Aller au contenu

yohan2a

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    11

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    francais, italien

yohan2a's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. yohan2a
    Bonjour, Cela fait un petit moment que lorsque j'allume ce "vieil" ordinateur, le ventilateur de celui-ci tourne à plein régime. Il y a également quelques grosses lenteurs. Ce PC n'a jamais été profondément nettoyé (hormis du Ccleaner, malwarebytes et avira). Est-ce qu'une personne peut m'indiquer les étapes à suivre pour le remettre à neuf (analyses du genre Hijackthis). Ce PC est destiné uniquement à de l'usage de bureau, du classique. Merci pour votre aide.
  2. yohan2a
    ....et voici le rapport de l'analyse faite avec Kaspersky : Wednesday, August 6, 2008 Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Wednesday, August 06, 2008 12:03:13 Records in database: 1060579 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer C:\ D:\ E:\ Scan statistics Files scanned 110508 Threat name 1 Infected objects 2 Suspicious objects 0 Duration of the scan 02:24:58 File name Threat name Threats count C:\Documents and Settings\acer\Mes documents\analyse de fichier\SmitfraudFix.zip Infected: not-a-virus:RiskTool.Win32.Reboot.f 1 C:\Documents and Settings\acer\Mes documents\analyse de fichier\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1 The selected area was scanned. j'attends vos conseils... merci d'avance
  3. yohan2a
    Voici le resultat de la nouvelle analyse avec le fichier bloc note deplacé dans combofix : ComboFix 08-07-04.6 - acer 2008-07-05 16:58:57.2 - FAT32x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1506 [GMT 2:00] Endroit: C:\Documents and Settings\acer\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\acer\Bureau\CFScript.txt * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! FILE :: C:\WINDOWS\svchost.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\gtapi.dll . ((((((((((((((((((((((((((((( Fichiers créés 2008-06-05 to 2008-07-05 )))))))))))))))))))))))))))))))))))) . 2008-06-24 07:32 . 2008-06-24 07:32 <REP> d-------- C:\Program Files\QuickTime 2008-06-24 07:32 . 2008-06-24 07:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys 2008-06-02 19:57 --------- d-----w C:\Documents and Settings\acer\Application Data\Apple Computer 2008-06-02 15:50 --------- d-----w C:\Program Files\Apple Software Update 2008-06-02 15:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-06-01 20:53 --------- d-----w C:\Program Files\Axon Data 2008-05-18 17:42 --------- d-----w C:\Program Files\Avira 2008-05-18 17:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira 2008-05-12 19:50 --------- d-----w C:\Program Files\AutoCAD 2008 2008-05-12 17:03 4,302 ----a-w C:\WINDOWS\system32\tmp.reg 2008-05-12 10:56 --------- d-----w C:\Documents and Settings\acer\Application Data\Malwarebytes 2008-05-12 10:55 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-05-12 10:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-08 14:39 --------- d-----w C:\Program Files\Trend Micro 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\RMCast.sys 2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys 2008-05-08 11:03 --------- d-----w C:\Program Files\Fichiers communs\France Telecom 2008-05-08 10:55 --------- d-----w C:\Program Files\SAGEM 2008-05-08 10:55 --------- d-----w C:\Documents and Settings\acer\Application Data\InstallShield 2008-05-08 10:54 --------- d-----w C:\Program Files\Securitoo 2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll 2008-05-07 04:55 1,294,336 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll 2008-05-05 18:46 27,048 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-05 18:46 15,864 ----a-w C:\WINDOWS\system32\drivers\mbam.sys 2008-04-28 06:03 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe 2008-04-28 06:03 82,944 ----a-w C:\WINDOWS\system32\404Fix.exe 2008-04-24 06:10 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe 2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-04-22 07:41 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-04-22 07:41 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll 2001-03-28 10:02 122,880 ----a-w C:\WINDOWS\inf\Agfa\message.exe . ((((((((((((((((((((((((((((( snapshot@2008-06-07_18.19.36.00 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-07 16:03:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-07-05 09:27:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-03-01 12:58:06 124,928 ------w C:\WINDOWS\ie7updates\KB950759-IE7\advpack.dll + 2008-03-01 12:58:06 347,136 ------w C:\WINDOWS\ie7updates\KB950759-IE7\dxtmsft.dll + 2008-03-01 12:58:06 214,528 ------w C:\WINDOWS\ie7updates\KB950759-IE7\dxtrans.dll + 2008-03-01 12:58:06 133,120 ------w C:\WINDOWS\ie7updates\KB950759-IE7\extmgr.dll + 2008-03-01 12:58:06 63,488 ------w C:\WINDOWS\ie7updates\KB950759-IE7\icardie.dll + 2008-02-29 08:56:42 70,656 ------w C:\WINDOWS\ie7updates\KB950759-IE7\ie4uinit.exe + 2008-03-01 12:58:06 153,088 ------w C:\WINDOWS\ie7updates\KB950759-IE7\ieakeng.dll + 2008-03-01 12:58:06 230,400 ------w C:\WINDOWS\ie7updates\KB950759-IE7\ieaksie.dll + 2008-02-15 05:44:26 161,792 ------w C:\WINDOWS\ie7updates\KB950759-IE7\ieakui.dll + 2008-03-01 12:58:08 383,488 ------w C:\WINDOWS\ie7updates\KB950759-IE7\ieapfltr.dll + 2008-03-01 12:58:08 384,512 ------w C:\WINDOWS\ie7updates\KB950759-IE7\iedkcs32.dll + 2008-03-01 12:58:08 6,066,176 ------w C:\WINDOWS\ie7updates\KB950759-IE7\ieframe.dll + 2008-03-01 12:58:08 44,544 ------w C:\WINDOWS\ie7updates\KB950759-IE7\iernonce.dll + 2008-03-01 12:58:08 267,776 ------w C:\WINDOWS\ie7updates\KB950759-IE7\iertutil.dll + 2008-02-22 10:00:52 13,824 ------w C:\WINDOWS\ie7updates\KB950759-IE7\ieudinit.exe + 2008-02-29 08:57:06 625,664 ------w C:\WINDOWS\ie7updates\KB950759-IE7\iexplore.exe + 2008-03-01 12:58:08 27,648 ------w C:\WINDOWS\ie7updates\KB950759-IE7\jsproxy.dll + 2008-03-01 12:58:08 459,264 ------w C:\WINDOWS\ie7updates\KB950759-IE7\msfeeds.dll + 2008-03-01 12:58:08 52,224 ------w C:\WINDOWS\ie7updates\KB950759-IE7\msfeedsbs.dll + 2008-03-01 16:28:10 3,591,680 ------w C:\WINDOWS\ie7updates\KB950759-IE7\mshtml.dll + 2008-03-01 12:58:10 478,208 ------w C:\WINDOWS\ie7updates\KB950759-IE7\mshtmled.dll + 2008-03-01 12:58:10 193,024 ------w C:\WINDOWS\ie7updates\KB950759-IE7\msrating.dll + 2008-03-01 12:58:10 671,232 ------w C:\WINDOWS\ie7updates\KB950759-IE7\mstime.dll + 2008-03-01 12:58:10 102,912 ------w C:\WINDOWS\ie7updates\KB950759-IE7\occache.dll + 2008-03-01 12:58:10 44,544 ------w C:\WINDOWS\ie7updates\KB950759-IE7\pngfilt.dll + 2007-03-06 01:34:38 216,800 ------w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe + 2007-03-06 01:35:48 394,976 ------w C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\updspapi.dll + 2008-03-01 12:58:10 105,984 ------w C:\WINDOWS\ie7updates\KB950759-IE7\url.dll + 2008-03-01 12:58:10 1,159,680 ------w C:\WINDOWS\ie7updates\KB950759-IE7\urlmon.dll + 2008-03-01 12:58:12 233,472 ------w C:\WINDOWS\ie7updates\KB950759-IE7\webcheck.dll + 2008-03-01 12:58:12 826,368 ------w C:\WINDOWS\ie7updates\KB950759-IE7\wininet.dll + 2003-07-09 19:32:28 719,568 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\ANLYZTS.DLL + 2003-08-16 08:47:02 305,768 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\ATLCONV.DLL + 2003-08-06 01:20:56 416,456 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\COMPPRJ.DLL + 2003-07-23 20:25:22 907,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\CPICOFF.DLL + 2003-07-15 09:18:12 47,160 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE + 2003-08-03 16:56:16 1,146,184 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\FM20.DLL + 2003-07-26 01:00:16 1,157,696 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL + 2003-07-26 01:14:50 799,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\FPWEC.DLL + 2003-07-14 20:57:44 87,096 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL + 2003-07-14 20:58:04 230,968 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\MSCDM.DLL + 2003-07-15 04:51:50 116,288 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\MSCONV97.DLL + 2002-12-18 01:08:50 359,600 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\MSDMENG.DLL + 2002-12-18 01:08:54 1,383,592 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\MSDMINE.DLL + 2002-04-10 02:14:36 187,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\MSMDUN80.DLL + 2003-08-08 06:23:16 12,172,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\MSO.DLL + 2002-12-18 01:09:24 2,071,752 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\MSOLAP80.DLL + 2003-08-16 07:03:42 351,336 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\MSWARP.DLL + 2003-08-04 19:19:34 7,330,360 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\OWC10.DLL + 2003-08-01 21:09:04 8,086,072 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\OWC11.DLL + 2003-08-16 08:47:04 924,384 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\PJ11OD11.DLL + 2003-08-16 07:03:34 265,320 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\PJ11TM11.DLL + 2003-08-16 07:02:46 146,024 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\PJMSGMGR.DLL + 2003-08-16 07:02:48 166,504 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\PJMSGSDR.DLL + 2003-08-16 07:05:04 4,222,056 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\PJOLEDB.DLL + 2003-08-16 07:03:38 301,672 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\PJRESC.DLL + 2003-08-16 07:03:10 220,264 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\PJSPOOL.EXE + 2003-08-16 08:47:04 1,735,272 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\PRJRES.DLL + 2003-08-16 08:47:02 641,760 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\SERCONV.DLL + 2003-07-03 21:19:36 2,502,656 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\VBE6.DLL + 2003-07-19 01:14:34 346,880 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\VISPRJ.DLL + 2003-08-16 08:47:04 11,299,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.5614\WINPROJ.EXE + 2004-08-02 06:51:16 719,720 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.7969\ANLYZTS.DLL + 2005-08-01 09:56:38 305,944 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.7969\ATLCONV.DLL + 2005-07-22 15:47:14 12,242,624 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.7969\MSO.DLL + 2005-08-01 09:56:42 924,560 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.7969\PJ11OD11.DLL + 2005-08-01 09:06:48 269,592 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.7969\PJ11TM11.DLL + 2005-08-01 09:06:54 4,234,520 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.7969\PJOLEDB.DLL + 2005-09-16 08:46:44 301,776 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.7969\PJRESC.DLL + 2005-09-16 08:45:14 220,368 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.7969\PJSPOOL.EXE + 2005-08-01 09:56:42 1,735,448 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.7969\PRJRES.DLL + 2005-08-01 09:56:40 641,936 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.7969\SERCONV.DLL + 2004-05-24 17:45:10 2,482,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.7969\VBE6.DLL + 2005-08-01 09:56:42 11,259,248 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\C040B30900063D11C8EF10054038389C\11.0.7969\WINPROJ.EXE - 2008-03-17 13:01:54 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2008-06-12 13:03:00 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe - 2008-03-17 13:01:54 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2008-06-12 13:03:00 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2008-03-17 13:01:54 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2008-06-12 13:03:00 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe - 2008-03-17 13:01:54 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe + 2008-06-12 13:03:00 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe - 2008-03-17 13:01:54 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2008-06-12 13:03:00 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2008-03-17 13:01:54 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2008-06-12 13:03:00 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2008-03-17 13:01:54 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2008-06-12 13:03:00 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2008-03-17 13:01:54 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2008-06-12 13:03:00 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2008-03-17 13:01:54 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2008-06-12 13:03:00 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2008-03-17 13:01:54 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2008-06-12 13:03:00 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe - 2008-03-17 13:01:54 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2008-06-12 13:03:00 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2008-03-17 13:01:54 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2008-06-12 13:03:00 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2008-03-17 13:01:54 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2008-06-12 13:03:00 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe - 2007-10-10 18:43:00 135,168 ----a-r C:\WINDOWS\Installer\{903B040C-6000-11D3-8CFE-0150048383C9}\misc.exe + 2008-06-12 13:02:34 135,168 ----a-r C:\WINDOWS\Installer\{903B040C-6000-11D3-8CFE-0150048383C9}\misc.exe - 2007-10-10 18:43:00 4,096 ----a-r C:\WINDOWS\Installer\{903B040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2008-06-12 