lebeep

Bonjour, Mon PC rame ! à chaque démarrage le service WNPNETK se lance et me consomme toutes les ressources du pc ! comment faire pour désactiver ce service? merci ci joint l'analyse de HJT (sans le processus mentionner ci-avant, sinon tout ce bloque) Merci par avance, Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:00:52, on 28/12/2009 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Program Files\ATKOSD2\ATKOSD2.exe G:\programmess\firefox\firefox.exe G:\programmess\office 2007\Office12\OUTLOOK.EXE G:\programmess\hjt\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\programmess\java\bin\jp2ssv.dll O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - Global Startup: Desktop Manager.lnk = C:\Program Files (x86)\Research In Motion\BlackBerry\DesktopMgr.exe O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://G:\Desktop\adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\OFFICE~1\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 4711 bytes

Salut je dois avoir quelque chose qui met le souk dans mon PC. en effet j'ai l'exe suivant : wmpnetwk qui se lance et qui mobilise toutes la ressource. voici mon rapport HJT si quelqu'un peut m'aider à nettoyer mon PC. Merci bien ! lebeep@gmail.com Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:35:55, on 23/12/2009 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\ATKOSD2\ATKOSD2.exe G:\programmess\firefox\firefox.exe G:\programmess\hjt\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - G:\programmess\java\bin\jp2ssv.dll O4 - HKLM\..\Run: [blackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "G:\programmess\java\bin\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: MaxTV.lnk = G:\programmess\max tv\maxtv.exe O4 - Global Startup: Desktop Manager.lnk = C:\Program Files (x86)\Research In Motion\BlackBerry\DesktopMgr.exe O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://G:\Desktop\adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\OFFICE~1\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 5605 bytes

Bonjour, J'ai un vieux PC DELL Inspiron qui tourne sous Windows XP. depuis un mois il rame à mort. J'ai fait un HJT et lancer mon antispyware. Mais visiblement pas de probleme de ce côté. Concernant les services de Windows je vois qu'un services se nommant SVCHOST se lance plusieurs fois et mobilise bcp mon UC. Est ce que quelqu'un peut me dire comment killer ce processus définitivement? Merci par avance

Bonjour, Voici le log de HijackThis (je ne trouve plus celui de malwarebyte) ! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:49:25, on 27/08/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O13 - Gopher Prefix: O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O20 - AppInit_DLLs: APSHook.dll O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 5592 bytes Merci encore !

Merci pour la démarche j'ai bien utilisé MALWARE et COMBOFIX voici le LOG de COMBOFIX : ComboFix 08-08-25.01 - samir 2008-08-27 8:12:20.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1201 [GMT 2:00] Endroit: C:\Users\samir\Desktop\ComboFix.exe * Création d'un nouveau point de restauration . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\Help\chscxdyv.fy C:\Windows\system32\drivers\atmapi.sys C:\Windows\System32\xwHQqBeg.ini C:\Windows\System32\xwHQqBeg.ini2 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_TDSSSERV -------\Service_sysrest.sys -------\Service_tdssserv ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-27 to 2008-08-27 )))))))))))))))))))))))))))))))))))) . 