Aller au contenu

olgelin

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    6

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par olgelin

  1. olgelin
    et bien depuis hier non ! pourvu que ça dur !! merci beaucoup pour ton aide bon weekend !!
  2. olgelin
    --------------------\\ Lop S&D 4.2.4-2 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Core2 CPU T5600 @ 1.83GHz ) BIOS : Ver 1.00PARTTBL USER : Olivier GELIN ( Administrator ) BOOT : Normal boot Antivirus : Bitdefender Antivirus 8.0 (Activated) Firewall : Bitdefender Firewall 8.0 (Activated) "C:\Lop SD" ( MAJ : 08-09-2008|21:40 ) Option : [2] ( 12/09/2008|20:51 ) \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Move Bore Curb Tool\fast idol.exe Supprime! - C:\DOCUME~1\OLIVIE~1\APPLIC~1\thatro~1\Closenamebat.exe Supprime! - C:\DOCUME~1\OLIVIE~1\APPLIC~1\thatro~1\curb build.exe Supprime! - C:\DOCUME~1\OLIVIE~1\APPLIC~1\thatro~1\vlyocwvm.exe Supprime! - C:\DOCUME~1\OLIVIE~1\Cookies\olivier_gelin@bigpoint[1].txt Supprime! - C:\DOCUME~1\OLIVIE~1\Cookies\olivier_gelin@fr.xblaster.bigpoint[2].txt Supprime! - C:\DOCUME~1\OLIVIE~1\Cookies\olivier_gelin@banner.cotedazurpalace[2].txt Supprime! - C:\DOCUME~1\OLIVIE~1\Cookies\olivier_gelin@cotedazurpalace[2].txt Supprime! - C:\DOCUME~1\OLIVIE~1\Cookies\olivier_gelin@www.cotedazurpalace[1].txt Supprime! - C:\WINDOWS\Tasks\A9E402AA94CFB72A.job Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Move Bore Curb Tool Supprime! - C:\DOCUME~1\OLIVIE~1\APPLIC~1\thatro~1 Supprime! - C:\Program Files\thatro~1 - [ Fichier Hosts ] .. Restaure! \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing des dossiers dans APPLIC~1 [07/12/2006|17:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities [07/12/2006|18:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia [07/12/2006|18:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft [16/01/2007|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems [10/09/2008|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [04/12/2007|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems [07/12/2006|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead [01/09/2008|15:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [20/08/2008|09:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [13/03/2008|14:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus [02/07/2008|19:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender [05/05/2008|16:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software [17/01/2007|12:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink [01/02/2007|20:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink [04/12/2007|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield [29/03/2008|11:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InterVideo [06/09/2008|00:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [14/08/2008|10:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [17/01/2007|10:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles [12/11/2007|23:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc [06/09/2008|09:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [17/05/2008|14:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TVU Networks [15/04/2007|10:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL [05/04/2008|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems [16/01/2007|13:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [09/12/2007|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [07/12/2006|17:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [07/12/2006|18:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia [07/12/2006|18:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [07/12/2006|17:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [07/12/2006|17:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [16/01/2007|17:38] C:\DOCUME~1\OLIVIE~1\APPLIC~1\ACD Systems [14/06/2008|09:26] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Adobe [18/01/2007|14:29] C:\DOCUME~1\OLIVIE~1\APPLIC~1\AdobeUM [24/01/2007|20:43] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Ahead [02/12/2007|10:41] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Alien Skin [01/09/2008|15:47] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Apple Computer [10/09/2008|16:09] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Azureus [02/07/2008|19:16] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Bitdefender [05/05/2008|16:08] C:\DOCUME~1\OLIVIE~1\APPLIC~1\BVRP Software [04/09/2008|10:46] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Canon [05/10/2007|12:04] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Canopus [10/09/2008|11:02] C:\DOCUME~1\OLIVIE~1\APPLIC~1\CursorArts [17/01/2007|12:50] C:\DOCUME~1\OLIVIE~1\APPLIC~1\CyberLink [02/03/2007|10:41] C:\DOCUME~1\OLIVIE~1\APPLIC~1\DivX [16/06/2008|23:16] C:\DOCUME~1\OLIVIE~1\APPLIC~1\ePaperPress [15/04/2007|10:59] C:\DOCUME~1\OLIVIE~1\APPLIC~1\EPSON [10/09/2008|10:46] C:\DOCUME~1\OLIVIE~1\APPLIC~1\GetRightToGo [17/12/2007|21:24] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Google [20/03/2007|00:36] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Help [07/12/2006|17:37] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Identities [12/04/2008|19:25] C:\DOCUME~1\OLIVIE~1\APPLIC~1\InstallShield [05/05/2008|16:08] C:\DOCUME~1\OLIVIE~1\APPLIC~1\InstallShield Installation Information [07/12/2006|18:29] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Macromedia [17/06/2008|13:22] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Microsoft [09/08/2008|21:30] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Mozilla [16/01/2007|14:22] C:\DOCUME~1\OLIVIE~1\APPLIC~1\MSNInstaller [16/01/2007|17:41] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Nvu [19/08/2008|17:58] C:\DOCUME~1\OLIVIE~1\APPLIC~1\RayV [09/06/2007|09:48] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Real [30/07/2007|17:17] C:\DOCUME~1\OLIVIE~1\APPLIC~1\SecuROM [30/03/2008|01:02] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Sony [12/04/2008|20:13] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Sony Corporation [20/02/2008|22:31] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Stellarium [18/01/2007|14:36] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Sun [16/01/2007|16:00] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Talkback [05/05/2008|15:14] C:\DOCUME~1\OLIVIE~1\APPLIC~1\TaoUSign [17/05/2008|14:31] C:\DOCUME~1\OLIVIE~1\APPLIC~1\TVU Networks [06/03/2007|20:36] C:\DOCUME~1\OLIVIE~1\APPLIC~1\uk.co.planetside [30/03/2008|01:12] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Ulead Systems [05/05/2008|19:56] C:\DOCUME~1\OLIVIE~1\APPLIC~1\vlc [24/03/2007|11:36] C:\DOCUME~1\OLIVIE~1\APPLIC~1\VTC Preferences Folder --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [01/09/2008 15:47][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [12/09/2008 11:08][--ah-----] C:\WINDOWS\tasks\SA.DAT [10/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini --------------------\\ Listing des dossiers dans C:\Program Files [16/01/2007|17:35] C:\Program Files\ACD Systems [10/09/2008|11:42] C:\Program Files\ActivIcons [10/09/2008|15:32] C:\Program Files\Adobe [15/02/2007|14:02] C:\Program Files\Ahead [10/09/2008|15:49] C:\Program Files\Alien Skin [01/09/2008|15:46] C:\Program Files\Apple Software Update [04/09/2008|20:29] C:\Program Files\a-squared Free [17/01/2007|13:04] C:\Program Files\AviSynth 2.5 [10/07/2008|17:43] C:\Program Files\Azureus [02/07/2008|19:15] C:\Program Files\BitDefender [16/06/2008|20:40] C:\Program Files\Calcul de prˆt [27/07/2008|15:20] C:\Program Files\Cammaestro 1.0HU build 11 [16/01/2007|12:37] C:\Program Files\CleanUp! [31/01/2007|09:47] C:\Program Files\CyberLink [10/09/2008|09:32] C:\Program Files\DivX [17/06/2008|13:22] C:\Program Files\ePaperPress [10/09/2008|09:21] C:\Program Files\EPSON [10/09/2008|10:18] C:\Program Files\ExtracteurIcones [06/09/2008|00:55] C:\Program Files\Fichiers communs [12/07/2008|09:59] C:\Program Files\Google [24/02/2008|23:56] C:\Program Files\InstallJammer Registry [10/09/2008|09:49] C:\Program Files\InstallShield Installation Information [10/09/2008|09:57] C:\Program Files\Internet Explorer [09/03/2008|12:04] C:\Program Files\Java [06/09/2008|00:56] C:\Program Files\Lavasoft [10/09/2008|09:57] C:\Program Files\Messenger [29/05/2007|08:34] C:\Program Files\Micro Application [02/02/2008|12:46] C:\Program Files\Microsoft ActiveSync [07/12/2006|17:33] C:\Program Files\microsoft frontpage [27/02/2007|20:31] C:\Program Files\Microsoft Office [09/12/2007|12:21] C:\Program Files\Microsoft SQL Server Compact Edition [07/12/2006|18:32] C:\Program Files\Microsoft Visual Studio [27/02/2007|20:31] C:\Program Files\Microsoft Works [16/01/2007|17:12] C:\Program Files\Microsoft.NET [10/09/2008|12:18] C:\Program Files\Movie Maker [12/09/2008|20:48] C:\Program Files\Mozilla Firefox [16/01/2007|14:22] C:\Program Files\MSN [07/12/2006|17:29] C:\Program Files\MSN Gaming Zone [16/01/2007|13:13] C:\Program Files\MSXML 4.0 [10/09/2008|16:10] C:\Program Files\Navilog1 [31/07/2008|18:42] C:\Program Files\NetMeeting [07/02/2007|23:30] C:\Program Files\Nvu [07/04/2007|12:43] C:\Program Files\OpenAL [10/09/2008|12:18] C:\Program Files\Outlook Express [07/03/2007|11:27] C:\Program Files\PanaVue [28/08/2007|16:32] C:\Program Files\PIXELA [06/02/2007|16:18] C:\Program Files\PROMT5 [12/07/2008|09:29] C:\Program Files\QuickMediaConverter [20/08/2008|09:58] C:\Program Files\QuickTime [24/01/2007|23:18] C:\Program Files\Raccourcis de programmes [12/09/2008|11:07] C:\Program Files\RamBoost XP [22/01/2007|19:18] C:\Program Files\Real [01/09/2008|15:42] C:\Program Files\Safari [10/05/2007|19:32] C:\Program Files\SlySoft [16/01/2007|17:59] C:\Program Files\SmartSound Software [16/01/2007|12:32] C:\Program Files\Softwin [12/04/2008|19:34] C:\Program Files\Sony [06/09/2008|01:00] C:\Program Files\Spybot - Search & Destroy [05/09/2008|16:48] C:\Program Files\Star Downloader [20/02/2008|22:31] C:\Program Files\Stellarium [07/12/2006|18:27] C:\Program Files\Synaptics [27/04/2007|18:04] C:\Program Files\T‚l‚chargement PHOTOWAYS [17/02/2007|15:57] C:\Program Files\Total Video Converter [24/06/2008|13:17] C:\Program Files\Ubi Soft [24/06/2008|13:25] C:\Program Files\ubi.com [05/04/2008|19:55] C:\Program Files\Ulead Systems [07/12/2006|17:37] C:\Program Files\Uninstall Information [05/05/2008|19:53] C:\Program Files\VideoLAN [06/10/2007|09:53] C:\Program Files\Wanadoo [09/12/2007|12:22] C:\Program Files\Windows Live [16/01/2007|17:58] C:\Program Files\Windows Media Components [13/06/2007|11:53] C:\Program Files\Windows Media Connect 2 [10/09/2008|09:57] C:\Program Files\Windows Media Player [10/09/2008|09:57] C:\Program Files\Windows NT [07/12/2006|17:30] C:\Program Files\Windows Plus [07/12/2006|17:31] C:\Program Files\WindowsUpdate [10/09/2008|09:57] C:\Program Files\WinRAR [07/12/2006|17:33] C:\Program Files\xerox --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [12/05/2008|11:58] C:\Program Files\Fichiers communs\ACD Systems [10/09/2008|09:15] C:\Program Files\Fichiers communs\Adobe [04/12/2007|10:48] C:\Program Files\Fichiers communs\Adobe Systems Shared [15/02/2007|14:02] C:\Program Files\Fichiers communs\Ahead [02/07/2008|19:15] C:\Program Files\Fichiers communs\BitDefender [16/01/2007|17:14] C:\Program Files\Fichiers communs\DESIGNER [16/01/2007|17:57] C:\Program Files\Fichiers communs\InstallShield [04/12/2007|10:34] C:\Program Files\Fichiers communs\InterVideo [18/01/2007|14:34] C:\Program Files\Fichiers communs\Java [28/03/2008|14:35] C:\Program Files\Fichiers communs\LightScribe [02/02/2008|12:45] C:\Program Files\Fichiers communs\Microsoft Shared [07/12/2006|17:31] C:\Program Files\Fichiers communs\MSSoap [07/12/2006|18:27] C:\Program Files\Fichiers communs\ODBC [27/07/2008|15:20] C:\Program Files\Fichiers communs\PCCamera [30/08/2008|09:36] C:\Program Files\Fichiers communs\Real [07/12/2006|17:31] C:\Program Files\Fichiers communs\Services [16/01/2007|12:32] C:\Program Files\Fichiers communs\Softwin [07/12/2006|18:27] C:\Program Files\Fichiers communs\SpeechEngines [10/09/2008|09:57] C:\Program Files\Fichiers communs\System [05/04/2008|19:55] C:\Program Files\Fichiers communs\Ulead Systems [16/01/2007|21:22] C:\Program Files\Fichiers communs\Vbox [09/12/2007|12:19] C:\Program Files\Fichiers communs\WindowsLiveInstaller [06/09/2008|00:55] C:\Program Files\Fichiers communs\Wise Installation Wizard [30/08/2008|09:36] C:\Program Files\Fichiers communs\xing shared --------------------\\ Process ( 56 Processes ) ... OK ! --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop C:\DOCUME~1\OLIVIE~1\Cookies\olivier_gelin@adopt.euroclick[2].txt C:\DOCUME~1\OLIVIE~1\Cookies\olivier_gelin@pacificpoker[2].txt --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-12 20:52:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! [F:11][D:2]-> C:\DOCUME~1\OLIVIE~1\LOCALS~1\Temp [F:43][D:0]-> C:\DOCUME~1\OLIVIE~1\Cookies [F:833][D:5]-> C:\DOCUME~1\OLIVIE~1\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 12/09/2008|19:42 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - 12/09/2008|20:54 - Option : [2] --------------------\\ Fin du rapport a 20:54:14
  3. olgelin
    le voici --------------------\\ Lop S&D 4.2.4-2 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Core2 CPU T5600 @ 1.83GHz ) BIOS : Ver 1.00PARTTBL USER : Olivier GELIN ( Administrator ) BOOT : Normal boot Antivirus : Bitdefender Antivirus 8.0 (Activated) Firewall : Bitdefender Firewall 8.0 (Activated) "C:\Lop SD" ( MAJ : 08-09-2008|21:40 ) Option : [1] ( 12/09/2008|19:39 ) --------------------\\ Listing des dossiers dans APPLIC~1 [07/12/2006|17:37] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities [07/12/2006|18:29] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia [07/12/2006|18:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft [16/01/2007|17:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems [10/09/2008|09:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe [04/12/2007|10:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems [07/12/2006|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead [01/09/2008|15:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple [20/08/2008|09:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer [13/03/2008|14:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus [02/07/2008|19:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender [05/05/2008|16:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software [17/01/2007|12:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink [01/02/2007|20:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink [04/12/2007|11:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield [29/03/2008|11:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InterVideo [06/09/2008|00:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft [14/08/2008|10:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft [04/09/2008|12:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Move Bore Curb Tool [17/01/2007|10:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles [12/11/2007|23:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SmartSound Software Inc [06/09/2008|09:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy [17/05/2008|14:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TVU Networks [15/04/2007|10:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL [05/04/2008|19:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems [16/01/2007|13:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage [09/12/2007|12:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller [07/12/2006|17:37] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities [07/12/2006|18:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia [07/12/2006|18:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft [07/12/2006|17:36] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft [07/12/2006|17:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft [16/01/2007|17:38] C:\DOCUME~1\OLIVIE~1\APPLIC~1\ACD Systems [14/06/2008|09:26] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Adobe [18/01/2007|14:29] C:\DOCUME~1\OLIVIE~1\APPLIC~1\AdobeUM [24/01/2007|20:43] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Ahead [02/12/2007|10:41] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Alien Skin [01/09/2008|15:47] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Apple Computer [10/09/2008|16:09] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Azureus [02/07/2008|19:16] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Bitdefender [05/05/2008|16:08] C:\DOCUME~1\OLIVIE~1\APPLIC~1\BVRP Software [04/09/2008|10:46] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Canon [05/10/2007|12:04] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Canopus [10/09/2008|11:02] C:\DOCUME~1\OLIVIE~1\APPLIC~1\CursorArts [17/01/2007|12:50] C:\DOCUME~1\OLIVIE~1\APPLIC~1\CyberLink [02/03/2007|10:41] C:\DOCUME~1\OLIVIE~1\APPLIC~1\DivX [16/06/2008|23:16] C:\DOCUME~1\OLIVIE~1\APPLIC~1\ePaperPress [15/04/2007|10:59] C:\DOCUME~1\OLIVIE~1\APPLIC~1\EPSON [10/09/2008|10:46] C:\DOCUME~1\OLIVIE~1\APPLIC~1\GetRightToGo [17/12/2007|21:24] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Google [20/03/2007|00:36] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Help [07/12/2006|17:37] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Identities [12/04/2008|19:25] C:\DOCUME~1\OLIVIE~1\APPLIC~1\InstallShield [05/05/2008|16:08] C:\DOCUME~1\OLIVIE~1\APPLIC~1\InstallShield Installation Information [07/12/2006|18:29] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Macromedia [17/06/2008|13:22] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Microsoft [09/08/2008|21:30] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Mozilla [16/01/2007|14:22] C:\DOCUME~1\OLIVIE~1\APPLIC~1\MSNInstaller [16/01/2007|17:41] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Nvu [19/08/2008|17:58] C:\DOCUME~1\OLIVIE~1\APPLIC~1\RayV [09/06/2007|09:48] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Real [30/07/2007|17:17] C:\DOCUME~1\OLIVIE~1\APPLIC~1\SecuROM [30/03/2008|01:02] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Sony [12/04/2008|20:13] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Sony Corporation [20/02/2008|22:31] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Stellarium [18/01/2007|14:36] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Sun [16/01/2007|16:00] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Talkback [05/05/2008|15:14] C:\DOCUME~1\OLIVIE~1\APPLIC~1\TaoUSign [04/09/2008|12:05] C:\DOCUME~1\OLIVIE~1\APPLIC~1\THAT ROAD SEEK [17/05/2008|14:31] C:\DOCUME~1\OLIVIE~1\APPLIC~1\TVU Networks [06/03/2007|20:36] C:\DOCUME~1\OLIVIE~1\APPLIC~1\uk.co.planetside [30/03/2008|01:12] C:\DOCUME~1\OLIVIE~1\APPLIC~1\Ulead Systems [05/05/2008|19:56] C:\DOCUME~1\OLIVIE~1\APPLIC~1\vlc [24/03/2007|11:36] C:\DOCUME~1\OLIVIE~1\APPLIC~1\VTC Preferences Folder --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks [12/09/2008 19:00][--ah-----] C:\WINDOWS\tasks\A9E402AA94CFB72A.job [01/09/2008 15:47][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job [12/09/2008 11:08][--ah-----] C:\WINDOWS\tasks\SA.DAT [10/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini ( A9E402AA94CFB72A.job )=( c:\docume~1\olivie~1\applic~1\thatro~1\Closenamebat.exe ) --------------------\\ Listing des dossiers dans C:\Program Files [16/01/2007|17:35] C:\Program Files\ACD Systems [10/09/2008|11:42] C:\Program Files\ActivIcons [10/09/2008|15:32] C:\Program Files\Adobe [15/02/2007|14:02] C:\Program Files\Ahead [10/09/2008|15:49] C:\Program Files\Alien Skin [01/09/2008|15:46] C:\Program Files\Apple Software Update [04/09/2008|20:29] C:\Program Files\a-squared Free [17/01/2007|13:04] C:\Program Files\AviSynth 2.5 [10/07/2008|17:43] C:\Program Files\Azureus [02/07/2008|19:15] C:\Program Files\BitDefender [16/06/2008|20:40] C:\Program Files\Calcul de prˆt [27/07/2008|15:20] C:\Program Files\Cammaestro 1.0HU build 11 [16/01/2007|12:37] C:\Program Files\CleanUp! [31/01/2007|09:47] C:\Program Files\CyberLink [10/09/2008|09:32] C:\Program Files\DivX [17/06/2008|13:22] C:\Program Files\ePaperPress [10/09/2008|09:21] C:\Program Files\EPSON [10/09/2008|10:18] C:\Program Files\ExtracteurIcones [06/09/2008|00:55] C:\Program Files\Fichiers communs [12/07/2008|09:59] C:\Program Files\Google [24/02/2008|23:56] C:\Program Files\InstallJammer Registry [10/09/2008|09:49] C:\Program Files\InstallShield Installation Information [10/09/2008|09:57] C:\Program Files\Internet Explorer [09/03/2008|12:04] C:\Program Files\Java [06/09/2008|00:56] C:\Program Files\Lavasoft [10/09/2008|09:57] C:\Program Files\Messenger [29/05/2007|08:34] C:\Program Files\Micro Application [02/02/2008|12:46] C:\Program Files\Microsoft ActiveSync [07/12/2006|17:33] C:\Program Files\microsoft frontpage [27/02/2007|20:31] C:\Program Files\Microsoft Office [09/12/2007|12:21] C:\Program Files\Microsoft SQL Server Compact Edition [07/12/2006|18:32] C:\Program Files\Microsoft Visual Studio [27/02/2007|20:31] C:\Program Files\Microsoft Works [16/01/2007|17:12] C:\Program Files\Microsoft.NET [10/09/2008|12:18] C:\Program Files\Movie Maker [12/09/2008|18:32] C:\Program Files\Mozilla Firefox [16/01/2007|14:22] C:\Program Files\MSN [07/12/2006|17:29] C:\Program Files\MSN Gaming Zone [16/01/2007|13:13] C:\Program Files\MSXML 4.0 [10/09/2008|16:10] C:\Program Files\Navilog1 [31/07/2008|18:42] C:\Program Files\NetMeeting [07/02/2007|23:30] C:\Program Files\Nvu [07/04/2007|12:43] C:\Program Files\OpenAL [10/09/2008|12:18] C:\Program Files\Outlook Express [07/03/2007|11:27] C:\Program Files\PanaVue [28/08/2007|16:32] C:\Program Files\PIXELA [06/02/2007|16:18] C:\Program Files\PROMT5 [12/07/2008|09:29] C:\Program Files\QuickMediaConverter [20/08/2008|09:58] C:\Program Files\QuickTime [24/01/2007|23:18] C:\Program Files\Raccourcis de programmes [12/09/2008|11:07] C:\Program Files\RamBoost XP [22/01/2007|19:18] C:\Program Files\Real [01/09/2008|15:42] C:\Program Files\Safari [10/05/2007|19:32] C:\Program Files\SlySoft [16/01/2007|17:59] C:\Program Files\SmartSound Software [16/01/2007|12:32] C:\Program Files\Softwin [12/04/2008|19:34] C:\Program Files\Sony [06/09/2008|01:00] C:\Program Files\Spybot - Search & Destroy [05/09/2008|16:48] C:\Program Files\Star Downloader [20/02/2008|22:31] C:\Program Files\Stellarium [07/12/2006|18:27] C:\Program Files\Synaptics [27/04/2007|18:04] C:\Program Files\T‚l‚chargement PHOTOWAYS [04/09/2008|12:04] C:\Program Files\THAT ROAD SEEK [17/02/2007|15:57] C:\Program Files\Total Video Converter [24/06/2008|13:17] C:\Program Files\Ubi Soft [24/06/2008|13:25] C:\Program Files\ubi.com [05/04/2008|19:55] C:\Program Files\Ulead Systems [07/12/2006|17:37] C:\Program Files\Uninstall Information [05/05/2008|19:53] C:\Program Files\VideoLAN [06/10/2007|09:53] C:\Program Files\Wanadoo [09/12/2007|12:22] C:\Program Files\Windows Live [16/01/2007|17:58] C:\Program Files\Windows Media Components [13/06/2007|11:53] C:\Program Files\Windows Media Connect 2 [10/09/2008|09:57] C:\Program Files\Windows Media Player [10/09/2008|09:57] C:\Program Files\Windows NT [07/12/2006|17:30] C:\Program Files\Windows Plus [07/12/2006|17:31] C:\Program Files\WindowsUpdate [10/09/2008|09:57] C:\Program Files\WinRAR [07/12/2006|17:33] C:\Program Files\xerox --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs [12/05/2008|11:58] C:\Program Files\Fichiers communs\ACD Systems [10/09/2008|09:15] C:\Program Files\Fichiers communs\Adobe [04/12/2007|10:48] C:\Program Files\Fichiers communs\Adobe Systems Shared [15/02/2007|14:02] C:\Program Files\Fichiers communs\Ahead [02/07/2008|19:15] C:\Program Files\Fichiers communs\BitDefender [16/01/2007|17:14] C:\Program Files\Fichiers communs\DESIGNER [16/01/2007|17:57] C:\Program Files\Fichiers communs\InstallShield [04/12/2007|10:34] C:\Program Files\Fichiers communs\InterVideo [18/01/2007|14:34] C:\Program Files\Fichiers communs\Java [28/03/2008|14:35] C:\Program Files\Fichiers communs\LightScribe [02/02/2008|12:45] C:\Program Files\Fichiers communs\Microsoft Shared [07/12/2006|17:31] C:\Program Files\Fichiers communs\MSSoap [07/12/2006|18:27] C:\Program Files\Fichiers communs\ODBC [27/07/2008|15:20] C:\Program Files\Fichiers communs\PCCamera [30/08/2008|09:36] C:\Program Files\Fichiers communs\Real [07/12/2006|17:31] C:\Program Files\Fichiers communs\Services [16/01/2007|12:32] C:\Program Files\Fichiers communs\Softwin [07/12/2006|18:27] C:\Program Files\Fichiers communs\SpeechEngines [10/09/2008|09:57] C:\Program Files\Fichiers communs\System [05/04/2008|19:55] C:\Program Files\Fichiers communs\Ulead Systems [16/01/2007|21:22] C:\Program Files\Fichiers communs\Vbox [09/12/2007|12:19] C:\Program Files\Fichiers communs\WindowsLiveInstaller [06/09/2008|00:55] C:\Program Files\Fichiers communs\Wise Installation Wizard [30/08/2008|09:36] C:\Program Files\Fichiers communs\xing shared --------------------\\ Process ( 60 Processes ) IEXPLORE.EXE ~ [PID:3564] IEXPLORE.EXE ~ [PID:300] --------------------\\ Recherche avec S_Lop C:\DOCUME~1\OLIVIE~1\APPLIC~1\THATRO~1 C:\DOCUME~1\OLIVIE~1\APPLIC~1\THATRO~1\Closenamebat.exe C:\DOCUME~1\OLIVIE~1\APPLIC~1\THATRO~1\curb build.exe C:\DOCUME~1\OLIVIE~1\APPLIC~1\THATRO~1\vlyocwvm.exe --------------------\\ Recherche de Fichiers / Dossiers Lop C:\DOCUME~1\ALLUSE~1\APPLIC~1\Move Bore Curb Tool C:\DOCUME~1\ALLUSE~1\APPLIC~1\Move Bore Curb Tool\fast idol.exe C:\DOCUME~1\OLIVIE~1\APPLIC~1\thatro~1 C:\DOCUME~1\OLIVIE~1\APPLIC~1\thatro~1\Closenamebat.exe C:\DOCUME~1\OLIVIE~1\APPLIC~1\thatro~1\curb build.exe C:\DOCUME~1\OLIVIE~1\APPLIC~1\thatro~1\vlyocwvm.exe C:\Program Files\thatro~1 C:\DOCUME~1\OLIVIE~1\Cookies\olivier_gelin@bigpoint[1].txt C:\DOCUME~1\OLIVIE~1\Cookies\olivier_gelin@fr.xblaster.bigpoint[2].txt C:\DOCUME~1\OLIVIE~1\Cookies\olivier_gelin@banner.cotedazurpalace[2].txt C:\DOCUME~1\OLIVIE~1\Cookies\olivier_gelin@cotedazurpalace[2].txt C:\DOCUME~1\OLIVIE~1\Cookies\olivier_gelin@www.cotedazurpalace[1].txt C:\DOCUME~1\OLIVIE~1\Cookies\olivier_gelin@adopt.euroclick[1].txt C:\DOCUME~1\OLIVIE~1\Cookies\olivier_gelin@pacificpoker[1].txt C:\WINDOWS\Tasks\A9E402AA94CFB72A.job --------------------\\ Verification du Registre [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Eggs Bolt Rect] "DisplayName"="CiD Help" "UninstallString"="C:\\DOCUME~1\\OLIVIE~1\\APPLIC~1\\THATRO~1\\curb build.exe -uninstall" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-12 19:40:49 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! [F:11][D:2]-> C:\DOCUME~1\OLIVIE~1\LOCALS~1\Temp [F:47][D:0]-> C:\DOCUME~1\OLIVIE~1\Cookies [F:762][D:5]-> C:\DOCUME~1\OLIVIE~1\LOCALS~1\TEMPOR~1\content.IE5 1 - "C:\Lop SD\LopR_1.txt" - 12/09/2008|19:42 - Option : [1] --------------------\\ Fin du rapport a 19:42:43
  4. olgelin