13:02:34 4,096 ----a-r C:\WINDOWS\Installer\{903B040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2007-10-10 18:43:00 147,456 ----a-r C:\WINDOWS\Installer\{903B040C-6000-11D3-8CFE-0150048383C9}\pj11icon.exe + 2008-06-12 13:02:34 147,456 ----a-r C:\WINDOWS\Installer\{903B040C-6000-11D3-8CFE-0150048383C9}\pj11icon.exe - 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe + 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe - 2008-03-01 12:58:06 124,928 ----a-w C:\WINDOWS\system32\advpack.dll + 2008-04-23 04:16:40 124,928 ----a-w C:\WINDOWS\system32\advpack.dll - 2008-03-01 12:58:06 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll + 2008-04-23 04:16:40 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll - 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2008-04-23 04:16:40 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2008-04-23 04:16:40 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2008-03-01 12:58:06 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll + 2008-04-23 04:16:40 133,120 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll - 2008-03-01 12:58:06 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll + 2008-04-23 04:16:40 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll - 2008-03-01 12:58:06 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll + 2008-04-23 04:16:40 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll - 2008-03-01 12:58:06 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll + 2008-04-23 04:16:40 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll - 2008-03-01 12:58:08 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll + 2008-04-23 04:16:40 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll - 2008-03-01 12:58:08 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll + 2008-04-23 04:16:40 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll - 2008-03-01 12:58:08 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll + 2008-04-23 04:16:40 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll - 2008-03-01 12:58:08 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll + 2008-04-23 04:16:40 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll - 2008-03-01 12:58:08 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll + 2008-04-23 04:16:40 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll - 2008-03-01 12:58:08 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2008-04-23 04:16:40 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll - 2008-03-01 12:58:08 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll + 2008-04-23 04:16:40 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll - 2008-03-01 12:58:08 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll + 2008-04-23 04:16:40 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll - 2008-03-01 12:58:10 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2008-04-23 04:16:40 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2008-03-01 12:58:10 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll + 2008-04-23 04:16:40 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll - 2008-03-01 12:58:10 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll + 2008-04-23 04:16:40 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll - 2008-03-01 12:58:10 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll + 2008-04-23 04:16:40 102,912 ----a-w C:\WINDOWS\system32\dllcache\occache.dll - 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2008-04-23 04:16:40 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll - 2008-03-01 12:58:10 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll + 2008-04-23 04:16:40 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll - 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll + 2008-04-23 04:16:40 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll - 2008-03-01 12:58:12 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll + 2008-04-23 04:16:40 233,472 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll - 2008-03-01 12:58:12 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll + 2008-04-23 04:16:40 826,368 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll - 2008-03-01 12:58:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2008-04-23 04:16:40 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2008-03-01 12:58:06 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2008-04-23 04:16:40 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2008-03-01 12:58:06 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll + 2008-04-23 04:16:40 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll - 2003-08-03 16:56:16 1,146,184 ----a-w C:\WINDOWS\system32\FM20.DLL + 2005-03-17 12:39:58 1,146,320 ----a-w C:\WINDOWS\system32\FM20.DLL - 2008-03-01 12:58:06 63,488 ----a-w C:\WINDOWS\system32\icardie.dll + 2008-04-23 04:16:40 63,488 ----a-w C:\WINDOWS\system32\icardie.dll - 2008-02-29 08:56:42 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe + 2008-04-22 07:41:08 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe - 2008-03-01 12:58:06 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll + 2008-04-23 04:16:40 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll - 2008-03-01 12:58:06 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll + 2008-04-23 04:16:40 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll - 2008-02-15 05:44:26 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll + 2008-04-20 05:07:52 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll - 2008-03-01 12:58:08 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll + 2008-04-23 04:16:40 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll - 2008-03-01 12:58:08 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll + 2008-04-23 04:16:40 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll - 2008-03-01 12:58:08 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll + 2008-04-23 04:16:40 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll - 2008-03-01 12:58:08 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll + 2008-04-23 04:16:40 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll - 2008-03-01 12:58:08 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll + 2008-04-23 04:16:40 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll - 2008-02-22 10:00:52 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe + 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe - 2008-06-07 16:07:44 227,306 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin + 2008-07-05 09:31:24 227,302 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin - 2008-03-01 12:58:08 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2008-04-23 04:16:40 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll - 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-05-29 23:35:12 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe - 2008-03-01 12:58:08 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll + 2008-04-23 04:16:40 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll - 2008-03-01 12:58:08 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll + 2008-04-23 04:16:40 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll - 2008-03-01 16:28:10 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll + 2008-04-23 20:16:42 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll - 2008-03-01 12:58:10 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2008-04-23 04:16:40 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2008-03-01 12:58:10 193,024 ----a-w C:\WINDOWS\system32\msrating.dll + 2008-04-23 04:16:40 193,024 ----a-w C:\WINDOWS\system32\msrating.dll - 2008-03-01 12:58:10 671,232 ----a-w C:\WINDOWS\system32\mstime.dll + 2008-04-23 04:16:40 671,232 ----a-w C:\WINDOWS\system32\mstime.dll - 2008-03-01 12:58:10 102,912 ----a-w C:\WINDOWS\system32\occache.dll + 2008-04-23 04:16:40 102,912 ----a-w C:\WINDOWS\system32\occache.dll - 2008-03-01 12:58:10 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2008-04-23 04:16:40 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll - 2006-09-25 15:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll + 2007-11-30 11:19:06 18,296 ------w C:\WINDOWS\system32\spmsg.dll - 2008-03-01 12:58:10 105,984 ----a-w C:\WINDOWS\system32\url.dll + 2008-04-23 04:16:40 105,984 ----a-w C:\WINDOWS\system32\url.dll - 2008-03-01 12:58:10 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll + 2008-04-23 04:16:40 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll - 2008-03-01 12:58:12 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll + 2008-04-23 04:16:40 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll - 2008-03-01 12:58:12 826,368 ----a-w C:\WINDOWS\system32\wininet.dll + 2008-04-23 04:16:40 826,368 ----a-w C:\WINDOWS\system32\wininet.dll + 2008-07-05 09:27:24 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_6bc.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-11-24 15:38 94208] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360] "BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 00:01 43008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LaunchApp"="Alaunch" [X] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17 118784] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248] "ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29 352256] "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54 3080704] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-03 18:11 185896] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-12 16:11 7577600] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-12 16:11 86016] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696] "SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 20:00 110592 C:\WINDOWS\system32\bthprops.cpl] "MsmqIntCert"="mqrt.dll" [2007-07-06 13:50 177152 C:\WINDOWS\system32\mqrt.dll] "RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 16248320 C:\WINDOWS\RTHDCPL.exe] "nwiz"="nwiz.exe" [2006-06-12 16:11 1519616 C:\WINDOWS\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2006-03-13 13:11 233472] [HKLM\~\startupfolder\C:^Documents and Settings^acer^Menu Démarrer^Programmes^Démarrage^MSN Pictures Displayer.lnk] path=C:\Documents and Settings\acer\Menu Démarrer\Programmes\Démarrage\MSN Pictures Displayer.lnk backup=C:\WINDOWS\pss\MSN Pictures Displayer.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup = [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine] [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoWeather] [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] --a------ 2007-07-02 11:29 220544 C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] --a------ 2007-09-08 00:01 43008 C:\Program Files\BitTorrent\bittorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCarteBleue-BP] --a------ 2003-06-20 11:09 188416 C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] --a------ 2004-08-10 20:00 208952 C:\WINDOWS\ime\imjp8_1\imjpmig.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant] --a------ 2006-06-26 15:47 331776 C:\Program Files\Acer\OrbiCam\CameraAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]] --a------ 2006-06-26 15:55 73728 C:\Program Files\Acer\OrbiCam\InstallHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] --a------ 2006-06-23 10:39 225280 C:\WINDOWS\system32\LVCOMSX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI] --a------ 2006-05-15 11:15 45056 C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager] --a------ 2007-07-24 19:03 102400 C:\Program Files\Orange HSS\SessionManager\SessionManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] --a------ 2004-08-10 20:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] --a------ 2004-08-10 20:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote] --------- 2006-02-16 15:37 90112 C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS] --------- 2006-02-10 16:02 65536 C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2007-02-20 13:06 741376 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2006-03-03 13:07 761946 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystrayORAHSS] --a------ 2007-07-24 19:55 94208 C:\Program Files\Orange HSS\Systray\SystrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-06-12 16:11 1519616 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SQLAgent$PINNACLESYS"=3 (0x3) "SolidWorks Licensing Service"=3 (0x3) "PinnacleSys.MediaServer"=2 (0x2) "ose"=3 (0x3) "MSSQLServerADHelper"=3 (0x3) "MSSQL$PINNACLESYS"=2 (0x2) "AWService"=2 (0x2) "AVG Anti-Spyware Guard"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Real\\RealPlayer\\REALPLAY.EXE"= "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\System32\\mqsvc.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\SopCast\\sopvod.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "40450:TCP"= 40450:TCP:192.168.1.11/255.255.255.255:Enabled:eMule_TCP "38885:UDP"= 38885:UDP:192.168.1.11/255.255.255.255:Enabled:eMule_UDP [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41] R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-19 12:20] R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40] S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46] S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34] S3 USB28xxBGA;PCTV Hybrid Pro* Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-02-08 14:12] S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-02-08 14:12] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 20:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{753d9ab8-775e-11dc-a13a-0016d41d443b}] \Shell\AutoRun\command - F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c393adc-cf57-11dc-a199-0018de265167}] \Shell\AutoRun\command - F:\Setup.exe *Newly Created Service* - CATCHME *Newly Created Service* - INT15.SYS . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-04-22 18:56:24 C:\WINDOWS\Tasks\PMCS_Wakeup633444945821924321.job" - C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe "2008-06-24 05:31:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-!AVG Anti-Spyware - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe MSConfigStartUp-BDAgent - C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe MSConfigStartUp-BitDefender Antiphishing Helper - C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe MSConfigStartUp-DAEMON Tools - C:\Program Files\DAEMON Tools\daemon.exe MSConfigStartUp-MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe MSConfigStartUp-Pando - C:\Program Files\Pando Networks\Pando\Pando.exe MSConfigStartUp-SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe MSConfigStartUp-SunJavaUpdateSched - C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-05 17:01:19 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-07-05 17:01:59 ComboFix-quarantined-files.txt 2008-07-05 15:01:58 ComboFix2.txt 2008-06-07 16:20:00 Pre-Run: 1,767,538,688 octets libres Post-Run: 1,819,803,648 octets libres 476 --- E O F --- 2008-06-19 23:41:57
