe.com ## added by CiD 127.0.0.1 download.cdn.winsoftware.com ## added by CiD 127.0.0.1 download.errorsafe.com ## added by CiD 127.0.0.1 download.systemdoctor.com ## added by CiD 127.0.0.1 download.winantispyware.com ## added by CiD 127.0.0.1 download.windrivecleaner.com ## added by CiD 127.0.0.1 download.winfixer.com ## added by CiD 127.0.0.1 drivecleaner.com ## added by CiD 127.0.0.1 dynamique.drivecleaner.com ## added by CiD 127.0.0.1 errorprotector.com ## added by CiD 127.0.0.1 errorsafe.com ## added by CiD 127.0.0.1 es.winantivirus.com ## added by CiD 127.0.0.1 fr.winantivirus.com ## added by CiD 127.0.0.1 fr.winfixer.com ## added by CiD 127.0.0.1 go.drivecleaner.com ## added by CiD 127.0.0.1 go.errorsafe.com ## added by CiD 127.0.0.1 go.winantispyware.com ## added by CiD 127.0.0.1 go.winantivirus.com ## added by CiD 127.0.0.1 hk.winantivirus.com ## added by CiD 127.0.0.1 instlog.errorsafe.com ## added by CiD 127.0.0.1 instlog.winantivirus.com ## added by CiD 127.0.0.1 instlog.winfixer.com ## added by CiD 127.0.0.1 jsp.drivecleaner.com ## added by CiD 127.0.0.1 kb.errorsafe.com ## added by CiD 127.0.0.1 kb.winantivirus.com ## added by CiD 127.0.0.1 nl.errorsafe.com ## added by CiD 127.0.0.1 se.errorsafe.com ## added by CiD 127.0.0.1 secure.drivecleaner.com ## added by CiD 127.0.0.1 secure.errorsafe.com ## added by CiD 127.0.0.1 secure.winantispam.com ## added by CiD 127.0.0.1 secure.winantispy.com ## added by CiD 127.0.0.1 secure.winantivirus.com ## added by CiD 127.0.0.1 support.winantivirus.com ## added by CiD 127.0.0.1 trial.updates.winsoftware.com ## added by CiD 127.0.0.1 ulog.winantivirus.com ## added by CiD 127.0.0.1 utils.errorsafe.com ## added by CiD 127.0.0.1 utils.winantivirus.com ## added by CiD 127.0.0.1 utils.winfixer.com ## added by CiD 127.0.0.1 winantispyware.com ## added by CiD 127.0.0.1 winantivirus.com ## added by CiD 127.0.0.1 winfixer.com ## added by CiD 127.0.0.1 winfixer2006.com ## added by CiD 127.0.0.1 winsoftware.com ## added by CiD 127.0.0.1 www.drivecleaner.com ## added by CiD 127.0.0.1 www.errorprotector.com ## added by CiD 127.0.0.1 www.errorsafe.com ## added by CiD 127.0.0.1 www.systemdoctor.com ## added by CiD 127.0.0.1 www.utils.winfixer.com ## added by CiD 127.0.0.1 www.win-anti-virus-pro.com ## added by CiD 127.0.0.1 www.win-virus-pro.com ## added by CiD 127.0.0.1 www.winantispam.com ## added by CiD 127.0.0.1 www.winantispy.com ## added by CiD 127.0.0.1 www.winantispyware.com ## added by CiD 127.0.0.1 www.winantivirus.com ## added by CiD 127.0.0.1 www.winantiviruspro.com ## added by CiD 127.0.0.1 www.windrivecleaner.com ## added by CiD 127.0.0.1 www.windrivesafe.com ## added by CiD 127.0.0.1 www.winfixer.com ## added by CiD 127.0.0.1 www.winfixer2006.com ## added by CiD 127.0.0.1 www.winsoftware.com ## added by CiD -> 72 [ 70 ## added by CiD ] /!\ 1 Not 127.0.0.1 !! --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-04 23:01:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 525 --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! [F:2047][D:95]-> C:\DOCUME~1\Patrick\LOCALS~1\Temp [F:229][D:0]-> C:\DOCUME~1\Patrick\Cookies [F:5190][D:23]-> C:\DOCUME~1\Patrick\LOCALS~1\TEMPOR~1\content.IE5 --------------------\\ Fin du rapport a 23:02:46,40 Rapport 2: --------------------\\ Lop S&D 4.2.2-5 XP/Vista [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ] [ USER : Patrick ] [ "C:\Lop SD" ] [ Selection : 2 ] [ lun. 04/08/2008 | 23:05:11,34 ] [ PC : MON-4YHF1S8JLYR ] [ MAJ : 01-08-2008 | 01:40 ] \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION ///////////////////////////// Supprime! - C:\DOCUME~1\Patrick\Cookies\patrick@www.adserver5[1].txt Supprime! - C:\DOCUME~1\Patrick\Cookies\patrick@www.adserver5[2].txt Supprime! - C:\DOCUME~1\Patrick\Cookies\patrick@www.adserver5[3].txt Supprime! - C:\DOCUME~1\Patrick\Cookies\patrick@www.adserver5[4].txt Supprime! - C:\DOCUME~1\Patrick\Cookies\patrick@www.adserver5[5].txt Supprime! - C:\DOCUME~1\Patrick\Cookies\patrick@bigpoint[1].txt Supprime! - C:\DOCUME~1\Patrick\Cookies\patrick@bigpoint[3].txt Supprime! - C:\DOCUME~1\Patrick\Cookies\patrick@fr1.seafight.bigpoint[1].txt Supprime! - C:\DOCUME~1\Patrick\Cookies\patrick@fr1.seafight.bigpoint[2].txt Supprime! - C:\DOCUME~1\Patrick\Cookies\patrick@banner.cotedazurpalace[2].txt Supprime! - C:\DOCUME~1\Patrick\Cookies\patrick@cotedazurpalace[1].txt Supprime! - C:\DOCUME~1\Patrick\Cookies\patrick@32vegas[1].txt Supprime! - C:\DOCUME~1\Patrick\Cookies\patrick@32vegas[2].txt Supprime! - C:\DOCUME~1\Patrick\Cookies\patrick@32vegas[4].txt Supprime! - C:\DOCUME~1\Patrick\Cookies\patrick@banner.32vegas[1].txt Supprime! - C:\DOCUME~1\Patrick\Cookies\patrick@www.lop[1].txt Supprime! - C:\DOCUME~1\Patrick\Cookies\patrick@www.lop[2].txt Supprime! - C:\DOCUME~1\Patrick\Cookies\patrick@www.lop[3].txt Supprime! - C:\DOCUME~1\Patrick\Cookies\patrick@www.lop[5].txt Supprime! - C:\DOCUME~1\Patrick\Cookies\patrick@888[2].txt Supprime! - C:\WINDOWS\Tasks\A6952D55918AA5BD.job Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\AUDIO SCR BIAS POP Supprime! - C:\DOCUME~1\Patrick\APPLIC~1\2fordb~1 Supprime! - C:\Program Files\2fordb~1 Supprime! - C:\Program Files\Adverts Supprime! - C:\Program Files\Circle Developement RestaurÚ! - Fichier Hosts //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing des dossiers dans APPLIC~1 [18/01/2005|23:18] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini [19/01/2005|01:09] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft [22/05/2008|18:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [22/05/2008|18:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe(2) [24/09/2007|03:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender [18/01/2005|23:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini [18/03/2007|21:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink [05/01/2006|17:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Hewlett-Packard [21/08/2007|15:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log [29/07/2008|06:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LauncherAccess.dt [24/05/2008|18:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [03/11/2007|02:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus! [22/05/2008|19:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [20/11/2006|07:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN Search Toolbar [07/04/2006|14:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6 [19/01/2005|22:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles [24/09/2007|04:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Plan Admin Browse Does [22/01/2005|16:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime [22/09/2007|00:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec [05/05/2008|22:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TomTom [15/04/2006|19:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL [06/10/2007|23:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [28/02/2008|15:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [18/01/2005|23:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini [01/12/2007|00:59] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [06/04/2006|20:30] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [20/11/2006|08:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec [01/12/2007|00:58] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [26/07/2008|18:49] C:\DOCUME~1\Patrick\APPLIC~1\Adobe [13/05/2008|09:36] C:\DOCUME~1\Patrick\APPLIC~1\AdobeUM [02/08/2007|13:20] C:\DOCUME~1\Patrick\APPLIC~1\Ahead [05/04/2008|19:14] C:\DOCUME~1\Patrick\APPLIC~1\ArcSoft [24/09/2007|03:10] C:\DOCUME~1\Patrick\APPLIC~1\BitDefender [20/04/2008|18:57] C:\DOCUME~1\Patrick\APPLIC~1\BitTorrent [30/12/2006|03:58] C:\DOCUME~1\Patrick\APPLIC~1\Creative [12/01/2008|01:04] C:\DOCUME~1\Patrick\APPLIC~1\Creative ASR2 [18/01/2005|23:18] C:\DOCUME~1\Patrick\APPLIC~1\desktop.ini [05/04/2006|23:03] C:\DOCUME~1\Patrick\APPLIC~1\EPSON [30/01/2008|21:23] C:\DOCUME~1\Patrick\APPLIC~1\GDIPFONTCACHEV1.DAT [22/03/2007|20:47] C:\DOCUME~1\Patrick\APPLIC~1\Google [20/08/2007|13:21] C:\DOCUME~1\Patrick\APPLIC~1\Help [19/01/2005|01:15] C:\DOCUME~1\Patrick\APPLIC~1\Identities [13/02/2005|14:48] C:\DOCUME~1\Patrick\APPLIC~1\InterVideo [06/04/2006|18:31] C:\DOCUME~1\Patrick\APPLIC~1\Macromedia [09/08/2006|15:08] C:\DOCUME~1\Patrick\APPLIC~1\Media Player Classic [28/02/2008|15:59] C:\DOCUME~1\Patrick\APPLIC~1\Microsoft [18/07/2006|12:48] C:\DOCUME~1\Patrick\APPLIC~1\Mozilla [20/11/2006|07:45] C:\DOCUME~1\Patrick\APPLIC~1\MSN Search Toolbar [27/06/2007|01:58] C:\DOCUME~1\Patrick\APPLIC~1\MSN6 [22/01/2005|15:56] C:\DOCUME~1\Patrick\APPLIC~1\Nikon [04/01/2007|18:57] C:\DOCUME~1\Patrick\APPLIC~1\Samsung [04/08/2006|20:50] C:\DOCUME~1\Patrick\APPLIC~1\Symantec [18/07/2006|12:49] C:\DOCUME~1\Patrick\APPLIC~1\Talkback [15/08/2006|15:58] C:\DOCUME~1\Patrick\APPLIC~1\Template [05/05/2008|22:44] C:\DOCUME~1\Patrick\APPLIC~1\TomTom [14/03/2008|18:29] C:\DOCUME~1\Patrick\APPLIC~1\U3 [13/04/2008|13:28] C:\DOCUME~1\Patrick\APPLIC~1\wklnhst.dat --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [04/08/2008 22:23][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job [04/08/2008 17:15][--ah-----] C:\WINDOWS\tasks\SA.DAT [28/08/2001 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing des dossiers dans C:\Program Files [26/07/2008|18:49] C:\Program Files\Adobe [19/01/2005|01:56] C:\Program Files\Ahead [12/02/2005|16:11] C:\Program Files\Alcohol Soft [29/04/2008|11:15] C:\Program Files\Apex [05/04/2008|19:09] C:\Program Files\ArcSoft [22/05/2008|18:29] C:\Program Files\AviSynth 2.5 [04/06/2006|15:41] C:\Program Files\axvlc.oca [24/09/2007|02:51] C:\Program Files\BitDefender [19/01/2005|01:07] C:\Program Files\ComPlus Applications [19/01/2005|01:35] C:\Program Files\Creative [19/01/2005|01:49] C:\Program Files\CyberLink [19/01/2005|02:02] C:\Program Files\directx [21/08/2007|15:38] C:\Program Files\DVD Shrink [20/11/2006|08:58] C:\Program Files\Eidos Interactive [12/02/2005|15:51] C:\Program Files\Elaborate Bytes [27/07/2008|21:35] C:\Program Files\eMule [07/05/2006|21:24] C:\Program Files\EN.lng [15/04/2006|19:45] C:\Program Files\EPSON [26/03/2008|01:08] C:\Program Files\Fichiers communs [07/05/2006|21:23] C:\Program Files\FR.lng [05/01/2006|17:41] C:\Program Files\Hewlett-Packard [21/08/2007|15:36] C:\Program Files\HP [05/04/2008|19:09] C:\Program Files\InstallShield Installation Information [11/06/2008|22:21] C:\Program Files\Internet Explorer [13/02/2005|14:40] C:\Program Files\InterVideo [09/08/2006|15:07] C:\Program Files\K-Lite Codec Pack [24/05/2008|18:42] C:\Program Files\Lavasoft [23/01/2005|21:10] C:\Program Files\Maxis [20/11/2006|08:57] C:\Program Files\MaxSoftware [03/04/2008|11:19] C:\Program Files\Messenger Plus! Live [28/02/2008|16:22] C:\Program Files\Microsoft CAPICOM 2.1.0.2 [19/01/2005|01:10] C:\Program Files\microsoft frontpage [12/02/2005|16:43] C:\Program Files\Microsoft Games [05/01/2006|19:20] C:\Program Files\Microsoft IntelliPoint [12/08/2005|15:22] C:\Program