    merci voici le rapport : DiagHelp version v1.4 - http://www.malekal.com excute le 12/09/2008 à 12:57:59,39 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->12/09/2008 12:57:57 C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->12/09/2008 12:57:05 C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->12/09/2008 12:56:43 C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->12/09/2008 12:56:33 C:\WINDOWS\prefetch\FIREFOX.EXE-28641590.pf -->12/09/2008 12:47:08 C:\WINDOWS\prefetch\MSMSGS.EXE-2B6052DE.pf -->12/09/2008 12:46:32 C:\WINDOWS\prefetch\MSIMN.EXE-38BA891D.pf -->12/09/2008 12:46:23 C:\WINDOWS\prefetch\UPGREPL.EXE-24BD643C.pf -->12/09/2008 12:38:52 C:\WINDOWS\prefetch\layout.ini -->12/09/2008 12:33:27 C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->12/09/2008 12:18:17 C:\WINDOWS\System32\drivers\tcpip.sys -->20/06/2008 13:51:12 C:\WINDOWS\System32\drivers\afd.sys -->20/06/2008 13:40:08 C:\WINDOWS\System32\drivers\tcpip6.sys -->20/06/2008 13:08:27 C:\WINDOWS\System32\drivers\bthport.sys -->14/06/2008 19:33:37 C:\WINDOWS\System32\drivers\bdfndisf.sys -->02/06/2008 16:16:08 C:\WINDOWS\System32\drivers\rmcast.sys -->08/05/2008 16:02:52 C:\WINDOWS\System32\drivers\oreans32.sys -->05/05/2008 16:09:13 C:\WINDOWS\System32\bdod.bin -->12/09/2008 12:57:56 C:\WINDOWS\System32\wpa.dbl -->12/09/2008 11:08:33 C:\WINDOWS\System32\nvapps.xml -->12/09/2008 11:07:57 C:\WINDOWS\System32\FNTCACHE.DAT -->10/09/2008 14:37:32 C:\WINDOWS\System32\uxtheme.dll -->10/09/2008 12:16:25 C:\WINDOWS\System32\perfh00C.dat -->09/09/2008 18:22:43 C:\WINDOWS\System32\perfh009.dat -->09/09/2008 18:22:43 C:\WINDOWS\System32\perfc00C.dat -->09/09/2008 18:22:43 C:\WINDOWS\System32\perfc009.dat -->09/09/2008 18:22:43 C:\WINDOWS\System32\PerfStringBackup.INI -->09/09/2008 18:22:42 C:\WINDOWS\System32\Thumbs.db -->04/09/2008 18:47:03 C:\WINDOWS\System32\rmoc3260.dll -->30/08/2008 09:36:12 C:\WINDOWS\System32\pndx5032.dll -->30/08/2008 09:35:52 C:\WINDOWS\System32\pndx5016.dll -->30/08/2008 09:35:52 C:\WINDOWS\System32\pncrt.dll -->30/08/2008 09:35:46 C:\WINDOWS\System32\MRT.exe -->26/08/2008 22:28:12 C:\WINDOWS\System32\TZLog.log -->14/08/2008 08:47:03 C:\WINDOWS\System32\spupdwxp.log -->31/07/2008 19:26:07 C:\WINDOWS\System32\privacy.xml -->25/07/2008 20:34:33 C:\WINDOWS\System32\TubeFinder.exe -->25/07/2008 15:23:40 C:\WINDOWS\System32\divxsm.tlb -->25/07/2008 10:36:00 C:\WINDOWS\System32\DivXsm.exe -->25/07/2008 10:36:00 C:\WINDOWS\System32\dpl100.dll -->25/07/2008 10:34:54 C:\WINDOWS\System32\dtu100.dll -->25/07/2008 10:34:52 C:\WINDOWS\System32\dpuGUI10.dll -->25/07/2008 10:34:50 C:\WINDOWS\WindowsUpdate.log -->12/09/2008 11:11:16 C:\WINDOWS\wiaservc.log -->12/09/2008 11:08:17 C:\WINDOWS\0.log -->12/09/2008 11:08:17 C:\WINDOWS\wiadebug.log -->12/09/2008 11:08:16 C:\WINDOWS\TempFile -->12/09/2008 11:08:12 C:\WINDOWS\bootstat.dat -->12/09/2008 11:07:54 C:\WINDOWS\SchedLgU.Txt -->10/09/2008 23:32:00 C:\WINDOWS\bdagent.INI -->10/09/2008 23:31:30 C:\WINDOWS\Thumbs.db -->10/09/2008 16:08:14 C:\WINDOWS\BricoPackUninst.txt -->10/09/2008 12:16:26 C:\WINDOWS\BricoPackUninst.cmd -->10/09/2008 12:16:26 C:\WINDOWS\BricoPackFoldersDelete.cmd -->10/09/2008 12:16:26 C:\WINDOWS\BricoPack Wallpaper.bmp -->10/09/2008 12:15:40 C:\WINDOWS\tsoc.log -->10/09/2008 09:51:46 C:\WINDOWS\tabletoc.log -->10/09/2008 09:51:46 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 716 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll 0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll 0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll 0x44080000 0x13a000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll 0x00680000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll 0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll 0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll 0x01d10000 0x12c000 7.00.6000.16705 C:\WINDOWS\system32\urlmon.dll 0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL 0x44360000 0x5cd000 7.00.6000.16705 C:\WINDOWS\system32\ieframe.dll 0x10000000 0x11000 C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon.dll 0x01ba0000 0xe000 1.09.0000.0000 C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.dll 0x01bc0000 0x5000 C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\MouseHook2.dll 0x73ce0000 0x27000 4.00.1183.0001 C:\WINDOWS\system32\CRTDLL.dll 0x024d0000 0xf000 1.03.0000.0000 C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.dll 0x026b0000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll 0x02ac0000 0x150000 7.00.6000.16705 C:\WINDOWS\system32\webcheck.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x03810000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x69270000 0x8d000 5.02.2600.5512 C:\WINDOWS\system32\fxsst.dll 0x61410000 0x72000 5.02.2600.5512 C:\WINDOWS\system32\FXSAPI.dll 0x02680000 0x2c000 C:\Program Files\WinRAR\rarext.dll 0x04970000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x049d0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll 0x02e00000 0x17000 5.00.0008.0000 C:\Program Files\PROMT5\PROMT\prmshell.dll 0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL 0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL 0x031f0000 0x27000 11.00.0000.0015 C:\Program Files\BitDefender\BitDefender 2008\bdshelxt.dll 0x03220000 0x13000 11.00.0000.0012 C:\Program Files\BitDefender\BitDefender 2008\bdutils.dll 0x7c420000 0x87000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll 0x03250000 0x16000 11.00.0000.0001 C:\Program Files\BitDefender\BitDefender 2008\txmlx.dll 0x03280000 0x38000 3.00.0000.0058 C:\PROGRA~1\A-SQUA~1\A2FREE~1.DLL 0x4eb80000 0x1a6000 5.01.3102.5581 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 1528 Command line: winlogon.exe Base Size Version Path 0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe 0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll 0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll 0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll 0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll 0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x01460000 0x3b000 1.07.0017.0000 C:\WINDOWS\system32\WgaLogon.dll 0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll Le volume dans le lecteur C s'appelle Majestic Le numéro de série du volume est B4A1-4136 Répertoire de C:\WINDOWS\system 05/04/1996 00:00 4 176 QTNOTIFY.EXE 10/09/1999 14:06 4 672 wowpost.exe 2 fichier(s) 8 848 octets 0 Rép(s) 64 925 880 320 octets libres Le volume dans le lecteur C s'appelle Majestic Le numéro de série du volume est B4A1-4136 Répertoire de C:\WINDOWS\system32 13/04/2008 19:34 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 64 925 880 320 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle Majestic Le numéro de série du volume est B4A1-4136 Répertoire de C:\WINDOWS\Downloaded Program Files 05/09/2008 16:48 <REP> . 05/09/2008 16:48 <REP> .. 07/04/2005 09:28 143 activex.inf 04/04/2005 17:53 753 664 activex.ocx 27/03/2008 20:58 <REP> CONFLICT.1 07/12/2006 17:31 65 desktop.ini 25/07/2002 18:13 24 576 dwusplay.dll 25/07/2002 18:13 196 608 dwusplay.exe 23/03/2007 13:17 1 292 erma.inf 10/04/2000 17:12 1 765 fhg.inf 20/11/2007 17:04 1 523 536 FP_AX_CAB_INSTALLER.exe 30/06/2008 12:27 3 126 800 ImageUploader4.ocx 25/07/2002 18:05 172 032 isusweb.dll 01/02/2008 13:29 1 070 392 TVUAx.dll 30/06/2003 22:41 1 689 WMV9VCM.inf 12 fichier(s) 6 872 562 octets Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1 27/03/2008 20:58 <REP> . 27/03/2008 20:58 <REP> .. 20/11/2007 17:04 1 523 536 FP_AX_CAB_INSTALLER.exe 20/11/2007 16:50 247 swflash.inf 2 fichier(s) 1 523 783 octets Total des fichiers listés : 14 fichier(s) 8 396 345 octets 5 Rép(s) 64 925 880 320 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "C:\\Program Files\\RayV\\RayV\\RayV.exe"="C:\\Program Files\\RayV\\RayV\\RayV.exe:*:Enabled:RayV" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\ 63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\ 6d,73,73,74,79,6c,65,73,00 "InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\ 73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... 127.0.0.1 www.activexupdate.com 127.0.0.1 activexupdate.com 127.0.0.1 www.avpcheckupdate.com 127.0.0.1 avpcheckupdate.com 127.0.0.1 client.exeupdate.com 127.0.0.1 www.eupdatepage.com 127.0.0.1 eupdatepage.com 127.0.0.1 www.exeupdate.com 127.0.0.1 exeupdate.com 127.0.0.1 www.hotwinupdates.com 127.0.0.1 hotwinupdates.com 127.0.0.1 www.lavasoftupdate.com 127.0.0.1 lavasoftupdate.com 127.0.0.1 www.malwarewipeupdate.com 127.0.0.1 malwarewipeupdate.com 127.0.0.1 www.msupdate.net 127.0.0.1 msupdate.net 127.0.0.1 www.msupdater.net 127.0.0.1 msupdater.net 127.0.0.1 www.necessaryupdates.com 127.0.0.1 necessaryupdates.com 127.0.0.1 newupdates.lzio.com 127.0.0.1 redirect.msupdate.net 127.0.0.1 search.keyword.exeupdate.com 127.0.0.1 www.securityupdatesite.com 127.0.0.1 securityupdatesite.com 127.0.0.1 settings.updatemysettings.com 127.0.0.1 www.spyaxeupdate.com 127.0.0.1 spyaxeupdate.com 127.0.0.1 www.spyfalconupdate.com 127.0.0.1 spyfalconupdate.com 127.0.0.1 www.systemupdates.net 127.0.0.1 systemupdates.net 127.0.0.1 trial.updates.winsoftware.com 127.0.0.1 update.680180.net 127.0.0.1 www.updatemysettings.com 127.0.0.1 updatemysettings.com 127.0.0.1 updates.spywarequake.com 127.0.0.1 www.urgentsystemupdate.biz 127.0.0.1 urgentsystemupdate.biz 127.0.0.1 www.urgentsystemupdate.com 127.0.0.1 urgentsystemupdate.com 127.0.0.1 windupdates.com 127.0.0.1 update.shareaza.com 127.0.0.1 www.antispywareupdates.net 127.0.0.1 antispywareupdates.net 127.0.0.1 www.flwupdate.com 127.0.0.1 flwupdate.com 127.0.0.1 www.movupdate.com 127.0.0.1 movupdate.com 127.0.0.1 www.mpegupdate.com 127.0.0.1 mpegupdate.com 127.0.0.1 www.aviupdate.com 127.0.0.1 aviupdate.com 127.0.0.1 www.registryupdate.org 127.0.0.1 registryupdate.org 127.0.0.1 www.updatesantivirus.com 127.0.0.1 