2008-08-27 08:00 . 2008-08-27 08:00 <REP> d-------- C:\Users\samir\AppData\Roaming\Malwarebytes 2008-08-27 08:00 . 2008-08-27 08:00 <REP> d-------- C:\ProgramData\Malwarebytes 2008-08-27 08:00 . 2008-08-27 08:00 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-27 08:00 . 2008-08-17 15:01 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-08-27 08:00 . 2008-08-17 15:01 17,144 --a------ C:\Windows\System32\drivers\mbam.sys 2008-08-27 07:58 . 2008-08-27 08:11 <REP> d-------- C:\327882R2FWJFW 2008-08-26 17:21 . 2008-08-26 17:21 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-08-26 17:16 . 2008-08-26 17:17 361,512,120 --a------ C:\Windows\MEMORY.DMP 2008-08-26 11:48 . 2008-08-26 11:48 <REP> d-------- C:\ProgramData\Grisoft 2008-08-25 10:49 . 2008-08-25 10:49 <REP> d-------- C:\Program Files\Avast4 2008-08-25 10:49 . 2008-07-19 16:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys 2008-08-22 14:11 . 2008-08-22 14:11 <REP> d--h----- C:\Windows\PIF 2008-08-22 09:47 . 2008-08-22 09:47 98,816 --a------ C:\Windows\System32\das.an 2008-08-22 09:47 . 2008-08-22 09:47 64,000 --a------ C:\Windows\System32\svgm.ck 2008-08-22 09:47 . 2008-08-22 09:47 21,504 --a------ C:\Windows\System32\fmdc.rl 2008-08-22 09:22 . 2008-08-22 09:22 54,156 --ah----- C:\Windows\QTFont.qfn 2008-08-22 09:22 . 2008-08-22 09:22 1,409 --a------ C:\Windows\QTFont.for 2008-08-19 15:42 . 2008-08-20 17:39 <REP> d-------- C:\Program Files\Passware 2008-08-19 10:54 . 2008-08-19 10:54 <REP> d-------- C:\Windows\Downloaded Installations 2008-08-18 13:53 . 2008-08-18 13:58 5 --a------ C:\Windows\System32\RavMonLog 2008-08-14 12:28 . 1999-01-20 05:01 210,032 --a------ C:\Windows\System32\DBCLIENT.DLL 2008-08-14 09:40 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll 2008-08-14 09:34 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb 2008-08-14 09:34 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll 2008-08-14 09:34 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL 2008-08-14 09:33 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll 2008-08-14 09:33 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll 2008-08-13 10:50 . 2008-08-13 10:50 <REP> d-------- C:\Program Files\Resco 2008-08-13 10:50 . 2008-08-13 10:50 <REP> d-------- C:\Program Files\Microsoft ActiveSync 2008-08-13 10:50 . 2004-11-22 12:48 70,656 --a------ C:\Windows\RSetupCE.exe 2008-08-12 15:55 . 2008-08-12 15:55 13,025 --a------ C:\Users\samir\AppData\Roaming\nvModes.dat 2008-08-12 09:56 . 2008-08-12 09:56 5,680 --a------ C:\Windows\System32\drivers\psntkd20.sys 2008-08-11 10:44 . 2008-08-12 09:20 <REP> d-------- C:\Users\samir\AppData\Roaming\Ulead Systems 2008-08-11 10:44 . 2008-08-11 10:44 <REP> d-------- C:\ProgramData\Ulead Systems 2008-08-11 10:28 . 1998-11-18 16:33 144,384 --a------ C:\Windows\System32\Iacenc.dll 2008-08-11 10:28 . 1997-06-13 08:56 56,832 --a------ C:\Windows\System32\Iyvu9_32.dll 2008-08-11 10:26 . 2008-08-11 10:26 <REP> d-------- C:\ProgramData\SmartSound Software Inc 2008-08-11 10:26 . 2008-08-11 10:26 <REP> d-------- C:\Program Files\SmartSound Software 2008-08-11 10:25 . 2008-08-11 10:25 <REP> d-------- C:\ProgramData\InstallShield 2008-08-11 10:25 . 2008-08-11 10:25 <REP> d-------- C:\Program Files\Windows Media Components 2008-08-11 10:25 . 