Files\Microsoft IntelliType Pro [15/08/2006|12:54] C:\Program Files\Microsoft Office [28/02/2008|15:19] C:\Program Files\Microsoft SQL Server Compact Edition [19/01/2005|22:41] C:\Program Files\Microsoft Visual Studio [15/05/2008|16:31] C:\Program Files\Microsoft Works [15/05/2008|16:31] C:\Program Files\Movie Maker [31/07/2008|19:19] C:\Program Files\Mozilla Firefox [22/08/2007|23:25] C:\Program Files\MSECACHE [19/01/2005|01:06] C:\Program Files\MSN Gaming Zone [04/08/2008|22:48] C:\Program Files\MSN Messenger [20/11/2006|07:45] C:\Program Files\MSN Toolbar Suite [10/05/2006|11:49] C:\Program Files\MSXML 4.0 [15/05/2008|16:31] C:\Program Files\NetMeeting [22/01/2005|15:56] C:\Program Files\Nikon [22/09/2007|10:29] C:\Program Files\Outlook Express [22/05/2008|18:24] C:\Program Files\PhotoViewer [20/11/2006|08:57] C:\Program Files\plugins [02/03/2008|14:11] C:\Program Files\quake 3 [15/05/2008|16:31] C:\Program Files\QuickTime [25/08/2007|14:00] C:\Program Files\RALINK [04/01/2007|18:47] C:\Program Files\Samsung [19/01/2005|19:09] C:\Program Files\SEC [09/08/2007|18:00] C:\Program Files\Services en ligne [27/08/2005|00:42] C:\Program Files\SMSC [07/06/2007|19:35] C:\Program Files\Soldier of Fortune II - Double Helix [22/09/2007|00:23] C:\Program Files\Symantec [21/08/2007|15:33] C:\Program Files\Uninstall [19/01/2005|01:15] C:\Program Files\Uninstall Information [22/05/2008|18:29] C:\Program Files\WinASPI [22/08/2007|23:25] C:\Program Files\Windows Installer Clean Up [01/03/2008|01:25] C:\Program Files\Windows Live [28/02/2008|15:18] C:\Program Files\Windows Live Favorites [28/02/2008|15:18] C:\Program Files\Windows Live Toolbar [06/10/2007|23:51] C:\Program Files\Windows Media Connect 2 [06/10/2007|23:51] C:\Program Files\Windows Media Player [09/07/2006|17:37] C:\Program Files\Windows NT [26/04/2006|12:19] C:\Program Files\WindowsUpdate [12/02/2005|16:15] C:\Program Files\WinRAR [19/01/2005|01:10] C:\Program Files\xerox --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [26/07/2008|18:49] C:\Program Files\Fichiers communs\Adobe [19/01/2005|01:55] C:\Program Files\Fichiers communs\Ahead [18/08/2006|09:39] C:\Program Files\Fichiers communs\ArcSoft [24/09/2007|03:08] C:\Program Files\Fichiers communs\BitDefender [19/01/2005|22:41] C:\Program Files\Fichiers communs\Designer [05/04/2006|22:46] C:\Program Files\Fichiers communs\InstallShield [28/02/2008|15:06] C:\Program Files\Fichiers communs\Microsoft Shared [19/01/2005|01:07] C:\Program Files\Fichiers communs\MSSoap [18/01/2005|23:19] C:\Program Files\Fichiers communs\ODBC [19/01/2005|01:08] C:\Program Files\Fichiers communs\Services [18/08/2006|09:34] C:\Program Files\Fichiers communs\snpstd3 [18/01/2005|23:19] C:\Program Files\Fichiers communs\SpeechEngines [22/09/2007|02:58] C:\Program Files\Fichiers communs\Symantec Shared [22/09/2007|10:29] C:\Program Files\Fichiers communs\System [28/02/2008|15:14] C:\Program Files\Fichiers communs\WindowsLiveInstaller [24/05/2008|18:40] C:\Program Files\Fichiers communs\Wise Installation Wizard --------------------\\ Process ( 48 Processus ) ... OK ! --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-04 23:05:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 525 --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! [F:2047][D:95]-> C:\DOCUME~1\Patrick\LOCALS~1\Temp [F:209][D:0]-> C:\DOCUME~1\Patrick\Cookies [F:5204][D:23]-> C:\DOCUME~1\Patrick\LOCALS~1\TEMPOR~1\content.IE5 --------------------\\ Fin du rapport a 23:07:06,68 Desole pour le combot mais il faut dabord que je mette la ùain sur son cd (si il l'a)
  2. platinium22
    bonjour pear, desole pour le temps de reponse mais je retourne chez moi le w-e. Bon, voici le rapport/ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:20:48, on 4/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Microsoft IntelliType Pro\type32.exe C:\Program Files\Microsoft IntelliPoint\point32.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Program Files\QuickTime\qttask.exe C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe C:\Program Files\SMSC\Seticon.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\hphmon06.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE C:\WINDOWS\vsnpstd3.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe C:\Program Files\SEC\MagicTune 2.5\GammaTray.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\RALINK\Common\RaUI.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Symantec\LiveUpdate\AUpdate.exe C:\Documents and Settings\Patrick\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://resultsmaster.com/SmartOffers/Servi...omeLeftPane.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL O4 - HKLM\..\Run: [sBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe" O4 - HKLM\..\Run: [setIcon] C:\Program Files\SMSC\Seticon.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB002" /M "Stylus D68" O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [bearShare] "C:\Program Files\BearShare\BearShare.exe" /pause O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\Run: [devenv] C:\WINDOWS\system\smvss.exe /w O4 - HKLM\..\Run: [bias Pop Amok Team] C:\Documents and Settings\All Users\Application Data\AUDIO SCR BIAS POP\Wma Ref.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe" O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [Objbike] C:\DOCUME~1\Patrick\APPLIC~1\2FORDB~1\anti tray window.exe O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Color Calibration.lnk = ? O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O4 - Global Startup: Recherche sur le bureau de Windows.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-be\bin\WindowsSearch.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Patrick\Mes documents\Mes fichiers reçus\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Documents and Settings\Patrick\Mes documents\Mes fichiers reçus\PartyPoker\RunApp.exe (file missing) O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing) O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.0.24\ShoppingReport.dll (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://s.tf1.fr/mmdia/static/rawflow/clien...1.0/Rawflow.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 11491 bytes Merci de ton aide
  3. platinium22
    bonjour thanos voici le rapport demande. Deckard's System Scanner v20071014.68 Run by la dame du bois on 2008-08-03 19:14:41 Computer is in Normal Mode. -------------------------------------------------------------------------------- Total Physical Memory: 895 MiB (1024 MiB recommended). -- HijackThis (run as la dame du bois.exe) ------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:14:49, on 3/08/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Browser Mouse\Browser Mouse\1.1\Mouse32A.exe C:\Windows\vVX3000.exe C:\Program Files\Lexmark 5200 Series\lxbtmon.exe C:\Program Files\Lexmark 5200 Series\ezprint.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Windows\system32\conime.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\mobsync.exe C:\Program Files\Internet Explorer\IEUser.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Users\la dame du bois\Desktop\pas toucher, GERMAIN\dss.exe C:\PROGRA~1\HIJACK~1\LADAME~1.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.msn.com/default.aspx/?lang=fr-be R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://be.msn.com/defaultf.aspx R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O1 - Hosts: ::1 localhost O1 - Hosts: 91.121.188.81 forum.zebulon.fr O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll (file missing) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [sNPSTD2] C:\Windows\vsnpstd2.exe O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe O4 - HKLM\..\Run: [lxbtmon.exe] "C:\Program Files\Lexmark 5200 Series\lxbtmon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5200 Series\ezprint.exe" O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [RegistryBooster 2 d’Uniblue ] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe O4 - HKCU\..\RunOnce: [shockwave Updater] C:\Windows\System32\Macromed\SHOCKW~1\SWHELP~3.EXE -Update -1030024 -iexplore.exe7.0 O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (file missing) O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxbt_device - - C:\Windows\system32\lxbtcoms.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 9669 bytes -- Files created between 2008-07-03 and 2008-08-03 ----------------------------- 2008-07-28 22:40:11 0 d-------- C:\PerfLogs 2008-07-25 23:26:39 0 d-------- C:\Program Files\EsetOnlineScanner 2008-07-25 23:18:04 82944 --a------ C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-07-20 20:36:45 25600 --a------ C:\Windows\system32\WS2Fix.exe 2008-07-20 20:36:45 289144 --a------ C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; > 2008-07-20 20:36:45 86528 --a------ C:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-07-20 20:36:45 288417 --a------ C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-07-20 20:36:45 53248 --a------ C:\Windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-07-20 20:36:45 51200 --a------ C:\Windows\system32\dumphive.exe 2008-07-20 20:36:45 81920 --a------ C:\Windows\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix> 2008-07-17 00:35:55 0 d-------- C:\Program Files\Adobe Media Player 2008-07-17 00:35:51 0 d-------- C:\Program Files\Common Files\Adobe AIR 2008-07-11 21:29:46 69689 --a------ C:\Windows\UNZIP.DLL <Not Verified; Trend Micro Inc.; Trend Active Update 1.32> 2008-07-11 21:29:46 507904 --a------ C:\Windows\TMUPDATE.DLL <Not Verified; Trend Micro Inc.; ActiveUpdate Module> 2008-07-11 21:29:45 286720 --a------ C:\Windows\PATCH.EXE <Not Verified; Trend Micro Inc.; ActiveUpdate Module> -- Find3M Report --------------------------------------------------------------- 2008-08-01 02:19:34 0 d-------- C:\Users\la dame du bois\AppData\Roaming\Mozilla 2008-07-30 01:02:18 669340 --a------ C:\Windows\system32\perfh00C.dat 2008-07-30 01:02:18 123350 --a------ C:\Windows\system32\perfc00C.dat 2008-07-28 22:52:00 174 --ahs---- C:\Program Files\desktop.ini 2008-07-28 22:43:26 0 d-------- C:\Program Files\Windows Sidebar 2008-07-28 22:43:26 0 d-------- C:\Program Files\Windows Calendar 2008-07-28 22:43:26 0 d-------- C:\Program Files\Movie Maker 2008-07-28 22:43:24 0 d-------- C:\Program Files\Windows Mail 2008-07-28 22:43:22 0 d-------- C:\Program Files\Windows Collaboration 2008-07-28 22:43:21 0 d-------- C:\Program Files\Windows Journal 2008-07-28 22:43:20 0 d-------- C:\Program Files\Windows Photo Gallery 2008-07-28 22:43:12 0 d-------- C:\Program Files\Windows Defender 2008-07-20 20:36:51 4762 --a------ C:\Windows\system32\tmp.reg 2008-07-17 00:36:01 0 d-------- C:\Users\la dame du bois\AppData\Roaming\Adobe 2008-07-17 00:35:51 0 d-------- C:\Program Files\Common Files 2008-07-01 10:21:38 0 d-------- C:\Program Files\BoontyGames -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 09:38] "RtHDVCpl"="RtHDVCpl.exe" [06/07/2007 11:06 C:\Windows\RtHDVCpl.exe] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 