  4. yohan2a
    Voici le résultat de l'analyse avec comboFix ComboFix 08-05-29.1 - acer 2008-06-07 17:59:52.1 - FAT32x86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1428 [GMT 2:00] Endroit: C:\Documents and Settings\acer\Bureau\ComboFix.exe * Création d'un nouveau point de restauration AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\ADS Plugins C:\Program Files\ADS Plugins\ContextHelper.xpi C:\Program Files\ADS Plugins\Enigma.dll C:\Program Files\ADS Plugins\uninstall.exe C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\system32\Cache C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\WanPacket.dll C:\WINDOWS\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IPRIP -------\Legacy_NPF -------\Service_Iprip -------\Service_NPF -------\Service_poof ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-07 to 2008-06-07 )))))))))))))))))))))))))))))))))))) . 2008-06-02 21:57 . 2008-06-02 21:57 <REP> d-------- C:\Documents and Settings\acer\Application Data\Apple Computer 2008-06-02 17:50 . 2008-06-02 17:50 <REP> d-------- C:\Program Files\Apple Software Update 2008-06-02 17:50 . 2008-06-02 17:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-06-01 22:53 . 2008-06-01 22:53 <REP> d-------- C:\Program Files\Axon Data 2008-06-01 22:08 . 2008-06-01 22:08 <REP> d-------- C:\Program Files\QuickTime 2008-06-01 22:08 . 2008-06-01 22:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-05-18 19:42 . 2008-05-18 19:42 <REP> d-------- C:\Program Files\Avira 2008-05-18 19:42 . 2008-05-18 19:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-05-16 22:08 . 2008-05-16 22:08 11,583,651 --a------ C:\upload_moi_ACER-1F614B65C2.tar.gz 2008-05-12 21:50 . 2008-05-12 21:50 <REP> d-------- C:\Program Files\AutoCAD 2008 2008-05-12 21:37 . 2008-05-12 21:37 <REP> d-------- C:\Autocad 2008 Fr Complet 2008-05-12 19:03 . 2008-05-12 19:03 4,302 --a------ C:\WINDOWS\system32\tmp.reg 2008-05-12 19:01 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-05-12 19:01 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-05-12 19:01 . 2008-04-24 08:10 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-05-12 19:01 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-05-12 19:01 . 2008-04-28 08:03 82,944 --a------ C:\WINDOWS\system32\404Fix.exe 2008-05-12 19:01 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-05-12 19:01 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-05-12 19:01 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-05-12 12:56 . 2008-05-12 12:56 <REP> d-------- C:\Documents and Settings\acer\Application Data\Malwarebytes 2008-05-12 12:55 . 2008-05-12 12:55 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-12 12:55 . 2008-05-12 12:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-12 12:55 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-12 12:55 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-08 16:39 . 2008-05-08 16:39 <REP> d-------- C:\Program Files\Trend Micro 2008-05-08 13:03 . 2007-07-31 14:57 65,536 --a------ C:\WINDOWS\system32\Autodial2000.dll 2008-05-08 13:02 . 2008-05-08 13:03 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom 2008-05-08 12:55 . 2008-05-08 12:55 <REP> d-------- C:\Program Files\SAGEM 2008-05-08 12:55 . 2008-05-08 12:55 <REP> d-------- C:\Documents and Settings\acer\Application Data\InstallShield 2008-05-08 12:54 . 2008-05-08 12:54 <REP> d-------- C:\Program Files\Securitoo . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-08 12:28 --------- d-----w C:\Program Files\Microsoft SharedView 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll 2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll 2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-11-24 15:38 94208] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 11:29 220544] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17 94208] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17 118784] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512] "LaunchApp"="Alaunch" [] "SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248] "ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-10 20:00 110592 C:\WINDOWS\system32\bthprops.cpl] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29 352256] "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54 3080704] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920] "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-03 18:11 185896] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392] "MsmqIntCert"="regsvr32 /s mqrt.dll" [] "LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152] "RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 16248320 C:\WINDOWS\RTHDCPL.exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-12 16:11 7577600] "nwiz"="nwiz.exe" [2006-06-12 16:11 1519616 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-12 16:11 86016] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "5T19I3B27A"= C:\WINDOWS\svchost.exe [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 13:11 233472] [HKLM\~\startupfolder\C:^Documents and Settings^acer^Menu Démarrer^Programmes^Démarrage^MSN Pictures Displayer.lnk] path=C:\Documents and Settings\acer\Menu Démarrer\Programmes\Démarrage\MSN Pictures Displayer.lnk backup=C:\WINDOWS\pss\MSN Pictures Displayer.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Desktop Search.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Desktop Search.lnk backup=C:\WINDOWS\pss\Windows Desktop Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] --a------ 2007-07-02 11:29 220544 C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent] C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] --a------ 2007-09-08 00:01 43008 C:\Program Files\BitTorrent\bittorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCarteBleue-BP] --a------ 2003-06-20 11:09 188416 C:\Program Files\e-Carte Bleue\Banque Populaire\ECB-BP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoWeather] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1] --a------ 2004-08-10 20:00 208952 C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant] --a------ 2006-06-26 15:47 331776 C:\Program Files\Acer\OrbiCam\CameraAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]] --a------ 2006-06-26 15:55 73728 C:\Program Files\Acer\OrbiCam\InstallHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX] --a------ 2006-06-23 10:39 225280 C:\WINDOWS\system32\LVCOMSX.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\MSN Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI] --a------ 2006-05-15 11:15 45056 C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2006-06-12 16:11 1519616 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager] --a------ 2007-07-24 19:03 102400 C:\Program Files\Orange HSS\SessionManager\SessionManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando] C:\Program Files\Pando Networks\Pando\Pando.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] --a------ 2004-08-10 20:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] --a------ 2004-08-10 20:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote] --------- 2006-02-16 15:37 90112 C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCS] --------- 2006-02-10 16:02 65536 C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2007-02-20 13:06 741376 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2006-03-03 13:07 761946 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystrayORAHSS] --a------ 2007-07-24 19:55 94208 C:\Program Files\Orange HSS\Systray\SystrayApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SQLAgent$PINNACLESYS"=3 (0x3) "SolidWorks Licensing Service"=3 (0x3) "PinnacleSys.MediaServer"=2 (0x2) "ose"=3 (0x3) "MSSQLServerADHelper"=3 (0x3) "MSSQL$PINNACLESYS"=2 (0x2) "AWService"=2 (0x2) "AVG Anti-Spyware Guard"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\SopCast\\SopCast.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"= "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Real\\RealPlayer\\REALPLAY.EXE"= "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "C:\\WINDOWS\\System32\\mqsvc.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\SopCast\\sopvod.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "40450:TCP"= 40450:TCP:192.168.1.11/255.255.255.255:Enabled:eMule_TCP "38885:UDP"= 38885:UDP:192.168.1.11/255.255.255.255:Enabled:eMule_UDP [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41] R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-06-19 12:20] R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-06-23 10:40] S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46] S3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34] S3 USB28xxBGA;PCTV Hybrid Pro* Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-02-08 14:12] S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-02-08 14:12] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 20:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{753d9ab8-775e-11dc-a13a-0016d41d443b}] \Shell\AutoRun\command - F:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c393adc-cf57-11dc-a199-0018de265167}] \Shell\AutoRun\command - F:\Setup.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-04-22 18:56:24 C:\WINDOWS\Tasks\PMCS_Wakeup633444945821924321.job" - C:\Program Files\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe "2008-06-02 15:50:16 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-07 18:17:49 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\LOGITECH\LVMVFM\LVPRCSRV.EXE C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE C:\WINDOWS\SYSTEM32\MSDTC.EXE C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE C:\WINDOWS\EHOME\EHRECVR.EXE C:\WINDOWS\EHOME\EHSCHED.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\FRANCE TELECOM\SHARED MODULES\FTRTSVC\0\FTRTSVC.EXE C:\WINDOWS\SYSTEM32\INETSRV\INETINFO.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE C:\WINDOWS\SYSTEM32\NVSVC32.EXE C:\WINDOWS\SYSTEM32\HPZIPM12.EXE C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE C:\WINDOWS\SYSTEM32\TCPSVCS.EXE C:\WINDOWS\SYSTEM32\SNMP.EXE C:\PROGRAM FILES\ALCOHOL SOFT\ALCOHOL 120\STARWIND\STARWINDSERVICEAE.EXE C:\WINDOWS\EHOME\MCRDSVC.EXE C:\WINDOWS\SYSTEM32\MQSVC.EXE C:\WINDOWS\SYSTEM32\MQTGSVC.EXE C:\WINDOWS\SYSTEM32\DLLHOST.EXE C:\WINDOWS\SYSTEM32\WSCNTFY.EXE C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\EHOME\EHMSAS.EXE C:\PROGRAM FILES\LAUNCH MANAGER\LMANAGER.EXE C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\DOCUME~1\acer\LOCALS~1\Temp\RtkBtMnt.exe . ************************************************************************** . Temps d'accomplissement: 2008-06-07 18:19:58 - machine was rebooted ComboFix-quarantined-files.txt 2008-06-07 16:19:54 Pre-Run: 3,092,643,840 octets libres Post-Run: 3,727,720,448 octets libres 301 --- E O F --- 2008-06-07 13:01:35
  5. yohan2a
    vous me demandez d'installer la console non ??? " 1)Certaines infections (Rootkit en Mbr)ne peuvent être traitées qu'en utilisant la Console de Récupération, Nous allons d'abord installer la Console de Récupération sur le pc . Cela permettra de réparer le système au cas ou le pc ne redémarrerait plus suite à la désinfection. " je n'ai pas le CD de windows xp, donc dans ce cas ils disent de telecharger la console de recupération...moi je ne fais que suivre ce qu"il y a ecrit dans le tutoriel ! est ce qu"il y a une console de recupération installée sur les ordinateurs à l'origine ??? merci
  6. yohan2a
    je veux faire l'analyse. sur le tutoriel on demande d'installer la console de recuparation à partir du site microsoft car je n'est pas le CD windows XP. Le problème c'est que les version de windows XP qui proposent aucunes de corresponds à ce que j'ai. Ils demandent de choisir notre version de XP, soit edition pro ou familial et le service pack que j'ai. Le petit soucis c'est que j'ai la version MEDIA CENTER EDITION de windows XP, et je ne sais pas à quelle version de windows ça correspond, si c'est l'edition familial ou pro ??? merci de repondre ! j'ai pas envi de choisir n'importe quoi, je pense que c'est l'edtion familial mais alors je n'aurais plus media center ?!
