[Résolu] Fenêtres intempestives "adssite", I.E et Mozilla Fi

[desdemona]

Bonjour Charles!

 

Bin j'avais déja essayé comme ça.. mais bon, j'ai refait et.. toujours rien! Il reste sur la page de la préparation du rapport et le curseur clignote mais l'ordi ne travaillle pas et rien ne s'affiche!

 

[Thanos]

salut

 

Ok on oublie ComboFix ! Lance ce scan en poste le rapport stp >

 

Télécharge Deckard's System Scanner (DSS) sur ton bureau.

Tu dois possèder les droits administrateurs pour le lancer.

• Ferme toutes les applications en cours (fenêtres internet etc...)
  
• Double-clique sur dss.exe et clique sur ok au message qui s'affiche.
  
• Lorsque le scan est terminé, deux fichiers texte vont s'ouvrir.
  
• Poste le contenu du rapport nommé main.txt
  
• Si tu ne vois pas le rapport, tu le trouvera dans le dossier suivant > C:\Deckard\System Scanner
  

[desdemona]

Bonjour!!

 

Voila le rapport ; Il y a une ligne en S4 qui m'interpelle.. La bounty box.. cette installation m'avait causé mon premier problème de pages de pub intempestives.. elle ne devrait plus être dans l'ordi vu qu'on l'avait nettoyé avec l'aide d'un membre de ce forum.. pourquoi trouve t on encore son nom dans ce rapport :

 

 

Deckard's System Scanner v20071014.68

Run by Marie Christine Duny on 2007-11-27 09:26:44

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

-- System Restore --------------------------------------------------------------

 

Successfully created a Deckard's System Scanner Restore Point.

 

 

-- Last 4 Restore Point(s) --

4: 2007-11-27 08:26:51 UTC - RP73 - Deckard's System Scanner Restore Point

3: 2007-11-26 21:54:20 UTC - RP72 - Point de vérification système

2: 2007-11-25 14:58:36 UTC - RP71 - ComboFix created restore point

1: 2007-11-25 14:57:49 UTC - RP70 - Point de vérification système

 

 

Backed up registry hives.

Performed disk cleanup.

 

 

 

-- HijackThis Clone ------------------------------------------------------------

 

 

Emulating logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2007-11-27 09:29:08

Platform: Windows XP Service Pack 2 (5.01.2600)

MSIE: Internet Explorer (7.00.6000.16544)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\system32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\soundman.exe

C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Marie Christine Duny\Bureau\dss.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: http://www.bitdefender.fr (HKCU)

O15 - Trusted Zone: http://webscanner.kaspersky.fr (HKCU)

O15 - Trusted Zone: http://forum.zebulon.fr (HKCU)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cab

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc3.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://desdemona07.spaces.live.com//PhotoUpload/MsnPUpld.cab

O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - http://www.nanoscan.com/as/v1/cabs/ascstubie.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1179576006578

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://desdemona07.spaces.live.com/PhotoUpload/MsnPUpld.cab

O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab

O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab

O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppD...ap/DigWXMSN.cab

O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-fr.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Boonty Games - Unknown owner - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe

O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe

O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe

 

 

--

End of file - 9065 bytes

 

-- File Associations -----------------------------------------------------------

 

All associations okay.

 

 

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

 

R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>

 

S3 catchme - c:\docume~1\mariec~1\locals~1\temp\catchme.sys (file missing)

S3 GMSIPCI - d:\install\gmsipci.sys (file missing)

S3 MSICPL - d:\install4\msicpl.sys (file missing)

S3 NTACCESS - d:\ntaccess.sys (file missing)

S3 usbsermpt (Motorola USB Modem Driver for MPT) - c:\windows\system32\drivers\usbsermpt.sys <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>

 

 

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

 

R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\avira\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler>

R2 Apple Mobile Device - "c:\program files\fichiers communs\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>

R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT>

 

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe

S3 SolidWorks Licensing Service - "c:\program files\fichiers communs\solidworks shared\service\solidworkslicensing.exe" <Not Verified; SolidWorks; SolidWorks Licensing Service>

S4 Boonty Games - "c:\program files\fichiers communs\boonty shared\service\boonty.exe" (file missing)

 

 

-- Device Manager: Disabled ----------------------------------------------------

 

No disabled devices found.

 

 

-- Scheduled Tasks -------------------------------------------------------------

 

2007-11-27 09:20:20 452 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6BD73113-753B-4132-8A0D-168786F76F6C}.job

2007-11-16 12:58:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

 

 

-- Files created between 2007-10-27 and 2007-11-27 -----------------------------

 

2007-11-25 10:27:25 0 dr-h----- C:\Documents and Settings\Marie Christine Duny\Recent

2007-11-22 13:11:19 0 d-------- C:\Program Files\Comptes et Budget V5.0

2007-11-19 18:34:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!