updatesantivirus.com 127.0.0.1 www.xp-vista-update.net 127.0.0.1 xp-vista-update.net 127.0.0.1 www.pandaantivirus-2007.com 127.0.0.1 pandaantivirus-2007.com 127.0.0.1 www.pandadownload-now.com 127.0.0.1 pandadownload-now.com 127.0.0.1 www.panda-hq.com 127.0.0.1 panda-hq.com catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-12 12:58:40 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] "PendingFileRenameOperations"=str(7):"d\2x\32\x2140&¨\xffffn \xe4f6\xea5e\xf331È\0\0\x2c30\x80\0\0\0\0\xffff\xffff\xffff\xffff\1\0à\32\0\xffff\xffff\0\0\0\0\34\0\4\0\2\0\5\0Stp\0\xffd8\xffffl\3\x30f0\x80s\x7f4p\x80\xea98ø\32\x97cgacy\xffd0\xffffv\21\4\xffffà\32\xfff8\xffff\x31d0\32\xffe8\xffffMicrosoft\0\xffe8\xffffv\0j\087\1\0\0\xff68\xffff%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000\0e\xff20\xffffC:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager\0st\xfff8\xffffØ\32°\xffffv2æ\0€\32\1\0\1<C\rga ie\irsf cieycwecm.x\0\0\0°\xffffv1Ö\0 \32\1\0\0016C\rga ie\irsf cieycWEM\x2e72e\x22659\xde806°\xffffv1Ø\0Ð\32\1\0\0016C\rga ie\irsf cieycrpm\x2e72eerd\0\xffd8\xffffv\t\xbe\0\32\2\0\1tIaeahitD\xfff8\xffffØ\32\xffe8\xffffl\1\xe1006d\x29c4\xe1006d\x29c4\xffe8\xffffv\0r\0°7\1\0\0\0\xff78\xffffAssure la communication efficace entre les composants BitDefender\0\xffd8\xffffv\n\22\0¸\32\a\0\1nSbeMspc\0\xffe0\xffffLocalSystem\0\0\0\b\0\x30b0\32\xffd8\xffffv\r\4ECT NOEXECUTE=OPTOUT\0 LASTBOOTSTATUS=2\0\0\0\0\xffc8\xffffRealtek HD Audio output\00026\xffe0\xffffv\a\0¸\34\2\0\1\0Wnos\xffd0\xffffv\24\4C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager\08 8\xff78\xffffC:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger\0\xfff8\xffff`\32hi\xffffC:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application\0\0\1\v°\xffffv3ª\0 \32\1\0\1tC\rga ie\idw ieMsegrmns\x2e72eeC:\xffe8\xffffDISK 2.0\0\35\xffe8\xffffv\0H\0P7\1\0\0\x2cee°\xffffmulti(0)disk(0)rdisk(0)partition(1)\0\0\0\xffc8\xffffv\e\4C:\WINDOWS\PixArt\PAC7311\PASnap.exe /FN:C:\PA7311.dat /RP:Software\PixArt\PAC7311 /RN:ImageArrived\0\x1bb08\xffd8\xffffv\v2\0ø\32\1\0\1eDslyaeM\0\xfff8\xffff€\32\xffe8\xffffl\2Ð\ed\x29c4\x2a30\34\xe918H\xffe8\xffff <H<h<<ø<\xffd0\xffffv\22\32\0˜\32\a\0\1.DcDfutaea\0\0g\xffd8\xffffv\17\4Maintient les liens entre les fichiers NTFS au sein d'un ordinateur ou de plusieurs ordinateurs dans un domaine de réseau.\0\0\0\0\xffd8\xffffv\n\30\0Ð\32\1\0\1\x500OjcNm\0v\n\xffd8\xffffv\vn\0x\32\1\0\1\0Dsrpin\0\0\xffd8\xffffv\v\x84\0¸\32\1\0\1\21Dsrpi\xff6e\xffff\xffff\xffe0\xffffv\4\4\xffffv\35z\0H\32\1\0\1\04470794d\x2572\yt\x336d2ssm\x2e72ee\0\xff80\xffff%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019\0\0\xffe0\xffff\32¨\32ð\32h\32¸\32"C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service\0\0H\21¨\xffffv=\436\0\0\xffd8\xffffv\16\2ie (TAPI) pour les programmes contrôlant les périphériques de téléphonie, les connexions vocales basées sur le protocole IP, sur l'ordinateur local, via le réseau local, sur le serveur où ce service fonctionne également.\0\0\0\0\xffd8\xffffv\n\26\0\32\1\0\1\0DieDt\0\0\0\xff88\xffffFournit la configuration automatique des cartes 802.11\0\0\0\0\xffc0\xffffRealtek High Definition Audio\0¨\xffffv<\4\x20b8\21ð\32¨\32\xffd0\xffffv\27\4\xffffv\n<\0ð\32\1\0\1!DieDs%\xff98!\xffd8\xffffv\16N\0 \32\1\0\1\xffffDvcIsac\0\xffe0\xffffv\3\f\0(\f\1\0\1\0Mg\0\0\xffe8\xffffMicrosoft\0\xffe0\xffffv\3\24\00\30\1\0\1\0Mg\0\0\xfff0\xffffèH@H\xf420\21\xffe0\xffff0.0.0.0\0\0.10\0\0\xfff8\xffff(\32\xffd8\xffffv\f\4tC\rga ie\idw ieMsegrlvcl.x53\20\0Fdc\0\0\0\xffe8\xffffl\1¨\n\xfac1w¨\n\xfac1w¨\xffffv<\4v<\4\0\32\1\0\1\eDcIAdes\35\xffd8\xffffv\16\30\0ð\32\1\0\1DcNmSre\35\xffe0\xffffv\b\4\1\0\0012SmoiLn32\xffc8\xffffv\35\4\xffffv\30H\0\32\a\0\1\0Seilolieeann°\xfffftime.windows.com,7ab0e8e\0\0\0\0\0\0\0\0\0\0\0\0&\0\xffd0\xffff\32 \32ð\32\x31f0\32\x3020\32\x3058\32X\32È\32\x3090\32è\32\xa788\32\xffc0\xffff\x30b0\32\x3100\32@\32€\32Ø\32€\320\320\32x\32 \32È\32p\32Ð\32¨\0321.\30\0kbdhid\0\0\0\32\xffe8\xffffVolume\0L\x2588L\xffd8\xffff192.168.1.100\09\0e@\xffe8\xffff7-1-2001\0N\xffe8\xffffMicrosoft\0\xffe0\xffffv\b\4\0\0\0\xffe0\xffff\32`\32p\32ø\32˜\32È\32\xe0d0\21¨\xffffv=\4DfutaeaMti\0\0\xffd0\xffffv\23\4\xffffp\22°\22¸\32@\32°\32¨\32\0\32\xffe0\xffffv\5\16\0ð\32\1\0\1LCa\x2473L\xffe0\xffff255.255.255.0\0\xffd8\xffffv\n\2\1\0Ntfcto akgs\0\xffd0\xffffv\27\4\0x\35\1\0\1\x96DvcIsac1\30\0¸\32\b\0ut\b\0 \32\xffe8\xffffv\0.\0\xa8f0\32\1\0\0\0\xffd8\xffff192.168.1.254\0005\0Fm¨\xffff{C633E6F9-BAC2-4052-B780-667F1A8D6A7E}\0812\xffd8\xffffv\17\4\b\xffe0\xffffv\3\f\0 \f\1\0\1\nMg\n\xffe8\xffffv\0F\07\1\0\0\0\xffd0\xffffCanal IDE principal\0Da\xffd8\xffffv\16F\0¨\32\1\0\1HDvcIsacu\xffd8\xffffv\f\x9c\0\xc70\35\1\0\1OSmoiLn G\xffd0\xffffv\25\4\35\1\0\1nSmoiLnvi\xffd8\xffffv\f\xa0\0\xa7b8\32\1\0\0015SmoiLn0}\xffe0\xffffv\a\16\0x\16\1\0\1\0Srie\xffe0\xffffv\5\n\0\xa4b8\24\1\0\1\0Gop\0\xffe0\xffffv\5\4\4\0\1\0Iptrvdr\0\xffe0\xffffv\2\4\2ˆ\21\xffe0\xffffv\5\16\0\32\1\0\1eCass\xffe0\xffff192.168.1.1\0\0m\xffd0\xffffv\21\4Active la découverte de périphériques Plug and Play universels sur votre réseau domestique.\0\0\0\xffd0\xffff\x2e48\32\x2fa8\32\x2e90\32\x2cf8\32\x2090\32 \32\x2470\32\x24c0\32\x1fc0\32\32ˆ\32\xffd8\xffff255.255.255.0\0\0.25\xffd0\xffffv\21\36\0 \32\a\0\1\17DcSbeMsOtcRt°\xffffUSB\Vid_0930&Pid_0b05\103106000319\0ent\xffd8\xffffv\fN\0\32\1\0\1\32MDvcGIsO\xffe0\xffffð?@h@@Ø\32ø\320\17\xffe8\xffffmouhid\0\0\0\0\xffe0\xffff192.168.1.1\0\0\0\b\0Fm\xffd8\xffffv\f\4hid\0\0\0\x85\xfff8\xffffx\32\xffe8\xffffusb.inf\075\xfff0\xffff\0\1\tMseDvcTmnMd\t\xffe0\xffffv\3B\0@\e\1\0\1\nMgØ\n\xffd0\xffffv\24\4\0\xffd8\xffff255.255.255.0\0\0.25\xffd8\xffffv\f\4\xffffv\3B\0\xe2f0\32\1\0\1\nMg\x3228\n\xffe8\xffffl\2p\34d\x29c4H\34\xe918H\xffe8\xffff7-1-2001\0\0\xffe0\xffff192.168.1.1\0\0m\xffd8\xffffv\16J\0P\32\1\0\1\34DvcIsac\34\xffd8\xffffv\v\4ª­É\0\0h\b\1\0\0\0\x3248\32\xffff\xffff\1\0€\32(\6\xffff\xffff\b\0\0\0\30\0\4\0004\0\17\0LGC_9A\x33456\xffd8\xffffv\f\4gc\32\xffd8\xffffv\v\4?\xfe60?\0\35\xffe8\xffff*NTKERN\0 \34\xffe8\xffff\xa6a8?H?\xea20@\xeb88@\xed28@\xffe8\xffffv\0\2\4\1\0PirtCas\0\xffd8\xffffv\n$\0h\34\1\0\1mDvcDs\C:\xffd8\xffff \21è\22p\22Ø\22\22(\22¨\32\22Po\xffc8\xffff\Windows\0\RPC Control\0\0\0\0\0\xffd0\xffffv\24\4\xffffv\21\36\0H\32\a\0\0015DcSbeMsOt\00\32\xffe8\xffffl\1 \2\xe518®XM\xf841É\xff40\xffffC:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)\0°\xffffv2æ\0\32\1\0\1 C\rga ie\irsf cieycwecm.x\0\0\0°\xffffv1Ö\0\x3260\32\1\0\1\tC\rga ie\irsf cieycWEM\x2e72eeF03°\xffffv3ª\0\x3340\32\1\0\1\0C\rga ie\idw ieMsegrmns\x2e72eexy\xffd8\xffffv\r\4e:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager\0\0v\f\xff68\xffffC:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server\0sta\xffe0\xffffv\4\4\xffe8\xffffoem24.inf\0hisac<\xffe0\xffffv\3B\0à\32\1\0\1\nMgÐ\n\xffe8\xffffmdiui.dll\0\xfff0\xffff\x18e0E\x19a8EÐEP\xffff\1\x90\0\x9c\0\24\0000\0\2\34\1\0\24ÿ\17\0\0\0#\0\0\0\x500\22\0\0\0\x500\22\0_t\xffd8\xffffv\16\1v \4\xffffv\f4\0\x4dd8\35\1\0\1\0FinlNm\0\0°\xffffv5\4\22X\22`\32X\xffff\\?\HID#Vid_0461&Pid_4d2b#6&2141b76&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}\0°\xffffv6\4\0\0\xfff8\xffffØ\32\xffe8\xffffa233aaac\0005\xfff8\xffff\32\xffd8\xffffv\16\4@\32\xffd8\xffffv\f\24\0 \30\1\0\1\0EtninL\0\0H\xffff\\?\HID#Vid_045e&Pid_00d2&Col01#6&271ec5e8&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}\0\0\xff80\xffffUSBSTOR\Disk&Ven_Sony&Prod_DSLR-A200&Rev_1.00\586AB01EA914&0\0\0\xffd0\xffffv\22\4nLcnePoesrPer¨\xffffv=\4\0\0\0\0\xffff\xffff\xffff\xffff\1\0\30\x1be8\21\xffff\xffff\0\0\0\0\0\0\20\0\0\0\n\0awevcl\20\xffc0\xffffv&\4@\3\0\1\0_weulcomn\x2e6fee\x3344DG_\x3237056\xffd8\xffffv\f\4i\xfff8\xffffè\32\xffe8\xffff@88¨8(8À8\xffc8\xffffv\32\4N\0\32\1\0\1\35DvcIsac\35\xffd8\xffffv\t\4n\0\0\xfff8\xffffX\32\xffd8\xffffv\f\b\0\xa880\n\3\0\1\x2494SudwTm\x19e0\4\xfff8\xffff8\32\xffc8\xffffv\31\4\xffc0\xffffv"\4\xffff\16\0\0\0\26\0N\0\0\0\4\0\x3030\x3030s\0\xfff8\xffff\xab20\32H\xffff\\?\HID#Vid_045e&Pid_00d2&Col02#6&271ec5e8&0&0001#{4d1e55b2-f16f-11cf-88cb-001111000030}\0c\xfff8\xffffˆ\32\xffd8\xffffv\f\xa4\0`\e\1\0\14SmoiLnCd\xffd0\xffffv\27\4\0014_\x2e32ee\x3344DG_\x3237056\xffd8\xffff˜\23\xe3a0\23\xeb40\23À\240\24\x1998\24\xe8a8\23\x29b8\24à\32\xffe8\xffffl\2@Jd\x29c4 J\xe918H\xffc8\xffffv\36\4 \32hi\x4dd8\32à\32à\32\xffe0\xffffv\6\4\1\2Cpblte\xffff\xffff\b\0e\0\xfff8\xffffÈ\32°\xffffUSB\Vid_045e&Pid_00d2\5&3485b02c&0&1\0\0\xffe0\xffffv\5\34\0\32\1\0\1\0Gop\0\xffc0\xffffv$\4\xffc8\xffffv\34\4\1\0\1\0DvcDs\0\0\0¨\xffffn ­­É\0\0x\32\0\0\0\0\xffff\xffff\xffff\xffff\6\0@\32(\6\xffff\xffff\16\0\0\0\26\0N\0\0\0\4\0\x3030\x3030v\5\xffd8\xffffv\t\20\0\x9fd0\30\1\0\1}Dvodr\0\0\0\30\0ø\32ˆ\32¨\32\32°\32X\xffff\\?\USB#Vid_045e&Pid_00d2#5&3485b02c&0&1#{a5dcbf10-6530-11d2-901f-00c04fb951ed}\0ï\0\xfff0\xffffl\1È\32\x2140&¨\xffffSTORAGE\RemovableMedia\7&2f241dec&0&RM\0\35\35¨\xffffSTORAGE\RemovableMedia\7&2f3c8df7&0&RM\0adb°\xffffv5\4.x:3_3\x333910\0\xffe0\xffffv\a\16\08\20\1\0\1\nSrie\xfff8\xffffh\32\xffd8\xffffv\16N\075\xfff8\xffff\xa740\32\xffe8\xffffCCDECODE\08¨\xffffv=\4\xffffv\vF\0H\32\1\0\1\0Dslyae\0\0\xffe0\xffffextended base\0¨\xffffv=\4S\System32\h323.tsp\0005¨\xffffHID\Vid_0461&Pid_4d2b\6&2141b76&0&0000\0c_t\xffd0\xffffv\26\4\xfff8\xffffX\32\xffe0\xffffLegacyDriver\0\0\xffd8\xffffv\t:\0@\32\2\0\1\0Iaeah\0\0\0\xffc0\xffffsystem32\DRIVERS\usbscan.sys\0\0\xffe0\xffffà\24 \32@\32h\32\32Ø\34€\34¨\xffffHID\Vid_0461&Pid_4d2b\6&2141b76&0&0000\00011C\xffc8\xffffv\36\4\3\0\0014_vc_v.x:3OL6\x3032754\xffd8\xffffv\v\4\1\31Lgc\31\xffc8\xffffv\31\4à\0Ð\32\1\0\1cSmoiLnar \007àC\x0e58D\x0e80D@Fx\30ie\xffe0\xffffv\5\4\x3237056\0\0\0\xffe0\xffffv\3\f\0 \34\1\0\1\0Mg\0\0\xfff8\xffff€\32hi seront pas disponibles. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas.\0\0¸\xffff¸\22\22À\22À\22`\22à\22`\22Ø\22\22@\22@\328\22\32 \22h\32Ð\325\x2d39\20\04b2\x3364}*\xff78\xffffUSBSTOR\Disk&Ven_MAXTOR_S&Prod_TM3300622A&Rev_0000\000008E57162&0\0\xffd8\xffffv\fÚ\0È\32\1\0\1\0SmoiLn\0\0\xffd0\xffffv\27\4\xffffv\35\4\0€4\b\0\x2140&\xff40\xffff\6\0\0\0\4\0\0\0s.\xa8c0\3\0\0\0\4\0\0\0s.\xa8c0\1\0\0\0\4\0\0\0s.\xffffÿ6\0\0\0\4\0\0\0s.\xa8c0\xfe015\0\0\0\1\0\0\0s.\5\0ü\0\0\0\0\0\0\0\x31f8Ê3\0\0\0\4\0\0\0\xffffÿ8\t\5\0\0\0\1\0\0\0\x28b3Â\5\0X\xffff\\?\HID#Vid_0461&Pid_4d2b#6&2141b76&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}\0\xffe0\xffffv\a\22\0ø\32\1\0\1!Srie\xfff8\xffff\32\xffe8\xffffl\2°Ld\x29c4ˆL\xe918H\xffc8\xffffv\37\4Fas\0\0\xfff0\xffffl\1hD#\0\20\0Fdc\0\xe918H\xffe8\xffffl\2øDd\x29c4 D\xe918H\xfdc8\xffffConserve la synchronisation de la date et de l'heure sur tous les clients et serveurs sur le réseau. Si ce service est arrêté, la synchronisation de la date et de l'heure sera indisponible. Si ce service est désactivé, tout service en dépendant explicitement ne démarrera pas.\r\n\0rte\xffe0\xffffv\4\b\0\25\1\0\1\aIop\a\xffd8\xffffv\16\4v\24\475\0\xffd0\xffff%SystemRoot%\system32\0\xffd8\xffffv\nD\0P\e\1\0\1\0DvcDs\0\0\0\b\0\xdc58\23\xffe0\xffffv\a\22\0ð\24\1\0\1\24Srie\xffd0\xffffDLLHOST.EXE,MMC.EXE,RUNDLL32.EXE\0\0\xffc0\xffffv#\4\35\1\0\1\0Mg\0\0\xffe0\xffffv\6X\0\x1bc8\35\1\0\1\bDie\b\b\0\1\0\xffd8\xffffv\17\6\0\xdf50\24\a\0\1\vTPloePrs\xffd0\xffffv\22\24\0\32\1\0\1\32Cniuai\x206eFlMsO\xffd8\xffffv\t\24\0\32\1\0\0015Dt ie.0\0\20\0\4\0\b\0Go\xffe0\xffffv\a\4Vrin\xffd8\xffffv\fÐ\0¨\e\1\0\1ESmoiLnVI\xffc8\xffffv\e\4\1!Srie\xffe0\xffffv\a\20\0\x3358\24\1\0\0016Srie\20\0\32\b\0s\0\xfff0\xffffl\1PK#\0 \xffffn z\x1750\x865É\0\0h\b\1\0\0\0\4" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d11a83] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d22b0c] "0016b8a95224"=hex:71,e3,ae,ca,ef,c7,a2,e4,a6,28,a0,cb,69,6d,a6,45 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060d11a83] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060d22b0c] "0016b8a95224"=hex:71,e3,ae,ca,ef,c7,a2,e4,a6,28,a0,cb,69,6d,a6,45 scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 300 - iexplore.exe 568 - aawservice.exe 608 - svchost.exe 716 - explorer.exe 828 - rundll32.exe 836 - SynTPEnh.exe 856 - RTHDCPL.EXE 892 - bdagent.exe 916 - ehtray.exe 948 - wcescomm.exe 956 - ctfmon.exe 988 - TeaTimer.exe 996 - rambxpfr.exe 1048 - RocketDock.exe 1076 - YzShadow.exe 1256 - DevSvc.exe 1360 - ehSched.exe 1492 - csrss.exe 1496 - spoolsv.exe 1528 - winlogon.exe 1572 - services.exe 1584 - lsass.exe 1752 - svchost.exe 1800 - svchost.exe 1840 - svchost.exe 2008 - svchost.exe 2156 - MDM.EXE 2204 - nvsvc32.exe 2324 - svchost.exe 2384 - cmd.exe 2536 - xcommsvr.exe 2600 - mcrdsvc.exe 2640 - livesrv.exe 2784 - vsserv.exe 3092 - firefox.exe 3136 - dllhost.exe 3284 - wmiprvse.exe 3332 - svchost.exe 3436 - alg.exe 3564 - iexplore.exe Total number of processes = 41 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806E4000 - \WINDOWS\system32\hal.dll BADA8000 - \WINDOWS\system32\KDCOM.DLL BACB8000 - \WINDOWS\system32\BOOTVID.dll BA788000 - imagesrv.sys BA759000 - ACPI.sys BADAA000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS BA748000 - pci.sys BA8A8000 - isapnp.sys BA8B8000 - ohci1394.sys BA8C8000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS BACBC000 - compbatt.sys BACC0000 - \WINDOWS\system32\DRIVERS\BATTC.SYS BAE70000 - pciide.sys BAB28000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS BADAC000 - intelide.sys BA8D8000 - MountMgr.sys BA729000 - ftdisk.sys BADAE000 - dmload.sys BA703000 - dmio.sys BACC4000 - ACPIEC.sys BAE71000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS BAB30000 - PartMgr.sys BA8E8000 - VolSnap.sys BA62D000 - iaStor.sys BA615000 - atapi.sys BA5FF000 - viamraid.sys BA5E7000 - \WINDOWS\system32\drivers\SCSIPORT.SYS BADB0000 - imagedrv.sys BA5CD000 - nvatabus.sys BA5B7000 - nvraid.sys BA8F8000 - \WINDOWS\system32\drivers\CLASSPNP.SYS BAB38000 - SiSRaid2.sys BA908000 - disk.sys BA597000 - fltmgr.sys BA585000 - sr.sys BA918000 - PxHelp20.sys BA56E000 - KSecDD.sys BA4E1000 - Ntfs.sys BA4B4000 - NDIS.sys BA4A1000 - sfvfs02.sys BAB40000 - sfhlp02.sys BADB2000 - sfhlp01.sys BA48F000 - sfdrv01.sys BADB4000 - prosync1.sys BA473000 - prohlp02.sys BA459000 - Mup.sys BA938000 - \SystemRoot\system32\DRIVERS\nic1394.sys BA9F8000 - \SystemRoot\system32\DRIVERS\intelppm.sys BADA0000 - \SystemRoot\system32\DRIVERS\CmBatt.sys B95F3000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys B95DF000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS BA429000 - \SystemRoot\system32\DRIVERS\wmiacpi.sys B95B7000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys B9415000 - \SystemRoot\system32\DRIVERS\NETw3x32.sys BAC88000 - \SystemRoot\system32\DRIVERS\usbuhci.sys B93F1000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS BAC90000 - \SystemRoot\system32\DRIVERS\usbehci.sys B93DD000 - \SystemRoot\system32\DRIVERS\Rtnicxp.sys BAA18000 - \SystemRoot\system32\DRIVERS\i8042prt.sys BAC98000 - \SystemRoot\system32\DRIVERS\kbdclass.sys B93AE000 - \SystemRoot\system32\DRIVERS\SynTP.sys BADFE000 - \SystemRoot\system32\DRIVERS\USBD.SYS BACA0000 - \SystemRoot\system32\DRIVERS\mouclass.sys BAA28000 - \SystemRoot\system32\DRIVERS\imapi.sys BA425000 - \SystemRoot\system32\DRIVERS\cdrblock.sys BAA38000 - \SystemRoot\system32\DRIVERS\cdrom.sys BAA48000 - \SystemRoot\system32\DRIVERS\redbook.sys B938B000 - \SystemRoot\system32\DRIVERS\ks.sys BAEEB000 - \SystemRoot\system32\DRIVERS\audstub.sys BAA58000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys BA41D000 - \SystemRoot\system32\DRIVERS\ndistapi.sys B9374000 - \SystemRoot\system32\DRIVERS\ndiswan.sys B9D38000 - \SystemRoot\system32\DRIVERS\raspppoe.sys B9D28000 - \SystemRoot\system32\DRIVERS\raspptp.sys BACB0000 - \SystemRoot\system32\DRIVERS\TDI.SYS B9363000 - \SystemRoot\system32\DRIVERS\psched.sys B9D18000 - \SystemRoot\system32\DRIVERS\msgpc.sys BAB50000 - \SystemRoot\system32\DRIVERS\ptilink.sys BAB78000 - \SystemRoot\system32\DRIVERS\raspti.sys B9333000 - \SystemRoot\system32\DRIVERS\rdpdr.sys B9D08000 - \SystemRoot\system32\DRIVERS\termdd.sys B931F000 - \SystemRoot\system32\DRIVERS\bdfndisf.sys BAE06000 - \SystemRoot\system32\DRIVERS\swenum.sys B9299000 - \SystemRoot\system32\DRIVERS\update.sys BA3E4000 - \SystemRoot\system32\DRIVERS\mssmbios.sys B9CF8000 - \SystemRoot\System32\Drivers\NDProxy.SYS B6DD1000 - \SystemRoot\system32\drivers\RtkHDAud.sys B6DAD000 - \SystemRoot\system32\drivers\portcls.sys B9CC8000 - \SystemRoot\system32\drivers\drmk.sys BA9E8000 - \SystemRoot\system32\DRIVERS\usbhub.sys BAE4C000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS BAF04000 - \SystemRoot\System32\Drivers\Null.SYS BAE4E000 - \SystemRoot\System32\Drivers\Beep.SYS B6572000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS B656A000 - \SystemRoot\System32\drivers\vga.sys BAE52000 - \SystemRoot\System32\Drivers\mnmdd.SYS BAE54000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys B6562000 - \SystemRoot\System32\Drivers\Msfs.SYS B655A000 - \SystemRoot\System32\Drivers\Npfs.SYS B9271000 - \SystemRoot\system32\DRIVERS\rasacd.sys B2E14000 - \SystemRoot\system32\DRIVERS\ipsec.sys B2DBB000 - \SystemRoot\system32\DRIVERS\tcpip.sys B2D96000 - \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys B2D70000 - \SystemRoot\system32\DRIVERS\ipnat.sys B2D48000 - \SystemRoot\system32\DRIVERS\netbt.sys B6C9C000 - \SystemRoot\system32\DRIVERS\wanarp.sys B2BC6000 - \SystemRoot\System32\drivers\afd.sys B6C8C000 - \SystemRoot\system32\DRIVERS\netbios.sys B2B9B000 - \SystemRoot\system32\DRIVERS\rdbss.sys B6C7C000 - \SystemRoot\system32\DRIVERS\arp1394.sys B6C6C000 - \SystemRoot\System32\drivers\prodrv06.sys B6C5C000 - \??\C:\WINDOWS\system32\drivers\oreans32.sys B2B2B000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys B6C4C000 - \SystemRoot\System32\Drivers\Fips.SYS BAE6C000 - \SystemRoot\system32\DRIVERS\cdrport.sys B657A000 - \SystemRoot\System32\Drivers\BTHUSB.sys B2202000 - \SystemRoot\System32\Drivers\bthport.sys B2E82000 - \SystemRoot\system32\DRIVERS\hidusb.sys B2AE3000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS B210C000 - \SystemRoot\system32\DRIVERS\PA707UCM.SYS B2311000 - \SystemRoot\system32\DRIVERS\STREAM.SYS B2B27000 - \SystemRoot\system32\DRIVERS\mouhid.sys BAB18000 - \SystemRoot\system32\DRIVERS\rfcomm.sys BAB88000 - \SystemRoot\system32\DRIVERS\BthEnum.sys B2007000 - \SystemRoot\system32\DRIVERS\bthpan.sys BA948000 - \SystemRoot\system32\DRIVERS\bthmodem.sys AE4D1000 - \SystemRoot\System32\Drivers\Cdfs.SYS AB015000 - \SystemRoot\System32\Drivers\dump_diskdump.sys AA0D6000 - \SystemRoot\System32\Drivers\dump_viamraid.sys BF800000 - \SystemRoot\System32\win32k.sys AAFFD000 - \SystemRoot\System32\drivers\Dxapi.sys B40B5000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys AA0F2000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\nv4_disp.dll B9291000 - \SystemRoot\system32\DRIVERS\ndisuio.sys A1548000 - \SystemRoot\system32\drivers\wdmaud.sys B6CBC000 - \SystemRoot\system32\drivers\sysaudio.sys A12EB000 - \SystemRoot\system32\DRIVERS\mrxdav.sys A1320000 - \SystemRoot\System32\Drivers\Aspi32.SYS A112B000 - \??