  7. yohan2a
    d'accord ! merci pour votre aide ! mais je ne fais pas l'option 2 alors ??? celle dans votre precedent message ? puis j'utilise desormais une ip fixe, depuis quelque jours, depuis que orange a fait une mauvaise mise à jour de la livebox...
  8. yohan2a
    Voici le resultat de l'analyse avec le logiciel diag help : DiagHelp version v1.4 - http://www.malekal.com excute le 16/05/2008 à 22:08:00,73 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->16/05/2008 22:07:42 C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->16/05/2008 22:07:40 C:\WINDOWS\prefetch\WSCNTFY.EXE-0B14C27D.pf -->16/05/2008 22:07:10 C:\WINDOWS\prefetch\WINRAR.EXE-0AA31BB9.pf -->16/05/2008 22:06:22 C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf -->16/05/2008 22:06:16 C:\WINDOWS\prefetch\EXPLORER.EXE-02121B1A.pf -->16/05/2008 22:05:58 C:\WINDOWS\prefetch\NMINDEXSTORESVR.EXE-13F11D87.pf -->16/05/2008 22:03:08 C:\WINDOWS\prefetch\REALPLAY.EXE-05411014.pf -->16/05/2008 21:55:58 C:\WINDOWS\prefetch\WUAUCLT.EXE-1360D60A.pf -->16/05/2008 21:30:18 C:\WINDOWS\prefetch\CIDAEMON.EXE-01BEEBF3.pf -->16/05/2008 20:55:56 C:\WINDOWS\System32\drivers\mbamcatchme.sys -->05/05/2008 20:46:36 C:\WINDOWS\System32\drivers\mbam.sys -->05/05/2008 20:46:32 C:\WINDOWS\System32\drivers\aswFsBlk.sys -->29/03/2008 19:35:50 C:\WINDOWS\System32\drivers\aswmon2.sys -->29/03/2008 19:35:22 C:\WINDOWS\System32\drivers\aswSP.sys -->29/03/2008 19:31:34 C:\WINDOWS\System32\drivers\aswRdr.sys -->29/03/2008 19:29:08 C:\WINDOWS\System32\drivers\aswTdi.sys -->29/03/2008 19:27:34 C:\WINDOWS\System32\eRLog.ini -->16/05/2008 20:49:44 C:\WINDOWS\System32\nvapps.xml -->16/05/2008 20:49:28 C:\WINDOWS\System32\wpa.dbl -->14/05/2008 00:13:40 C:\WINDOWS\System32\FNTCACHE.DAT -->14/05/2008 00:13:34 C:\WINDOWS\System32\tmp.txt -->12/05/2008 19:03:08 C:\WINDOWS\System32\tmp.reg -->12/05/2008 19:03:08 C:\WINDOWS\System32\MRT.exe -->09/05/2008 23:35:04 C:\WINDOWS\System32\PerfStringBackup.INI -->08/05/2008 13:55:32 C:\WINDOWS\System32\perfh00C.dat -->08/05/2008 13:55:32 C:\WINDOWS\System32\perfc00C.dat -->08/05/2008 13:55:32 C:\WINDOWS\System32\perfh009.dat -->08/05/2008 13:55:32 C:\WINDOWS\System32\perfc009.dat -->08/05/2008 13:55:32 C:\WINDOWS\System32\404Fix.exe -->28/04/2008 08:03:06 C:\WINDOWS\System32\IEDFix.exe -->28/04/2008 08:03:06 C:\WINDOWS\System32\VACFix.exe -->24/04/2008 08:10:34 C:\WINDOWS\System32\CONFIG.NT -->05/04/2008 19:05:32 C:\WINDOWS\System32\CompiledAdapter -->01/04/2008 13:08:46 C:\WINDOWS\System32\aswBoot.exe -->29/03/2008 19:45:50 C:\WINDOWS\System32\AvastSS.scr -->29/03/2008 19:23:22 C:\WINDOWS\System32\mswstr10.dll -->25/03/2008 06:51:10 C:\WINDOWS\System32\msjint40.dll -->25/03/2008 06:51:08 C:\WINDOWS\System32\mswdat10.dll -->25/03/2008 06:50:58 C:\WINDOWS\System32\msxbde40.dll -->25/03/2008 06:50:58 C:\WINDOWS\System32\mstext40.dll -->25/03/2008 06:50:56 C:\WINDOWS\System32\msrepl40.dll -->25/03/2008 06:50:52 C:\WINDOWS\win.ini -->16/05/2008 20:54:22 C:\WINDOWS\WindowsUpdate.log -->16/05/2008 20:52:56 C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt -->16/05/2008 20:49:30 C:\WINDOWS\wiadebug.log -->16/05/2008 20:48:26 C:\WINDOWS\0.log -->16/05/2008 20:48:14 C:\WINDOWS\bootstat.dat -->16/05/2008 20:48:12 C:\WINDOWS\SchedLgU.Txt -->16/05/2008 12:17:22 C:\WINDOWS\wiaservc.log -->16/05/2008 12:17:16 C:\WINDOWS\bthservsdp.dat -->16/05/2008 12:17:14 C:\WINDOWS\wmsetup.log -->16/05/2008 09:53:04 C:\WINDOWS\ModemLog_Sony Ericsson Device 616 USB WMC Modem.txt -->15/05/2008 00:27:40 C:\WINDOWS\ModemLog_Sony Ericsson Device 616 USB WMC Data Modem.txt -->15/05/2008 00:27:38 C:\WINDOWS\ehOCGen.log -->14/05/2008 21:30:40 C:\WINDOWS\MedCtrOC.log -->14/05/2008 21:30:40 C:\WINDOWS\ocmsn.log -->14/05/2008 21:30:40 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ EXPLORER.EXE pid: 1656 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x44080000 0xd0000 7.00.6000.16640 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16640 C:\WINDOWS\system32\iertutil.dll 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x10000000 0x16000 9.04.0004.1082 C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x55df0000 0xd000 17.01.0051.0000 C:\WINDOWS\system32\AcSignIcon.dll 0x782e0000 0x10c000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80U.DLL 0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll 0x5d360000 0xf000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\MFC80FRA.DLL 0x55fe0000 0x52000 17.01.0051.0000 C:\Program Files\Fichiers communs\Autodesk Shared\AcSignCore16.dll 0x7c420000 0x87000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x44360000 0x5cd000 7.00.6000.16640 C:\WINDOWS\system32\ieframe.dll 0x44160000 0x127000 7.00.6000.16640 C:\WINDOWS\system32\urlmon.dll 0x442b0000 0x3c000 7.00.6000.16640 C:\WINDOWS\system32\webcheck.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x02490000 0x7000 1.00.0000.0001 C:\WINDOWS\system32\MSNChatHook.dll 0x024a0000 0xe000 1.20.0000.0001 C:\WINDOWS\system32\sysenv.dll 0x7c250000 0x102000 7.10.3077.0000 C:\WINDOWS\system32\MFC71U.DLL 0x024d0000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll 0x02550000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x00db0000 0x8000 0.09.0007.0003 C:\Acer\Empowering Technology\ePower\SysHook.dll 0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL 0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL 0x03180000 0x3b000 2.06.5000.5378 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll ------------------------------------------------------------------------------ EXPLORER.EXE pid: 5628 Command line: "C:\WINDOWS\Explorer.EXE" /IDLIST,:1908:1656,/S Base Size Version Path 0x44080000 0xd0000 7.00.6000.16640 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16640 C:\WINDOWS\system32\iertutil.dll 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x10000000 0x16000 9.04.0004.1082 C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcInj.dll 0x00320000 0x7000 1.00.0000.0001 C:\WINDOWS\system32\MSNChatHook.dll 0x00330000 0xe000 1.20.0000.0001 C:\WINDOWS\system32\sysenv.dll 0x7c250000 0x102000 7.10.3077.0000 C:\WINDOWS\system32\MFC71U.DLL 0x00db0000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll 0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x44360000 0x5cd000 7.00.6000.16640 C:\WINDOWS\system32\ieframe.dll 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x44160000 0x127000 7.00.6000.16640 C:\WINDOWS\system32\urlmon.dll 0x55df0000 0xd000 17.01.0051.0000 C:\WINDOWS\system32\AcSignIcon.dll 0x782e0000 0x10c000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80U.DLL 0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll 0x017f0000 0xf000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_3415f6d0\MFC80FRA.DLL 0x018f0000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 0x01950000 0x43000 2.06.5000.5378 C:\Program Files\Windows Desktop Search\dsWebAllow.dll 0x780c0000 0x61000 6.05.2144.0000 C:\Program Files\Windows Desktop Search\msvcp60.dll 0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll 0x02100000 0x3000 2.06.5000.5378 C:\Program Files\Windows Desktop Search\fr-fr\dsWebAllowRes.dll.mui 0x02110000 0x5000 2.06.5000.5378 C:\Program Files\Windows Desktop Search\dsWebAllowRes.dll 0x02120000 0x185000 1.05.0000.0011 C:\PROGRA~1\SPYBOT~1\SDHelper.dll 0x43ff0000 0xa000 7.00.6000.16640 C:\WINDOWS\system32\jsproxy.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x02a10000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 0x02870000 0x8000 0.09.0007.0003 C:\Acer\Empowering Technology\ePower\SysHook.dll 0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL 0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x02e50000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x7c420000 0x87000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll 0x55fe0000 0x52000 17.01.0051.0000 C:\Program Files\Fichiers communs\Autodesk Shared\AcSignCore16.dll 0x02eb0000 0x1b9000 2.00.0000.0008 C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll 0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL 0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll 0x55ee0000 0x1b000 17.01.0051.0000 C:\Program Files\Fichiers communs\Autodesk Shared\AcShellEx\AcShellExtension.dll 0x7c630000 0x1b000 8.00.50727.0042 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.DLL 0x02df0000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x03070000 0x3b000 2.06.5000.5378 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll 0x02c50000 0x2b000 C:\Program Files\WinRAR\rarext.dll 0x02810000 0xa000 1.20.0000.0000 C:\WINDOWS\system32\eDSshellExt.dll 0x7c120000 0x19000 7.10.3077.0000 C:\WINDOWS\system32\ATL71.DLL 0x03a30000 0x2cd000 1.01.0000.0341 C:\Program Files\Fichiers communs\Autodesk Shared\dwf Common\DWFShellExtension.dll 0x02880000 0xc000 1.01.0000.0341 C:\Program Files\Fichiers communs\Autodesk Shared\dwf Common\DWFShellExtensionRes.dll 0x03d00000 0x28000 4.52.0000.0000 C:\Program Files\7-Zip\7-zip.dll 0x028a0000 0x14000 2.00.0000.0006 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll 0x02c30000 0x6000 C:\Program Files\Unlocker\UnlockerCOM.dll 0x03e30000 0x8000 1.00.