2008-08-20 08:54 216 --a------ C:\Windows\Ulead32.ini 2008-08-11 10:23 . 2008-08-11 10:23 <REP> dr------- C:\Windows\System32\config\systemprofile\Searches 2008-08-11 10:23 . 2008-08-11 10:23 <REP> dr------- C:\Windows\System32\config\systemprofile\Saved Games 2008-08-11 10:23 . 2008-08-11 10:23 <REP> dr------- C:\Windows\System32\config\systemprofile\Links 2008-08-11 10:22 . 2008-08-11 10:22 <REP> d-------- C:\Program Files\Ulead Systems 2008-08-11 10:22 . 2008-08-11 10:22 <REP> d-------- C:\Program Files\Common Files\Ulead Systems 2008-08-01 10:03 . 2008-08-01 10:03 <REP> d-------- C:\Windows\System32\config\systemprofile\AppData\Roaming\TeamViewer 2008-08-01 08:39 . 2008-08-11 10:23 <REP> dr------- C:\Windows\System32\config\systemprofile\Pictures 2008-08-01 08:39 . 2008-08-11 10:23 <REP> dr------- C:\Windows\System32\config\systemprofile\Music 2008-08-01 08:39 . 2008-08-01 08:39 <REP> dr------- C:\Windows\System32\config\systemprofile\Downloads 2008-08-01 08:38 . 2008-08-01 08:39 <REP> dr------- C:\Windows\System32\config\systemprofile\Videos 2008-08-01 08:34 . 2008-08-11 10:23 <REP> dr------- C:\Windows\System32\config\systemprofile\Documents 2008-07-29 15:47 . 2008-07-29 15:47 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared 2008-07-29 15:47 . 2008-04-07 05:38 45,392 -ra------ C:\Windows\System32\AdobePDF.dll 2008-07-29 15:47 . 2008-04-07 05:38 22,872 -ra------ C:\Windows\System32\AdobePDFUI.dll 2008-07-29 11:20 . 2008-07-29 13:32 <REP> d-------- C:\Users\samir\AppData\Roaming\Download Manager 2008-07-29 09:57 . 2008-07-29 09:57 278,528 --------- C:\Windows\Setup1.exe 2008-07-29 09:57 . 2008-07-29 09:57 73,216 --a------ C:\Windows\ST6UNST.EXE 2008-07-27 12:50 . 2008-07-27 12:50 335 --a------ C:\Windows\nsreg.dat . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-26 14:42 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-08-21 07:51 --------- d-----w C:\ProgramData\Microsoft Help 2008-08-20 15:04 --------- d-----w C:\Program Files\Google 2008-08-20 13:52 --------- d-----w C:\Users\samir\AppData\Roaming\FileZilla 2008-08-20 11:46 --------- d-----w C:\Users\samir\AppData\Roaming\uTorrent 2008-08-19 08:57 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-19 08:37 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-08-14 10:31 --------- d-----w C:\Program Files\Windows Mail 2008-08-11 08:28 --------- d-----w C:\Program Files\Intel 2008-08-11 08:25 --------- d-----w C:\ProgramData\Apple Computer 2008-08-11 08:22 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-08-11 08:10 --------- d-----w C:\Program Files\Spybot 2008-08-05 12:28 --------- d-----w C:\Program Files\FileZilla FTP Client 2008-07-29 18:13 --------- d-----w C:\Program Files\activePDF 2008-07-29 13:47 --------- d-----w C:\Program Files\Common Files\Adobe 2008-07-27 10:55 --------- d-----w C:\Program Files\Xobni 2008-06-19 07:13 91,744 ----a-w C:\Windows\BPMNT.dll 2008-06-19 07:13 71,749 ----a-w C:\Windows\hcextoutput.dll 2008-06-19 07:13 333,576 ----a-w C:\Windows\TSC.exe 2008-06-19 07:13 1,213,784 ----a-w C:\Windows\vsapi32.dll 2008-06-19 07:09 69,689 ----a-w C:\Windows\UNZIP.DLL 2008-06-19 07:09 507,904 ----a-w C:\Windows\TMUPDATE.DLL 2008-06-19 07:09 286,720 ----a-w C:\Windows\PATCH.EXE 2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-03-19 09:06 174 --sha-w C:\Program Files\desktop.ini 2007-08-09 12:08 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll 2007-08-09 12:10 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "NoDispBackgroundPage"= 1 (0x1) "NoDispScrSavPage"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=APSHook.dll acaptuser32.