Aller au contenu

Babar8

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    9

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Babar8

  1. Babar8
    Bonsoir Gof Il subsiste toujours des lenteurs mais je n'ai pas trop de temps en ce moment . Il est préférable que j'ouvre un nouveau sujet quand j'aurais plus de temps. Merci de ton aide je ne veux pas te déranger plus longtemps ce coup ci. Avec mes excuses et meilleures salutations Bernard
  2. Babar8
    Bonjour Gof Désolé de mon temps de réponse mais je suis débordé et n'ai pas eu bcp de temps. Pour info je n'ai pas retrouvé le log de outil logiciel malveillant (et c'est stupide mais je n'ai pas relevé le chemin du fichier détecté). MBAM ne donne rien je l'ai encore fait tourner hier et il n'a rien détecté. FireFox ça fonctionne plus ou moins bien mais ça ne plante plus comme avant. Merci de ton aide et de ta patience.
  3. Babar8
    Bonjour Gof, j'ai tourné del.bat et lancé firefox en mode safe, le problème de firefox qui reste en exécution lorsque je sortais en mode normal ne se produit pas en mode safe enfin pour l'instant. hier j'ai installé les mise à jour windows dont la mise à jour de recherche logiciel malveillant, il s'est mis en exe automatiquement et à la fin il a trouvé ça: Trojan: Win32/Alureon! Inf ça semble être un truc qui se propage par les drive comme les clés (ce qui se présumait dans ton analyse ou tu voyais des traces..). J'aimerais comprendre si tu as du temps et un peu de patience pourquoi il ne sortait pas à la détection avira ou malwarebyte et qu'il sort maintenant avec le logiciel windows depuis la suppression firefox n'est plus resté en exécution lorsque je quitte l'application. Merci et bonne journée
  4. Babar8
    Bonjour Gof, Je te soumet le nouveau rapport après l'excécution de rsit. Pour les problèmes toujours présent pour la lenteur et surtout le problème firefox qui arrive presque à chaque lancement après premier arrêt. Pour les coupures je n'en ai pas eu depuis 10 jours ??? il est vrai que jai moins 'utilisé le pc cette semaine ce qui explique ma réponse tardive.... Logfile of random's system information tool 1.06 (written by random/random) Run by Bernard at 2009-04-03 17:55:20 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 13 GB (44%) free of 30 GB Total RAM: 2048 MB (73% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:55:48, on 03.04.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\windows\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\System32\imapi.exe C:\windows\System32\snmp.exe C:\windows\Explorer.EXE C:\windows\system32\CAP4RSK.EXE C:\windows\system32\wscntfy.exe C:\windows\system32\spool\drivers\w32x86\3\CAP4SWK.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\windows\System32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe G:\Work\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Bernard.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = All User Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min /nosplash O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Voir les cookies - C:\WINDOWS\web\cookies.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://download.windowsupdate.com O15 - Trusted Zone: http://*.windowsupdate.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_02) - O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - O16 - DPF: {C1029C96-C060-44EA-9752-502B62E6C8C4} - O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) - O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe -- End of file - 5550 bytes ======Scheduled tasks folder====== C:\windows\tasks\Ad-Aware Update (Weekly).job C:\windows\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1148113873.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C56CB6B0-0D96-11D6-8C65-B2868B609932}] NTIECatcher Class - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll [2003-12-15 49152] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497] "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ATI Smart"=2 "Ati HotKey Poller"=2 "daayonbs6"=2 "C-DillaCdaC11BA"=2 "rpcapd"=3 "Pml Driver HPZ12"=3 "gusvc"=3 "a2free"=2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\windows\system32\Ati2evxx.dll [2006-05-03 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\windows\system32\WgaLogon.dll [2008-09-06 267304] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=1 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoToolbarCustomize"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application" "C:\PVSW\Bin\w3dbsmgr.exe"="C:\PVSW\Bin\w3dbsmgr.exe:*:Disabled:Database Service Manager" "C:\Program Files\Win-Test\wtDxTelnet.exe"="C:\Program Files\Win-Test\wtDxTelnet.exe:*:Enabled:WinDxtelnet" "C:\Program Files\Win-Test\wt.exe"="C:\Program Files\Win-Test\wt.exe:*:Enabled:Win-Test Application" "C:\Program Files\Alwil Software\Avast4\ashAvast.exe"="C:\Program Files\Alwil Software\Avast4\ashAvast.exe:*:Enabled:avast! Antivirus.lnk" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\PROGRA~1\VISION~1\POWERO~1\vsPower.exe"="C:\PROGRA~1\VISION~1\POWERO~1\vsPower.exe:*:Enabled:Visionsoft PowerOut Agent" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\NetAppel\NetAppel.exe"="C:\Program Files\NetAppel\NetAppel.exe:*:Enabled:NetAppel" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\PROGRA~1\VISION~1\POWERO~1\vsPower.exe"="C:\PROGRA~1\VISION~1\POWERO~1\vsPower.exe:*:Enabled:Visionsoft PowerOut Agent" ======List of files/folders created in the last 1 months====== 2009-03-28 08:45:30 ----D---- C:\rsit 2009-03-26 15:45:27 ----D---- C:\Program Files\ma-config.com 2009-03-26 15:45:27 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\ma-config.com 2009-03-26 12:08:56 ----D---- C:\Program Files\NetAppel 2009-03-25 21:22:46 ----A---- C:\Rooter.txt 2009-03-25 21:21:57 ----D---- C:\Rooter$ 2009-03-15 20:26:44 ----D---- C:\wamp 2009-03-14 17:16:05 ----A---- C:\windows\SchedLgU.Txt 2009-03-10 00:03:49 ----D---- C:\Documents and Settings\Bernard\Application Data\OpenOffice.org 2009-03-09 23:54:31 ----D---- C:\Program Files\OpenOffice.org 3 2009-03-09 15:31:37 ----D---- C:\Program Files\IrfanView 2009-03-07 08:44:18 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe 2009-03-07 08:34:32 ----D---- C:\Program Files\NOS 2009-03-07 08:34:32 