2007-11-19 18:03:33 0 d-------- C:\Program Files\Messenger Plus! Live

2007-11-19 17:52:14 0 d--hs--c- C:\Program Files\Fichiers communs\WindowsLiveInstaller

2007-11-19 17:52:10 0 d-------- C:\Program Files\Windows Live

2007-11-19 17:51:58 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller

2007-11-19 07:32:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab

2007-11-19 07:32:41 0 d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-11-16 18:18:54 0 d-------- C:\Program Files\Navilog1

2007-11-16 01:07:44 0 d-------- C:\Program Files\Panda Security

2007-11-14 18:21:35 0 d-------- C:\Program Files\CCleaner

2007-11-14 16:15:00 0 d-------- C:\Program Files\Avira

2007-11-14 16:15:00 0 d-------- C:\Documents and Settings\All Users\Application Data\Avira

2007-11-12 15:42:51 0 d-------- C:\Program Files\Rockstar Games

2007-11-12 02:10:13 0 d--h----- C:\Documents and Settings\Invité\Voisinage réseau

2007-11-12 02:10:13 0 dr-h----- C:\Documents and Settings\Invité\Recent

2007-11-12 01:52:41 0 d-------- C:\Documents and Settings\Invité\Application Data\Grisoft

2007-11-11 13:56:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft

2007-11-08 03:38:12 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\Abra Academy2

2007-11-06 21:14:41 0 d-------- C:\Program Files\iPod

2007-11-03 18:19:29 0 d-------- C:\Documents and Settings\Invité\Application Data\Sun

2007-11-03 17:03:53 0 d-------- C:\Documents and Settings\Invité\Application Data\Mozilla

2007-11-03 16:59:26 0 dr-h----- C:\Documents and Settings\Invité\SendTo

2007-11-03 16:59:26 0 d--h----- C:\Documents and Settings\Invité\Modèles

2007-11-03 16:59:26 0 dr------- C:\Documents and Settings\Invité\Mes documents

2007-11-03 16:59:26 0 dr------- C:\Documents and Settings\Invité\Menu Démarrer

2007-11-03 16:59:26 0 d--h----- C:\Documents and Settings\Invité\Local Settings

2007-11-03 16:59:26 0 dr------- C:\Documents and Settings\Invité\Favoris

2007-11-03 16:59:26 0 d--hs---- C:\Documents and Settings\Invité\Cookies

2007-11-03 16:59:26 0 d-------- C:\Documents and Settings\Invité\Bureau

2007-11-03 16:59:26 0 dr-h----- C:\Documents and Settings\Invité\Application Data

2007-11-03 16:59:26 0 d---s---- C:\Documents and Settings\Invité\Application Data\Microsoft

2007-11-03 16:59:26 0 d-------- C:\Documents and Settings\Invité\Application Data\Macromedia

2007-11-03 16:59:26 0 d-------- C:\Documents and Settings\Invité\Application Data\CyberLink

2007-11-03 16:59:26 0 d-------- C:\Documents and Settings\Invité\Application Data\Apple Computer

2007-11-03 16:59:26 0 d-------- C:\Documents and Settings\Invité\Application Data\Adobe

2007-11-03 16:59:25 1310720 --ah----- C:\Documents and Settings\Invité\NTUSER.DAT

2007-10-29 12:08:05 0 d-------- C:\Program Files\CamStudio

2007-10-29 02:16:37 0 d-------- C:\Documents and Settings\All Users\Application Data\Genimo

2007-10-29 02:12:18 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\Genimo

 

 

-- Find3M Report ---------------------------------------------------------------

 

2007-11-25 15:55:15 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\OpenOffice.org2

2007-11-22 18:29:03 0 d-------- C:\Program Files\Lexmark X1100 Series

2007-11-22 13:23:37 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\SolidWorks

2007-11-19 17:52:14 0 d-------- C:\Program Files\Fichiers communs

2007-11-19 17:22:18 0 d-------- C:\Program Files\Windows Live Safety Center

2007-11-19 16:50:50 0 d-------- C:\Program Files\Google

2007-11-12 15:42:51 0 d--h----- C:\Program Files\InstallShield Installation Information

2007-11-12 01:29:52 98 --a----c- C:\WINDOWS\popcinfo.dat

2007-11-11 18:22:58 0 d-------- C:\Program Files\Firefly Studios

2007-11-10 15:21:54 0 d-------- C:\Program Files\LimeWire

2007-11-08 03:06:34 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\Macromedia

2007-11-06 21:15:01 0 d-------- C:\Program Files\iTunes

2007-11-06 21:12:53 0 d-------- C:\Program Files\QuickTime

2007-10-28 11:01:34 504492 --a------ C:\WINDOWS\system32\perfh00C.dat

2007-10-28 11:01:34 83046 --a------ C:\WINDOWS\system32\perfc00C.dat

2007-10-25 22:48:45 0 d-------- C:\Program Files\Picasa2

2007-10-16 16:00:43 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\Legends of pirates