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll "vidc.i420"= i420vfw.dll "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --a------ 2008-01-19 09:33 202240 C:\Program Files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 "UpdatesDisableNotify"="1" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{E498BA1D-7285-438F-A7C8-6C4B821451A3}"= Profile=Private|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{F8AB39F7-F8CD-47EB-BC12-E260A9787CAF}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{61A405CE-ECA3-4B04-AF18-5EC84E1A32A8}"= UDP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1 "{F0142E74-A042-4ECF-A432-B8F922304B05}"= TCP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:Sony Ericsson Media Manager 1.1 "{C5C23FEB-E08B-4729-99C6-BA21BE5DA9C1}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{2714E2CA-6291-42E9-9C59-0E403C764508}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{C52BB4DD-F10E-40EA-9CDA-11CF6CCA6D9B}"= UDP:1034:LocalSubnet:LocalSubnet|IF={8576ED6E-BAA3-432A-81CC-95DCF97480BB}:@%systemroot%\WindowsMobile\wmdc.exe,-4003 "{DB8CC247-E48E-49A3-A3BB-ADB6D1EAB500}"= UDP:5678:LocalSubnet:LocalSubnet|IF={8576ED6E-BAA3-432A-81CC-95DCF97480BB}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004 "{C4397030-18D1-4647-BC97-2C9F239160D7}"= UDP:999:LocalSubnet:LocalSubnet|IF={8576ED6E-BAA3-432A-81CC-95DCF97480BB}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005 "{D550476D-9382-44F6-9A72-4DDDBE441685}"= UDP:26675:LocalSubnet:LocalSubnet|IF={8576ED6E-BAA3-432A-81CC-95DCF97480BB}:@%systemroot%\WindowsMobile\wmdc.exe,-4006 "TCP Query User{1A5944DF-B11A-4874-9BBE-93C694573D34}C:\\program files\\ultravnc\\winvnc.exe"= UDP:C:\program files\ultravnc\winvnc.exe:Serveur VNC pour Win32 "UDP Query User{F354A96C-0ABF-4324-8F7A-094DE797D75F}C:\\program files\\ultravnc\\winvnc.exe"= TCP:C:\program files\ultravnc\winvnc.exe:Serveur VNC pour Win32 "TCP Query User{FFBC3C47-8A81-4F7A-8716-B7EF8B70275E}C:\\program files\\ultravnc\\winvnc.exe"= UDP:C:\program files\ultravnc\winvnc.exe:Serveur VNC pour Win32 "UDP Query User{970CEAC7-AE5C-48C6-98BC-155732F37ED3}C:\\program files\\ultravnc\\winvnc.exe"= TCP:C:\program files\ultravnc\winvnc.exe:Serveur VNC pour Win32 "TCP Query User{0F1BE759-F473-40A5-8796-0873A4316BEA}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{19F7A325-1546-4191-A88F-2EBD8C0D973B}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox "{0F608306-D2B2-487A-9292-353523F1F0F1}"= UDP:1034:LocalSubnet:LocalSubnet|IF={8576ED6E-BAA3-432A-81CC-95DCF97480BB}:@%systemroot%\WindowsMobile\wmdc.exe,-4003 "{00A56DA8-AB76-4D48-AC29-BADFF079FA8C}"= UDP:5678:LocalSubnet:LocalSubnet|IF={8576ED6E-BAA3-432A-81CC-95DCF97480BB}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4004 "{7F0541DD-4F05-44AE-A9CF-0394AE3BBA03}"= UDP:999:LocalSubnet:LocalSubnet|IF={8576ED6E-BAA3-432A-81CC-95DCF97480BB}|%systemroot%\WindowsMobile\wmdHost.exe:@%systemroot%\WindowsMobile\wmdc.exe,-4005 "{AFA6FB8A-00A0-4512-97CE-D2B752C3E43A}"= UDP:26675:LocalSubnet:LocalSubnet|IF={8576ED6E-BAA3-432A-81CC-95DCF97480BB}:@%systemroot%\WindowsMobile\wmdc.exe,-4006 "{18FB49F9-48E7-4137-87BB-68D96DBE988B}"= Profile=Private|C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{5DE0D85F-D385-4D9F-8095-C7BB2DE47CE0}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{9B3E3C8D-BC69-4319-8C41-963E8F09A852}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "TCP Query User{2E0866AA-D4E6-461E-B1F9-944E157069F2}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service "UDP Query User{477A4BFF-8FE5-4283-955B-1653FCD9FFB7}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service "{052B39A8-7AD3-4574-901F-AE61D42ADA2A}"= UDP:80:HTTP "{25A047ED-5BF1-4269-BE6E-3D610A8F70F8}"= TCP:137:10.0.0.0/255.0.0.0:127.0.0.0/255.0.0.0:172.16.0.0/255.240.0.0:192.168.0.0/255.255.0.0:Peer2Me - Allow Netbios IN (UDP/137) "{9B12A427-9993-465E-AEB2-CCF6F66F0B8C}"= TCP:138:10.0.0.0/255.0.0.0:127.0.0.0/255.0.0.0:172.16.0.0/255.240.0.0:192.168.0.0/255.255.0.0:Peer2Me - Allow Netbios IN (UDP/138) "{0350C2E6-6B22-4FD2-A527-AAF205FD59BF}"= UDP:139:10.0.0.0/255.0.0.0:127.0.0.0/255.0.0.0:172.16.0.0/255.240.0.0:192.168.0.0/255.255.0.0:Peer2Me - Allow Netbios IN (TCP/139) "{F195A172-57FD-4950-9357-8EC319F5F4F3}"= UDP:445:10.0.0.0/255.0.0.0:127.0.0.0/255.0.0.0:172.16.0.0/255.240.0.0:192.168.0.0/255.255.0.0:Peer2Me - Allow Netbios IN (TCP/445) "TCP Query User{C1B07E93-FBA9-4A9E-8A45-8C7275DEF9EA}C:\\users\\samir\\desktop\\dreamset213\\dreamset.exe"= UDP:C:\users\samir\desktop\dreamset213\dreamset.exe:dreamset.exe "UDP Query User{000A1D41-C122-47CF-B953-BA1919484845}C:\\users\\samir\\desktop\\dreamset213\\dreamset.exe"= TCP:C:\users\samir\desktop\dreamset213\dreamset.exe:dreamset.exe "TCP Query User{E64035DC-4AAD-4D57-924F-9053B40B4674}C:\\program files\\filezilla ftp client\\filezilla.exe"= UDP:C:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client "UDP Query User{7501CC3E-9E87-4F82-9D62-ED9931503FDF}C:\\program files\\filezilla ftp client\\filezilla.exe"= TCP:C:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client "TCP Query User{5C0B691A-29BA-47C6-B87B-AF957B8867BF}C:\\program files\\teamviewer3\\teamviewer.exe"= UDP:C:\program files\teamviewer3\teamviewer.exe:Application de pilotage à distance TeamViewer "UDP Query User{FDC708F0-4124-4F26-B0AA-8EFA3243B21D}C:\\program files\\teamviewer3\\teamviewer.exe"= TCP:C:\program files\teamviewer3\teamviewer.exe:Application de pilotage à distance TeamViewer "TCP Query User{F19C954D-1486-49D2-B358-ABCF28CF61AB}C:\\users\\samir\\appdata\\local\\temp\\ir_ext_temp_0\\autoplay\\docs\\commtest\\commtest.exe"= UDP:C:\users\samir\appdata\local\temp\ir_ext_temp_0\autoplay\docs\commtest\commtest.exe:commtest.exe "UDP Query User{8D81C2CC-4E53-41C9-8887-78D0691C6DDE}C:\\users\\samir\\appdata\\local\\temp\\ir_ext_temp_0\\autoplay\\docs\\commtest\\commtest.exe"= TCP:C:\users\samir\appdata\local\temp\ir_ext_temp_0\autoplay\docs\commtest\commtest.exe:commtest.exe "{4591AFF8-4856-40FB-BAA7-FF9434DC832D}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{92BB6809-2806-446D-8DBC-EA93EBFFFEA3}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{1C539D27-9E06-4E52-AB67-5FD4A39FAA5E}C:\\program files\\homeplayer\\homeplayer.exe"= UDP:C:\program files\homeplayer\homeplayer.exe:HomePlayer "UDP Query User{74CB0E2C-CBDE-4671-8A58-652D42405250}C:\\program files\\homeplayer\\homeplayer.exe"= TCP:C:\program files\homeplayer\homeplayer.exe:HomePlayer "TCP Query User{232FE0EA-9007-4A51-8255-1DFE1597CB49}C:\\program