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS ======List of files/folders modified in the last 1 months====== 2009-04-03 17:55:36 ----D---- C:\windows\Prefetch 2009-04-03 17:46:05 ----D---- C:\Program Files\Mozilla Firefox 2009-04-03 17:16:14 ----D---- C:\windows\system32\inetsrv 2009-04-03 17:14:19 ----D---- C:\windows\Temp 2009-04-03 17:14:12 ----D---- C:\windows\Registration 2009-04-03 05:51:02 ----D---- C:\windows\Internet Logs 2009-04-03 05:50:59 ----D---- C:\WINDOWS 2009-04-02 20:54:25 ----D---- C:\Documents and Settings\Bernard\Application Data\Skype 2009-03-31 20:17:35 ----D---- C:\windows\system32 2009-03-29 19:26:12 ----D---- C:\Documents and Settings\Bernard\Application Data\Gestion Commerciale 2009-03-29 07:41:16 ----AC---- C:\windows\system32\PerfStringBackup.INI 2009-03-29 07:40:19 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP 2009-03-29 07:39:45 ----D---- C:\Program Files\SpywareBlaster 2009-03-28 08:44:14 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2009-03-28 08:23:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-03-28 08:23:49 ----D---- C:\windows\system32\drivers 2009-03-26 16:38:29 ----RD---- C:\Program Files 2009-03-26 15:45:36 ----SHD---- C:\windows\Installer 2009-03-26 15:45:32 ----D---- C:\Program Files\HardwareDetection 2009-03-26 12:16:46 ----D---- C:\Documents and Settings\Bernard\Application Data\NetAppel 2009-03-24 14:30:50 ----D---- C:\windows\system32\CatRoot2 2009-03-23 22:57:00 ----AC---- C:\windows\win.ini 2009-03-23 22:31:03 ----D---- C:\Program Files\FoxMail 2009-03-22 08:13:19 ----D---- C:\Program Files\a-squared Free 2009-03-16 09:23:50 ----D---- C:\Program Files\7-Zip 2009-03-15 10:37:48 ----D---- C:\Program Files\Fichiers communs\Adobe 2009-03-15 10:37:30 ----D---- C:\Program Files\Adobe 2009-03-14 00:18:49 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-03-13 22:55:19 ----D---- C:\windows\inf 2009-03-12 23:20:39 ----AC---- C:\windows\wt.INI 2009-03-12 23:03:04 ----D---- C:\Program Files\Win-Test 2009-03-09 23:57:18 ----RSD---- C:\windows\assembly 2009-03-09 23:55:02 ----RSD---- C:\windows\Fonts 2009-03-09 23:53:54 ----D---- C:\Program Files\OpenOffice.org 2.0 2009-03-09 22:44:11 ----D---- C:\Documents and Settings\Bernard\Application Data\OpenOffice.org2 2009-03-05 09:28:12 ----D---- C:\Program Files\Lavasoft 2009-03-05 09:27:58 ----DC---- C:\windows\system32\DRVSTORE ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\windows\system32\drivers\AFS2K.sys [2006-05-20 82380] R1 AmdK7;Pilote de processeur AMD K7; C:\windows\System32\DRIVERS\amdk7.sys [2008-04-14 41856] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\windows\system32\DRIVERS\avipbb.sys [2008-11-25 75072] R1 hwinterface;hwinterface; C:\windows\System32\Drivers\hwinterface.sys [2006-07-29 3026] R1 KLIF;KLIF; C:\windows\system32\DRIVERS\klif.sys [2007-07-19 127768] R1 ssmdrv;ssmdrv; C:\windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R1 VIAPFD;VIAPFD; C:\windows\System32\Drivers\VIAPFD.SYS [2001-12-18 3279] R1 vsdatant;vsdatant; C:\windows\System32\vsdatant.sys [2008-07-09 394952] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\windows\System32\drivers\ws2ifsl.sys [2001-08-28 12032] R2 Aspi32;Aspi32; C:\windows\system32\drivers\Aspi32.sys [2003-12-17 17005] R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS [] R2 DLPortIO;DriverLINX Port I/O Driver; C:\windows\system32\drivers\DLPortIO.sys [1996-09-27 3584] R3 Arp1394;Protocole client ARP 1394; C:\windows\System32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\windows\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608] R3 atinrvxx;ATI WDM Rage Theater Video; C:\windows\System32\DRIVERS\atinrvxx.sys [2004-08-04 105984] R3 ATITUNEP;ATI WDM TV Tuner; C:\windows\System32\DRIVERS\atintuxx.sys [2004-08-04 78336] R3 ativraxx;ATI WDM Rage Theater Audio; C:\windows\System32\DRIVERS\atinraxx.sys [2004-08-04 53760] R3 ATIXSAudio;ATI WDM TV Audio Crossbar; C:\windows\System32\DRIVERS\atinxsxx.sys [2004-08-04 64512] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 cmpci;C-Media PCI Audio Driver (WDM); C:\windows\system32\drivers\cmaudio.sys [2002-11-18 377358] R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter; C:\windows\system32\DRIVERS\LNE100V5.sys [2001-10-25 36224] R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\System32\drivers\mqac.sys [] R3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\windows\System32\DRIVERS\atinmdxx.sys [2004-08-04 13824] R3 NIC1394;Pilote réseau 1394; C:\windows\System32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 P1050VID;Creative WebCam Pro eX (Video); C:\windows\system32\DRIVERS\P1050Wnt.sys [2003-01-02 179853] R3 pfc;Padus ASPI Shell; C:\windows\system32\drivers\pfc.sys [2007-12-06 9856] R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\System32\drivers\RMCast.sys [] R3 TTDec;ATI WDM Teletext Decoder; C:\windows\System32\DRIVERS\ATINTTXX.sys [2004-08-04 13824] R3 usbccgp;Pilote parent générique USB Microsoft; C:\windows\System32\DRIVERS\usbccgp.sys [2004-08-04 31616] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\windows\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\windows\System32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\windows\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 vulfnths;VIA USB Host Controller Lower Filter; C:\windows\System32\Drivers\vulfnth.sys [2005-01-05 6912] R3 vulfntrs;VIA USB Roothub Lower Filter; C:\windows\System32\Drivers\vulfntr.sys [2005-06-06 11264] S3 AN983;Carte Fast Ethernet 10/100 Mbps ADMtek AN983/AN985/ADM951X; C:\windows\system32\DRIVERS\AN983.sys [2002-08-29 36224] S3 CCDECODE;Décodeur sous-titre fermé; C:\windows\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys [] S3 FTDIBUS;USB Serial Converter Driver; C:\windows\system32\drivers\ftdibus.sys [2008-03-13 57536] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\windows\system32\DRIVERS\HPZid412.sys [2002-02-15 50960] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\windows\system32\DRIVERS\HPZipr12.sys [2002-03-21 16112] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\windows\system32\DRIVERS\HPZius12.sys [2002-03-08 22512] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\windows\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\windows\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\windows\System32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nm;Pilote