15:40] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30/10/2007 21:46] "toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [09/02/2007 15:54] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25] "SNPSTD2"="C:\Windows\vsnpstd2.exe" [30/08/2004 16:37] "LWBMOUSE"="C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE" [20/11/2001 12:51] "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [13/01/2007 03:48] "VX3000"="C:\Windows\vVX3000.exe" [06/12/2006 01:38] "lxbtmon.exe"="C:\Program Files\Lexmark 5200 Series\lxbtmon.exe" [03/05/2007 03:51] "EzPrint"="C:\Program Files\Lexmark 5200 Series\ezprint.exe" [03/05/2007 03:53] "LXBTCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [22/02/2007 05:46] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [17/07/2008 16:03] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 11:25] "WireLessMouse"="C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe" [06/03/2007 12:18] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/11/2007 15:51] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [02/01/2008 21:15] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16] "Skytel"="Skytel.exe" [15/06/2007 16:45 C:\Windows\SkyTel.exe] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [19/01/2008 09:33] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [19/01/2008 09:33] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 12:34] "RegistryBooster 2 d’Uniblue "="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [03/09/2007 15:34] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce] "Shockwave Updater"=C:\Windows\System32\Macromed\SHOCKW~1\SWHELP~3.EXE -Update -1030024 -iexplore.exe7.0 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [4/05/2008 13:33:51] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) "EnableUIADesktopToggle"=0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-08-03 19:16:56 ------------ a premiere vue le pc a l'air de fonctionner correctement cote virus. il se coupe tout seul de temps en temps se serait du a quoi? merci
  4. platinium22
    bonjour a tous, Je suis en deplacement pour le boulot et j'ai la chance de pouvoir loger chez ma soeur. je suis donc sur le pc de mon filleul et il s'avere qu'il a pas mal de probleme. Fenetre de pub qui s'ouvre, le pc qui reboot en boucle et d'autres probleme mais je ne sais pas si ils sont dus a un virus. Mon filleul a besoin de son pc pour reviser ses examens de septembre, je me demandais alors si il etait possible de resoudre ses probleme rapidement dans les mesures du possible. Merci d'avance a toute l'equipe et bravo pour votre boulot
  5. platinium22
    bonjour thanos, je suis deja content de ces bonne nouvelles. Je te transmettrais le rapport dss dés que possible, comme dis precedement je suis en deplacement. A bientot et merci encore
  6. platinium22
    bonjour thanos desole de repondre aussi tardivement, je suis en deplacement toute la semaine pour le boulot. voici le rapport de smitfraud: SmitFraudFix v2.331 Scan done at 23:18:12,31, ven. 25/07/2008 Run from C:\Users\la dame du bois\Desktop\SmitfraudFix OS: Microsoft Windows [version 6.0.6000] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» DNS Before Fix Your computer may be victim of a DNS Hijack: 85.255.x.x detected ! Description: Ralink RT61 Turbo Wireless LAN Card DNS Server Search Order: 85.255.116.84 DNS Server Search Order: 85.255.112.191 HKLM\SYSTEM\CCS\Services\Tcpip\..\{5BEACE34-CDF7-484C-98D6-E4F8591B05E1}: DhcpNameServer=85.255.116.84,85.255.112.191 HKLM\SYSTEM\CCS\Services\Tcpip\..\{5BEACE34-CDF7-484C-98D6-E4F8591B05E1}: NameServer=85.255.116.84,85.255.112.191 HKLM\SYSTEM\CCS\Services\Tcpip\..\{94C5CA86-C8EB-415D-81C3-E3BE84985E64}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{94C5CA86-C8EB-415D-81C3-E3BE84985E64}: NameServer=85.255.116.84,85.255.112.191 HKLM\SYSTEM\CS1\Services\Tcpip\..\{5BEACE34-CDF7-484C-98D6-E4F8591B05E1}: DhcpNameServer=85.255.116.84,85.255.112.191 HKLM\SYSTEM\CS1\Services\Tcpip\..\{5BEACE34-CDF7-484C-98D6-E4F8591B05E1}: NameServer=85.255.116.84,85.255.112.191 HKLM\SYSTEM\CS1\Services\Tcpip\..\{94C5CA86-C8EB-415D-81C3-E3BE84985E64}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{94C5CA86-C8EB-415D-81C3-E3BE84985E64}: NameServer=85.255.116.84,85.255.112.191 HKLM\SYSTEM\CS3\Services\Tcpip\..\{5BEACE34-CDF7-484C-98D6-E4F8591B05E1}: DhcpNameServer=85.255.116.84,85.255.112.191 HKLM\SYSTEM\CS3\Services\Tcpip\..\{5BEACE34-CDF7-484C-98D6-E4F8591B05E1}: NameServer=85.255.116.84,85.255.112.191 HKLM\SYSTEM\CS3\Services\Tcpip\..\{94C5CA86-C8EB-415D-81C3-E3BE84985E64}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{94C5CA86-C8EB-415D-81C3-E3BE84985E64}: NameServer=85.255.116.84,85.255.112.191 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.84 85.255.112.191 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.84 85.255.112.191 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.116.84 85.255.112.191 »»»»»»»»»»»»»»»»»»»»»»»» DNS After Fix Description: Ralink RT61 Turbo Wireless LAN Card DNS Server Search Order: 192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{94C5CA86-C8EB-415D-81C3-E3BE84985E64}: DhcpNameServer=192.168.1.1 voici le rapport du scan en ligne : # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3300 (20080725) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.064 (20070717) # EOSSerial=56be5f01c1fa8248b6fd06cbcd4ba897 # end=finished # remove_checked=false # unwanted_checked=false # utc_time=2008-07-25 10:07:55 # local_time=2008-07-26 12:07:55 (+0100, Paris, Madrid (heure d'été)) # country="Belgium" # osver=6.0.6000 NT # scanned=257748 # found=0 # scan_time=2363 lequel de avg ou defender est le mieux? avg il a ete telecharge, defender est d'origine sur le pc et je ne sais pas comment le desinstaller. bonne soiree
  7. platinium22
    bonjour thanos, voici le scan de smitfraudfix: SmitFraudFix v2.330 Scan done at 20:36:50,18, dim. 20/07/2008 Run from C:\Users\la dame du bois\Desktop\SmitfraudFix OS: Microsoft Windows [version 6.0.6000] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\Ati2evxx.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Windows\system32\svchost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Browser Mouse\Browser Mouse\1.1\Mouse32A.exe C:\Windows\vVX3000.exe C:\Program Files\Lexmark 5200 Series\lxbtmon.exe C:\Program Files\Lexmark 5200 Series\ezprint.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\system32\lxbtcoms.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Windows\system32\svchost.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\WUDFHost.exe C:\Windows\ehome\ehsched.exe C:\Windows\system32\taskeng.exe C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe C:\Windows\ehome\ehRecvr.exe C:\Windows\system32\conime.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\la dame du bois »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\la dame du bois\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\LADAME~1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="C:\\PROGRA~1\\Google\\GOOGLE~2\\GOEC62~1.DLL" "LoadAppInit_DLLs"=dword:00000001 »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\Windows\\system32\\userinit.exe," »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Your computer may be victim of a DNS Hijack: 85.255.x.x detected ! Description: Ralink RT61 Turbo Wireless LAN Card DNS Server Search Order: 85.255.116.84 DNS Server Search Order: 85.255.112.191 HKLM\SYSTEM\CCS\Services\Tcpip\..\{5BEACE34-CDF7-484C-98D6-E4F8591B05E1}: DhcpNameServer=85.255.116.84,85.255.112.191 HKLM\SYSTEM\CCS\Services\Tcpip\..\{5BEACE34-CDF7-484C-98D6-E4F8591B05E1}: NameServer=85.255.116.84,85.255.112.191 HKLM\SYSTEM\CCS\Services\Tcpip\..\{94C5CA86-C8EB-415D-81C3-E3BE84985E64}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{94C5CA86-C8EB-415D-81C3-E3BE84985E64}: NameServer=85.255.116.84,85.255.112.191 HKLM\SYSTEM\CS1\Services\Tcpip\..\{5BEACE34-CDF7-484C-98D6-E4F8591B05E1}: DhcpNameServer=85.255.116.84,85.255.112.191 HKLM\SYSTEM\CS1\Services\Tcpip\..\{5BEACE34-CDF7-484C-98D6-E4F8591B05E1}: NameServer=85.255.116.84,85.255.112.191 HKLM\SYSTEM\CS1\Services\Tcpip\..\{94C5CA86-C8EB-415D-81C3-E3BE84985E64}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{94C5CA86-C8EB-415D-81C3-E3BE84985E64}: NameServer=85.255.116.84,85.255.112.191 HKLM\SYSTEM\CS3\Services\Tcpip\..\{5BEACE34-CDF7-484C-98D6-E4F8591B05E1}: DhcpNameServer=85.255.116.84,85.255.112.191 HKLM\SYSTEM\CS3\Services\Tcpip\..\{5BEACE34-CDF7-484C-98D6-E4F8591B05E1}: NameServer=85.255.116.84,85.255.112.191 HKLM\SYSTEM\CS3\Services\Tcpip\..\{94C5CA86-C8EB-415D-81C3-E3BE84985E64}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{94C5CA86-C8EB-415D-81C3-E3BE84985E64}: NameServer=85.255.116.84,85.255.112.191 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.116.84 85.255.112.191 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.116.84 85.255.112.191 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.116.84 85.255.112.191 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Et voici le rapport main: Deckard's System Scanner v20071014.68 Run by la dame du bois on 2008-07-20 20:39:48 Computer is in Normal Mode. -------------------------------------------------------------------------------- Percentage of Memory in Use: 76% (more than 75%). Total Physical Memory: 895 MiB (1024 MiB recommended). -- HijackThis (run as la dame du bois.exe) ------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:39:55, on 20/07/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Browser Mouse\Browser Mouse\1.1\Mouse32A.exe C:\Windows\vVX3000.exe C:\Program Files\Lexmark 5200 Series\lxbtmon.exe C:\Program Files\Lexmark 5200 Series\ezprint.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\System32\mobsync.exe C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe C:\Windows\system32\conime.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\la dame du bois\Desktop\dss.exe C:\PROGRA~1\HIJACK~1\LADAME~1.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.msn.com/default.aspx/?lang=fr-be R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://be.msn.com/defaultf.aspx R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O1 - Hosts: ::1 localhost O1 - Hosts: 91.121.188.81 forum.zebulon.fr O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [sNPSTD2] C:\Windows\vsnpstd2.exe O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe O4 - HKLM\..\Run: [lxbtmon.exe] "C:\Program Files\Lexmark 5200 Series\lxbtmon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5200 Series\ezprint.exe" O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [RegistryBooster 2 d’Uniblue ] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://muchu7.spaces.live.com/PhotoUpload/...nPUpldfr-be.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{5BEACE34-CDF7-484C-98D6-E4F8591B05E1}: NameServer = 85.255.116.84,85.255.112.191 O17 - HKLM\System\CCS\Services\Tcpip\..