files\\filezilla ftp client\\filezilla.exe"= UDP:C:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client "UDP Query User{C70BD9A3-408B-4C88-AD9B-829BC0091BC7}C:\\program files\\filezilla ftp client\\filezilla.exe"= TCP:C:\program files\filezilla ftp client\filezilla.exe:FileZilla FTP Client "{878B09A3-5F32-487A-B057-30EE866C9FA0}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{85CCF88B-1E8D-471B-8927-A5EE4A6F8AA8}"= Disabled:C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{A96D395A-F551-4ED1-B7D5-9A0110EB53F3}"= UDP:C:\Windows\Temp\.tt5FB3.tmp:enable "{7D1DE353-4371-4D8C-826B-2FA39D1EE7E1}"= TCP:C:\Windows\Temp\.tt5FB3.tmp:enable [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"= C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35] R1 ItSDisk;ItSDisk;C:\Windows\system32\Drivers\ItSDisk.sys [2006-05-16 19:13] R1 PersonalSecureDrive;PersonalSecureDrive;C:\Windows\system32\drivers\psd.sys [2007-01-23 14:07] R2 ASBroker;Courtier de session de connexion;C:\Windows\System32\svchost.exe [2008-01-19 09:33] R2 ASChannel;Canal de communication local;C:\Windows\System32\svchost.exe [2008-01-19 09:33] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36] R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2007-08-03 16:09] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot\SDWinSec.exe [2008-07-30 14:45] R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;C:\Windows\System32\StkCSrv.exe [2007-04-19 00:42] R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-05-12 05:09] R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;C:\Windows\system32\Drivers\StkCMini.sys [2007-06-06 04:40] S4 TINEKGWD;TINEKGWD;C:\Users\samir\AppData\Local\Temp\TINEKGWD.exe [] S4 XobniService;XobniService;C:\Program Files\Xobni\XobniService.exe [2008-07-18 22:18] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ Cognizance REG_MULTI_SZ ASBroker ASChannel WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \shell\AutoRun\command - G:\jix9a.bat \shell\explore\Command - G:\jix9a.bat \shell\open\Command - G:\jix9a.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1dc210a-4789-11dd-bf17-001b77e74bad}] \shell\AutoRun\command - G:\DPFMate.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' 2008-08-21 C:\Windows\Tasks\Security Platform Backup Schedule.job - C:\Program Files\Infineon\Security Platform Software\SpBackupWz.exe [2007-02-22 16:25] 2008-08-26 C:\Windows\Tasks\User_Feed_Synchronization-{DC9EE66E-81B7-412E-AA64-A4E59E36C07F}.job - C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-OXNotifier - C:\Program Files\Outlook OXtender\OXNotifier.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Users\samir\AppData\Roaming\Mozilla\Firefox\Profiles\n67r9cao.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.gouzigouzi.fr/ FF -: plugin - C:\Program Files\Mozilla Firefox 3 Beta 4\plugins\npnul32.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-27 08:51:27 Windows 6.0.6001 Service Pack 1 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Program Files\ATK Hotkey\ASLDRSrv.exe C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\ATKGFNEX\GFNEXSrv.exe C:\Program Files\Avast4\ashServ.exe C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe C:\Windows\System32\IFXSPMGT.exe C:\Windows\System32\IFXTCS.