2007-10-14 12:44:22 0 d-------- C:\Program Files\SolidWorks

2007-10-12 22:45:46 0 d-------- C:\Program Files\MySpace

2007-10-12 18:48:14 0 d-------- C:\Program Files\DWGeditor

2007-10-12 18:44:19 0 d-------- C:\Program Files\Fichiers communs\eDrawings2007

2007-10-12 18:44:14 0 d-------- C:\Program Files\Fichiers communs\SolidWorks Shared

2007-10-12 17:42:30 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\SolidWorksNewsReader

2007-10-12 06:54:26 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\FloodLightGames

2007-10-11 23:49:10 0 d-------- C:\Program Files\SolidWorks Installation Manager

2007-10-09 21:34:35 0 d-------- C:\Program Files\Fichiers communs\Solidworks Data

2007-10-05 02:06:31 0 d-------- C:\Program Files\Zylom Games

2007-10-05 01:04:44 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\Identities

2007-10-04 17:44:32 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\Big Fish Games

2007-10-04 07:18:44 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\EA

2007-10-03 17:07:17 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\PlayFirst

2007-10-01 23:01:12 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\Zylom

2007-10-01 01:50:57 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\iWin

2007-10-01 01:16:28 0 d-------- C:\Documents and Settings\Marie Christine Duny\Application Data\Harmonic Flow

2007-09-30 21:06:54 0 d-------- C:\Program Files\VstPlugins

2007-09-27 16:05:13 0 d-------- C:\Program Files\DivX

2007-09-17 19:23:00 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>

2007-09-17 19:23:00 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>

2007-09-17 19:22:58 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>

2007-09-17 19:22:58 739840 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>

2007-09-13 22:59:56 2540251 --a------ C:\WINDOWS\system32\Star Wars Episode III Screensaver.scr <Not Verified; Axialis Software; Axialis Screen Saver Producer>

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VTTimer"="VTTimer.exe" [2005-03-08 10:33 C:\WINDOWS\system32\VTTimer.exe]

"SoundMan"="SOUNDMAN.EXE" [2005-11-11 14:07 C:\WINDOWS\soundman.exe]

"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 20:42]

"LVCOMSX"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe" [2007-02-06 16:43]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-11-14 16:16]

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 20:00]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34]

 

 

 

 

-- End of Deckard's System Scanner: finished at 2007-11-27 09:29:45 ------------

[desdemona]

Ha et comme demandé quelques post plus haut voici le rapport diag help (toujours pas réussi l'upload!)

 

DiagHelp version v1.4 - http://www.malekal.com

excute le 2007-11-27 à 10:26:31.65

 

 

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch

C:\WINDOWS\prefetch\CHCP.COM-17EDBDC9.pf -->2007-11-27 10:26:10

C:\WINDOWS\prefetch\CMD.EXE-034B0549.pf -->2007-11-27 10:25:46

C:\WINDOWS\prefetch\VERCLSID.EXE-28F52AD2.pf -->2007-11-27 10:25:05

C:\WINDOWS\prefetch\TASKMGR.EXE-06144C13.pf -->2007-11-27 10:24:45

C:\WINDOWS\prefetch\FIREFOX.EXE-06188867.pf -->2007-11-27 10:24:33

C:\WINDOWS\prefetch\NOTEPAD.EXE-2DAE2DE6.pf -->2007-11-27 09:30:26

C:\WINDOWS\prefetch\SORT.EXE-19728AC5.pf -->2007-11-27 09:29:35

C:\WINDOWS\prefetch\FIND.EXE-0EEAD1A7.pf -->2007-11-27 09:29:31

C:\WINDOWS\prefetch\CSCRIPT.EXE-0A13A05C.pf -->2007-11-27 09:29:28

C:\WINDOWS\prefetch\WMIPRVSE.EXE-0D449B4F.pf -->2007-11-27 09:29:27

 

C:\WINDOWS\System32\drivers\avipbb.sys -->2007-11-14 16:16:44

C:\WINDOWS\System32\drivers\avgntdd.sys -->2007-08-09 13:04:11

C:\WINDOWS\System32\drivers\usbsermpt.sys -->2007-08-08 15:54:08

C:\WINDOWS\System32\drivers\pxhelp20.sys -->2007-07-27 00:06:18

C:\WINDOWS\System32\drivers\cdralw2k.sys -->2007-07-27 00:06:18

C:\WINDOWS\System32\drivers\Msft_Kernel_motmodem_01005.Wdf -->2007-07-23 20:57:38

C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf -->2007-07-23 20:57:35

 