du Moniteur réseau; C:\windows\System32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 SLIP;Détrameur décalage BDA; C:\windows\System32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\windows\System32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\windows\System32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\windows\System32\DRIVERS\usbscan.sys [2004-08-04 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\windows\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\windows\system32\DRIVERS\wceusbsh.sys [2005-09-01 37768] S3 WSTCODEC;Codec Teletext standard; C:\windows\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys [] S4 sr;Pilote de filtre de restauration système; C:\windows\System32\DRIVERS\sr.sys [2008-04-14 73600] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865] R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297] R2 IISADMIN;Administration IIS; C:\WINDOWS\System32\inetsrv\inetinfo.exe [2008-04-14 15872] R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\System32\inetsrv\inetinfo.exe [2008-04-14 15872] R2 SNMP;Service SNMP; C:\windows\System32\snmp.exe [2008-04-14 33280] R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304] S2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\System32\mqtgsvc.exe [2008-04-14 117248] S3 aspnet_state;Service d'état ASP.NET; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 Fax;Fax; C:\windows\system32\fxssvc.exe [2008-04-14 268800] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 LPDSVC;Serveur d'impression TCP/IP; C:\windows\System32\tcpsvcs.exe [2001-08-28 19456] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-03-15 216232] S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-03-15 81920] S3 SNMPTRAP;Service d'interruption SNMP; C:\windows\System32\snmptrap.exe [2008-04-14 8704] S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636] S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe [2009-02-15 6558336] S3 WMConnectCDS;Service Windows Media Connect; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 856064] S4 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-02-28 425080] S4 Ati HotKey Poller;Ati HotKey Poller; C:\windows\system32\Ati2evxx.exe [2006-05-03 413696] S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192] S4 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [] S4 daayonbs6;gjmdjsarqhme; C:\WINDOWS\system32\qckkjkpz6.exe [] S4 MSMQ;Message Queuing; C:\WINDOWS\System32\mqsvc.exe [2008-04-14 4608] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] S4 vsPower;vsPower; C:\PROGRA~1\VISION~1\POWERO~1\vsPower.exe [2007-09-18 1206272] S4 W3SVC;Publication World Wide Web; C:\windows\System32\inetsrv\inetinfo.exe [2008-04-14 15872] -----------------EOF----------------- merci à +
  5. Babar8
    re bonjour Gof, voici la suite : SystemLook v1.0 by jpshortstuff (02.03.09) Log created at 14:22 on 28/03/2009 by Bernard (Administrator - Elevation successful) ========== filefind ========== Searching for "*7302.com" No files found. Searching for "*AdobeR*" C:\Documents and Settings\All Users.WINDOWS\Bureau\Adobe Reader 9.lnk --a--- 1741 bytes [08:38 15/03/2009] [08:38 15/03/2009] 187B0E01A2A4F7F9CD7E5F3599C121C2 C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Adobe Reader 9.lnk --a--- 1804 bytes [08:38 15/03/2009] [08:38 15/03/2009] 7886D12B5DF1A252A16FAEAF0549938A C:\Program Files\Adobe\Acrobat 7.0\Setup Files\RdrBig\FRA_\Adobe Reader 7.0 - Français.msi --a--c 2757632 bytes [09:34 23/04/2005] [13:24 14/12/2004] FA2028A438131F3CCEF83CE246098FB2 C:\WINDOWS\Cache\Adobe Reader 6.0.1\FRABIG\Adobe Reader 6.0.1 - Français.msi --a--c 2274816 bytes [06:53 23/02/2005] [23:31 03/11/2003] D1A08CAC8A933B9F8568A6FBB91C889E Searching for "*qckkjkpz6*" No files found. Searching for "*gjmdjsarqhme*" No files found. Searching for "*daayonbs6*" No files found. ========== contents ========== C:\windows\wt.INI - Opened succesfully. [settings] X=304 Y=303 -=End Of File=- merci à + Cdlt
  6. Babar8
    Bonjour Gof, je te soumet les logs demandés Log.txt: Logfile of random's system information tool 1.06 (written by random/random) Run by Bernard at 2009-03-28 07:45:30 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 13 GB (44%) free of 30 GB Total RAM: 2048 MB (76% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:45:53, on 28.03.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\windows\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\System32\imapi.exe C:\windows\System32\snmp.exe C:\windows\system32\CAP4RSK.EXE C:\windows\system32\spool\drivers\w32x86\3\CAP4SWK.EXE C:\windows\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\windows\System32\svchost.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe G:\Work\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Bernard.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = All User Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min /nosplash O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Voir les cookies - C:\WINDOWS\web\cookies.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://download.windowsupdate.com O15 - Trusted Zone: http://*.windowsupdate.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_02) - O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - O16 - DPF: {C1029C96-C060-44EA-9752-502B62E6C8C4} - O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) - O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe -- End of file - 5659 bytes ======Scheduled tasks folder====== C:\windows\tasks\Ad-Aware Update (Weekly).job C:\windows\tasks\FRU Task #Hewlett-Packard#hp psc 2200 series#1148113873.