\{94C5CA86-C8EB-415D-81C3-E3BE84985E64}: NameServer = 85.255.116.84,85.255.112.191 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.84 85.255.112.191 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.84 85.255.112.191 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (file missing) O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxbt_device - - C:\Windows\system32\lxbtcoms.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 10306 bytes -- Files created between 2008-06-20 and 2008-07-20 ----------------------------- 2008-07-20 20:36:45 25600 --a------ C:\Windows\system32\WS2Fix.exe 2008-07-20 20:36:45 289144 --a------ C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; > 2008-07-20 20:36:45 86528 --a------ C:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix> 2008-07-20 20:36:45 288417 --a------ C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2008-07-20 20:36:45 53248 --a------ C:\Windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2008-07-20 20:36:45 82944 --a------ C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix> 2008-07-20 20:36:45 51200 --a------ C:\Windows\system32\dumphive.exe 2008-07-20 20:36:45 81920 --a------ C:\Windows\system32\404Fix.exe <Not Verified; S!Ri.URZ; 404Fix> 2008-07-17 00:35:55 0 d-------- C:\Program Files\Adobe Media Player 2008-07-17 00:35:51 0 d-------- C:\Program Files\Common Files\Adobe AIR 2008-07-11 21:29:46 69689 --a------ C:\Windows\UNZIP.DLL <Not Verified; Trend Micro Inc.; Trend Active Update 1.32> 2008-07-11 21:29:46 507904 --a------ C:\Windows\TMUPDATE.DLL <Not Verified; Trend Micro Inc.; ActiveUpdate Module> 2008-07-11 21:29:45 286720 --a------ C:\Windows\PATCH.EXE <Not Verified; Trend Micro Inc.; ActiveUpdate Module> -- Find3M Report --------------------------------------------------------------- 2008-07-20 20:36:51 4762 --a------ C:\Windows\system32\tmp.reg 2008-07-17 00:36:01 0 d-------- C:\Users\la dame du bois\AppData\Roaming\Adobe 2008-07-17 00:35:51 0 d-------- C:\Program Files\Common Files 2008-07-01 10:21:38 0 d-------- C:\Program Files\BoontyGames 2008-04-30 03:36:26 690594 --a------ C:\Windows\system32\perfh00C.dat 2008-04-30 03:36:26 117366 --a------ C:\Windows\system32\perfc00C.dat 2008-04-28 14:20:43 360 --a------ C:\Users\la dame du bois\AppData\Roaming\wklnhst.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [09/08/2007 15:46] "RtHDVCpl"="RtHDVCpl.exe" [06/07/2007 11:06 C:\Windows\RtHDVCpl.exe] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 15:40] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30/10/2007 21:46] "toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [09/02/2007 15:54] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25] "SNPSTD2"="C:\Windows\vsnpstd2.exe" [30/08/2004 16:37] "LWBMOUSE"="C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE" [20/11/2001 12:51] "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [13/01/2007 03:48] "VX3000"="C:\Windows\vVX3000.exe" [06/12/2006 01:38] "lxbtmon.exe"="C:\Program Files\Lexmark 5200 Series\lxbtmon.exe" [03/05/2007 03:51] "EzPrint"="C:\Program Files\Lexmark 5200 Series\ezprint.exe" [03/05/2007 03:53] "LXBTCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [22/02/2007 05:46] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [17/07/2008 16:03] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 11:25] "WireLessMouse"="C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe" [06/03/2007 12:18] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/11/2007 15:51] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [02/01/2008 21:15] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [02/11/2006 14:35] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 14:35] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 12:34] "RegistryBooster 2 d’Uniblue "="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [03/09/2007 15:34] "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [01/03/2007 11:37] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [4/05/2008 13:33:51] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- End of Deckard's System Scanner: finished at 2008-07-20 20:40:43 ------------ Bonne fin de journee et encore merci de ton aide
  8. platinium22
    rebonjour tout le monde, heu...thanos il serait pas partit en vacance par hasard? QQ pourrait il m'aider, c'est vraiment enervant ce probleme merci d'avance
  9. platinium22
    ha ok merci de ta reponse et desole de mon impatience
  10. platinium22
    bonjour, excusez moi,quelqu'un pourrait il continuer le travail pour m'aider? merci d'avance
  11. platinium22
    merci de ton aide. Voici le resultat antivir --> Virus or unwanted program 'JS/Dldr.Agent.KO [virus]' detected in file 'C:\Users\la dame du bois\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\65JXDP0M\wpad[2].htm. Action performed: Move file to quarantine Voici le rapport main --> Deckard's System Scanner v20071014.68 Run by la dame du bois on 2008-07-13 16:07:04 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- Last 5 Restore Point(s) -- 25: 2008-07-12 12:27:26 UTC - RP459 - Point de contrôle planifié 24: 2008-07-11 11:55:02 UTC - RP458 - Uniblue RegistryBooster 23: 2008-07-11 07:21:07 UTC - RP456 - Point de contrôle planifié 22: 2008-07-09 14:12:57 UTC - RP455 - Point de contrôle planifié 21: 2008-07-08 08:16:41 UTC - RP454 - Point de contrôle planifié -- First Restore Point -- 1: 2008-06-17 12:29:26 UTC - RP429 - Point de contrôle planifié Backed up registry hives. Performed disk cleanup. Total Physical Memory: 895 MiB (1024 MiB recommended). -- HijackThis (run as la dame du bois.exe) ------------------------------------- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:09:27, on 13/07/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Browser Mouse\Browser Mouse\1.1\Mouse32A.exe C:\Windows\vVX3000.exe C:\Program Files\Lexmark 5200 Series\lxbtmon.exe C:\Program Files\Lexmark 5200 Series\ezprint.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Trust\Trust R-series Mouse And Keyboard\MouseDrv.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\conime.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Users\la dame du bois\Desktop\dss.exe C:\PROGRA~1\HIJACK~1\la dame du bois.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://be.msn.com/default.aspx/?lang=fr-be R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://be.msn.com/defaultf.aspx R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O1 - Hosts: ::1 localhost O1 - Hosts: 91.121.188.81 forum.zebulon.fr O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [sNPSTD2] C:\Windows\vsnpstd2.exe O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe O4 - HKLM\..\Run: [lxbtmon.exe] "C:\Program Files\Lexmark 5200 Series\lxbtmon.exe" O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5200 Series\ezprint.exe" O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [RegistryBooster 2 d’Uniblue ] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{5BEACE34-CDF7-484C-98D6-E4F8591B05E1}: NameServer = 85.255.116.84,85.255.112.191 O17 - HKLM\System\CCS\Services\Tcpip\..\{94C5CA86-C8EB-415D-81C3-E3BE84985E64}: NameServer = 85.255.116.84,85.255.112.191 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.84 85.255.112.191 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.84 85.255.112.191 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: lxbt_device - - C:\Windows\system32\lxbtcoms.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 9767 bytes -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R3 KMWDFilter - \??\c:\windows\system32\drivers\kmwdfilter.sys -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; AntiVir Workstation> R2 KMWDSERVICE (Keyboard And Mouse Communication Service) - c:\program files\trust\trust r-series mouse and keyboard\kmwdsrv.exe <Not Verified; UASSOFT.COM; Keyboard And Mouse Communication Service> R2 x10nets (X10 Device Network Service) - c:\progra~1\common~1\x10\common\x10nets.exe <Not Verified; X10; x10 Module> S3 Boonty Games - "c:\program files\common files\boonty shared\service\boonty.exe" <Not Verified; BOONTY; Boonty Games> S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe S3 NMIndexingService - "c:\program files\common files\ahead\lib\nmindexingservice.exe" <Not Verified; Nero AG; Nero Home> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Scheduled Tasks ------------------------------------------------------------- 2008-07-13 16:08:40 274 --a------ C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job 2008-07-13 16:02:25 438 --ah----- C:\Windows\Tasks\User_Feed_Synchronization-{ECD24CF0-7C27-4BA5-AE1C-E429E32CA0CF}.job -- Files created between 2008-06-13 and 2008-07-13 ----------------------------- 2008-07-11 21:29:46 69689 --a------ C:\Windows\UNZIP.DLL <Not Verified; Trend Micro Inc.; Trend Active Update 1.32> 2008-07-11 21:29:46 507904 --a------ C:\Windows\TMUPDATE.DLL <Not Verified; Trend Micro Inc.; ActiveUpdate Module> 2008-07-11 21:29:45 286720 --a------ C:\Windows\PATCH.EXE <Not Verified; Trend Micro Inc.; ActiveUpdate Module> -- Find3M Report --------------------------------------------------------------- 2008-07-01 10:21:38 0 d-------- C:\Program Files\BoontyGames 2008-04-30 03:36:26 690594 --a------ C:\Windows\system32\perfh00C.dat 2008-04-30 03:36:26 117366 --a------ C:\Windows\system32\perfc00C.dat 2008-04-28 14:20:43 360 --a------ C:\Users\la dame du bois\AppData\Roaming\wklnhst.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [09/08/2007 15:46] "RtHDVCpl"="RtHDVCpl.exe" [06/07/2007 11:06 C:\Windows\RtHDVCpl.exe] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 12:35] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 15:40] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [30/10/2007 21:46] "toolbar_eula_launcher"="C:\Program Files\GoogleEULA\EULALauncher.exe" [09/02/2007 15:54] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 04:25] "SNPSTD2"="C:\Windows\vsnpstd2.exe" [30/08/2004 16:37] "LWBMOUSE"="C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE" [20/11/2001 12:51] "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [13/01/2007 03:48] "VX3000"="C:\Windows\vVX3000.exe" [06/12/2006 01:38] "lxbtmon.exe"="C:\Program Files\Lexmark 5200 Series\lxbtmon.exe" [03/05/2007 03:51] "EzPrint"="C:\Program Files\Lexmark 5200 Series\ezprint.exe" [03/05/2007 03:53] "LXBTCATS"="C:\Windows\system32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [22/02/2007 05:46] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [18/04/2008 23:31] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 11:25] "WireLessMouse"="C:\Program Files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe" [06/03/2007 12:18] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [11/11/2007 15:51] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [02/01/2008 21:15] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 23:16] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [02/11/2006 14:35] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [02/11/2006 14:35] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [18/10/2007 12:34] "RegistryBooster 2 d’Uniblue "="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" [03/09/2007 15:34] [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [4/05/2008 13:33:51] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] @="IEEE 1394 Bus host controllers" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] @="SBP2 IEEE 1394 Devices" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] @="SecurityDevices" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\Windows\system32\unregmp2.exe /ShowWMP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI -- Hosts ----------------------------------------------------------------------- 91.121.188.81 forum.zebulon.fr -- End of Deckard's System Scanner: finished at 2008-07-13 16:11:32 ------------