C:\WINDOWS\System32\wpa.dbl -->2007-11-27 09:19:33

C:\WINDOWS\System32\lvcoinst.log -->2007-11-19 17:34:53

C:\WINDOWS\System32\CONFIG.NT -->2007-11-14 16:01:23

C:\WINDOWS\System32\MRT.exe -->2007-11-02 08:12:57

C:\WINDOWS\System32\xpsp3res.dll -->2007-10-29 16:07:16

C:\WINDOWS\System32\PerfStringBackup.INI -->2007-10-28 11:01:34

C:\WINDOWS\System32\perfh00C.dat -->2007-10-28 11:01:34

C:\WINDOWS\System32\perfh009.dat -->2007-10-28 11:01:34

C:\WINDOWS\System32\perfc00C.dat -->2007-10-28 11:01:34

C:\WINDOWS\System32\perfc009.dat -->2007-10-28 11:01:34

C:\WINDOWS\System32\shell32.dll -->2007-10-25 17:43:25

C:\WINDOWS\System32\QuickTimeVR.qtx -->2007-10-19 20:16:46

C:\WINDOWS\System32\QuickTime.qts -->2007-10-19 20:16:46

C:\WINDOWS\System32\sirenacm.dll -->2007-10-18 11:31:46

C:\WINDOWS\System32\FNTCACHE.DAT -->2007-10-11 23:47:28

C:\WINDOWS\System32\LegitCheckControl.dll -->2007-10-11 14:12:48

C:\WINDOWS\System32\divxdec.ax -->2007-09-18 13:24:32

C:\WINDOWS\System32\divx_xx0c.dll -->2007-09-17 19:23:00

C:\WINDOWS\System32\divx_xx07.dll -->2007-09-17 19:23:00

C:\WINDOWS\System32\divx_xx11.dll -->2007-09-17 19:22:58

C:\WINDOWS\System32\DivX.dll -->2007-09-17 19:22:58

C:\WINDOWS\System32\Star Wars Episode III Screensaver.scr -->2007-09-13 22:59:56

C:\WINDOWS\System32\DivXCodecVersionChecker.exe -->2007-09-12 00:14:30

C:\WINDOWS\System32\TZLog.log -->2007-08-29 10:59:41

C:\WINDOWS\System32\inetcomm.dll -->2007-08-21 07:17:23

 

C:\WINDOWS.log -->2007-11-27 09:19:05

C:\WINDOWS\wiadebug.log -->2007-11-27 09:18:21

C:\WINDOWS\WindowsUpdate.log -->2007-11-27 09:18:20

C:\WINDOWS\wiaservc.log -->2007-11-27 09:18:20

C:\WINDOWS\bootstat.dat -->2007-11-27 09:18:05

C:\WINDOWS\SchedLgU.Txt -->2007-11-27 06:44:31

C:\WINDOWS\NeroDigital.ini -->2007-11-25 21:59:23

C:\WINDOWS\lexstat.ini -->2007-11-25 15:53:39

C:\WINDOWS\popcinfo.dat -->2007-11-12 01:29:52

C:\WINDOWS\catchme.exe -->2007-11-08 16:59:01

C:\WINDOWS\eDrawingOfficeAutomator.INI -->2007-10-08 22:06:52

C:\WINDOWS\yacht.xws -->2007-10-08 22:05:47

C:\WINDOWS\trailer.xws -->2007-10-08 21:58:43

C:\WINDOWS\win.ini -->2007-09-20 13:39:44

C:\WINDOWS\scthemes.ini -->2007-09-14 19:56:15

 

winlogon.exe

Verified: Signed

svchost.exe

Verified: Signed

ws2_32.dll

Verified: Signed

user32.dll

Verified: Signed

tcpip.sys

Verified: Signed

ndis.sys

Verified: Signed

null.sys

Verified: Signed

 

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

explorer.exe pid: 2316

Command line: C:\WINDOWS\Explorer.EXE

 

Base Size Version Path

0x44080000 0xcf000 7.00.6000.16544 C:\WINDOWS\system32\WININET.dll

0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll

0x43e00000 0x45000 7.00.6000.16544 C:\WINDOWS\system32\iertutil.dll

0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll

0x009b0000 0x17000 10.05.0001.2027 C:\Program Files\Fichiers communs\Logishrd\LVMVFM\LVPrcInj.dll

0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL

0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

0x13420000 0x1a000 11.00.5721.5145 C:\PROGRA~1\WINDOW~2\wmpband.dll

0x44360000 0x5cb000 7.00.6000.16544 C:\WINDOWS\system32\ieframe.dll

0x44160000 0x124000 7.00.6000.16544 C:\WINDOWS\system32\urlmon.dll

0x44a40000 0x371000 7.00.6000.16544 C:\WINDOWS\system32\mshtml.dll

0x746c0000 0x29000 3.10.0349.0000 C:\WINDOWS\system32\msls31.dll

0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL

0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll

0x442b0000 0x3c000 7.00.6000.16544 C:\WINDOWS\system32\webcheck.dll

0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll

0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll

0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll

0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll

0x02ea0000 0x1b9000 2.00.0000.0008 C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll