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C56CB6B0-0D96-11D6-8C65-B2868B609932}] NTIECatcher Class - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll [2003-12-15 49152] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497] "ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-03-26 401040] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ATI Smart"=2 "Ati HotKey Poller"=2 "daayonbs6"=2 "C-DillaCdaC11BA"=2 "rpcapd"=3 "Pml Driver HPZ12"=3 "gusvc"=3 "a2free"=2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\windows\system32\Ati2evxx.dll [2006-05-03 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\windows\system32\WgaLogon.dll [2008-09-05 267304] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=1 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoToolbarCustomize"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger" "C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application" "C:\PVSW\Bin\w3dbsmgr.exe"="C:\PVSW\Bin\w3dbsmgr.exe:*:Disabled:Database Service Manager" "C:\Program Files\Win-Test\wtDxTelnet.exe"="C:\Program Files\Win-Test\wtDxTelnet.exe:*:Enabled:WinDxtelnet" "C:\Program Files\Win-Test\wt.exe"="C:\Program Files\Win-Test\wt.exe:*:Enabled:Win-Test Application" "C:\Program Files\Alwil Software\Avast4\ashAvast.exe"="C:\Program Files\Alwil Software\Avast4\ashAvast.exe:*:Enabled:avast! Antivirus.lnk" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\PROGRA~1\VISION~1\POWERO~1\vsPower.exe"="C:\PROGRA~1\VISION~1\POWERO~1\vsPower.exe:*:Enabled:Visionsoft PowerOut Agent" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\NetAppel\NetAppel.exe"="C:\Program Files\NetAppel\NetAppel.exe:*:Enabled:NetAppel" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\PROGRA~1\VISION~1\POWERO~1\vsPower.exe"="C:\PROGRA~1\VISION~1\POWERO~1\vsPower.exe:*:Enabled:Visionsoft PowerOut Agent" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-9-7-72-100019499-100004132-100027866-7302.com g:\ shell\Open\command - RECYCLER\S-9-7-72-100019499-100004132-100027866-7302.com g:\ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46bc2594-b602-11dd-a570-0012175c7385}] shell\Auto\command - AdobeR.exe e shell\AutoRun\command - C:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e ======List of files/folders created in the last 1 months====== 2009-03-28 07:45:30 ----D---- C:\rsit 2009-03-26 14:45:27 ----D---- C:\Program Files\ma-config.com 2009-03-26 14:45:27 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\ma-config.com 2009-03-26 11:08:56 ----D---- C:\Program Files\NetAppel 2009-03-25 20:22:46 ----A---- C:\Rooter.txt 2009-03-25 20:21:57 ----D---- C:\Rooter$ 2009-03-15 19:26:44 ----D---- C:\wamp 2009-03-14 16:16:05 ----N---- C:\windows\SchedLgU.Txt 2009-03-09 23:03:49 ----D---- C:\Documents and Settings\Bernard\Application Data\OpenOffice.org 2009-03-09 22:54:31 ----D---- C:\Program Files\OpenOffice.org 3 2009-03-09 14:31:37 ----D---- C:\Program Files\IrfanView 2009-03-07 07:44:18 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe 2009-03-07 07:34:32 ----D---- C:\Program Files\NOS 2009-03-07 07:34:32 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\NOS 2009-03-03 08:50:36 ----D---- C:\Documents and Settings\Bernard\Application Data\Malwarebytes 2009-03-03 08:50:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-03-03 08:50:29 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2009-03-01 14:56:57 ----D---- C:\Program Files\RipIt4Me ======List of files/folders modified in the last 1 months====== 2009-03-28 07:45:45 ----D---- C:\windows\Prefetch 2009-03-28 07:44:14 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy 2009-03-28 07:44:13 ----D---- C:\windows\Internet Logs 2009-03-28 07:32:56 ----D---- C:\Program Files\Mozilla Firefox 2009-03-28 07:23:49 ----D---- C:\windows\system32\drivers 2009-03-28 07:04:13 ----D---- C:\windows\Temp 2009-03-28 06:58:05 ----D---- C:\WINDOWS 2009-03-28 06:20:02 ----D---- C:\windows\system32\inetsrv 2009-03-28 06:18:00 ----D---- C:\windows\Registration 2009-03-26 15:38:29 ----RD---- C:\Program Files 2009-03-26 14:45:36 ----SHD---- C:\windows\Installer 2009-03-26 14:45:32 ----D---- C:\Program Files\HardwareDetection 2009-03-26 11:16:46 ----D---- C:\Documents and Settings\Bernard\Application Data\NetAppel 2009-03-26 06:04:51 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP 2009-03-26 06:04:37 ----D---- C:\Program Files\SpywareBlaster 2009-03-24 13:30:50 ----D---- C:\windows\system32\CatRoot2 2009-03-23 21:57:00 ----AC---- C:\windows\win.ini 2009-03-23 21:35:17 ----D---- C:\windows\system32 2009-03-23 21:31:03 ----D---- C:\Program Files\FoxMail 2009-03-22 07:13:19 ----D---- C:\Program Files\a-squared Free 2009-03-17 22:00:01 ----D---- C:\Documents and Settings\Bernard\Application Data\Skype 2009-03-16 08:23:50 ----D---- C:\Program Files\7-Zip 2009-03-15 09:37:48 ----D---- C:\Program Files\Fichiers communs\Adobe 2009-03-15 09:37:30 ----D---- C:\Program Files\Adobe 2009-03-13 23:18:49 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-03-13 21:55:19 ----D---- C:\windows\inf 2009-03-12 22:20:39 ----AC---- C:\windows\wt.INI 2009-03-12 22:03:04 ----D---- C:\Program Files\Win-Test 2009-03-09 22:57:18 ----RSD---- C:\windows\assembly 2009-03-09 22:55:02 ----RSD---- C:\windows\Fonts 2009-03-09 22:53:54 ----D---- C:\Program Files\OpenOffice.org 2.0 2009-03-09 21:44:11 ----D---- C:\Documents and Settings\Bernard\Application Data\OpenOffice.org2 2009-03-05 08:28:12 ----D---- C:\Program Files\Lavasoft 2009-03-05 08:27:58 ----DC---- C:\windows\system32\DRVSTORE 2009-03-02 20:02:51 ----D---- C:\Documents and Settings\Bernard\Application Data\Gestion Commerciale 2009-03-01 15:06:58 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink 2009-03-01 14:55:34 ----D---- C:\Program Files\DVD Shrink ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AFS2K;AFS2k; C:\windows\system32\drivers\AFS2K.sys [2006-05-20 82380] R1 AmdK7;Pilote de processeur AMD K7; C:\windows\System32\DRIVERS\amdk7.sys [2008-04-14 41856] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\windows\system32\DRIVERS\avipbb.sys [2008-11-25 75072] R1 hwinterface;hwinterface; C:\windows\System32\Drivers\hwinterface.sys [2006-07-29 3026] R1 KLIF;KLIF; C:\windows\system32\DRIVERS\klif.sys [2007-07-19 127768] R1 ssmdrv;ssmdrv; C:\windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R1 VIAPFD;VIAPFD; C:\windows\System32\Drivers\VIAPFD.SYS [2001-12-18 3279] R1 vsdatant;vsdatant; C:\windows\System32\vsdatant.sys [2008-07-09 394952] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\windows\System32\drivers\ws2ifsl.sys [2001-08-28 12032] R2 Aspi32;Aspi32; C:\windows\system32\drivers\Aspi32.sys [2003-12-17 17005] R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS [] R2 DLPortIO;DriverLINX Port I/O Driver; C:\windows\system32\drivers\DLPortIO.sys [1996-09-27 3584] R3 Arp1394;Protocole client ARP 1394; C:\windows\System32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 ati2mtag;ati2mtag; C:\windows\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608] R3 atinrvxx;ATI WDM Rage Theater Video; C:\windows\System32\DRIVERS\atinrvxx.sys [2004-08-04 105984] R3 ATITUNEP;ATI WDM TV Tuner; C:\windows\System32\DRIVERS\atintuxx.sys [2004-08-04 78336] R3 ativraxx;ATI WDM Rage Theater Audio; C:\windows\System32\DRIVERS\atinraxx.sys [2004-08-04 53760] R3 ATIXSAudio;ATI WDM TV Audio Crossbar; C:\windows\System32\DRIVERS\atinxsxx.sys [2004-08-04 64512] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 cmpci;C-Media PCI Audio Driver (WDM); C:\windows\system32\drivers\cmaudio.sys [2002-11-18 377358] R3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter; C:\windows\system32\DRIVERS\LNE100V5.sys [2001-10-25 36224] R3 MQAC;Message Queuing access control; \??