\C:\WINDOWS\system32\drivers\hardlock.sys A1107000 - \SystemRoot\System32\Drivers\Fastfat.SYS A0F56000 - \SystemRoot\System32\Drivers\HTTP.sys A0E64000 - \SystemRoot\system32\DRIVERS\srv.sys BADE0000 - \SystemRoot\System32\Drivers\MASPINT.SYS A100F000 - \SystemRoot\system32\DRIVERS\secdrv.sys A0ADC000 - \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys A072A000 - \SystemRoot\system32\drivers\bdfsfltr.sys 9C262000 - \SystemRoot\system32\drivers\kmixer.sys AB029000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 151 Liste des programmes installes a-squared Free 2.1 ACDSee 10 Photo Manager ActivIcons version 3.37 Ad-Aware Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) Adobe Flash Player ActiveX Adobe Flash Player Plugin Adobe Photoshop 7.0.1 Adobe Reader 8.1.2 - Français Adobe Reader 8.1.2 Security Update 1 (KB403742) Alien Skin Exposure 2 Apple Software Update Archiveur WinRAR Assistant de connexion Windows Live AutoUpdate AviSynth 2.5 Azureus BitDefender Internet Security 2008 Calcul de prêt - Version 1.01 du jeudi 1er décembre 2005 Cammaestro 1.0HU build 11 Cammaestro 1.0HU build 11 CleanUp! Colin McRae Rally 2005 Correctif n° 2 pour Windows XP Édition Media Center 2005 Correctif pour Lecteur Windows Media 11 (KB939683) Correctif pour Windows Internet Explorer 7 (KB947864) Correctif pour Windows XP (KB952287) DivX Codec DivX Converter DivX Player DivX Web Player EPSON Logiciel imprimante Extracteur d'Icônes High Definition Audio - KB888111 HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) InterVideo DeviceService J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 Java 6 Update 2 Java 6 Update 3 Java 6 Update 5 Java SE Runtime Environment 6 Update 1 Lecteur Windows Media 11 LightScribe 1.4.124.1 MCE Software Encoder 1.0 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft ActiveSync 4.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft XML Parser MicroStaff WINASPI Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB938464) Mise à jour de sécurité pour Windows XP (KB941569) Mise à jour de sécurité pour Windows XP (KB946648) Mise à jour de sécurité pour Windows XP (KB950760) Mise à jour de sécurité pour Windows XP (KB950762) Mise à jour de sécurité pour Windows XP (KB950974) Mise à jour de sécurité pour Windows XP (KB951066) Mise à jour de sécurité pour Windows XP (KB951376-v2) Mise à jour de sécurité pour Windows XP (KB951376) Mise à jour de sécurité pour Windows XP (KB951698) Mise à jour de sécurité pour Windows XP (KB951748) Mise à jour de sécurité pour Windows XP (KB952954) Mise à jour de sécurité pour Windows XP (KB953839) Mise à jour pour Lecteur Windows Media 10 (KB913800) Mise à jour pour Lecteur Windows Media 10 (KB926251) Mise à jour pour Windows XP (KB951072-v2) Mise à jour pour Windows XP (KB951978) Mozilla Firefox (3.0.1) MSN MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 Parser and SDK Navilog1 3.6.5 Nero 6 Ultra Edition Nero Mega Plugin Pack NVIDIA Drivers Nvu 1.0 OpenAL Pack Crystal Clear 1.0 PanaVue ImageAssembler 3.4.0 PTLens QuickTime RamBoost XP 4.0.6 RealPlayer Realtek High Definition Audio Driver Reverso Pro 5 EFFE Russian Girls 3D Safari SAGEM F@st 800-840 SmartSound Quicktracks Plugin SmartSound Quicktracks Plugin Sony DVD Architect 3.0c Sony Image Data Suite Sony Picture Utility Spybot - Search & Destroy Star Downloader Free Stellarium 0.9.1 Synaptics Pointing Device Driver TCPMP Téléchargement PHOTOWAYS 3.0.7 Ulead VideoStudio 11 VideoLAN VLC media player 0.8.6f VideoStudio WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Live installer Windows Live Messenger Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Media Player Firefox Plugin Windows XP Media Center Edition 2005 KB925766 Windows XP Service Pack 3 XviD MPEG4 Video Codec (remove only) Le volume dans le lecteur C s'appelle Majestic Le numéro de série du volume est B4A1-4136 Répertoire de C:\Program Files 10/09/2008 15:49 <REP> . 10/09/2008 15:49 <REP> .. 16/01/2007 17:35 <REP> ACD Systems 10/09/2008 11:42 <REP> ActivIcons 10/09/2008 15:32 <REP> Adobe 15/02/2007 14:02 <REP> Ahead 10/09/2008 15:49 <REP> Alien Skin 01/09/2008 15:46 <REP> Apple Software Update 04/09/2008 20:29 <REP> a-squared Free 17/01/2007 13:04 <REP> AviSynth 2.5 10/07/2008 17:43 <REP> Azureus 02/07/2008 19:15 <REP> BitDefender 16/06/2008 20:40 <REP> Calcul de prêt 27/07/2008 15:20 <REP> Cammaestro 1.0HU build 11 16/01/2007 12:37 <REP> CleanUp! 31/01/2007 09:47 <REP> CyberLink 10/09/2008 09:32 <REP> DivX 17/06/2008 13:22 <REP> ePaperPress 10/09/2008 09:21 <REP> EPSON 10/09/2008 10:18 <REP> ExtracteurIcones 06/09/2008 00:55 <REP> Fichiers communs 12/07/2008 09:59 <REP> Google 16/01/2007 13:07 461 INSTALL.LOG 10/09/2008 09:57 <REP> Internet Explorer 09/03/2008 12:04 <REP> Java 06/09/2008 00:56 <REP> Lavasoft 10/09/2008 09:57 <REP> Messenger 29/05/2007 08:34 <REP> Micro Application 02/02/2008 12:46 <REP> Microsoft ActiveSync 07/12/2006 17:33 <REP> microsoft frontpage 27/02/2007 20:31 <REP> Microsoft Office 09/12/2007 12:21 <REP> Microsoft SQL Server Compact Edition 07/12/2006 18:32 <REP> Microsoft Visual Studio 27/02/2007 20:31 <REP> Microsoft Works 16/01/2007 17:12 <REP> Microsoft.NET 10/09/2008 12:18 <REP> Movie Maker 12/09/2008 12:47 <REP> Mozilla Firefox 16/01/2007 14:22 <REP> MSN 07/12/2006 17:29 <REP> MSN Gaming Zone 16/01/2007 13:13 <REP> MSXML 4.0 10/09/2008 16:10 <REP> Navilog1 31/07/2008 18:42 <REP> NetMeeting 07/02/2007 23:30 <REP> Nvu 07/04/2007 12:43 <REP> OpenAL 10/09/2008 12:18 <REP> Outlook Express 07/03/2007 11:27 <REP> PanaVue 28/08/2007 16:32 <REP> PIXELA 06/02/2007 16:18 <REP> PROMT5 12/07/2008 09:29 <REP> QuickMediaConverter 20/08/2008 09:58 <REP> QuickTime 24/01/2007 23:18 <REP> Raccourcis de programmes 12/09/2008 11:07 <REP> RamBoost XP 22/01/2007 19:18 <REP> Real 01/09/2008 15:42 <REP> Safari 10/05/2007 19:32 <REP> SlySoft 16/01/2007 17:59 <REP> SmartSound Software 16/01/2007 12:32 <REP> Softwin 12/04/2008 19:34 <REP> Sony 06/09/2008 01:00 <REP> Spybot - Search & Destroy 05/09/2008 16:48 <REP> Star Downloader 20/02/2008 22:31 <REP> Stellarium 07/12/2006 18:27 <REP> Synaptics 27/04/2007 18:04 <REP> Téléchargement PHOTOWAYS 04/09/2008 12:04 <REP> THAT ROAD SEEK 17/02/2007 15:57 <REP> Total Video Converter 24/06/2008 13:17 <REP> Ubi Soft 24/06/2008 13:25 <REP> ubi.com 05/04/2008 19:55 <REP> Ulead Systems 05/05/2008 19:53 <REP> VideoLAN 06/10/2007 09:53 <REP> Wanadoo 09/12/2007 12:22 <REP> Windows Live 16/01/2007 17:58 <REP> Windows Media Components 13/06/2007 11:53 <REP> Windows Media Connect 2 10/09/2008 09:57 <REP> Windows Media Player 10/09/2008 09:57 <REP> Windows NT 07/12/2006 17:30 <REP> Windows Plus 10/09/2008 09:57 <REP> WinRAR 07/12/2006 17:33 <REP> xerox 1 fichier(s) 461 octets 77 Rép(s) 64 914 407 424 octets libres Le volume dans le lecteur C s'appelle Majestic Le numéro de série du volume est B4A1-4136 Répertoire de C:\Program Files\fichiers communs 06/09/2008 00:55 <REP> . 06/09/2008 00:55 <REP> .. 12/05/2008 11:58 <REP> ACD Systems 10/09/2008 09:15 <REP> Adobe 04/12/2007 10:48 <REP> Adobe Systems Shared 15/02/2007 14:02 <REP> Ahead 02/07/2008 19:15 <REP> BitDefender 16/01/2007 17:14 <REP> DESIGNER 16/01/2007 17:57 <REP> InstallShield 04/12/2007 10:34 <REP> InterVideo 18/01/2007 14:34 <REP> Java 28/03/2008 14:35 <REP> LightScribe 02/02/2008 12:45 <REP> Microsoft Shared 07/12/2006 17:31 <REP> MSSoap 07/12/2006 18:27 <REP> ODBC 27/07/2008 15:20 <REP> PCCamera 30/08/2008 09:36 <REP> Real 07/12/2006 17:31 <REP> Services 16/01/2007 12:32 <REP> Softwin 07/12/2006 18:27 <REP> SpeechEngines 10/09/2008 09:57 <REP> System 05/04/2008 19:55 <REP> Ulead Systems 16/01/2007 21:22 <REP> Vbox 06/09/2008 00:55 <REP> Wise Installation Wizard 30/08/2008 09:36 <REP> xing shared 0 fichier(s) 0 octets 25 Rép(s) 64 914 407 424 octets libres Le volume dans le lecteur C s'appelle Majestic Le numéro de série du volume est B4A1-4136 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 02/02/2008 12:45 <REP> . 02/02/2008 12:45 <REP> .. 