0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MFC71.DLL

0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll

0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll

0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL

0x5c2e0000 0x51000 8.00.0000.9064 C:\Program Files\OpenOffice.org 2.0\program\shlxthdl.dll

0x60b30000 0x18000 8.00.0000.9054 C:\Program Files\OpenOffice.org 2.0\program\uwinapi.dll

0x62410000 0x8e000 4.05.2003.0120 C:\Program Files\OpenOffice.org 2.0\program\stlport_vc7145.dll

0x03160000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll

0x031c0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA

 

ListDLLs v2.25 - DLL lister for Win9x/NT

Copyright © 1997-2004 Mark Russinovich

Sysinternals - www.sysinternals.com

 

------------------------------------------------------------------------------

winlogon.exe pid: 540

Command line: winlogon.exe

 

Base Size Version Path

0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe

0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll

0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll

0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll

0x011d0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll

0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL

0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

 

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 78D6-5940

 

Répertoire de C:\WINDOWS\system32

 

2004-08-05 20:00 6,144 csrss.exe

1 fichier(s) 6,144 octets

0 Rép(s) 86,080,536,576 octets libres

 

Contenu de Downloaded Program Files

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 78D6-5940

 

Répertoire de C:\WINDOWS\Downloaded Program Files

 

2007-11-27 09:28 <REP> .

2007-11-27 09:28 <REP> ..

2007-08-21 14:25 395 ascstubie.inf

2003-06-25 18:00 541 ca.pub

2007-09-18 13:51 <REP> CONFLICT.1

2005-01-13 15:59 233 Crusher.inf

2005-10-26 02:47 65 desktop.ini

2005-04-07 16:00 261 DigWXMSN.inf

2006-06-25 12:50 1,793 erma.inf

2006-06-15 09:19 483 fscax.inf

2004-09-21 15:10 53,248 HTMLSourceFilter.ax

2006-11-09 16:04 896 jinstall-1_5_0_10.inf

2007-01-07 12:55 2,305 kavwebscan.inf

2005-03-09 14:42 6,742 lang.ini

2005-02-18 15:22 126 live.ini

2004-09-21 15:11 57,344 MelodySourceParser.ax

2006-06-19 14:40 393 MsnPUpld.inf

2005-05-26 03:19 293 muweb.inf

2005-06-29 17:17 227 opuc.inf

2006-06-01 01:57 1,331 oscan8.inf

2005-04-08 10:28 1,367 PhtPkMSN.inf

2004-09-21 15:11 94,208 PNGSource.ax

2005-03-09 14:43 6,828 scanoptions.tsi

2004-09-21 15:13 25,600 scg.ax

2004-09-21 15:14 28,326 SMILViewer_DX6.inf

2004-09-21 15:11 57,344 StreamControl.ax

2006-11-09 14:36 5,019 swflash.inf

2004-09-21 15:13 110,592 VideoCompositor.ax

2007-03-27 13:29 320 wlscBase.inf

26 fichier(s) 456,280 octets

 

Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1

 

2007-09-18 13:51 <REP> .

2007-09-18 13:51 <REP> ..

2007-08-02 10:31 360,320 MsnPUpld.dll

2007-08-02 14:47 569 MSNPUpld.inf

2007-08-02 10:31 67,456 PURen-us.dll

2007-08-06 11:10 68,992 PURfr-fr.dll

4 fichier(s) 497,337 octets

 

Total des fichiers listés :

30 fichier(s) 953,617 octets

5 Rép(s) 86,080,532,480 octets libres

 

Recherche de rootkit! (Merci S!Ri)

 

Recherche d'infections connues

 

Export des clefs sensibles..

 

 

Liste des fichiers en exception sur le pare-feu XP SP2

 

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

 

 

Export de la clef SharedTaskScheduler

 

[sharedTaskScheduler]

"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"

"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

 

 

 

exports des policies

REGEDIT4

 

[system]

"dontdisplaylastusername"=dword:00000000

"legalnoticecaption"=""

"legalnoticetext"=""

"shutdownwithoutlogon"=dword:00000001

"undockwithoutlogon"=dword:00000001

 

 

 

Export des clefs sensibles..

Rechercher adresses sensibles dans le fichier HOSTS...

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-27 10:26:50

Windows 5.1.2600 Service Pack 2 NTFS

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:00000169

 

scanning hidden files ...