\C:\WINDOWS\System32\drivers\mqac.sys [] R3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\windows\System32\DRIVERS\atinmdxx.sys [2004-08-04 13824] R3 NIC1394;Pilote réseau 1394; C:\windows\System32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 P1050VID;Creative WebCam Pro eX (Video); C:\windows\system32\DRIVERS\P1050Wnt.sys [2003-01-02 179853] R3 pfc;Padus ASPI Shell; C:\windows\system32\drivers\pfc.sys [2007-12-06 9856] R3 RMCAST;Reliable Multicast Protocol driver; \??\C:\WINDOWS\System32\drivers\RMCast.sys [] R3 TTDec;ATI WDM Teletext Decoder; C:\windows\System32\DRIVERS\ATINTTXX.sys [2004-08-04 13824] R3 usbccgp;Pilote parent générique USB Microsoft; C:\windows\System32\DRIVERS\usbccgp.sys [2004-08-04 31616] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\windows\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\windows\System32\DRIVERS\usbhub.sys [2004-08-04 57600] R3 USBSTOR;Pilote de stockage de masse USB; C:\windows\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\windows\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 vulfnths;VIA USB Host Controller Lower Filter; C:\windows\System32\Drivers\vulfnth.sys [2005-01-05 6912] R3 vulfntrs;VIA USB Roothub Lower Filter; C:\windows\System32\Drivers\vulfntr.sys [2005-06-06 11264] S3 AN983;Carte Fast Ethernet 10/100 Mbps ADMtek AN983/AN985/ADM951X; C:\windows\system32\DRIVERS\AN983.sys [2002-08-29 36224] S3 CCDECODE;Décodeur sous-titre fermé; C:\windows\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys [] S3 FTDIBUS;USB Serial Converter Driver; C:\windows\system32\drivers\ftdibus.sys [2008-03-13 57536] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\windows\system32\DRIVERS\HPZid412.sys [2002-02-15 50960] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\windows\system32\DRIVERS\HPZipr12.sys [2002-03-21 16112] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\windows\system32\DRIVERS\HPZius12.sys [2002-03-08 22512] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\windows\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\windows\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\windows\System32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nm;Pilote du Moniteur réseau; C:\windows\System32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 SLIP;Détrameur décalage BDA; C:\windows\System32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\windows\System32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\windows\System32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\windows\System32\DRIVERS\usbscan.sys [2004-08-04 15104] S3 wceusbsh;Windows CE USB Serial Host Driver; C:\windows\system32\DRIVERS\wceusbsh.sys [2005-09-01 37768] S3 WSTCODEC;Codec Teletext standard; C:\windows\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S4 IntelIde;IntelIde; C:\windows\system32\drivers\IntelIde.sys [] S4 sr;Pilote de filtre de restauration système; C:\windows\System32\DRIVERS\sr.sys [2008-04-14 73600] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865] R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297] R2 IISADMIN;Administration IIS; C:\WINDOWS\System32\inetsrv\inetinfo.exe [2008-04-14 15872] R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\System32\inetsrv\inetinfo.exe [2008-04-14 15872] R2 SNMP;Service SNMP; C:\windows\System32\snmp.exe [2008-04-14 33280] R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2008-07-09 75304] S2 MSMQTriggers;Message Queuing Triggers; C:\WINDOWS\System32\mqtgsvc.exe [2008-04-14 117248] S3 aspnet_state;Service d'état ASP.NET; C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 Fax;Fax; C:\windows\system32\fxssvc.exe [2008-04-14 268800] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 idsvc;Windows CardSpace; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 LPDSVC;Serveur d'impression TCP/IP; C:\windows\System32\tcpsvcs.exe [2001-08-28 19456] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-03-15 216232] S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-03-15 81920] S3 SNMPTRAP;Service d'interruption SNMP; C:\windows\System32\snmptrap.exe [2008-04-14 8704] S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe [2008-12-10 24636] S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe [2009-02-15 6558336] S3 WMConnectCDS;Service Windows Media Connect; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-06 856064] S4 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-02-28 425080] S4 Ati HotKey Poller;Ati HotKey Poller; C:\windows\system32\Ati2evxx.exe [2006-05-03 413696] S4 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192] S4 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [] S4 daayonbs6;gjmdjsarqhme; C:\WINDOWS\system32\qckkjkpz6.exe [] S4 MSMQ;Message Queuing; C:\WINDOWS\System32\mqsvc.exe [2008-04-14 4608] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] S4 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] S4 vsPower;vsPower; C:\PROGRA~1\VISION~1\POWERO~1\vsPower.exe [2007-09-18 1206272] S4 W3SVC;Publication World Wide Web; C:\windows\System32\inetsrv\inetinfo.exe [2008-04-14 15872] -----------------EOF----------------- Info.txt: info.txt logfile of random's system information tool 1.06 2009-03-28 07:45:56 ======Uninstall list====== -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\SETUP.EXE" -l0x40c -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe" ACDSee for PENTAX 2.0-->MsiExec.exe /I{D8320DD6-FE47-41DE-B116-4158B7AE3F37} Adobe Download Manager 