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe C:\Windows\System32\IfxPsdSv.exe C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Windows\System32\WUDFHost.exe C:\Windows\System32\iashost.exe C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\asghost.exe C:\Windows\System32\conime.exe C:\Program Files\ATK Hotkey\HControl.exe C:\Program Files\ATKOSD2\ATKOSD2.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Program Files\P4G\BatteryLife.exe C:\Program Files\Avast4\ashMaiSv.exe C:\Program Files\Avast4\ashWebSv.exe C:\Windows\System32\ACEngSvr.exe C:\Program Files\ATK Hotkey\ATKOSD.exe C:\Program Files\ATK Hotkey\KBFiltr.exe C:\Windows\System32\wbem\unsecapp.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\wbem\WMIADAP.exe . ************************************************************************** . Temps d'accomplissement: 2008-08-27 8:57:28 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-27 06:57:05 Pre-Run: 31,504,351,232 octets libres Post-Run: 30,451,064,832 octets libres 289 --- E O F --- 2008-08-21 07:51:39 Merci de m'aider à voir si tout est OK !

Merci J'essaie la démarche ! Merci

Salut Mon PC est infecté. j'ai d'abord installé AVAST. avec un scan au démarrage. il m'a viré 5 ou 6 TROJAN. Malgré tout, une fois sur deux au démarrage j'ai une erreur WINDOWS qui me dit que quelque chose a été modifié et que je ne peux avoir accès. j'ai installé AVG anti spyware ; il m'a viré un adaware (ROGUE). mais l'ordi fonctionne toujours mal. il ne m'est pas possible de faire les updates des antivirus. il ne m'est possible de faire aucune mise à jour. il me bloque sur certains sites et m'envoie sur des sites de type spy... Je fais donc un Hijack en espérant que vous puissiez m'aider car je commence à désespérer. Merci ------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:59:04, on 26/08/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe C:\Windows\Explorer.EXE C:\Program Files\Avast4\ashDisp.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\mobsync.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\samir\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [448c467f] rundll32.exe "C:\Windows\system32\wmcirddn.dll",b O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O13 - Gopher Prefix: O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab O20 - AppInit_DLLs: APSHook.dll acaptuser32.dll O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot\SDWinSec.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\Windows\System32\StkCSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 6732 bytes merci à tous et merci aussi de votre réponse par mail, car je ne suis pas sur de pouvoir réouvrir la fenetre. Par ailleurs, connaissez vous un antivirus bootable sur CD qui fait l'affaire. je n'arrive à rien. merci Lebeep !

salut les gars, si j'ai laisse mon tel c'est pas trop pour déconner, j'ai une stagiaire qui a bidouiller ma bécane et l'horeur est apparu. pensez vous donc que je puisse réinstaller win 95 sans craindre pour mes fichiers?!! merci ok je le laisse plus mon tel

salut à tous, j'espère que l'un de vous m'aidera un peu. j'ai un message d'erreur sur ma bécane au démarrage qui dit windows protection error. you need restart your computer. et je ne sais même pas comment c'est arrivé, c'est une stagiaire qui a du bidouillé, et j'ai un boulot de fou sur cette bécane, et j'ai peur de réinstaller Windows 95, système que j'ai à la base merci d'avance de m'aider soit par mail à schikhi@free.fr ou alors au 06.73.47.54.16