 

scan completed successfully

hidden services: 0

hidden files: 0

 

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Process list by traversal of KiWaitListHead

 

4 - System

252 - alg.exe

516 - csrss.exe

540 - winlogon.exe

584 - services.exe

596 - lsass.exe

748 - svchost.exe

804 - svchost.exe

872 - svchost.exe

944 - svchost.exe

1016 - svchost.exe

1272 - LVPrcSrv.exe

1340 - avguard.exe

1552 - sched.exe

1564 - AppleMobileDevi

1580 - CDAC11BA.EXE

1620 - GoogleUpdaterSe

2316 - explorer.exe

2596 - VTTimer.exe

2656 - LVComSX.exe

2676 - avgnt.exe

2736 - ctfmon.exe

3680 - cmd.exe

 

Total number of processes = 23

NOTE: Under WinXP, this will not show all processes.

 

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

 

Driver/Module list by traversal of PsLoadedModuleList

 

804D7000 - \WINDOWS\system32\ntkrnlpa.exe

806E2000 - \WINDOWS\system32\hal.dll

F79B0000 - \WINDOWS\system32\KDCOM.DLL

F78C0000 - \WINDOWS\system32\BOOTVID.dll

F7380000 - ACPI.sys

F79B2000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS

F736F000 - pci.sys

F74B0000 - isapnp.sys

F7A78000 - pciide.sys

F7730000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

F79B4000 - aliide.sys

F79B6000 - cmdide.sys

F79B8000 - toside.sys

F79BA000 - VIAIDEXP.SYS

F79BC000 - intelide.sys

F74C0000 - MountMgr.sys

F7350000 - ftdisk.sys

F7738000 - PartMgr.sys

F74D0000 - VolSnap.sys

F78C4000 - cpqarray.sys

F7338000 - \WINDOWS\system32\DRIVERS\SCSIPORT.SYS

F7320000 - atapi.sys

F78C8000 - aha154x.sys

F7740000 - sparrow.sys

F78CC000 - symc810.sys

F74E0000 - aic78xx.sys

F78D0000 - dac960nt.sys

F74F0000 - ql10wnt.sys

F78D4000 - amsint.sys

F7748000 - asc.sys

F78D8000 - asc3550.sys

F7750000 - mraid35x.sys

F7758000 - i2omp.sys

F78DC000 - ini910u.sys

F7500000 - ql1240.sys

F7510000 - aic78u2.sys

F7760000 - symc8xx.sys

F7768000 - sym_hi.sys

F7770000 - sym_u3.sys

F7778000 - ABP480N5.SYS

F7780000 - asc3350p.sys

F79BE000 - cd20xrnt.sys

F7520000 - ultra.sys

F7307000 - adpu160m.sys

F7788000 - dpti2o.sys

F7530000 - ql1080.sys

F7540000 - ql1280.sys

F7550000 - ql12160.sys

F7790000 - perc2.sys

F79C0000 - perc2hib.sys

F7798000 - hpn.sys

F78E0000 - cbidf2k.sys

F72DB000 - dac2w2k.sys

F7560000 - VIAMRAID.SYS

F7570000 - disk.sys

F7580000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

F72BB000 - fltMgr.sys

F72A9000 - sr.sys

F7590000 - PxHelp20.sys

F7292000 - KSecDD.sys

F7205000 - Ntfs.sys

F71D8000 - NDIS.sys

F75A0000 - viaagp.sys

F75B0000 - uagp35.sys

F75C0000 - ohci1394.sys

F75D0000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS

F71BD000 - Mup.sys

F75E0000 - alim1541.sys

F75F0000 - amdagp.sys

F7600000 - agpCPQ.sys

F7630000 - \SystemRoot\system32\DRIVERS\nic1394.sys

F7650000 - \SystemRoot\system32\DRIVERS\intelppm.sys

F6CAD000 - \SystemRoot\system32\DRIVERS\vtmini.sys

F6C99000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

F6C88000 - \SystemRoot\system32\DRIVERS\Rtlnic51.sys

F7660000 - \SystemRoot\system32\DRIVERS\imapi.sys

F7670000 - \SystemRoot\system32\DRIVERS\cdrom.sys

F7680000 - \SystemRoot\system32\DRIVERS\redbook.sys

F6C65000 - \SystemRoot\system32\DRIVERS\ks.sys

F7828000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys

F7830000 - \SystemRoot\system32\DRIVERS\usbuhci.sys

F6C42000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS

F7838000 - \SystemRoot\system32\DRIVERS\usbehci.sys

F68A1000 - \SystemRoot\system32\drivers\ALCXWDM.SYS

F687D000 - \SystemRoot\system32\drivers\portcls.sys

F76A0000 - \SystemRoot\system32\drivers\drmk.sys

F7840000 - \SystemRoot\system32\DRIVERS\fdc.sys

F686C000 - \SystemRoot\system32\DRIVERS\serial.sys

F7984000 - \SystemRoot\system32\DRIVERS\serenum.sys

F6858000 - \SystemRoot\system32\DRIVERS\parport.sys

F76B0000 - \SystemRoot\system32\DRIVERS\i8042prt.sys

F7848000 - \SystemRoot\system32\DRIVERS\mouclass.sys