  12. platinium22
    bonjour a tous, Gros probleme avec ce virus, je n'ai rien trouve le concernant. il se delcenche a chaque fois que j'ouvre une page internet . Le pc redemarre tout seul et la mise a jour windows est devenue impossible depuis un certain temps. C'est le pc de mon frere, je ne saurais donc pas vous dire ou il a ete trainer sur le web. Pouvez vous m'aider? Je vous remercie d'avance
  13. platinium22
    voici DiagHelp version v1.2 - http://www.malekal.com excute le dim. 21/10/2007 à 1:08:00,39 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->21/10/2007 1:07:11 C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->21/10/2007 1:05:07 C:\WINDOWS\prefetch\HPOSM.EXE-0770134B.pf -->21/10/2007 1:01:43 C:\WINDOWS\prefetch\MSIMN.EXE-38BA891D.pf -->21/10/2007 0:25:41 C:\WINDOWS\prefetch\MSMSGS.EXE-0CED5345.pf -->21/10/2007 0:25:33 C:\WINDOWS\prefetch\POWERPNT.EXE-02B688E0.pf -->21/10/2007 0:21:38 C:\WINDOWS\prefetch\FIREFOX.EXE-28641590.pf -->21/10/2007 0:20:29 C:\WINDOWS\prefetch\PHOTOCNV.EXE-06A05A25.pf -->21/10/2007 0:15:02 C:\WINDOWS\prefetch\SSSTARS.SCR-2D6FC20D.pf -->21/10/2007 0:10:22 C:\WINDOWS\prefetch\WLLOGINPROXY.EXE-2D4B6027.pf -->21/10/2007 0:02:01 C:\WINDOWS\System32\drivers\avipbb.sys -->20/10/2007 18:13:00 C:\WINDOWS\System32\drivers\avgntdd.sys -->9/08/2007 13:04:11 C:\WINDOWS\System32\drivers\avgntmgr.sys -->18/07/2007 14:22:19 C:\WINDOWS\System32\drivers\AvgAsCln.sys -->30/05/2007 14:10:42 C:\WINDOWS\System32\drivers\update.sys -->23/04/2007 12:32:54 C:\WINDOWS\System32\drivers\ssmdrv.sys -->1/03/2007 10:34:36 C:\WINDOWS\System32\drivers\ntfs.sys -->9/02/2007 13:10:35 C:\WINDOWS\System32\dmgyzgw.dat -->21/10/2007 1:07:51 C:\WINDOWS\System32\dmgyzgw_navps.dat -->21/10/2007 1:07:33 C:\WINDOWS\System32\wpa.dbl -->21/10/2007 0:01:26 C:\WINDOWS\System32\nvapps.xml -->21/10/2007 0:00:15 C:\WINDOWS\System32\dmgyzgw.exe -->20/10/2007 18:17:24 C:\WINDOWS\System32\CONFIG.NT -->20/10/2007 18:04:17 C:\WINDOWS\System32\tmp.txt -->19/10/2007 23:38:46 C:\WINDOWS\System32\tmp.reg -->19/10/2007 23:38:46 C:\WINDOWS\System32\jupdate-1.6.0_03-b05.log -->16/10/2007 20:29:13 C:\WINDOWS\System32\dmgyzgw_nav.dat -->4/10/2007 18:13:36 C:\WINDOWS\System32\MRT.exe -->28/09/2007 7:19:39 C:\WINDOWS\System32\javaws.exe -->24/09/2007 23:31:42 C:\WINDOWS\System32\javacpl.cpl -->24/09/2007 23:31:42 C:\WINDOWS\System32\javaw.exe -->24/09/2007 22:30:30 C:\WINDOWS\System32\java.exe -->24/09/2007 22:30:28 C:\WINDOWS\System32\TZLog.log -->1/09/2007 3:00:45 C:\WINDOWS\System32\wininet.dll -->22/08/2007 15:13:08 C:\WINDOWS\System32\urlmon.dll -->22/08/2007 15:13:08 C:\WINDOWS\System32\shlwapi.dll -->22/08/2007 15:13:08 C:\WINDOWS\System32\shdocvw.dll -->22/08/2007 15:13:08 C:\WINDOWS\System32\pngfilt.dll -->22/08/2007 15:13:07 C:\WINDOWS\System32\mstime.dll -->22/08/2007 15:13:07 C:\WINDOWS\System32\msrating.dll -->22/08/2007 15:13:07 C:\WINDOWS\System32\mshtmled.dll -->22/08/2007 15:13:07 C:\WINDOWS\System32\mshtml.dll -->22/08/2007 15:13:07 C:\WINDOWS\Msiosd.ini -->21/10/2007 0:12:52 C:\WINDOWS\WindowsUpdate.log -->21/10/2007 0:02:15 C:\WINDOWS.log -->21/10/2007 0:00:47 C:\WINDOWS\wiadebug.log -->21/10/2007 0:00:44 C:\WINDOWS\wiaservc.log -->21/10/2007 0:00:38 C:\WINDOWS\bootstat.dat -->21/10/2007 0:00:07 C:\WINDOWS\SchedLgU.Txt -->20/10/2007 23:58:55 C:\WINDOWS\setupapi.log -->20/10/2007 23:48:35 C:\WINDOWS\ntbtlog.txt -->20/10/2007 21:39:44 C:\WINDOWS\dat.txt -->20/10/2007 17:59:32 C:\WINDOWS\setupact.log -->19/10/2007 23:42:02 C:\WINDOWS\setuperr.log -->19/10/2007 23:38:52 C:\WINDOWS\search_res.txt -->19/10/2007 23:33:49 C:\WINDOWS\rs.txt -->19/10/2007 19:02:40 C:\WINDOWS\Sti_Trace.log -->18/10/2007 22:27:27 MD5 des fichiers sensibles tcpip.sys 1dbf125862891817f374f407626967f4 ndis.sys 558635d3af1c7546d26067d5d9b6959e null.sys 73c1e1f395918bc2c6dd67af7591a3ad svchost.exe 2979b03d5382a602623c0535b16ab9c0 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est BCB6-4924 Répertoire de C:\WINDOWS\system 10/09/1999 14:06 4.672 wowpost.exe 1 fichier(s) 4.672 octets 0 Rép(s) 2.091.655.168 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est BCB6-4924 Répertoire de C:\WINDOWS\system32 20/08/2004 01:09 6.144 csrss.exe 1 fichier(s) 6.144 octets 0 Rép(s) 2.091.651.072 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est BCB6-4924 Répertoire de C:\WINDOWS\Downloaded Program Files 20/10/2007 23:48 <REP> . 20/10/2007 23:48 <REP> .. 07/12/2004 18:14 65 desktop.ini 14/10/1997 19:52 697 DirectAnimation Java Classes.osd 02/02/2005 09:36 976.464 EPUWALcontrol.dll 31/01/2005 14:43 539 EPUWALcontrol.inf 23/03/2007 12:17 1.292 erma.inf 12/12/2006 01:10 302.712 IDrop.ocx 12/12/2006 01:10 113.784 IDropENU.dll 12/12/2006 01:10 114.256 IDropFRA.dll 08/08/2006 11:45 576 kavwebscan.inf 29/05/2003 15:00 160.864 messengerstatsclient.dll 20/01/2000 16:25 1.162 Microsoft XML Parser for Java.osd 29/05/2003 15:00 77.408 msgrchkr.dll 14/03/2005 13:39 227 MsnMessengerSetupDownloader.inf 17/03/2005 14:48 113.152 MsnMessengerSetupDownloader.ocx 20/06/2006 15:44 379.704 MsnPUpld.dll 19/06/2006 14:40 393 MsnPUpld.inf 20/06/2006 15:44 117.560 PURen-us.dll 09/01/2007 08:30 110.592 PURfr-be.dll 15/10/2004 07:59 110.592 PURfr-xx.dll 09/10/2003 11:32 144 QTPlugin.inf 14/02/2007 16:30 144 setup.inf 27/08/2005 14:30 5.065 swflash.inf 22 fichier(s) 2.587.392 octets Total des fichiers listés : 22 fichier(s) 2.587.392 octets 2 Rép(s) 2.091.651.072 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "F:\\Program Files\\Shareaza\\Shareaza.exe"="F:\\Program Files\\Shareaza\\Shareaza.exe:*:Enabled:Shareaza" "D:\\Program Files\\Jeux\\Quake III Arena\\quake3 1.31.exe"="D:\\Program Files\\Jeux\\Quake III Arena\\quake3 1.31.exe:*:Enabled:quake3 1.31" "D:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"="D:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe:*:Enabled:HP Software Update Client" "D:\\Program Files\\Jeux\\Quake III Arena\\quake3.exe"="D:\\Program Files\\Jeux\\Quake III Arena\\quake3.exe:*:Enabled:quake3" "C:\\Program Files\\The All-Seeing Eye\\eye.exe"="C:\\Program Files\\The All-Seeing Eye\\eye.exe:*:Enabled:Yahoo! All-Seeing Eye" "F:\\Program Files\\KaZaA Lite\\KazaaLite.kpp"="F:\\Program Files\\KaZaA Lite\\KazaaLite.kpp:*:Enabled:KazaaLite" "F:\\Program Files\\mIRC\\mirc.exe"="F:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC" "D:\\Program Files\\Jeux\\TrackMania Nations ESWC\\TmNationsESWC.exe"="D:\\Program Files\\Jeux\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer" "D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "D:\\Program Files\\GameSpy Arcade\\Aphex.exe"="D:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade" "d:\\Program Files\\Skype\\Phone\\Skype.exe"="d:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus" "I:\\fscommand\\Vividas.exe"="I:\\fscommand\\Vividas.exe:*:Enabled:Vividas Player" "K:\\fscommand\\Vividas_ep2.exe"="K:\\fscommand\\Vividas_ep2.exe:*:Enabled:Vividas Player" "K:\\fscommand\\Vividas_ep3.exe"="K:\\fscommand\\Vividas_ep3.exe:*:Enabled:Vividas Player" "K:\\fscommand\\Vividas_ep4.exe"="K:\\fscommand\\Vividas_ep4.exe:*:Enabled:Vividas Player" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "K:\\fscommand\\Vividas.exe"="K:\\fscommand\\Vividas.exe:*:Enabled:Vividas Player" "D:\\Program Files\\Jeux\\Microsoft Games\\Age of Empires III\\age3.exe"="D:\\Program Files\\Jeux\\Microsoft Games\\Age of Empires III\\age3.exe:*:Enabled:Age of Empires 3" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1160 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-10-21 01:08:43 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\CfgJf40] "khjeh"=hex:20,02,00,00,67,31,81,aa,53,06,82,c4,0b,13,dd,a2,13,84,a5,7f,52,.. "hj34z0"=hex:83,c3,ee,65,b4,4f,cb,d6,02,d8,b2,0b,c3,ec,22,5f,f1,c1,f5,4a,d0,.. scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher] "TracesProcessed"=dword:00000142 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "dmgyzgw"="c:\windows\system32\dmgyzgw.exe dmgyzgw" scanning hidden files ... C:\WINDOWS\system32\dmgyzgw.exe C:\WINDOWS\system32\dmgyzgw.dat C:\WINDOWS\system32\dmgyzgw_nav.dat C:\WINDOWS\system32\dmgyzgw_navps.dat scan completed successfully hidden services: 0 hidden files: 4 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 312 - hphmon06.exe 488 - avgas.exe 520 - avgnt.exe 528 - msnmsgr.exe 544 - ctfmon.exe 556 - GoogleToolbarNo 576 - dmgyzgw.exe 732 - csrss.exe 756 - winlogon.exe 800 - services.exe 812 - lsass.exe 960 - svchost.exe 984 - nhksrv.exe 992 - Traymon.exe 1044 - svchost.exe 1092 - sched.exe 1116 - guard.exe 1136 - osd.exe 1140 - svchost.exe 1192 - CDAC11BA.EXE 1324 - svchost.exe 1456 - svchost.exe 1508 - NPROTECT.EXE 1724 - explorer.exe 1732 - avguard.exe 2044 - NetLimiter.exe 2284 - svchost.exe 2464 - cmd.exe 2468 - wmpnetwk.exe 2612 - iexplore.exe 3188 - HPZipm12.exe 3752 - usnsvc.exe 3912 - livecall.exe 3916 - alg.exe Total number of processes = 35 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntoskrnl.exe 806EC000 - \WINDOWS\system32\hal.dll F7B21000 - \WINDOWS\system32\KDCOM.DLL F7A31000 - \WINDOWS\system32\BOOTVID.dll F75DA000 - d347bus.sys F75BB000 - imagesrv.sys F7598000 - xmasbus.sys F7569000 - ACPI.sys F7B23000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS F7558000 - pci.sys F7621000 - isapnp.sys F7BE9000 - PCIIde.sys F78A1000 - \WINDOWS\System32\Drivers\PCIIDEX.SYS F7B25000 - intelide.sys F7631000 - MountMgr.sys F7539000 - ftdisk.sys F78A9000 - PartMgr.sys F78B1000 - sfsync02.sys F7641000 - VolSnap.sys F78B9000 - ElbyVCD.sys F7521000 - \WINDOWS\System32\DRIVERS\SCSIPORT.SYS F7509000 - F7B27000 - xmasscsi.sys F7B29000 - imagedrv.sys F7B2B000 - d347prt.sys F7651000 - disk.sys F7661000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS F74E9000 - fltmgr.sys F74D7000 - sr.sys F74C0000 - KSecDD.sys F7433000 - Ntfs.sys F7406000 - NDIS.sys F73F3000 - sfvfs02.sys F78C1000 - sfhlp02.sys F7B2D000 - sfhlp01.sys F73E1000 - sfdrv01.sys F7B2F000 - prosync1.sys F73C5000 - prohlp02.sys F7671000 - ohci1394.sys F7681000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS F73AA000 - Mup.sys F7691000 - agp440.sys F6775000 - \SystemRoot\System32\DRIVERS\intelppm.sys F649C000 - \SystemRoot\System32\DRIVERS\nv4_mini.sys F6488000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS F7991000 - \SystemRoot\System32\DRIVERS\usbuhci.sys F6465000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS F7999000 - \SystemRoot\System32\DRIVERS\usbehci.sys F6765000 - \SystemRoot\System32\DRIVERS\bcm4sbxp.sys F642F000 - \SystemRoot\System32\DRIVERS\HSFHWBS2.sys F640C000 - \SystemRoot\System32\DRIVERS\ks.sys F630E000 - \SystemRoot\System32\DRIVERS\HSF_DP.sys F6262000 - \SystemRoot\System32\DRIVERS\HSF_CNXT.sys F79A1000 - \SystemRoot\System32\Drivers\Modem.SYS F6755000 - \SystemRoot\system32\DRIVERS\nic1394.sys F79A9000 - \SystemRoot\System32\DRIVERS\fdc.sys F6251000 - \SystemRoot\System32\DRIVERS\serial.sys F7346000 - \SystemRoot\System32\DRIVERS\serenum.sys F6745000 - \SystemRoot\System32\DRIVERS\i8042prt.sys F7B53000 - \SystemRoot\System32\DRIVERS\msikbd2k.sys F79B1000 - \SystemRoot\System32\DRIVERS\kbdclass.sys F79B9000 - \SystemRoot\System32\DRIVERS\mouclass.sys F7342000 - \SystemRoot\System32\DRIVERS\gameenum.sys F733E000 - \SystemRoot\System32\Drivers\ElbyCDFL.sys F6735000 - \SystemRoot\System32\DRIVERS\cdrom.sys F6725000 - \SystemRoot\System32\DRIVERS\redbook.sys F6715000 - \SystemRoot\System32\DRIVERS\imapi.sys F61D1000 - \SystemRoot\system32\drivers\smwdm.sys F61AD000 - \SystemRoot\system32\drivers\portcls.sys F6705000 - \SystemRoot\system32\drivers\drmk.sys F7B55000 - \SystemRoot\system32\drivers\aeaudio.sys F7C6C000 - \SystemRoot\System32\DRIVERS\audstub.sys F66F5000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys F7332000 - \SystemRoot\System32\DRIVERS\ndistapi.sys F6196000 - \SystemRoot\System32\DRIVERS\ndiswan.sys F7741000 - \SystemRoot\System32\DRIVERS\raspppoe.sys F7751000 - \SystemRoot\System32\DRIVERS\raspptp.sys F79C1000 - \SystemRoot\System32\DRIVERS\TDI.SYS F6152000 - \SystemRoot\System32\DRIVERS\psched.sys F7761000 - \SystemRoot\System32\DRIVERS\msgpc.sys F79C9000 - \SystemRoot\System32\DRIVERS\ptilink.sys F79D1000 - \SystemRoot\System32\DRIVERS\raspti.sys F7771000 - \SystemRoot\System32\Drivers\pcouffin.sys F7781000 - \SystemRoot\System32\DRIVERS\termdd.sys F7B5B000 - \SystemRoot\System32\DRIVERS\swenum.sys F60F9000 - \SystemRoot\System32\DRIVERS\update.sys F7322000 - \SystemRoot\System32\DRIVERS\mssmbios.sys F7791000 - \SystemRoot\System32\Drivers\NDProxy.SYS F77A1000 - \SystemRoot\System32\DRIVERS\usbhub.sys F7B61000 - \SystemRoot\System32\DRIVERS\USBD.SYS F7016000 - \SystemRoot\system32\drivers\MODEMCSA.sys F79E1000 - \SystemRoot\System32\DRIVERS\flpydisk.sys F7B65000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7D5B000 - \SystemRoot\System32\Drivers\Null.SYS F7B67000 - \SystemRoot\System32\Drivers\Beep.SYS F7D5C000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys F7A01000 - \??\D:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys F7A09000 - \SystemRoot\system32\DRIVERS\usbccgp.sys F7A11000 - \SystemRoot\System32\drivers\vga.sys F7B6D000 - \SystemRoot\System32\Drivers\mnmdd.SYS F7B6F000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F7A19000 - \SystemRoot\System32\Drivers\Msfs.SYS F7A21000 - \SystemRoot\System32\Drivers\Npfs.SYS F7382000 - \SystemRoot\System32\DRIVERS\rasacd.sys F4F41000 - \SystemRoot\System32\DRIVERS\ipsec.sys F4EE9000 - \SystemRoot\System32\DRIVERS\tcpip.sys F4EC1000 - \SystemRoot\System32\DRIVERS\netbt.sys F737E000 - \SystemRoot\System32\drivers\ws2ifsl.sys F4E9F000 - \SystemRoot\System32\drivers\afd.sys F77D1000 - \SystemRoot\System32\DRIVERS\netbios.sys F7A29000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys F4E74000 - \SystemRoot\System32\DRIVERS\rdbss.sys F77F1000 - \SystemRoot\System32\drivers\prodrv06.sys F7D61000 - \SystemRoot\System32\Drivers\PQNTDrv.SYS F4E05000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys F7801000 - \SystemRoot\System32\Drivers\Fips.SYS F4D44000 - \SystemRoot\System32\DRIVERS\ipnat.sys F7811000 - \SystemRoot\System32\DRIVERS\wanarp.sys F7821000 - \SystemRoot\system32\DRIVERS\arp1394.sys F7366000 - \SystemRoot\System32\Drivers\gt680x.sys F7831000 - \SystemRoot\system32\DRIVERS\avipbb.sys F7B71000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys F7C22000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys F4CEE000 - \SystemRoot\System32\DRIVERS\P1050Wnt.sys F7841000 - \SystemRoot\System32\DRIVERS\STREAM.SYS F78F9000 - \SystemRoot\System32\DRIVERS\USBCAMD.SYS F7901000 - \SystemRoot\System32\DRIVERS\usbprint.sys F7909000 - \SystemRoot\system32\DRIVERS\HPZius12.sys F7911000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS F7861000 - \SystemRoot\system32\DRIVERS\HPZid412.sys F735A000 - \SystemRoot\system32\DRIVERS\HPZipr12.sys F7881000 - \SystemRoot\System32\Drivers\Cdfs.SYS F4C5E000 - \SystemRoot\System32\Drivers\dump_atapi.sys F7B81000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F60BC000 - \SystemRoot\System32\drivers\Dxapi.sys F7921000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F7C6A000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\nv4_disp.dll F3B72000 - \SystemRoot\System32\DRIVERS\ndisuio.sys F3011000 - \SystemRoot\system32\drivers\wdmaud.sys F3DDE000 - \SystemRoot\system32\drivers\sysaudio.sys F2E40000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys F2CFB000 - \SystemRoot\System32\DRIVERS\mrxdav.sys F2C2F000 - \SystemRoot\System32\Drivers\Aspi32.SYS F2BE7000 - \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS F2D34000 - \SystemRoot\System32\Drivers\ElbyCDIO.sys F2AAC000 - \SystemRoot\System32\DRIVERS\HSF_FALL.sys F2A8F000 - \SystemRoot\System32\DRIVERS\HSF_FSKS.sys F2986000 - \SystemRoot\System32\Drivers\HTTP.sys F28FE000 - \SystemRoot\System32\DRIVERS\HSF_K56K.sys F2B3B000 - \SystemRoot\System32\DRIVERS\mdmxsdk.sys F2779000 - \SystemRoot\System32\DRIVERS\srv.sys F2B1F000 - \SystemRoot\System32\DRIVERS\secdrv.sys F2720000 - \SystemRoot\System32\DRIVERS\HSF_FAXX.sys F4CD6000 - \SystemRoot\System32\DRIVERS\strmdisp.sys F2B53000 - \SystemRoot\System32\DRIVERS\HSF_TONE.sys F25B8000 - \SystemRoot\System32\DRIVERS\HSF_V124.sys F16A0000 - \??\C:\Program Files\Symantec\SYMEVENT.SYS F1A05000 - \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS EF4AB000 - \SystemRoot\system32\drivers\kmixer.sys F7C35000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 163 Liste des programmes installes 1000 mots pour apprendre à lire V 2.3 3DSexVilla-027.001 Ad-aware 6 Personal Adobe Flash Player ActiveX Adobe Reader 7.0.9 - Français Adobe Shockwave Player Age of Empires III Age of Empires III Alcatel SpeedTouch USB Software Alcohol 120% (Trial Version) Alcoholer 3.1 Apple Software Update Aqua Pearls Archiveur WinRAR Ashampoo Movie Shrink & Burn 2 Ashampoo Photo Commander 4 Ashampoo WinOptimizer Platinum 3 AutoCAD 2006 - Français Autodesk DWF Viewer AVG Anti-Spyware 7.5 Avira AntiVir PersonalEdition Classic Azureus 3.0 Ballistik bfr BearPaw 1200CU Plus v1.0 BlockCAD 3.0 Browser MOUSE BufferChm CameraDrivers CamfrogWEB Advanced ActiveX Plugin (remove only) CCleaner (remove only) CDRWIN Classic PhoneTools CloneCD ConvertXtoDVD 2.1.5.173 Correctif pour Lecteur Windows Media 11 (KB939683) Correctif Windows XP - KB834707 Correctif Windows XP - KB867282 Correctif Windows XP - KB873333 Correctif Windows XP - KB873339 Correctif Windows XP - KB885250 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB885884 Correctif Windows XP - KB886185 Correctif Windows XP - KB887742 Correctif Windows XP - KB887797 Correctif Windows XP - KB888113 Correctif Windows XP - KB888302 Correctif Windows XP - KB890047 Correctif Windows XP - KB890175 Correctif Windows XP - KB890859 Correctif Windows XP - KB890923 Correctif Windows XP - KB891781 Correctif Windows XP - KB893066 Correctif Windows XP - KB893086 coverXP (remove only) Creative WebCam Pro eX Driver (1.00.09.0821) CreativeProjects CreativeProjectsTemplates Crush'Em 2.0 CueTour DAEMON Tools Destinations Didi et Ditto DiGiTALYS FunNames Editor Director Dora La Cité Perdue Dora Sakado DVD Decrypter 3.2.0.0 Fr DVD Shrink 3.2 EA SPORTS online 2005 EasyCleaner EasyRecovery Professional EasyRecovery Professional Edmark Jellybean Hunt Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP Far Cry Far Cry FlashGet(JetCar) Free Mp3 Wma Converter V 1.6.0 FTP Expert 3 GameSpy Arcade Google Earth Google Toolbar for Internet Explorer HentaII-026.003 HijackThis 2.0.2 Hitman - tueur à gages Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB926239) HP Appareils photos Photosmart 4.0 hp deskjet 3820 series HP Diagnostic Assistant HP Image Zone 4.0 HP Software Update HPSystemDiagnostics Ice Age Ice Puzzle Deluxe IKEA Home Planner Kitchen Insane bfr InstantShare International Cue Club bfr J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 9 Java 6 Update 2 Java 6 Update 3 Java SE Runtime Environment 6 Update 1 Jewel Quest K-Lite Codec Pack 2.34 Full Karaoke CD+G Creator Karaoke CD+G Creator Pro Kaspersky Online Scanner Kazaa Lite K++ v2.4.3 KC Softwares VideoInspector Language Pack for Ad-aware 6 Lecteur Windows Media 11 Lectra 32 fr LECTRAMINI Lights Out LimeWire 4.12.6 LiveReg (Symantec Corporation) Luxor 2 Luxor Amun Rising Matroska Playback Pack MatroskaProp (remove only) MediaRescue Pro 4.3 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Data Access Components KB870669 Microsoft Office OneNote 2003 Microsoft Office PowerPoint Viewer 2003 Microsoft Office Visio Professional 2003 Microsoft Office XP Professional avec FrontPage Microsoft Plus! pour Windows XP Microsoft User-Mode Driver Framework Feature Pack 1.0 mIRC Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Windows XP (KB883939) Mise à jour de sécurité pour Windows XP (KB890046) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896422) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB896688) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899588) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB903235) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB905915) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB908531) Mise à jour de sécurité pour Windows XP (KB911280) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911567) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912812) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913446) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB916281) Mise à jour de sécurité pour Windows XP (KB917159) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB918899) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920214) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB921503) Mise à jour de sécurité pour Windows XP (KB921883) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour de sécurité pour Windows XP (KB922760) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB923694) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924496) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925454) Mise à jour de sécurité pour Windows XP (KB925486) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928090) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB929123) Mise à jour de sécurité pour Windows XP (KB929969) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931768) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour de sécurité pour Windows XP (KB933566) Mise à jour de sécurité pour Windows XP (KB933729) Mise à jour de sécurité pour Windows XP (KB935839) Mise à jour de sécurité pour Windows XP (KB935840) Mise à jour de sécurité pour Windows XP (KB936021) Mise