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 0x64f00000 0x12000 4.08.1169.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ WINLOGON.EXE pid: 1140 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 0954-16DC Répertoire de C:\WINDOWS\system 25/12/1998 08:15 345 983 RCDsetup.exe 1 fichier(s) 345 983 octets 0 Rép(s) 3 922 198 528 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 0954-16DC Répertoire de C:\WINDOWS\system32 10/08/2004 20:00 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 3 922 198 528 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 0954-16DC Répertoire de C:\WINDOWS\Downloaded Program Files 10/10/2006 11:16 <REP> . 10/10/2006 11:16 <REP> .. 19/08/2006 04:42 65 desktop.ini 11/06/2007 12:21 5 021 swflash.inf 25/09/2007 01:33 1 055 jinstall-6u3.inf 11/04/2007 14:55 1 292 erma.inf 12/02/2007 08:24 114 792 IDropENU.dll 16/02/2007 13:15 114 768 IDropFRA.dll 12/02/2007 08:10 302 184 IDrop.ocx 22/02/2007 23:41 304 544 MessengerStatsPAClient.dll 28/02/2007 14:21 142 248 SolitaireShowdown.dll 28/09/2007 04:41 381 960 GAME_UNO1.dll 17/01/2007 15:44 316 GAME_UNO1.INF 22/02/2008 16:36 392 191 weblive.exe 22/02/2008 16:45 86 setup.inf 20/03/2008 15:10 367 LegitCheckControl.inf 14 fichier(s) 1 760 889 octets Total des fichiers listés : 14 fichier(s) 1 760 889 octets 2 Rép(s) 3 922 198 528 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\SopCast\\SopCast.exe"="C:\\Program Files\\SopCast\\SopCast.exe:*:Enabled:SopCast Main Application" "C:\\Documents and Settings\\ACER\\Application Data\\SopCast\\adv\\SopAdver.exe"="C:\\Documents and Settings\\ACER\\Application Data\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "C:\\Program Files\\Pando Networks\\Pando\\pando.exe"="C:\\Program Files\\Pando Networks\\Pando\\pando.exe:*:Enabled:pando" "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"="C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe:*:Enabled:Football Manager 2008" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\Program Files\\SopCast\\adv\\SopAdver.exe"="C:\\Program Files\\SopCast\\adv\\SopAdver.exe:*:Enabled:SopCast Adver" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe:LocalSubNet:Enabled:PMSManager.exe" "C:\\Program Files\\Pinnacle\\MediaCenter\\PMSInstallInit.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe" "C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Wizard.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.Tvtv.Wizard.exe:LocalSubNet:Enabled:PMC.Tvtv.Wizard.exe" "C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaServer\\PMSInstallInit.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaServer\\PMSInstallInit.exe:LocalSubNet:Enabled:PMSInstallInit.exe" "C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaCenterService\\PMC.Service.Main.exe:LocalSubNet:Disabled:PMCService" "C:\\Program Files\\Real\\RealPlayer\\REALPLAY.EXE"="C:\\Program Files\\Real\\RealPlayer\\REALPLAY.EXE:*:Enabled:RealPlayer" "C:\\Program Files\\uusee\\UUSeePlayer.exe"="C:\\Program Files\\uusee\\UUSeePlayer.exe:*:Disabled:UUPlayer" "C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\WINDOWS\\System32\\mqsvc.exe"="C:\\WINDOWS\\System32\\mqsvc.exe:*:Enabled:Message Queuing" "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe" "C:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe"="C:\\Program Files\\Orange HSS\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS" "C:\\Documents and Settings\\acer\\fsntrh.exe"="C:\\Documents and Settings\\acer\\fsntrh.exe:*:Enabled:Control" "C:\\Documents and Settings\\acer\\dsfxmt.exe"="C:\\Documents and Settings\\acer\\dsfxmt.exe:*:Enabled:Control" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe" "C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PMC.exe:LocalSubNet:Enabled:Pmc.exe" "C:\\Program Files\\Pinnacle\\MediaCenter\\PSST.exe"="C:\\Program Files\\Pinnacle\\MediaCenter\\PSST.exe:LocalSubNet:Enabled:PSST.exe" "C:\\Program Files\\SopCast\\sopvod.exe"="C:\\Program Files\\SopCast\\sopvod.exe:*:Enabled:sopvod" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Disabled:Windows Live Messenger (Phone)" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\WINDOWS\\System32\\mqsvc.exe"="C:\\WINDOWS\\System32\\mqsvc.exe:*:Enabled:Message Queuing" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... 127.0.0.1 www.activexupdate.com 127.0.0.1 activexupdate.com 127.0.0.1 www.avpcheckupdate.com 127.0.0.1 avpcheckupdate.com 127.0.0.1 client.exeupdate.com 127.0.0.1 eupdatepage.com 127.0.0.1 www.eupdatepage.com 127.0.0.1 exeupdate.com 127.0.0.1 www.exeupdate.com 127.0.0.1 www.hotwinupdates.com 127.0.0.1 hotwinupdates.com 127.0.0.1 www.lavasoftupdate.com 127.0.0.1 lavasoftupdate.com 127.0.0.1 malwarewipeupdate.com 127.0.0.1 www.malwarewipeupdate.com 127.0.0.1 www.msupdate.net 127.0.0.1 msupdate.net 127.0.0.1 msupdater.net 127.0.0.1 www.msupdater.net 127.0.0.1 www.necessaryupdates.com 127.0.0.1 necessaryupdates.com 127.0.0.1 newupdates.lzio.com 127.0.0.1 redirect.msupdate.net 127.0.0.1 search.keyword.exeupdate.com 127.0.0.1 securityupdatesite.com 127.0.0.1 www.securityupdatesite.com 127.0.0.1 settings.updatemysettings.com 127.0.0.1 www.spyaxeupdate.com 127.0.0.1 spyaxeupdate.com 127.0.0.1 spyfalconupdate.com 127.0.0.1 www.spyfalconupdate.com 127.0.0.1 www.systemupdates.net 127.0.0.1 systemupdates.net 127.0.0.1 trial.updates.winsoftware.com 127.0.0.1 update.680180.net 127.0.0.1 update.shareaza.com 127.0.0.1 updatemysettings.com 127.0.0.1 www.updatemysettings.com 127.0.0.1 updates.spywarequake.com 127.0.0.1 urgentsystemupdate.biz 127.0.0.1 www.urgentsystemupdate.biz 127.0.0.1 www.urgentsystemupdate.com 127.0.0.1 urgentsystemupdate.com 127.0.0.1 windupdates.com 127.0.0.1 www.antispywareupdates.net 127.0.0.1 antispywareupdates.net 127.0.0.1 pandaantivirus-2007.com 127.0.0.1 www.pandaantivirus-2007.com 127.0.0.1 www.pandadownload-now.com 127.0.0.1 pandadownload-now.com 127.0.0.1 www.panda-hq.com 127.0.0.1 panda-hq.com catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-16 22:08:41 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 264 - ALG.EXE 268 - NMBgMonitor.exe 436 - MSDTC.EXE 580 - CISVC.EXE 584 - SVCHOST.EXE 684 - ASHSERV.EXE 732 - EHRECVR.EXE 824 - EHSCHED.EXE 976 - SPOOLSV.EXE 996 - RTHDCPL.EXE 1012 - LVPRCSRV.EXE 1076 - INETINFO.EXE 1112 - CSRSS.EXE 1140 - WINLOGON.EXE 1184 - SERVICES.EXE 1196 - LSASS.EXE 1364 - SVCHOST.EXE 1416 - ePower_DMC.exe 1440 - SVCHOST.EXE 1500 - ElkCtrl.exe 1560 - SVCHOST.EXE 1600 - SVCHOST.EXE 1640 - EVTENG.EXE 1656 - EXPLORER.EXE 1692 - S24EVMON.EXE 1700 - HPZIPM12.EXE 1772 - ctfmon.exe 1812 - SVCHOST.EXE 1840 - RUNDLL32.EXE 1940 - msnmsgr.exe 1952 - cidaemon.exe 2064 - cmd.exe 2116 - TCPSVCS.EXE 2136 - snmp.exe 2200 - lvcomsx.exe 2272 - EDSLOADER.EXE 2340 - RUNDLL32.EXE 2388 - STARWINDSERVICE 2560 - SVCHOST.EXE 2600 - Monitor.exe 2760 - wscntfy.exe 2776 - MCRDSVC.EXE 2900 - MQSVC.EXE 3092 - EHTRAY.EXE 3212 - RtkBtMnt.exe 3256 - wmiprvse.exe 3376 - MQTGSVC.EXE 3476 - wmiprvse.exe 3512 - LManager.exe 3536 - ASHDISP.EXE 3580 - ASHWEBSV.EXE 3620 - DLLHOST.EXE 3704 - realsched.exe 3792 - IEXPLORE.EXE 3976 - HPWuSchd2.exe 4164 - cidaemon.exe 5628 - EXPLORER.EXE Total number of processes = 58 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806E2000 - \WINDOWS\system32\hal.dll BADA8000 - \WINDOWS\system32\KDCOM.DLL BACB8000 - \WINDOWS\system32\BOOTVID.dll BA6BD000 - sptd.sys BADAA000 - \WINDOWS\System32\Drivers\WMILIB.SYS BA6A5000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS BA676000 - ACPI.sys BA8A8000 - isapnp.sys BA8B8000 - ohci1394.sys BA8C8000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS BA665000 - pci.sys BACBC000 - compbatt.sys BACC0000 - \WINDOWS\system32\DRIVERS\BATTC.SYS BAE70000 - pciide.sys BAB28000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS BADAC000 - aliide.sys BADAE000 - intelide.sys BADB0000 - toside.sys BADB2000 - viaide.sys BADB4000 - cmdide.sys BA647000 - pcmcia.sys BA8D8000 - MountMgr.sys BA628000 - ftdisk.sys BADB6000 - dmload.sys BA602000 - dmio.sys BACC4000 - ACPIEC.sys BAE71000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS BAB30000 - PartMgr.sys BACC8000 - UBHelper.sys BA8E8000 - VolSnap.sys BACCC000 - cpqarray.sys BA5EA000 - atapi.sys BACD0000 - aha154x.sys BAB38000 - sparrow.sys BACD4000 - symc810.sys BA8F8000 - aic78xx.sys BACD8000 - dac960nt.sys BA908000 - ql10wnt.sys BACDC000 - amsint.sys BAB40000 - asc.sys BACE0000 - asc3550.sys BAB48000 - mraid35x.sys BAB50000 - i2omp.sys BACE4000 - ini910u.sys BA918000 - ql1240.sys BA928000 - aic78u2.sys BAB58000 - symc8xx.sys BAB60000 - sym_hi.sys BAB68000 - sym_u3.sys BAB70000 - ABP480N5.SYS BAB78000 - asc3350p.sys BADB8000 - cd20xrnt.sys BA938000 - ultra.sys BA5D1000 - adpu160m.sys BAB80000 - dpti2o.sys BA948000 - ql1080.sys BA958000 - ql1280.sys BA968000 - ql12160.sys BAB88000 - perc2.sys BADBA000 - perc2hib.sys BAB90000 - hpn.sys BACE8000 - cbidf2k.sys BA5A5000 - dac2w2k.sys BA978000 - disk.sys BA988000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS BA585000 - fltMgr.sys BA573000 - sr.sys BAB98000 - PxHelp20.sys BA550000 - Fastfat.sys BA539000 - KSecDD.sys BA526000 - WudfPf.sys BA4F9000 - NDIS.sys BA998000 - sisagp.sys BA9A8000 - viaagp.sys BA4DE000 - Mup.sys BA9B8000 - agp440.sys BA9C8000 - alim1541.sys BA9D8000 - amdagp.sys BA9E8000 - agpCPQ.sys BADA4000 - \SystemRoot\system32\DRIVERS\tunmp.sys BAA08000 - \SystemRoot\system32\DRIVERS\intelppm.sys BA41A000 - \SystemRoot\system32\DRIVERS\wmiacpi.sys B9FEB000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys B9FD7000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS B9FB2000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys B9E54000 - \SystemRoot\system32\DRIVERS\w39n51.sys BAC08000 - \SystemRoot\system32\DRIVERS\usbuhci.sys B9E31000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS BAC10000 - \SystemRoot\system32\DRIVERS\usbehci.sys BAA18000 - \SystemRoot\system32\DRIVERS\bcm4sbxp.sys BAA28000 - \SystemRoot\system32\DRIVERS\EMS7SK.sys B9E20000 - \SystemRoot\system32\DRIVERS\sdbus.sys B9E0D000 - \SystemRoot\system32\DRIVERS\ESM7SK.sys BAA38000 - \SystemRoot\system32\DRIVERS\ESD7SK.sys BA406000 - \SystemRoot\system32\DRIVERS\CmBatt.sys BAA48000 - \SystemRoot\system32\DRIVERS\i8042prt.sys BAC18000 - \SystemRoot\system32\DRIVERS\DKbFltr.sys BAC20000 - \SystemRoot\system32\DRIVERS\kbdclass.sys B9DDD000 - \SystemRoot\system32\DRIVERS\SynTP.sys BADBE000 - \SystemRoot\system32\DRIVERS\USBD.SYS BAC28000 - \SystemRoot\system32\DRIVERS\mouclass.sys BAA58000 - \SystemRoot\system32\DRIVERS\imapi.sys BAC30000 - \SystemRoot\system32\drivers\ASAPIW2k.sys BAA68000 - \SystemRoot\system32\DRIVERS\cdrom.sys BAA78000 - \SystemRoot\system32\DRIVERS\redbook.sys B9DBA000 - \SystemRoot\system32\DRIVERS\ks.sys BADC0000 - \SystemRoot\system32\DRIVERS\NTIDrvr.sys B9D36000 - \SystemRoot\System32\Drivers\aj9tq6nj.SYS B9CD4000 - \SystemRoot\system32\DRIVERS\audstub.sys BAC90000 - \SystemRoot\system32\DRIVERS\rasirda.sys BAC98000 - \SystemRoot\system32\DRIVERS\TDI.SYS BAAD8000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys BA3B9000 - \SystemRoot\system32\DRIVERS\ndistapi.sys B9BB7000 - \SystemRoot\system32\DRIVERS\ndiswan.sys BAAE8000 - \SystemRoot\system32\DRIVERS\raspppoe.sys BAAF8000 - \SystemRoot\system32\DRIVERS\raspptp.sys B9BA6000 - \SystemRoot\system32\DRIVERS\psched.sys BAB08000 - \SystemRoot\system32\DRIVERS\msgpc.sys BACA0000 - \SystemRoot\system32\DRIVERS\ptilink.sys BACA8000 - \SystemRoot\system32\DRIVERS\raspti.sys B9B75000 - \SystemRoot\system32\DRIVERS\rdpdr.sys BAB18000 - \SystemRoot\system32\DRIVERS\termdd.sys BADC6000 - \SystemRoot\system32\DRIVERS\swenum.sys B9AF4000 - \SystemRoot\system32\DRIVERS\update.sys BA3A5000 - \SystemRoot\system32\DRIVERS\mssmbios.sys BA4CE000 - \SystemRoot\System32\Drivers\NDProxy.SYS B76B2000 - \SystemRoot\system32\drivers\RtkHDAud.sys B7690000 - \SystemRoot\system32\drivers\portcls.sys BA4AE000 - \SystemRoot\system32\drivers\drmk.sys B765A000 - \SystemRoot\system32\DRIVERS\HSFHWAZL.sys B7566000 - \SystemRoot\system32\DRIVERS\HSF_DPV.sys B74B5000 - \SystemRoot\system32\DRIVERS\HSF_CNXT.sys BABA8000 - \SystemRoot\System32\Drivers\Modem.SYS BA49E000 - \SystemRoot\system32\DRIVERS\usbhub.sys BADD2000 - \SystemRoot\System32\Drivers\i2omgmt.SYS BADD4000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS B9C7C000 - \SystemRoot\System32\Drivers\Null.SYS BADD6000 - \SystemRoot\System32\Drivers\Beep.SYS BABE0000 - \SystemRoot\System32\drivers\vga.sys BADD8000 - \SystemRoot\System32\Drivers\mnmdd.SYS BADDA000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys BABE8000 - \SystemRoot\System32\Drivers\Msfs.SYS BABF0000 - \SystemRoot\System32\Drivers\Npfs.SYS BA3FA000 - \SystemRoot\system32\DRIVERS\rasacd.sys B740A000 - \SystemRoot\system32\DRIVERS\ipsec.sys B73B2000 - \SystemRoot\system32\DRIVERS\tcpip.sys BA48E000 - \SystemRoot\System32\Drivers\aswTdi.SYS B7391000 - \SystemRoot\system32\DRIVERS\ipnat.sys B7369000 - \SystemRoot\system32\DRIVERS\netbt.sys B7331000 - \SystemRoot\system32\DRIVERS\tcpip6.sys B72E7000 - \SystemRoot\System32\drivers\afd.sys BABF8000 - \SystemRoot\system32\DRIVERS\Ip6Fw.sys BA47E000 - \SystemRoot\system32\DRIVERS\netbios.sys B72BC000 - \SystemRoot\system32\DRIVERS\rdbss.sys BA3E2000 - \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys B724D000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys BA46E000 - \SystemRoot\System32\Drivers\Fips.SYS B7197000 - \SystemRoot\System32\Drivers\aswSP.SYS BAC00000 - \SystemRoot\System32\Drivers\Aavmker4.SYS B9B6D000 - \SystemRoot\system32\DRIVERS\hidusb.sys BA44E000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS BAC38000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS BA43E000 - \SystemRoot\system32\DRIVERS\wanarp.sys B6F25000 - \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys B9C5E000 - \SystemRoot\System32\Drivers\Cdfs.SYS B9C4E000 - \SystemRoot\system32\drivers\lvusbsta.sys B6E19000 - \SystemRoot\system32\DRIVERS\lv321av.sys B9C3E000 - \SystemRoot\system32\DRIVERS\STREAM.SYS B9B5D000 - \SystemRoot\system32\DRIVERS\mouhid.sys B6E01000 - \SystemRoot\System32\Drivers\dump_atapi.sys BADDC000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys B9B59000 - \SystemRoot\System32\drivers\Dxapi.sys BAC40000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys BAFD1000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\nv4_disp.dll BAC50000 - \SystemRoot\system32\DRIVERS\aswFsBlk.sys BAC58000 - \SystemRoot\system32\DRIVERS\AegisP.sys B59A2000 - \SystemRoot\system32\DRIVERS\irda.sys B5B30000 - \SystemRoot\system32\DRIVERS\s24trans.sys B5B14000 - \SystemRoot\system32\DRIVERS\ndisuio.sys B584C000 - \SystemRoot\System32\Drivers\aswMon2.SYS B55A0000 - \SystemRoot\system32\DRIVERS\mrxdav.sys B9CB7000 - \??\C:\WINDOWS\system32\drivers\epm-psd.sys B549C000 - \??\C:\WINDOWS\system32\drivers\epm-shd.sys B545B000 - \SystemRoot\System32\Drivers\HTTP.sys B5319000 - \SystemRoot\system32\DRIVERS\srv.sys B5558000 - \SystemRoot\system32\DRIVERS\mdmxsdk.sys B52DF000 - \??\C:\WINDOWS\system32\drivers\mqac.sys BAE14000 - \??\C:\WINDOWS\system32\drivers\osaio.sys B9D0A000 - \??\C:\WINDOWS\system32\drivers\osanbm.sys B51BD000 - \??\C:\WINDOWS\system32\drivers\RMCast.sys BAC60000 - \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys B4D79000 - \SystemRoot\System32\Drivers\aswRdr.SYS B4AC8000 - \SystemRoot\system32\drivers\wdmaud.sys B4B95000 - \SystemRoot\system32\drivers\sysaudio.sys B4451000 - \??