F7850000 - \SystemRoot\system32\DRIVERS\kbdclass.sys

F7B0D000 - \SystemRoot\system32\DRIVERS\audstub.sys

F7710000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys

F7988000 - \SystemRoot\system32\DRIVERS\ndistapi.sys

F670C000 - \SystemRoot\system32\DRIVERS\ndiswan.sys

F7720000 - \SystemRoot\system32\DRIVERS\raspppoe.sys

F71AD000 - \SystemRoot\system32\DRIVERS\raspptp.sys

F7858000 - \SystemRoot\system32\DRIVERS\TDI.SYS

F66FB000 - \SystemRoot\system32\DRIVERS\psched.sys

F719D000 - \SystemRoot\system32\DRIVERS\msgpc.sys

F7860000 - \SystemRoot\system32\DRIVERS\ptilink.sys

F7868000 - \SystemRoot\system32\DRIVERS\raspti.sys

F718D000 - \SystemRoot\system32\DRIVERS\termdd.sys

F7A34000 - \SystemRoot\system32\DRIVERS\swenum.sys

F66A2000 - \SystemRoot\system32\DRIVERS\update.sys

F7994000 - \SystemRoot\system32\DRIVERS\mssmbios.sys

F716D000 - \SystemRoot\System32\Drivers\NDProxy.SYS

F715D000 - \SystemRoot\system32\DRIVERS\usbhub.sys

F7A38000 - \SystemRoot\system32\DRIVERS\USBD.SYS

F7A3A000 - \SystemRoot\System32\Drivers\i2omgmt.SYS

F7A3C000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS

F52A8000 - \SystemRoot\System32\Drivers\Null.SYS

F7A3E000 - \SystemRoot\System32\Drivers\Beep.SYS

F78A8000 - \SystemRoot\System32\drivers\vga.sys

F7A40000 - \SystemRoot\System32\Drivers\mnmdd.SYS

F7A42000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys

F78B0000 - \SystemRoot\System32\Drivers\Msfs.SYS

F78B8000 - \SystemRoot\System32\Drivers\Npfs.SYS

F79A8000 - \SystemRoot\system32\DRIVERS\rasacd.sys

F5218000 - \SystemRoot\system32\DRIVERS\ipsec.sys

F51C0000 - \SystemRoot\system32\DRIVERS\tcpip.sys

F5170000 - \SystemRoot\system32\DRIVERS\netbt.sys

F514F000 - \SystemRoot\system32\DRIVERS\ipnat.sys

F712D000 - \SystemRoot\system32\DRIVERS\wanarp.sys

F512D000 - \SystemRoot\System32\drivers\afd.sys

F711D000 - \SystemRoot\system32\DRIVERS\netbios.sys

F77A8000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys

F5102000 - \SystemRoot\system32\DRIVERS\rdbss.sys

F7640000 - \SystemRoot\system32\DRIVERS\arp1394.sys

F5093000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys

F6D75000 - \SystemRoot\System32\Drivers\Fips.SYS

F6D65000 - \SystemRoot\system32\drivers\LVUSBSta.sys

F4E3E000 - \SystemRoot\system32\DRIVERS\LV561AV.SYS

F6D45000 - \SystemRoot\system32\DRIVERS\avipbb.sys

F7A44000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys

F77D8000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS

F70D5000 - \SystemRoot\system32\DRIVERS\usbscan.sys

F7800000 - \SystemRoot\system32\DRIVERS\usbprint.sys

F5326000 - \SystemRoot\System32\Drivers\Cdfs.SYS

F49A5000 - \SystemRoot\System32\Drivers\dump_atapi.sys

F7A5E000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS

BF800000 - \SystemRoot\System32\win32k.sys

F6682000 - \SystemRoot\System32\drivers\Dxapi.sys

F539E000 - \SystemRoot\System32\watchdog.sys

BF000000 - \SystemRoot\System32\drivers\dxg.sys

F7A97000 - \SystemRoot\System32\drivers\dxgthk.sys

BF012000 - \SystemRoot\System32\vtdisp.dll

BFFA0000 - \SystemRoot\System32\ATMFD.DLL

F0535000 - \SystemRoot\system32\DRIVERS\ndisuio.sys

F01FA000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys

F017D000 - \SystemRoot\system32\DRIVERS\mrxdav.sys

F016D000 - \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS

EFFC1000 - \??\C:\WINDOWS\system32\drivers\hardlock.sys

EFF9E000 - \SystemRoot\System32\Drivers\Fastfat.SYS

EFF5D000 - \SystemRoot\System32\Drivers\HTTP.sys

EFEE3000 - \SystemRoot\system32\DRIVERS\srv.sys

F01B6000 - \SystemRoot\system32\DRIVERS\mdmxsdk.sys

EFEBB000 - \SystemRoot\system32\DRIVERS\secdrv.sys

EFD91000 - \??\C:\WINDOWS\system32\drivers\tmcomm.sys

F78A0000 - \SystemRoot\system32\drivers\LVPr2Mon.sys

EFB24000 - \SystemRoot\system32\drivers\wdmaud.sys

EFBA9000 - \SystemRoot\system32\drivers\sysaudio.sys

F4DE2000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

 