à jour de sécurité pour Windows XP (KB937143) Mise à jour de sécurité pour Windows XP (KB938127) Mise à jour de sécurité pour Windows XP (KB938829) Mise à jour de sécurité pour Windows XP (KB939653) Mise à jour de sécurité pour Windows XP (KB941202) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB896727) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB929338) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB931836) Mise à jour pour Windows XP (KB933360) Mise à jour pour Windows XP (KB936357) Mise à jour pour Windows XP (KB938828) Mozilla Firefox (2.0.0. MSRedist MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) Music Manager Nero 6 Ultra Edition NetLimiter 1.25 (remove only) NFS Underground Norton AntiSpam Norton AntiSpam Norton CleanSweep Norton Ghost Norton Internet Security Professional Norton Internet Security Professional Norton Password Manager Norton SystemWorks 2004 Professional Norton SystemWorks 2004 Professional (Symantec Corporation) Norton Utilities Norton WMI Update NVIDIA Drivers Office Keyboard overland Overland Pando PartitionMagic PartyPoker PCI SoftV92 Modem Photo Resize Magic 1.1 PhotoGallery Photosmart 320,370,7400,8100,8400 Series (fra) Pochette Audio PowerQuest PartitionMagic 8.0 Demo PrintScreen PS7400 PSPrinters06 Puzzl'Em 1.0 Beta2 Puzzle Blast QFolder Quake III Arena Quake III Arena Point Release 1.31 Quake III Arena Point Release 1.32 QuickProjects QuickSFV (Remove only) QuickTime Rainbow Web Rayman 3 RealPlayer Ricochet Lost Worlds Recharged Ricochet Xtreme SafeCast Shared Components Shareaza version 2.2.1.0 SkinsHP1 Skype 2.5 SoftK56 Data Fax Voice Speakerphone CARP Spybot - Search & Destroy 1.4 Super Spongebob Collapse SYSTRAN Premium 5.0 The Sudoku Challenge Threewave 1.6 TicTacPhoto Torino 2006 TrackMania Nations ESWC 0.1.7.5 TrayApp Trivial Pursuit Déjanté Ulead Photo Express 4.0 Mon Edition Spéciale Ultranium2 Unload vanBasco's Karaoke Player VideoLAN VLC media player 0.8.5 VirtuallyJenna-024.002 Visionneuse Journal Windows Microsoft WebCam Monitor WebFldrs XP WebReg Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Live Messenger Windows Live Sign-in Assistant Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 2 WinISO 5.3 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est BCB6-4924 Répertoire de C:\Program Files 20/10/2007 23:42 <REP> . 20/10/2007 23:42 <REP> .. 13/07/2005 22:49 <REP> Adobe 22/11/2005 00:42 <REP> Alwil Software 12/12/2006 01:16 <REP> AnswerWorks 4.0 20/10/2007 23:40 <REP> Apple Software Update 12/12/2006 01:11 <REP> Autodesk 20/10/2007 18:10 <REP> Avira 27/09/2007 18:44 <REP> Azureus 31/10/2005 03:07 <REP> BoontyGames 18/10/2007 19:59 <REP> CCleaner 05/08/2007 01:54 <REP> CFWebAdvancedU 08/12/2004 20:25 <REP> Common Files 07/12/2004 18:11 <REP> ComPlus Applications 09/04/2005 23:55 <REP> CONEXANT 07/12/2004 19:38 <REP> Creative 18/03/2006 15:19 <REP> eBay 11/10/2006 22:54 <REP> ELAN Text To Speech 30/06/2005 08:51 <REP> Feu VERT 12/12/2006 01:11 <REP> Fichiers communs 01/05/2006 19:10 <REP> fruitella 15/02/2007 00:57 <REP> Google 18/10/2007 20:59 <REP> Grisoft 07/04/2005 21:29 <REP> Hewlett-Packard 09/04/2005 23:04 <REP> HighMAT CD Writing Wizard 17/08/2005 22:42 <REP> HP 10/10/2007 12:02 <REP> Internet Explorer 16/10/2007 20:29 <REP> Java 28/12/2004 18:43 <REP> Lavasoft 20/11/2006 13:44 <REP> MediaRescue Pro 19/01/2005 17:10 <REP> Messenger 07/12/2004 18:15 <REP> microsoft frontpage 12/12/2006 01:16 <REP> Microsoft Office 20/11/2006 10:55 <REP> Microsoft.NET 15/01/2005 02:25 <REP> Movie Maker 21/10/2007 00:20 <REP> Mozilla Firefox 26/04/2005 10:15 <REP> MSN 07/12/2004 18:11 <REP> MSN Gaming Zone 12/08/2007 18:35 <REP> MSN Messenger 19/11/2006 04:18 <REP> MSXML 4.0 01/11/2005 12:19 <REP> Music Manager 30/04/2005 13:37 <REP> NetMeeting 07/12/2004 23:05 <REP> Netropa 22/11/2005 00:29 <REP> Norton AntiVirus 13/06/2007 03:02 <REP> Outlook Express 08/01/2006 01:41 <REP> Overland 20/10/2007 23:42 <REP> QuickTime 11/03/2007 01:07 <REP> Real 22/01/2006 13:47 <REP> ReflexiveArcade 01/01/2005 01:30 <REP> RegCleaner 07/12/2004 18:14 <REP> Services en ligne 03/01/2006 15:13 <REP> Symantec 10/01/2006 22:46 <REP> SYSTRAN 07/12/2004 18:48 <REP> Temp 18/01/2006 01:37 <REP> The All-Seeing Eye 30/09/2007 16:36 <REP> thriXXX 19/10/2007 22:13 <REP> Trend Micro 03/01/2005 02:47 <REP> Ubi Soft 09/12/2004 10:11 <REP> Ubisoft 24/11/2006 03:10 <REP> vso 09/04/2005 23:02 <REP> Windows Journal Viewer 13/03/2007 21:32 <REP> Windows Media Connect 13/03/2007 21:34 <REP> Windows Media Connect 2 13/03/2007 21:34 <REP> Windows Media Player 15/01/2005 02:21 <REP> Windows NT 07/12/2004 18:15 <REP> xerox 0 fichier(s) 0 octets 66 Rép(s) 2.096.050.176 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est BCB6-4924 Répertoire de C:\Program Files\fichiers communs 12/12/2006 01:11 <REP> . 12/12/2006 01:11 <REP> .. 14/12/2004 23:39 <REP> Adobe 11/12/2004 17:51 <REP> Ahead 12/12/2006 01:17 <REP> Autodesk Shared 12/12/2006 01:16 <REP> Designer 08/12/2004 20:04 <REP> DirectX 17/08/2005 22:48 <REP> HP 16/01/2005 00:50 <REP> InstallShield 10/01/2006 14:41 <REP> Java 31/10/2005 03:08 <REP> Macrovision Shared 26/02/2007 10:23 <REP> Microsoft Shared 07/12/2004 18:12 <REP> MSSoap 07/12/2004 18:04 <REP> ODBC 20/01/2005 22:34 <REP> Real 07/12/2004 18:12 <REP> Services 07/12/2004 18:03 <REP> SpeechEngines 01/05/2006 19:08 <REP> SWF Studio 03/01/2006 15:16 <REP> Symantec Shared 13/06/2007 03:02 <REP> System 20/01/2005 22:34 <REP> xing shared 0 fichier(s) 0 octets 21 Rép(s) 2.096.050.176 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est BCB6-4924 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 20/11/2006 11:22 <REP> . 20/11/2006 11:22 <REP> .. 20/11/2006 10:59 <REP> 1033 20/11/2006 11:22 <REP> 1036 11/07/2003 11:15 1.292.872 MSONSEXT.DLL 15/07/2003 07:52 35.896 MSOSV.DLL 03/06/1999 15:09 122.937 MSOWS409.DLL 07/03/2001 10:00 127.033 MSOWS40c.DLL 06/08/2000 11:04 401.462 MSVCP60.DLL 22/01/2001 05:25 69.632 PKMAXCTL.DLL 22/01/2001 05:25 872.448 PKMCDO.DLL 22/01/2001 05:25 159.744 PKMCORE.DLL 07/02/2001 11:59 106.496 PKMFORMS.DLL 12/02/2001 06:03 684.032 PKMRES.DLL 22/01/2001 05:25 28.672 PKMSSTLB.DLL 22/01/2001 05:25 40.960 PKMTEMPL.DLL 22/01/2001 05:25 24.576 PKMTRACE.DLL 11/07/2003 03:25 80.448 PKMWS.DLL 22/01/2001 05:25 237.568 PROMDEMO.DLL 22/01/2001 05:25 184.320 SECMGR.DLL 22/01/2001 05:25 323.584 VAIDDMGR.DLL 22/01/2001 05:25 32.768 VAIMEM.DLL 18 fichier(s) 4.825.448 octets 4 Rép(s) 2.096.046.080 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est BCB6-4924 Répertoire de C:\Program Files\common files 08/12/2004 20:25 <REP> . 08/12/2004 20:25 <REP> .. 08/12/2004 20:25 <REP> System 0 fichier(s) 0 octets 3 Rép(s) 2.096.046.080 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est BCB6-4924 Répertoire de C:\ 31/10/2005 17:56 700.416 StubInstaller.exe 1 fichier(s) 700.416 octets 0 Rép(s) 2.096.046.080 octets libres c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\aspiinst.exe c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe c:\Documents and Settings\Maitre\.limewire\.NetworkShare\LimeWireWin4.12.11.exe c:\Documents and Settings\Maitre\.limewire\.NetworkShare\LimeWireWinInstaller.exe c:\Documents and Settings\Maitre\.limewire\.NetworkShare\Incomplete\T-3098056-LimeWireWin4.12.11.exe c:\Documents and Settings\Maitre\Application Data\ezpinst.exe c:\Documents and Settings\Maitre\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe c:\Documents and Settings\Maitre\Application Data\Azureus\plugins\azemp\azmplay.exe c:\Documents and Settings\Maitre\Application Data\Microsoft\Installer\{15EE79F4-4ED1-4267-9B0F-351009325D7D}\HPSUShortcut2_936C42D08CEE4BDFB8CEC4BDC93C6CF8_1.exe c:\Documents and Settings\Maitre\Application Data\Microsoft\Installer\{85CA2641-D1A2-426F-B35A-A7CFD2FD8D14}\ARPPRODUCTICON.exe c:\Documents and Settings\Maitre\Application Data\Microsoft\Installer\{85CA2641-D1A2-426F-B35A-A7CFD2FD8D14}\pando.exe_ED0ECD11C6AB405E9A06D25E96BD6FD7.exe c:\Documents and Settings\Maitre\Application Data\Microsoft\Installer\{85CA2641-D1A2-426F-B35A-A7CFD2FD8D14}\pando.exe1_ED0ECD11C6AB405E9A06D25E96BD6FD7.exe c:\Documents and Settings\Maitre\Bureau\Azureus_2.5.0.4_Win32.setup.exe c:\Documents and Settings\Maitre\Bureau\azureus_azureus_3.0_francais_11926.exe c:\Documents and Settings\Maitre\Bureau\Fixwareout.exe c:\Documents and Settings\Maitre\Bureau\HJTInstall.exe c:\Documents and Settings\Maitre\Bureau\OTMoveIt.exe c:\Documents and Settings\Maitre\Bureau\SmitfraudFix.exe c:\Documents and Settings\Maitre\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\Maitre\Bureau\DiagHelp\diff.exe c:\Documents and Settings\Maitre\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\Maitre\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Maitre\Bureau\DiagHelp\find2.exe c:\Documents and Settings\Maitre\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\Maitre\Bureau\DiagHelp\grep.exe c:\Documents and Settings\Maitre\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\Maitre\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\Maitre\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Maitre\Bureau\DiagHelp\md5sums.exe c:\Documents and Settings\Maitre\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\Maitre\Bureau\DiagHelp\streams.exe c:\Documents and Settings\Maitre\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\Maitre\Bureau\Jeux\reflexive.universal.keygen.exe c:\Documents and Settings\Maitre\Bureau\SmitfraudFix\dumphive.exe c:\Documents and Settings\Maitre\Bureau\SmitfraudFix\exit.exe c:\Documents and Settings\Maitre\Bureau\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\Maitre\Bureau\SmitfraudFix\HostsChk.exe c:\Documents and Settings\Maitre\Bureau\SmitfraudFix\Process.exe c:\Documents and Settings\Maitre\Bureau\SmitfraudFix\Reboot.exe c:\Documents and Settings\Maitre\Bureau\SmitfraudFix\restart.exe c:\Documents and Settings\Maitre\Bureau\SmitfraudFix\SmiUpdate.exe c:\Documents and Settings\Maitre\Bureau\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\Maitre\Bureau\SmitfraudFix\swreg.exe c:\Documents and Settings\Maitre\Bureau\SmitfraudFix\swsc.exe c:\Documents and Settings\Maitre\Bureau\SmitfraudFix\swxcacls.exe c:\Documents and Settings\Maitre\Bureau\SmitfraudFix\unzip.exe c:\Documents and Settings\Maitre\Bureau\SmitfraudFix\VCCLSID.exe c:\Documents and Settings\Maitre\Bureau\SmitfraudFix\WS2Fix.exe c:\Documents and Settings\Maitre\Local Settings\Application Data\Pando\Pando Files\Upgrade9584\Pando_Beta_Setup.exe c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll c:\Documents and Settings\All Users\Application Data\Hewlett-Packard\Diagnostic Assistant\data\hprbevdb.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll c:\Documents and Settings\Maitre\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\Maitre\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll ****** Fin du rapport DiagHelp
  14. platinium22
    Je c, C'est pas bien On dirait que ca fonctionne mise a part une fenetre explorer qui s'ouvre. Comment fait on pour envoyer un print-screen ici?