2.0 (Supprimer uniquement)-->"C:\Program Files\Fichiers communs\Adobe\ESD\uninst.exe" Adobe Flash Player Plugin-->C:\windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001} a-squared Free 3.0-->"C:\Program Files\a-squared Free\unins000.exe" ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center-->MsiExec.exe /I{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B} ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Audacity 1.2.4-->"C:\Program Files\Audacity\unins000.exe" AutoStreamer-->MsiExec.exe /X{D9CDB463-BB48-4B80-B1B6-5B940A4621E0} AVIcodec (remove only)-->"C:\Program Files\AVIcodec\uninst.exe" Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE BDE 5-->"C:\Program Files\BDE\unins000.exe" BV Version 7-->"C:\Program Files\BV7\unins000.exe" Canon LBP3200-->C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAP4UNK.EXE CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE} Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\windows\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Creative WebCam Pro eX Driver (1.02.01.0102)-->C:\WINDOWS\CtDrvIns.exe -uninstall USB\VID_041E&PID_4011&MI_00 -plugin P1050Pin.dll -pluginres P1050Pin.crl CW Skimmer 1.4-->"C:\Program Files\Afreet\CwSkimmer\unins000.exe" Dev-C++ 4-->C:\WINDOWS\uninst.exe -fC:\Dev-C++\DeIsL1.isu -cC:\Dev-C++\_ISREG32.DLL DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC Drive Rescue 1.9-->"C:\Program Files\Drive Rescue\unins000.exe" DriveImage XML-->"C:\Program Files\Runtime Software\DriveImage XML\Uninstall.exe" "C:\Program Files\Runtime Software\DriveImage XML\install.log" -u DriverGuide Toolkit-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71AA4525-52F2-4841-93B6-8DF58C0CC0DA}\setup.exe" DriverLINX Port I/O Driver-->C:\WINDOWS\uninst.exe -f"C:\Program Files\DLPortIO\DeIsL1.isu" -c"C:\Program Files\DLPortIO\_ISREG32.DLL" DriverMax 3-->"C:\Program Files\Innovative Solutions\DriverMax\unins000.exe" DrvClonerXP 2.1-->"C:\Program Files\DrvClonerXP\unins000.exe" DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe" EBP Comptabilité-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5827A3F0-23B3-414F-BFD8-95F96A3D199D}\setup.exe" -l0x40c /uninst EBP Devis et Facturation 2007-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E8BD587-B1EC-4D3B-812B-3256A2165A6E}\setup.exe" -l0x40c -removeonly EBP Etats Financiers-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5EB72CB7-384C-4654-84FD-742631AC80E0}\Setup.exe" -l0x40c /uninst EBP Gestion Commerciale-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{46DA90DB-D8D5-474A-B138-D5588F8D0BEF}\setup.exe" -l0x40c /uninst EBP Paye-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{73CAA13B-7EEB-4633-B4C2-455EDDE6D264}\setup.exe" -l0x40c /uninst e-market France 2007-->MsiExec.exe /I{B5B722F1-7F83-4DB3-9BA3-897D0DF456D1} Eraser-->"C:\Program Files\Eraser\unins000.exe" Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F} Fast Log Entry-->"C:\Program Files\Fast Log Entry\unins000.exe" FastStone Capture 4.8-->C:\Program Files\FastStone Capture\uninst.exe Files-Destructor 1.0-->"C:\Program Files\Files-Destructor\unins000.exe" FinePixViewer Ver.3.2-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{24ED4D80-8294-11D5-96CD-0040266301AD} /l1036 FreeCommander 2008.06c-->"C:\Program Files\FreeCommander\unins000.exe" FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE" Gestion des 35 heures version Paye-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AC44EA2-B840-4656-ADA5-88F33F79FF98}\Setup.exe" -l0x40c anything Google Earth-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly Ham Radio Deluxe-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4DF979D5-464C-4926-AF73-54C1C219F06A}\Setup.exe" -l0x9 Remove HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" HP OfficeJet/PSC Scrubber-->C:\WINDOWS\IsUninst.exe -fC:\HPAiOScrubber\Uninst.isu hp psc 2200 series-->rundll32 hpzcon05.dll,VendorJettison hp psc 2200 series ImageMixer VCD for FinePix-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe" IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020} JkDefrag 3.26 Fr-->"C:\Program Files\JkDefrag\unins000.exe" K-Lite Mega Codec Pack 4.1.7-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" La boite a couleurs version 1.6.14-->"C:\Program Files\LaBoiteACouleurs\unins000.exe" Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall LeechFTP -->C:\WINDOWS\eraser.exe KILL "C:\Program Files\LeechFTP\uninstall.uif" LM 4.0-->"C:\Program Files\LM\unins000.exe" Logger32 Ver 3.0-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Logger32\ST6UNST.LOG" LogPrint-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\LogPrint\ST6UNST.LOG" Ma-Config.com-->MsiExec.exe /X{560BD6E0-0BA6-43AF-B423-E1DF4D2EB3C3} Macromedia Dreamweaver 2-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Macromedia\Dreamweaver 2\Uninst.isu" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Market Switzerland 2007-->MsiExec.exe /I{5E578588-9BB2-40FA-AD6B-2EB4A977F452} Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31} Microsoft .NET Framework 3.5 SP1-->C:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9} Microsoft Visual C++ 2005 Express - FRA Service Pack 1 (KB926748)-->C:\windows\system32\msiexec.exe /promptrestart /uninstall {9BB5DD65-D02F-43FC-94AF-E8932A4EFB73} /package {D9FC1645-9D32-4F08-84FA-CB9DDDF02EC8} Microsoft Visual C++ 2005 Express - FRA-->C:\Program Files\Microsoft Visual Studio 8\Microsoft Visual C++ 2005 Express Edition - FRA\setup.exe MicroStaff WINASPI-->C:\MWASPI\uninst.exe MioTransfer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77502E69-DE3F-43E7-A0C4-D37740EA886E}\Setup.exe" -l0x9 Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\windows\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\windows\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\windows\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\windows\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\windows\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe Morse Runner 1.52-->"C:\Program Files\Afreet\MorseRunner\unins000.exe" Mozilla Firefox (3.0.