\C:\Acer\Empowering Technology\eRecovery\int15.sys B231C000 - \SystemRoot\system32\drivers\kmixer.sys B9CCD000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 201 Liste des programmes installes 1500 1500_Help 1500Trb 7-Zip 4.52 beta Acer eDataSecurity Management Acer eDataSecurity Management 1.00.26 Acer eLock Management Acer eLock Management Acer Empowering Technology framework Acer Empowering Technology framework Acer eNet Management Acer ePerformance Management Acer ePerformance Management Acer ePower Management Acer ePresentation Management Acer eSettings Management Acer eSettings Management Acer GridVista Acer Screensaver Adobe Flash Player 9 ActiveX Adobe Flash Player 9 ActiveX Adobe Flash Player ActiveX Adobe Reader 8.1.2 - Français ADS Plugins AiO_Scan AiOSoftware Archiveur WinRAR AutoCAD 2008 - Français AutoCAD 2008 - Français Autodesk DWF Viewer 7 AutoUpdate avast! Antivirus BitTorrent 5.0.9 BufferChm CCleaner (remove only) Correctif pour Windows Internet Explorer 7 (KB947864) CP_Package_Variety1 CP_Package_Variety2 CP_Package_Variety3 CustomerResearchQFolder Destinations DeviceManagementQFolder Disc2Phone DivX DocProc DWG TrueView 2007 e-Carte Bleue Banque Populaire eMule eSupportQFolder Everest Poker (Remove Only) Fax Football Manager 2008 GemMaster Mystic HDAUDIO Soft Data Fax Modem with SmartCP HijackThis 2.0.2 HP Extended Capabilities 5.3 HP Imaging Device Functions 5.3 HP Photosmart Essential HP PSC & OfficeJet 5.3.B HP Software Update HP Solution Center & Imaging Support Tools 5.3 HPProductAssistant Intel® Graphics Media Accelerator Driver Java 6 Update 3 Launch Manager Lecteur Windows Media 11 LightScribe 1.4.97.1 livebox Logiciel Acer OrbiCam Logiciel Intel® PROSet/Wireless Malwarebytes' Anti-Malware MarketResearch mCore Messenger Plus! Live Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Language Pack - FRA Microsoft .NET Framework 2.0 Service Pack 1 Microsoft Baseline Security Analyzer 2.0.1 Microsoft Office FrontPage 2003 Microsoft Office Professional Edition 2003 Microsoft Office Project Professional 2003 Microsoft SharedView Microsoft SQL Server Desktop Engine (PINNACLESYS) Microsoft WSE 3.0 Runtime Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533) Mise à jour de sécurité pour Windows XP (KB923789) Mise à jour de sécurité pour Windows XP (KB941693) Mise à jour de sécurité pour Windows XP (KB945553) Mise à jour de sécurité pour Windows XP (KB948590) Mise à jour de sécurité pour Windows XP (KB948881) Mise à jour de sécurité pour Windows XP (KB950749) mMHouse Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA mPfMgr mProSafe MSN Pictures Displayer 4.5 MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 6.0 Parser (KB933579) mWlsSafe mXML Nero 7 Demo NewCopy NTI Backup NOW! 4.5 NTI CD & DVD-Maker NTI CD & DVD-Maker NVIDIA Drivers Orange - Logiciels Internet Pinnacle MediaCenter Pinnacle MediaServer PowerDVD PowerProducer Pro Evolution Soccer 6 Pro Evolution Soccer 6 ProductContext Programme de gestion Acer OrbiCam Readme RealPlayer Realtek High Definition Audio Driver S500/S600 USB Driver Scan ScannerCopy Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002) Sid Meier's Pirates! Sid Meier's Pirates! SolidWorks 2007-2008 Student Design Kit SolutionCenter Sonic Encoders Sony Ericsson Device Data Sony Ericsson Drivers Sony Ericsson PC Suite Sony Ericsson PC Suite SopCast 1.1.2 Spybot - Search & Destroy Spybot - Search & Destroy 1.5.2.20 StartupRun Status SuperCopier2 Synaptics Pointing Device Driver TrayApp Unibet Poker Unload Unlocker 1.8.5 VBA (2627.01) VBA (2627.5) VideoLAN VLC media player 0.8.6c WebFldrs XP WebReg Windows Internet Explorer 7 Windows Live installer Windows Live Messenger Windows Media Format 11 runtime WLM OSD Plugin Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 0954-16DC Répertoire de C:\Program Files 10/10/2006 11:17 <REP> . 10/10/2006 11:17 <REP> .. 13/08/2007 20:11 <REP> 7-Zip 25/07/2007 13:32 <REP> Acer 19/08/2006 05:24 <REP> Acer Inc 19/08/2006 05:24 <REP> Adobe 08/08/2007 13:32 <REP> ADS Plugins 12/02/2008 20:30 <REP> Alcohol Soft 27/07/2007 22:44 <REP> Alwil Software 12/05/2008 21:50 <REP> AutoCAD 2008 06/02/2008 12:37 <REP> AutoCAD Civil 3D 2008 06/02/2008 12:35 <REP> Autodesk 06/02/2008 11:04 <REP> Autodesk Student Community Download Tool 05/04/2008 18:51 <REP> BitDefender 24/01/2008 19:14 <REP> BitTorrent 16/11/2007 11:15 <REP> CCleaner 19/08/2006 04:40 <REP> ComPlus Applications 19/08/2006 05:21 <REP> CONEXANT 19/08/2006 05:26 <REP> CyberLink 31/08/2007 20:29 <REP> Disc2Phone 21/03/2008 20:12 <REP> DivX 06/02/2008 12:47 <REP> DWG TrueView 2007 18/01/2008 18:08 <REP> DWGeditor 22/08/2007 19:53 <REP> e-Carte Bleue 28/07/2007 23:47 <REP> eMule 29/07/2007 01:14 <REP> Everest Poker 19/08/2006 04:30 <REP> Fichiers communs 02/01/2008 13:04 <REP> Firaxis Games 19/08/2006 04:58 <REP> GemMasterFrench 19/03/2008 21:53 <REP> Google 01/09/2007 13:16 <REP> Hewlett-Packard 01/09/2007 13:07 <REP> HP 19/08/2006 04:51 <REP> Intel 19/08/2006 04:41 <REP> Internet Explorer 03/01/2008 21:25 <REP> Java 11/03/2008 22:11 <REP> KONAMI 25/07/2007 13:28 <REP> Launch Manager 12/05/2008 12:55 <REP> Malwarebytes' Anti-Malware 19/08/2006 04:38 <REP> Messenger 18/08/2007 14:08 <REP> Messenger Plus! Live 05/04/2008 21:48 <REP> Microsoft Baseline Security Analyzer 2 17/03/2008 15:01 <REP> Microsoft CAPICOM 2.1.0.2 19/08/2006 04:45 <REP> microsoft frontpage 10/10/2007 20:33 <REP> Microsoft Office 08/04/2008 14:28 <REP> Microsoft SharedView 21/03/2008 20:08 <REP> Microsoft SQL Server 06/02/2008 12:46 <REP> Microsoft WSE 10/10/2007 20:33 <REP> Microsoft.NET 19/08/2006 04:39 <REP> Movie Maker 19/08/2006 04:38 <REP> MSN 19/08/2006 04:38 <REP> MSN Gaming Zone 28/07/2007 16:18 <REP> MSN Messenger 05/09/2007 10:50 <REP> MSN Pictures Displayer 28/07/2007 16:38 <REP> MSXML 4.0 07/02/2008 01:26 <REP> MSXML 6.0 05/10/2007 14:37 <REP> Nero 19/08/2006 04:41 <REP> NetMeeting 19/08/2006 05:31 <REP> NewTech Infosystems 05/09/2007 11:47 <REP> Nicolas MERLET 25/10/2007 20:32 <REP> Orange HSS 19/08/2006 04:41 <REP> Outlook Express 21/03/2008 20:05 <REP> Pinnacle 03/02/2008 18:11 <REP> Real 19/08/2006 05:20 <REP> Realtek 08/05/2008 12:55 <REP> SAGEM 08/05/2008 12:54 <REP> Securitoo 19/08/2006 04:42 <REP> Services en ligne 18/01/2008 18:00 <REP> SolidWorks 31/08/2007 20:23 <REP> Sony Ericsson 25/08/2007 21:07 <REP> SopCast 08/01/2008 21:19 <REP> Sports Interactive 28/07/2007 15:22 <REP> Spybot - Search & Destroy 13/02/2008 11:07 <REP> StartupRun 30/01/2008 17:45 <REP> SuperCopier2 13/12/2007 20:35 <REP> SW2007SDK 19/08/2006 05:23 <REP> Synaptics 08/05/2008 16:39 <REP> Trend Micro 13/08/2007 20:33 <REP> Unlocker 08/08/2007 14:53 <REP> VideoLAN 18/01/2008 17:59 <REP> Windows Desktop Search 18/08/2007 14:08 <REP> Windows Live 06/12/2007 12:48 <REP> Windows Media Connect 2 19/08/2006 04:39 <REP> Windows Media Player 19/08/2006 04:38 <REP> Windows NT 19/08/2006 04:39 <REP> Windows Plus 28/07/2007 15:55 <REP> WinRAR 19/08/2006 04:45 <REP> xerox 0 fichier(s) 0 octets 87 Rép(s) 3 914 465 280 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 0954-16DC Répertoire de C:\Program Files\fichiers communs 10/10/2006 11:17 <REP> . 10/10/2006 11:17 <REP> .. 19/08/2006 04:30 <REP> Microsoft Shared 19/08/2006 04:30 <REP> SpeechEngines 19/08/2006 04:31 <REP> ODBC 19/08/2006 04:41 <REP> System 19/08/2006 04:42 <REP> MSSoap 19/08/2006 04:42 <REP> Services 19/08/2006 05:20 <REP> InstallShield 19/08/2006 05:31 <REP> NewTech Infosystems 19/08/2006 05:32 <REP> muvee Technologies 19/08/2006 05:32 <REP> LightScribe 19/08/2006 06:19 <REP> Symantec Shared 25/07/2007 13:32 <REP> Acer 25/07/2007 13:32 <REP> Logitech 31/08/2007 20:23 <REP> Teleca Shared 31/08/2007 20:23 <REP> Sony Ericsson Shared 01/09/2007 13:14 <REP> Hewlett-Packard 01/09/2007 13:39 <REP> HP 05/10/2007 14:37 <REP> Ahead 10/10/2007 20:34 <REP> DESIGNER 03/01/2008 21:23 <REP> Java 18/01/2008 18:00 <REP> Solidworks Data 18/01/2008 18:02 <REP> SolidWorks Shared 18/01/2008 18:02 <REP> eDrawings2007 03/02/2008 18:11 <REP> Real 03/02/2008 18:11 <REP> xing shared 06/02/2008 12:35 <REP> Autodesk Shared 17/03/2008 21:38 <REP> Adobe 05/04/2008 18:48 <REP> BitDefender 08/05/2008 13:03 <REP> France Telecom 0 fichier(s) 0 octets 31 Rép(s) 3 914 465 280 octets libres Le volume dans le lecteur C s'appelle ACER Le numéro de série du volume est 0954-16DC Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 10/10/2006 11:17 <REP> . 10/10/2006 11:17 <REP> .. 07/03/2001 07:00 127 033 MSOWS40c.DLL 03/06/1999 12:09 122 937 MSOWS409.DLL 10/10/2007 20:34 <REP> 1036 15/07/2003 06:52 35 896 MSOSV.DLL 10/10/2007 20:34 <REP> 1033 11/07/2003 10:15 1 292 872 MSONSEXT.DLL 11/07/2003 02:25 80 448 PKMWS.DLL 5 fichier(s) 1 659 186 octets 4 Rép(s) 3 914 465 280 octets libres c:\Documents and Settings\Default User\Local Settings\Temp\RtkBtMnt.exe c:\Documents and Settings\acer\Local Settings\Temp\AcDeltree.exe c:\Documents and Settings\acer\Local Settings\Temp\RtkBtMnt.exe c:\Documents and Settings\acer\Mes documents\DiagHelp\catchme.exe c:\Documents and Settings\acer\Mes documents\DiagHelp\diff.exe c:\Documents and Settings\acer\Mes documents\DiagHelp\dumphive.exe c:\Documents and Settings\acer\Mes documents\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\acer\Mes documents\DiagHelp\find2.exe c:\Documents and Settings\acer\Mes documents\DiagHelp\Fport.exe c:\Documents and Settings\acer\Mes documents\DiagHelp\grep.exe c:\Documents and Settings\acer\Mes documents\DiagHelp\gzip.exe c:\Documents and Settings\acer\Mes documents\DiagHelp\KProcCheck.exe c:\Documents and Settings\acer\Mes documents\DiagHelp\LFiles.exe c:\Documents and Settings\acer\Mes documents\DiagHelp\LISTDLLS.exe c:\Documents and Settings\acer\Mes documents\DiagHelp\md5sums.exe c:\Documents and Settings\acer\Mes documents\DiagHelp\pslist.exe c:\Documents and Settings\acer\Mes