  15. platinium22
    voici le rapport antivir en mde sans echec AntiVir PersonalEdition Classic Report file date: samedi 20 octobre 2007 18:27 Scanning for 896968 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Maitre Computer name: BAELE-GERMAIN Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15 ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55 ANTIVIR2.VDF : 7.0.0.91 687104 Bytes 16/10/2007 16:13:00 ANTIVIR3.VDF : 7.0.0.111 177152 Bytes 19/10/2007 16:13:00 AVEWIN32.DLL : 7.6.0.27 3019264 Bytes 20/10/2007 16:13:00 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 3/08/2007 07:46:00 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 8/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 7/08/2007 11:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: F:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: samedi 20 octobre 2007 18:27 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 12 processes with 12 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'E:\' [NOTE] No virus was found! Boot sector 'F:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '36' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\All Users\Application Data\fibknobe.dll [DETECTION] Is the Trojan horse TR/Vundo.Gen [iNFO] The file was moved to '477c2cf3.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\BIT1110.tmp [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '476e2ddb.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\BIT1149.tmp [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '46112dc4.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\BIT11A8.tmp [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '476e2ddc.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\BIT127A.tmp [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '476e2ddd.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\BIT12A0.tmp [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '46112dc6.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\BIT13F6.tmp [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '476e2dde.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\BIT14B4.tmp [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '476e2ddf.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\BIT154C.tmp [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '476e2de0.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\BIT601.tmp [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '476e2de2.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\BIT687.tmp [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '46112dfb.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\BIT6D4.tmp [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '476e2de3.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\BIT721.tmp [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '46112dfc.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\BIT734.tmp [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '476e2de5.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\BIT7E2.tmp [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '476e2de4.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\BIT88F.tmp [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '46112dfd.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\BIT915.tmp [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '46112dfe.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\BIT94F.tmp [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '476e2de7.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\BIT9AF.tmp [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '46112df0.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\BITB57.tmp [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '476e2de6.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\BITBDD.tmp [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '46112dff.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\BITCC2.tmp [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '476e2de9.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\BITCFB.tmp [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '46112df2.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\BITD5A.tmp [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '476e2de8.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\BITE3E.tmp [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '46112df1.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\BITE64.tmp [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '476e2dea.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\BITFA7.tmp [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '46112df3.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\BITFBA.tmp [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '476e2dec.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\desktop_background.zip [0] Archive type: ZIP --> install-privacy-danger.bat [DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger [iNFO] The file was moved to '478d2e06.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\tmp69B.tmp [DETECTION] Contains detection pattern of the VBS script virus VBS/Click.A [iNFO] The file was moved to '478a2e16.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\tmp73A.tmp [DETECTION] Contains detection pattern of the VBS script virus VBS/Click.A [iNFO] The file was moved to '478a2e17.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\tmp78B.tmp [DETECTION] Contains detection pattern of the VBS script virus VBS/Click.A [iNFO] The file was moved to '478a2e18.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\tmp7DB.tmp [DETECTION] Contains detection pattern of the VBS script virus VBS/Click.A [iNFO] The file was moved to '46f52e01.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\tmp82C.tmp [DETECTION] Contains detection pattern of the VBS script virus VBS/Click.A [iNFO] The file was moved to '478a2e19.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\tmp87C.tmp [DETECTION] Contains detection pattern of the VBS script virus VBS/Click.A [iNFO] The file was moved to '46f52e02.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\tmp8CD.tmp [DETECTION] Contains detection pattern of the VBS script virus VBS/Click.A [iNFO] The file was moved to '478a2e1a.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\tmp96D.tmp [DETECTION] Contains detection pattern of the VBS script virus VBS/Click.A [iNFO] The file was moved to '478a2e1b.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\tmp9BD.tmp [DETECTION] Contains detection pattern of the VBS script virus VBS/Click.A [iNFO] The file was moved to '478a2e1c.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\tmpA0D.tmp [DETECTION] Contains detection pattern of the VBS script virus VBS/Click.A [iNFO] The file was moved to '478a2e1d.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\tmpA5D.tmp [DETECTION] Contains detection pattern of the VBS script virus VBS/Click.A [iNFO] The file was moved to '46f52e06.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\tmpAAE.tmp [DETECTION] Contains detection pattern of the VBS script virus VBS/Click.A [iNFO] The file was moved to '478a2e1e.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\tmpAFF.tmp [DETECTION] Contains detection pattern of the VBS script virus VBS/Click.A [iNFO] The file was moved to '478a2e1f.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\tmpB4E.tmp [DETECTION] Contains detection pattern of the VBS script virus VBS/Click.A [iNFO] The file was moved to '46f52e38.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\tmpB9E.tmp [DETECTION] Contains detection pattern of the VBS script virus VBS/Click.A [iNFO] The file was moved to '478a2e20.qua'! C:\Documents and Settings\Maitre\Local Settings\Temp\tmpBEE.tmp [DETECTION] Contains detection pattern of the VBS script virus VBS/Click.A [iNFO] The file was moved to '46f52e39.qua'! C:\RECYCLER\NPROTECT932985.EXE [DETECTION] Is the Trojan horse TR/Dropper.Gen [iNFO] The file was moved to '475333ad.qua'! C:\RECYCLER\S-1-5-21-515967899-884357618-725345543-1004\Dc4.dll [DETECTION] Is the Trojan horse TR/Yatagan.Dll [iNFO] The file was moved to '474e33e1.qua'! C:\RECYCLER\S-1-5-21-515967899-884357618-725345543-1004\Dc5.dll [DETECTION] Is the Trojan horse TR/Yatagan.Dll [iNFO] The file was moved to '474f33e1.qua'! Begin scan in 'D:\' <Disque local > D:\Mes documents\Mes fichiers reçus\calcul des charges\dll.zip [DETECTION] Contains detection pattern of the backdoor control software BDC/Revell.110.A. [iNFO] The file was moved to '478640af.qua'! D:\Mes documents\Mes fichiers reçus\grossiste\grossite monde de noel\emoticons\serie_1.rar [0] Archive type: RAR --> serie1\EMOTICON\msn messenger 6.2 + generatore di disegni\MsgPlus-301.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.AG.2 [iNFO] The file was moved to '478c415c.qua'! D:\Mes documents\Mes fichiers reçus\grossiste\grossite monde de noel\emoticons\serie1\EMOTICON\msn messenger 6.2 + generatore di disegni\MsgPlus-301.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.AG.2 [iNFO] The file was moved to '4781421e.qua'! D:\Mes documents\Mes fichiers reçus\jeux\crack reflexive\All_Reflexive_Arcade_Games_2.0.zip.exe [0] Archive type: ZIP SFX (self extracting) --> crack.exe [DETECTION] Contains detection pattern of the dropper DR/Dldr.Zlob.DMX.21 [iNFO] The file was moved to '4786429f.qua'! D:\Mes documents\Mes fichiers reçus\jeux\crack reflexive\crack.exe [DETECTION] Contains detection pattern of the dropper DR/Dldr.Zlob.DMX.21 [iNFO] The file was moved to '477b42a5.qua'! End of the scan: samedi 20 octobre 2007 20:36 Used time: 2:08:49 min The scan has been canceled! 6613 Scanning directories 472367 Files were scanned 53 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 53 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 472314 Files not concerned 3853 Archives were scanned 1 Warnings 11 Notes j'ai du arrete le scan car pas moyen de scanner seulement le C: il continuait sur les autres disques Rapport hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:26:14, on 20/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe D:\Program Files\Browser MOUSE\mouse32a.exe D:\Program Files\NetLimiter\NetLimiter.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\hphmon06.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe D:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE D:\PROGRA~1\NORTON~2\NORTON~3\GHOSTS~2.EXE C:\WINDOWS\System32\svchost.exe D:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe D:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\MSN Messenger\livecall.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Systran50premi.IEPlugIn - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - D:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: The optnet - {B02534D7-8D91-49BE-A864-97DFB8E0BAB4} - C:\WINDOWS\optnet.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] D:\Program Files\Browser MOUSE\mouse32a.exe O4 - HKLM\..\Run: [NetLimiter] D:\Program Files\NetLimiter\NetLimiter.exe /s O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HPHUPD06] D:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open and Translate in Word - res://D:\Program Files\SYSTRAN\5.0\Premium\IEShellExt.dll /10 O8 - Extra context menu item: Télécharger avec FlashGet - F:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Télécharger tout avec FlashGet - F:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Program Files\Jeux\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Program Files\Jeux\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\PROGRA~1\FlashGet\flashget.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O21 - SSODL: msmdev - {D9DEDFC9-9228-4E34-B860-BE7956824E23} - C:\WINDOWS\msmdev.dll (file missing) O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: GhostStartService - Symantec Corporation - D:\PROGRA~1\NORTON~2\NORTON~3\GHOSTS~2.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing) O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe -- End of file - 10298 bytes
  16. platinium22
    OTMoveit plante (ne repond pas). Apres avoir appuyer sur "moveit" j'ai ces lignes dans la fenetre result: File/Folder C:\WINDOWS\nsduo.dll not found File/Folder C:\WINDOWS\ntspknlg.dll not found. Donc forcement pas de rapport.
  17. platinium22
    bonjour a tous, je rentre du boulot, je reprend ou j'en etais hier. le nsduo.dll n'est pas dans le deuxieme rapport hijackhis mais avast le detect non-stop. maintenant je vais donc effectuer ce que m'a demande Malekal_morte. Merci de votre aide
  18. platinium22
    salut, malekal morte, Je n'ai pas cette ligne dans hijackhis: O2 - BHO: MSVPS System - {88418AA3-16F5-4FC2-A9D8-90B1266DF841} - C:\WINDOWS\nsduo.dll
  19. platinium22
    Petite question?: est ce normal que le nettoyeur de disque se lance quand smitfraudfix me demande si je veux nettoyer le registre? De plus , il se lance au nettoyage du disque D: Je n'ai pas eu cette question: A la question Corriger le fichier infecté ? réponds O (oui) pour remplacer le fichier corrompu. voici le deuxieme rapport. SmitFraudFix v2.240 Rapport fait à 23:38:38,53, ven. 19/10/2007 Executé à partir de C:\Documents and Settings\Maitre\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\msmdev.dll supprimé Deleting [HKEY_CLASSES_ROOT\CLSID\{856CA783-A1FC-4FF8-972B-60F5812E5F42}] Deleting [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{856CA783-A1FC-4FF8-972B-60F5812E5F42}] C:\WINDOWS\msmhost.dll supprimé Deleting [HKEY_CLASSES_ROOT\CLSID\{1DE37DA9-0D96-4A5D-980A-17D844E7D51A}] C:\WINDOWS\nsduo.dll supprimé C:\WINDOWS\privacy_danger\ supprimé »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{9C442D26-FFE6-472B-91E4-49C734BDDFEC}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS2\Services\Tcpip\..\{9C442D26-FFE6-472B-91E4-49C734BDDFEC}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\..\{9C442D26-FFE6-472B-91E4-49C734BDDFEC}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
  20. platinium22
    merci de ton aide bruce lee et pour l'acceuil. Rapport SmitFraudFix v2.240 SmitFraudFix v2.240 Rapport fait à 22:08:50,87, ven. 19/10/2007 Executé à partir de C:\Documents and Settings\Maitre\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe D:\Program Files\Browser MOUSE\mouse32a.exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe D:\Program Files\NetLimiter\NetLimiter.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\hphmon06.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe D:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\regsvr32.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\windows\system32\ctdryofnds.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE D:\PROGRA~1\NORTON~2\NORTON~3\GHOSTS~2.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe D:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe D:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\MSN Messenger\livecall.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS C:\WINDOWS\msmdev.dll PRESENT ! C:\WINDOWS\msmhost.dll PRESENT ! C:\WINDOWS\nsduo.dll PRESENT ! C:\WINDOWS\privacy_danger PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Maitre »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Maitre\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Maitre\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: ASUSTeK/Broadcom 440x 10/100 Integrated Controller - Miniport d'ordonnancement de paquets DNS Server Search Order: 192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\..\{9C442D26-FFE6-472B-91E4-49C734BDDFEC}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS2\Services\Tcpip\..\{9C442D26-FFE6-472B-91E4-49C734BDDFEC}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\..\{9C442D26-FFE6-472B-91E4-49C734BDDFEC}: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.254 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Rapport Hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:15:20, on 19/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe D:\Program Files\Browser MOUSE\mouse32a.exe C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe C:\Program Files\Netropa\Onscreen Display\OSD.exe D:\Program Files\NetLimiter\NetLimiter.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\hphmon06.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe D:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\regsvr32.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE D:\PROGRA~1\NORTON~2\NORTON~3\GHOSTS~2.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe D:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe D:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\MSN Messenger\livecall.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: MSVPS System - {480598DD-AE28-48B7-82F7-6ADDA1AA6B66} - C:\WINDOWS\ntspknlg.dll O2 - BHO: (no name) - {56F465B2-A95B-1B82-416C-0184C84A2E97} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: MSVPS System - {88418AA3-16F5-4FC2-A9D8-90B1266DF841} - C:\WINDOWS\nsduo.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: Systran50premi.IEPlugIn - {9A0844DB-84CF-4440-BDB1-1F4F7C4F7FB0} - D:\Program Files\SYSTRAN\5.0\Premium\IEPlugIn.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: The optnet - {B02534D7-8D91-49BE-A864-97DFB8E0BAB4} - C:\WINDOWS\optnet.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] D:\Program Files\Browser MOUSE\mouse32a.exe O4 - HKLM\..\Run: [NetLimiter] D:\Program Files\NetLimiter\NetLimiter.exe /s O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HPHUPD06] D:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [fibknobe] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\fibknobe.dll" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Open and Translate in Word - res://D:\Program Files\SYSTRAN\5.0\Premium\IEShellExt.dll /10 O8 - Extra context menu item: Télécharger avec FlashGet - F:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Télécharger tout avec FlashGet - F:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Program Files\Jeux\PartyGaming\PartyPoker\RunApp.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\Program Files\Jeux\PartyGaming\PartyPoker\RunApp.exe O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - F:\PROGRA~1\FlashGet\flashget.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0..._instmodule.exe O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O21 - SSODL: hostctrl - {E0BB7652-5B41-4998-92B9-EA5118242409} - C:\WINDOWS\hostctrl.dll O21 - SSODL: hstsys - {57FEEC58-F12C-4163-B702-F124C29EB1FA} - (no file) O21 - SSODL: msmhost - {CB782B5A-1377-4193-9C3D-42C684763C1D} - C:\WINDOWS\msmhost.dll O21 - SSODL: msmdev - {921ABCFA-D8DD-496D-BF26-18C23B4916C9} - C:\WINDOWS\msmdev.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: GhostStartService - Symantec Corporation - D:\PROGRA~1\NORTON~2\NORTON~3\GHOSTS~2.EXE O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe (file missing) O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe -- End of file - 10945 bytes
  21. platinium22
    bonjour a tous, Comme tant d'autre ,je suis infecte par un paquet de salete impossible a faire partir avec Avast (Je c, je viens de le lire,il n'est plus performant , je vais le changer) C:\WINDOWS\msmdev.dll PRESENT ! C:\WINDOWS\msmhost.dll PRESENT ! C:\WINDOWS\nsduo.dll PRESENT ! C:\WINDOWS\privacy_danger PRESENT ! Ces quelques lignes sont tirees d'un rapport SmitFraudFix v2.240 C:\WINDOWS\nsduo.dll C:\WINDOWS\msmdev.dll C:\DOCUME~1\Maitre\LOCALS~1\Temp\ac8zt2\main_uninstaller.exe C:\DOCUME~1\Maitre\LOCALS~1\Temp\ac8zt2\msmdev.dll C:\DOCUME~1\Maitre\LOCALS~1\Temp\ac8zt2\nsduo.dll C:\DOCUME~1\Maitre\LOCALS~1\Temp\ac8zt2\rmv.exe Celles ci viennent de avast. Pouvez vous m'aider? Merci
×
×
  • Créer...