-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (1.5)-->C:\Program Files\Mozilla Thunderbird\uninstall\uninstall.exe /ua "1.5 (fr)" mst MD5-->MsiExec.exe /I{6FDF6EF5-935C-4179-A21A-EDD48D32AF63} Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Net Transport 1.87.258-->"C:\Program Files\Xi\NetTransport 2\unins000.exe" NetAppel-->"C:\Program Files\NetAppel\unins000.exe" nLite 1.0.1-->"C:\Program Files\nLite\unins000.exe" Notepad++-->C:\Program Files\Notepad++\uninstall.exe Nvu 1.0-->"C:\Program Files\Nvu\unins000.exe" OM Compta 3.9.6r2-->MsiExec.exe /I{A78652AA-E3AC-40CD-9EAB-9D1A80891A4C} Omni-Rig 1.9-->"C:\Program Files\Afreet\OmniRig\unins000.exe" Online Bible 8.01-->c:\progra~1\bible\OlbDel.Exe "Online Bible" "Online Bible 8.01" OpenOffice.org 3.0-->MsiExec.exe /I{1572F66F-F9AD-4D45-B0D2-0F45A0D5A0F6} Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe" PCI Audio Driver-->cmuninst.exe Pdf995-->C:\Program Files\pdf995\setup.exe uninstall PDFCreator-->C:\Program Files\PDFCreator\unins000.exe Pervasive System Analyzer-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Fichiers communs\Pervasive Software Shared\PSA\psa.isu" Pervasive.SQL V8 Workgroup (v8.6)-->MsiExec.exe /I{5FCFC78C-438A-4F4D-B266-E32B8468BAFC} Photo et imagerie HP 1.0 - HP PSC - HP OfficeJet Pilote-->MsiExec.exe /X{ED93995E-8BF2-480F-8EA4-7D29E29A7052} Photo et imagerie HP 1.0 - HP PSC - HP OfficeJet-->C:\Program Files\Hewlett-Packard\Digital Imaging\AiODriver\Drivers\Uninst\fra\hposcr01.exe -forcereboot -datfile hposcr01.dat Photo et imagerie HP 1.0 - HP PSC - HP OfficeJet-->MsiExec.exe /X{82DFB852-9594-4668-9C66-28BB6E94BCB2} PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe Proff morse 2.0.1-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Proff Morse\ST6UNST.LOG" Python 3.0-->MsiExec.exe /I{E0E56E21-55DE-4F77-A109-1BAA72348743} QuickTime for Windows (32-bit)-->C:\WINDOWS\QTW32DEL.EXE QuickTime-->MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121} Readiris 7.5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9BFFB382-0B2C-11D6-AB3E-000102B0F79A}\setup.exe" -l0x40c RXCLUS 8.3c-->"C:\Program Files\RXCLUS\uninstall.exe" SafeCast Shared Components-->C:\Program Files\Fichiers communs\Macrovision Shared\SafeCast\Install\CDAC13BA.EXE /uninstall Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Skype 2.5-->"C:\Program Files\Skype\Phone\unins000.exe" SpectraVue 2.34-->"C:\Program Files\SpectraVue\unins000.exe" Spybot - Search & Destroy 1.5.2.20-->"C:\windows\unins000.exe" Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe" SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe" Streambox Vcr Suite 2-->"C:\Program Files\StreamboxVcrSuite2\unins000.exe" Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe TimeLeft-->"C:\Program Files\TimeLeft3\unins000.exe" VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6} VIA Platform Device Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" Visual C++ CRT 8.0-->MsiExec.exe /I{B2395631-54D5-481E-B9A8-74B269546F40} WampServer 2.0-->"c:\wamp\unins000.exe" WebCam Monitor-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9EC1C6-3B51-11D6-B1A9-BCD2747AA951}\SETUP.EXE" -l0x40c /remove Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91} Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe" Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows XP Service Pack 3-->"C:\windows\$NtServicePackUninstall$\spuninst\spuninst.exe" WinHTTrack Website Copier 3.43-->"C:\Program Files\WinHTTrack\unins000.exe" WinMerge 2.10.2.0-->"C:\Program Files\WinMerge\unins000.exe" Win-Test for Windows version 3.24.0-->"C:\Program Files\Win-Test\unins000.exe" wtDxTelnet version 1.1 for Win-Test-->"C:\Program Files\Win-Test\unins001.exe" XML Paper Specification Shared Components Language Pack 1.0-->"C:\windows\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe" Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe" ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe ======Hosts File====== 127.0.0.1 www.lan.openbluelab.org 127.0.0.1 babe.the-killer.bz 127.0.0.1 babe.k-lined.com 127.0.0.1 did.i-used.cc 127.0.0.1 coolwwwsearch.com 127.0.0.1 coolwebsearch.com 127.0.0.1 hi.studioaperto.net 127.0.0.1 www.webbrowser.tv 127.0.0.1 www.wazzupnet.com 127.0.0.1 gueb.com ======Security center information====== AV: Avira AntiVir PersonalEdition FW: ZoneAlarm Firewall ======System event log====== Computer Name: BARBER-MSXIHBKD Event Code: 10005 Message: DCOM a reçu l'erreur "%1058" lors de la mise en route du service SENS avec les arguments "" pour démarrer le serveur : {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E} Record Number: 32604 Source Name: DCOM Time Written: 20090215170114.000000+060 Event Type: error User: AUTORITE NT\SYSTEM Computer Name: BARBER-MSXIHBKD Event Code: 10005 Message: DCOM a reçu l'erreur "%1058" lors de la mise en route du service SENS avec les arguments "" pour démarrer le serveur : {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E} Record Number: 32603 Source Name: DCOM Time Written: 20090215170114.000000+060 Event Type: error User: AUTORITE NT\SYSTEM Computer Name: BARBER-MSXIHBKD Event Code: 10005 Message: DCOM a reçu l'erreur "%1058" lors de la mise en route du service SENS avec les arguments "" pour démarrer le serveur : {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E} Record Number: 32602 Source Name: DCOM Time Written: 20090215170114.000000+060 Event Type: error User: AUTORITE NT\SYSTEM Computer Name: BARBER-MSXIHBKD Event Code: 10005 Message: DCOM a reçu l'erreur "%1058" lors de la mise en route du service SENS avec les arguments "" pour démarrer le serveur : {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E} Record Number: 32601 Source Name: DCOM Time Written: 20090215170114.000000+060 Event Type: error User: AUTORITE NT\SYSTEM Computer Name: BARBER-MSXIHBKD Event Code: 10005 Message: DCOM a reçu l'erreur "%1058" lors de la mise en route du service SENS avec les arguments "" pour démarrer le serveur : {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E} Record Number: 32600 Source Name: DCOM Time Written: 20090215170114.000000+060 Event Type: error User: AUTORITE NT\SYSTEM =====Application event log===== Computer Name: BARBER-MSXIHBKD Event Code: 4353 Message: Le système d'événements de COM+ a tenté de déclencher l'événement EventObjectChange::ChangedSubscription mais a reçu un code d'erreur. HRESULT : 80040201. Record Number: 3416 Source Name: EventSystem Time Written: 20090203065445.000000+060 