documents\DiagHelp\sigcheck.exe c:\Documents and Settings\acer\Mes documents\DiagHelp\streams.exe c:\Documents and Settings\acer\Mes documents\DiagHelp\swreg.exe c:\Documents and Settings\acer\Mes documents\DiagHelp\tar.exe c:\Documents and Settings\acer\Mes documents\My Games\Sports Interactive\Football Manager 2008\FM08\Football.Manager.2008.CRACK.ONLY-HATRED-km07\fm.exe c:\Documents and Settings\acer\Mes documents\pes 6\Crack\pes6.exe c:\Documents and Settings\acer\Mes documents\analyse de fichier\HJTInstall.exe c:\Documents and Settings\acer\Mes documents\analyse de fichier\mbam-setup.exe c:\Documents and Settings\acer\Mes documents\analyse de fichier\SmitfraudFix\SmitfraudFix\404Fix.exe c:\Documents and Settings\acer\Mes documents\analyse de fichier\SmitfraudFix\SmitfraudFix\dumphive.exe c:\Documents and Settings\acer\Mes documents\analyse de fichier\SmitfraudFix\SmitfraudFix\exit.exe c:\Documents and Settings\acer\Mes documents\analyse de fichier\SmitfraudFix\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\acer\Mes documents\analyse de fichier\SmitfraudFix\SmitfraudFix\HostsChk.exe c:\Documents and Settings\acer\Mes documents\analyse de fichier\SmitfraudFix\SmitfraudFix\IEDFix.exe c:\Documents and Settings\acer\Mes documents\analyse de fichier\SmitfraudFix\SmitfraudFix\Process.exe c:\Documents and Settings\acer\Mes documents\analyse de fichier\SmitfraudFix\SmitfraudFix\Reboot.exe c:\Documents and Settings\acer\Mes documents\analyse de fichier\SmitfraudFix\SmitfraudFix\restart.exe c:\Documents and Settings\acer\Mes documents\analyse de fichier\SmitfraudFix\SmitfraudFix\SmiUpdate.exe c:\Documents and Settings\acer\Mes documents\analyse de fichier\SmitfraudFix\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\acer\Mes documents\analyse de fichier\SmitfraudFix\SmitfraudFix\swreg.exe c:\Documents and Settings\acer\Mes documents\analyse de fichier\SmitfraudFix\SmitfraudFix\swsc.exe c:\Documents and Settings\acer\Mes documents\analyse de fichier\SmitfraudFix\SmitfraudFix\swxcacls.exe c:\Documents and Settings\acer\Mes documents\analyse de fichier\SmitfraudFix\SmitfraudFix\UIFix.exe c:\Documents and Settings\acer\Mes documents\analyse de fichier\SmitfraudFix\SmitfraudFix\unzip.exe c:\Documents and Settings\acer\Mes documents\analyse de fichier\SmitfraudFix\SmitfraudFix\VACFix.exe c:\Documents and Settings\acer\Mes documents\analyse de fichier\SmitfraudFix\SmitfraudFix\VCCLSID.exe c:\Documents and Settings\acer\Mes documents\analyse de fichier\SmitfraudFix\SmitfraudFix\WS2Fix.exe c:\Documents and Settings\acer\Bureau\Ad-Aware.exe c:\Documents and Settings\acer\Bureau\spybotsd152.exe c:\Documents and Settings\acer\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe c:\Documents and Settings\acer\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe c:\Documents and Settings\acer\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe c:\Documents and Settings\acer\Application Data\Move Networks\ie_bin\Uninst.exe c:\Documents and Settings\acer\Application Data\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\setup.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll c:\Documents and Settings\acer\Application Data\Move Networks\ie_bin\qsp2ie07076007.dll c:\Documents and Settings\acer\Application Data\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\_setup.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_ACER-1F614B65C2.tar.gz a l'adresse http://upload.malekal.com Bon evidemment je n'y comprend pas grand chose
  9. yohan2a
    voici le rapport aprés avoir utilisé smitfraudfix.cmd : SmitFraudFix v2.320 Rapport fait à 19:02:54,85, 12/05/2008 Executé à partir de C:\Documents and Settings\acer\Mes documents\analyse de fichier\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est FAT32 Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\mqsvc.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\WINDOWS\system32\rundll32.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\lvcomsx.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\ctfmon.exe C:\DOCUME~1\acer\LOCALS~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Orange HSS\Launcher\Launcher.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe C:\Program Files\Orange HSS\systray\systrayapp.exe C:\Program Files\Orange HSS\Deskboard\deskboard.exe C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts Fichier hosts corrompu ! 127.0.0.1 www.legal-at-spybot.info 127.0.0.1 legal-at-spybot.info »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\acer »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\acer\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\acer\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Broadcom 440x 10/100 Integrated Controller - Miniport d'ordonnancement de paquets DNS Server Search Order: 80.10.246.130 DNS Server Search Order: 80.10.246.3 HKLM\SYSTEM\CCS\Services\Tcpip\..\{BAFB0844-BC86-4354-97B2-2EDF187ED450}: NameServer=80.10.246.130,80.10.246.3 HKLM\SYSTEM\CS1\Services\Tcpip\..\{BAFB0844-BC86-4354-97B2-2EDF187ED450}: NameServer=80.10.246.130,80.10.246.3 HKLM\SYSTEM\CS3\Services\Tcpip\..\{7EBA6F81-200E-4E43-A790-B0B93CD31CC8}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{BAFB0844-BC86-4354-97B2-2EDF187ED450}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin
  10. yohan2a
    Merci de m'avoir tout detaillé ce que je devais faire. Voici le rapport : Malwarebytes' Anti-Malware 1.12 Version de la base de données: 742 Type de recherche: Examen complet (C:\|D:\|E:\|) Eléments examinés: 131544 Temps écoulé: 2 hour(s), 49 minute(s), 37 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 5 Fichier(s) infecté(s): 9 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Documents and Settings\All Users\Menu Démarrer\Antivirus (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\Antivirus\AVG Anti-Spyware 7.5 (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\Antivirus\Spybot - Search & Destroy (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\Antivirus\avast! Antivirus (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Documents and Settings\acer\Menu Démarrer\Antivirus (Rogue.Antivirus2008) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Documents and Settings\All Users\Menu Démarrer\Antivirus\AVG Anti-Spyware 7.5\AVG Anti-Spyware.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\Antivirus\AVG Anti-Spyware 7.5\Service & Support.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\Antivirus\Spybot - Search & Destroy\Spybot - Search & Destroy.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\Antivirus\Spybot - Search & Destroy\Uninstall Spybot - Search & Destroy.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\Antivirus\avast! Antivirus\avast! Antivirus.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\Antivirus\avast! Antivirus\Aide.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\Antivirus\avast! Antivirus\Site Web avast!.url (Rogue.Antivirus2008) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Menu Démarrer\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully. Donc j'ai ensuite cliqué sur "suprimmer" ça me semble bizarre d'avoir des fichiers avast et spybot comme etant infectés ! comment ça se fait ??? sinon quand j'ai redémarré l'ordinateur, spybot m"a signalé deux changements dans le registre : SCR Extension handler Valeur modifiée ancienne valeur : "%1" /S nouvelle valeur : "%1" %* et REG Extension handler Valeur modifiée ancienne valeur : regedit.exe "%1" nouvelle valeur : regedit.exe "%1" %* j'ai autorisé les deux modifications...
  11. yohan2a
    Bonjour, je viens d"installer HijackThis et de faire une premiere analyse. J'ai deja eu pas mal de virus sur mon ordi, je prefere donc faire une analyse pour savoir ce que vous en pensez... merci d'avance Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:40:05, on 08/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\WINDOWS\system32\rundll32.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\lvcomsx.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\DOCUME~1\acer\LOCALS~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/def...://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/i_kat_207.php?lang=eng R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: ECarteBleueBrowserHelper Class - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: EnigmaBHO Class - {5CFEE306-E014-48A4-876D-06FF09EBB0F3} - C:\Program Files\ADS Plugins\Enigma.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKLM\..\Policies\Explorer\Run: [5T19I3B27A] C:\WINDOWS\svchost.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
×
×
  • Créer...