07/12/2006 18:32 <REP> 1033 02/02/2008 12:45 <REP> 1036 20/09/2005 13:33 1 293 008 MSONSEXT.DLL 22/03/2007 20:29 39 256 MSOSV.DLL 03/06/1999 13:09 122 937 MSOWS409.DLL 07/03/2001 08:00 127 033 MSOWS40c.DLL 11/07/2003 03:25 80 448 PKMWS.DLL 5 fichier(s) 1 662 682 octets 4 Rép(s) 64 914 407 424 octets libres Le volume dans le lecteur C s'appelle Majestic Le numéro de série du volume est B4A1-4136 Répertoire de C:\ 03/09/2006 23:33 2 434 406 cdex_170b2.exe 18/03/2006 14:02 147 456 DVD2MPGF.EXE 2 fichier(s) 2 581 862 octets 0 Rép(s) 64 914 407 424 octets libres c:\Documents and Settings\All Users\Application Data\Move Bore Curb Tool\fast idol.exe c:\Documents and Settings\Olivier GELIN\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe c:\Documents and Settings\Olivier GELIN\Application Data\BVRP Software\ConvertMovie\BVRPOlr.exe c:\Documents and Settings\Olivier GELIN\Application Data\InstallShield Installation Information\{68E17593-4688-4BAB-B985-CF70D67F8D29}\setup.exe c:\Documents and Settings\Olivier GELIN\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe c:\Documents and Settings\Olivier GELIN\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe c:\Documents and Settings\Olivier GELIN\Application Data\Microsoft\Installer\{C6B23EEA-E4C8-497B-BD97-2AA40C9A4D24}\_2000BA19CD59E1869798A4.exe c:\Documents and Settings\Olivier GELIN\Application Data\Microsoft\Installer\{C6B23EEA-E4C8-497B-BD97-2AA40C9A4D24}\_6FEFF9B68218417F98F549.exe c:\Documents and Settings\Olivier GELIN\Application Data\Microsoft\Installer\{C6B23EEA-E4C8-497B-BD97-2AA40C9A4D24}\_ADA43C040265DCBA80456D.exe c:\Documents and Settings\Olivier GELIN\Application Data\MSNInstaller\msnauins.exe c:\Documents and Settings\Olivier GELIN\Application Data\Real\RealPlayer\setup.exe c:\Documents and Settings\Olivier GELIN\Application Data\Real\RealPlayer\setup\setup.exe c:\Documents and Settings\Olivier GELIN\Application Data\THAT ROAD SEEK\Closenamebat.exe c:\Documents and Settings\Olivier GELIN\Application Data\THAT ROAD SEEK\curb build.exe c:\Documents and Settings\Olivier GELIN\Application Data\THAT ROAD SEEK\vlyocwvm.exe c:\Documents and Settings\Olivier GELIN\Local Settings\Application Data\Apple\Apple Software Update\SetupAdmin.exe c:\Documents and Settings\Olivier GELIN\Mes documents\fo-ase20.exe c:\Documents and Settings\Olivier GELIN\Mes documents\bricopack-crystal-clear_bricopack_crystal_clear_1.0_francais_20166\Pack Crystal Clear 1.0.exe c:\Documents and Settings\Olivier GELIN\Mes documents\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\Olivier GELIN\Mes documents\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\Olivier GELIN\Mes documents\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\Olivier GELIN\Mes documents\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Olivier GELIN\Mes documents\DiagHelp\DiagHelp\find2.exe c:\Documents and Settings\Olivier GELIN\Mes documents\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\Olivier GELIN\Mes documents\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\Olivier GELIN\Mes documents\DiagHelp\DiagHelp\gzip.exe c:\Documents and Settings\Olivier GELIN\Mes documents\DiagHelp\DiagHelp\KProcCheck.exe c:\Documents and Settings\Olivier GELIN\Mes documents\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\Olivier GELIN\Mes documents\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Olivier GELIN\Mes documents\DiagHelp\DiagHelp\md5sums.exe c:\Documents and Settings\Olivier GELIN\Mes documents\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\Olivier GELIN\Mes documents\DiagHelp\DiagHelp\sigcheck.exe c:\Documents and Settings\Olivier GELIN\Mes documents\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\Olivier GELIN\Mes documents\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\Olivier GELIN\Mes documents\DiagHelp\DiagHelp\tar.exe c:\Documents and Settings\Olivier GELIN\Mes documents\Icon\ChangeIcon.exe c:\Documents and Settings\Olivier GELIN\Mes documents\Icon\setup.exe c:\Documents and Settings\Olivier GELIN\Mes documents\Icon\ToYcon\ToYcon.exe c:\Documents and Settings\Olivier GELIN\Mes documents\Icon\ToYcon\Updater.exe c:\Documents and Settings\Olivier GELIN\Mes documents\PocketPc\PocketDivXEncoder_0.3.60.exe c:\Documents and Settings\Olivier GELIN\Mes documents\PocketPc\RIHO_POCKET.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll c:\Documents and Settings\Olivier GELIN\Application Data\BVRP Software\ConvertMovie\bvrpctln.dll c:\Documents and Settings\Olivier GELIN\Application Data\BVRP Software\ConvertMovie\OLRegist.dll c:\Documents and Settings\Olivier GELIN\Application Data\InstallShield Installation Information\{68E17593-4688-4BAB-B985-CF70D67F8D29}\_Setup.dll c:\Documents and Settings\Olivier GELIN\Application Data\InstallShield Installation Information\{68E17593-4688-4BAB-B985-CF70D67F8D29}\ISSetup.dll c:\Documents and Settings\Olivier GELIN\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\Olivier GELIN\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll c:\Documents and Settings\Olivier GELIN\Application Data\Sun\Java\Deployment\cache\6.0\41\184339a9-13b67a71-n\aereg.dll c:\Documents and Settings\Olivier GELIN\Application Data\TaoUSign\jseccapi.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_MAJESTIC13.tar.gz a l'adresse http://upload.malekal.com
  5. olgelin
    bonjour à tous ! depuis quelques temps j'ai l'ouverture de fenêtres de publicités ! bitdefender et ad aware non rien trouvé de spéciale ! pourriez regarder mon rapport hijackthis et me dire c que vous en pensez !! merci d'vance ç tous Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:00:30, on 09/09/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\YzShadow\YzShadow.exe C:\WINDOWS\Alt+Q Hotkey.exe C:\Program Files\UberIcon\UberIcon Manager.exe C:\Program Files\WinRoll\winroll.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\RamBoost XP\rambxpfr.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\a-squared free\a2service.exe C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\Olivier GELIN\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240" O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P40 "EPSON Stylus Photo R240 Series (Copie 1)" /O6 "USB001" /M "Stylus Photo R240" O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [system Files Updater] C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe /S O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [Yz Shadow] C:\Program Files\YzShadow\YzShadow.exe O4 - HKCU\..\Run: [Alt+Q Hotkey Tool] C:\WINDOWS\Alt+Q Hotkey.exe O4 - HKCU\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Traduire - C:\Program Files\PROMT5\PROMTIE4\translat.htm O8 - Extra context menu item: Traduire la page - C:\Program Files\PROMT5\PROMTIE4\page.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU) O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU) O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU) O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU) O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate- Activex Control) - http://support.fujitsu-siemens.de/DeskUpda...api/activex.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1CA9F027-A541-491A-83E0-7B958EC54A60}: NameServer = 192.168.1.1 O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 11170 bytes
  6. olgelin
    Bonjour à tous ! Je ne sais pas trop si c sujet est dans le bon forum mais j'ai un problème au démarrage de Windows . Même si Windows démarre normalement le pc a l'air de travailler longtemps et de charger énormément de chose pendant un certains temps... Pourriez vous regarder mon rapport hijackthis et me dire c que je dois certainement nettoyer... Pour info mon pc est protéger par la suite bit defender et j'effectue régulièrement un scan avec a-squared (il non rien trouvé de spéciale) Merci d'vance pour votre aide. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:22:24, on 02/08/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe c:\program files\a-squared free\a2service.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\RamBoost XP\rambxpfr.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\PAStiSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Star Downloader\stardown.exe C:\Documents and Settings\Olivier GELIN\Mes documents\temp\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEInt.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P30 "EPSON Stylus Photo R240 Series" /O6 "USB001" /M "Stylus Photo R240" O4 - HKLM\..\Run: [EPSON Stylus Photo R240 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAHE.EXE /P40 "EPSON Stylus Photo R240 Series (Copie 1)" /O6 "USB001" /M "Stylus Photo R240" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: Download with Star Downloader - C:\Program Files\Star Downloader\sdie.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Traduire - C:\Program Files\PROMT5\PROMTIE4\translat.htm O8 - Extra context menu item: Traduire la page - C:\Program Files\PROMT5\PROMTIE4\page.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU) O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PROMT5\PROMTIE4\promtie5.htm (HKCU) O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU) O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PROMT5\PROMTIE4\options.htm (HKCU) O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - http://dl.tvunetworks.com/TVUAx.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate- Activex Control) - http://support.fujitsu-siemens.de/DeskUpda...api/activex.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shock...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1CA9F027-A541-491A-83E0-7B958EC54A60}: NameServer = 192.168.1.1 O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - c:\program files\a-squared free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 10983 bytes
×
×
  • Créer...