Event Type: warning User: Computer Name: BARBER-MSXIHBKD Event Code: 4356 Message: Le système d'événements de COM+ n'a pas pu créer d'instance de l'abonné partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject a renvoyé HRESULT 80070422. Record Number: 3415 Source Name: EventSystem Time Written: 20090203065445.000000+060 Event Type: warning User: Computer Name: BARBER-MSXIHBKD Event Code: 4353 Message: Le système d'événements de COM+ a tenté de déclencher l'événement EventObjectChange::ChangedSubscription mais a reçu un code d'erreur. HRESULT : 80040201. Record Number: 3414 Source Name: EventSystem Time Written: 20090203065444.000000+060 Event Type: warning User: Computer Name: BARBER-MSXIHBKD Event Code: 4356 Message: Le système d'événements de COM+ n'a pas pu créer d'instance de l'abonné partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}. CoGetObject a renvoyé HRESULT 80070422. Record Number: 3413 Source Name: EventSystem Time Written: 20090203065444.000000+060 Event Type: warning User: Computer Name: BARBER-MSXIHBKD Event Code: 4353 Message: Le système d'événements de COM+ a tenté de déclencher l'événement EventObjectChange::ChangedSubscription mais a reçu un code d'erreur. HRESULT : 80040201. Record Number: 3412 Source Name: EventSystem Time Written: 20090203065444.000000+060 Event Type: warning User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD "PROCESSOR_REVISION"=0801 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "CLASSPATH"=.;C:\PVSW\bin\pvjdbc2x.jar;C:\PVSW\bin\pvjdbc.jar;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip "VSL"=C:\PVSW\bin "PATH"=C:\PVSW\bin;%systemroot%;%systemroot%\system32;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem\ "VS80COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 8\Common7\Tools\ "QTJAVA"=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip "tvdumpflags"=8 -----------------EOF----------------- voilà merci de tes commentaires à + Cdlt
  7. Babar8
    Merci Gof et excuse moi de la Gaffe avec eric_71 Si tu ne vois pas d'infection je vais chercher par rapport au problème récurrent avec Firefox j'ai vu un sujet similaire au mien mais sur Vista alors que je suis sur XP. Il semble que le problème de FireFox soit apparu à l'installation de Microsoft.NET Framework assistant 1.0 cette extention ne peut d'ailleurs pas se désinstaller seulement se désactiver mais sans changement je préfèrerais désintaller. Pour les coupures si tu ne penses pas que c'est infectieux je vais vérifier le hardware (disque ou alim. ou autre ) Merci de ton aide précieuse et du temps que tu as passé
  8. Babar8
    Bonjour Eric_71, merci de ta réponse. 1) les problèmes sont beaucoup de lenteur inhabituelle dans le lancement des applications, des plantées Mozilla récurrentes, des arrêts du PC aléatoires. Voici le contenu du fichier texte ouvert par rooter (je l'ai fait touné 2 x ce qui explique les 2 fichiers (_1 et _2): Microsoft Windows XP Professional (5.1.2600) Service Pack 3 A:\ [Removable] (Total:0 Mo/Free:0 Mo) C:\ [Fixed] - NTFS - (Total:29996 Mo/Free:959 Mo) D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo) E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo) F:\ [Fixed] - NTFS - (Total:39197 Mo/Free:184 Mo) G:\ [Fixed] - NTFS - (Total:48163 Mo/Free:465 Mo) 26.03.2009| 6:12 ----------------------\\ Processes.. --Locked-- [system Process] ---------- System ---------- \SystemRoot\System32\smss.exe ---------- \??\C:\windows\system32\csrss.exe ---------- \??\C:\windows\system32\winlogon.exe ---------- C:\windows\system32\services.exe ---------- C:\windows\system32\lsass.exe ---------- C:\windows\system32\svchost.exe ---------- C:\windows\system32\svchost.exe ---------- C:\windows\System32\svchost.exe ---------- C:\windows\System32\svchost.exe ---------- C:\windows\System32\svchost.exe --Locked-- vsmon.exe ---------- C:\windows\system32\spoolsv.exe ---------- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe ---------- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe ---------- C:\WINDOWS\System32\dllhost.exe ---------- C:\WINDOWS\System32\inetsrv\inetinfo.exe ---------- C:\WINDOWS\System32\imapi.exe ---------- C:\windows\System32\snmp.exe ---------- C:\windows\Explorer.EXE ---------- C:\windows\system32\CAP4RSK.EXE ---------- C:\windows\system32\spool\drivers\w32x86\3\CAP4SWK.EXE ---------- C:\windows\System32\alg.exe ---------- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe --Locked-- zlclient.exe ---------- C:\windows\System32\svchost.exe ---------- C:\windows\system32\cmd.exe ---------- C:\Program Files\Microsoft Office\Office10\WINWORD.EXE ---------- C:\Rooter$\RK.exe ----------------------\\ Search.. ----------------------\\ ROOTKIT !! 1 - "C:\Rooter$\Rooter_1.txt" - 25.03.2009|20:22 2 - "C:\Rooter$\Rooter_2.txt" - 26.03.2009| 6:12 ----------------------\\ Scan completed at 6:12 Pendant l'exécution j'ai une fenêtre d'erreur windows qui est apparu: Barre de titre fenêtre: Windows - Pas de Disque "Exception Processing Message c0000013 Parameters 75afbf7c 4 75afbf7c 75afbf7c" 3 boutons --> Annuler/Recommencer/Continuer j'ai appuyer sur continuer à+ cdlt
  9. Babar8
    Bonjour et merci de votre aide sur cette analyse hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 06:40:28, on 24.03.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\windows\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\dllhost.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\System32\imapi.exe C:\windows\System32\snmp.exe C:\windows\system32\CAP4RSK.EXE C:\windows\system32\spool\drivers\w32x86\3\CAP4SWK.EXE C:\windows\Explorer.EXE C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = All User Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min /nosplash O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Voir les cookies - C:\WINDOWS\web\cookies.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://download.windowsupdate.com O15 - Trusted Zone: http://*.windowsupdate.com O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_02) - O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - O16 - DPF: {C1029C96-C060-44EA-9752-502B62E6C8C4} - O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) - O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe -- End of file - 5310 bytes
×
×
  • Créer...