Total number of drivers = 165

 

Liste des programmes installes

 

ABBYY FineReader 5.0 Sprint

Ad-Aware SE Personal

Adobe Flash Player 9 ActiveX

Adobe Photoshop 7.0

Adobe Reader 8.1.1 - Français

Adobe Shockwave Player

Apple Mobile Device Support

Apple Software Update

AutoUpdate

Avanquest update

Avira AntiVir PersonalEdition Classic

BankPerfect 5.0

CamStudio 2.0 Fr

CCleaner (remove only)

COSMOSMotion 2007 SP0

COSMOSWorks 2007 SP0

DivX Codec

DivX Content Uploader

DivX Converter

DivX Player

DivX Web Player

Désinstallation du Lecteur Neuf VOD

DVD Decrypter (Remove Only)

DVD Shrink 3.2

EasyCleaner

EAX Unified

Google Earth

GTA San Andreas

Guitar Pro 4

iTunes

J2SE Runtime Environment 5.0 Update 10

J2SE Runtime Environment 5.0 Update 11

J2SE Runtime Environment 5.0 Update 3

Java SE Runtime Environment 6 Update 1

Kaspersky Online Scanner

Lecteur Windows Media 11

Lexmark X1100 Series

LimeWire PRO 4.12.3

Logitech Audio Echo Cancellation Component

Logitech QuickCam

Logitech Video Enumerator

Messenger Plus! Live

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 French Language Pack

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft .NET Framework 2.0

Microsoft .NET Framework 2.0

Microsoft .NET Framework 2.0 Language Pack - FRA

Microsoft .NET Framework 3.0

Microsoft .NET Framework 3.0

Microsoft .NET Framework 3.0 French Language Pack

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft National Language Support Downlevel APIs

Microsoft Office PowerPoint Viewer 2003

Microsoft User-Mode Driver Framework Feature Pack 1.0

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)

Mise à jour de sécurité pour Windows XP (KB913433)

Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA

Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0

Motorola Driver Installation

Motorola Phone Tools

Mozilla Firefox (2.0.0.10)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 6.0 Parser (KB933579)

Navilog1 3.3.6

Nero 7

Neuf - Kit de connexion

OpenOffice.org 2.0

Outil de mise à jour Google

Package de base Microsoft de service de chiffrement pour cartes à puce

Panda TotalScan

PCI SoftV92 Modem

PhotoCite Collection

Picasa 2

Platform

Power2Go 4.0

PowerDVD

PowerStarter

QuickTime

Realtek AC'97 Audio

SafeCast Shared Components

Security Update for CAPICOM (KB931906)

Security Update for CAPICOM (KB931906)

SolidWorks 2007 SP0

SolidWorks Installation Manager

Stronghold

Tactical Ops

the_silent_force ScreenSaver

VIA Gestionnaire de périphériques de plate-forme

VideoLAN VLC media player 0.8.6a

WebFldrs XP

Windows Communication Foundation

Windows Communication Foundation Language Pack - FRA

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 7

Windows Live installer

Windows Live Messenger

Windows Live OneCare safety scanner

Windows Live Sign-in Assistant

Windows Media Format 11 runtime

Windows Media Format 11 runtime

Windows Media Player 11

Windows Presentation Foundation

Windows Presentation Foundation Language Pack (FRA)

Windows Workflow Foundation

Windows Workflow Foundation FR Language Pack

XML Paper Specification Shared Components Language Pack 1.0

XML Paper Specification Shared Components Pack 1.0

 

 

 

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 78D6-5940

 

Répertoire de C:\Program Files

 

2007-11-22 13:11 <REP> .

2007-11-22 13:11 <REP> ..

2006-11-01 20:08 <REP> ABBYY FineReader 5.0 Sprint

2007-07-02 17:09 <REP> Adobe

2006-12-28 18:54 <REP> Alwil Software

2007-09-12 11:42 <REP> Apple Software Update

2007-11-14 16:15 <REP> Avira

2007-02-17 15:20 <REP> BankPerfect

2007-10-29 12:08 <REP> CamStudio

2007-11-14 18:21 <REP> CCleaner

2007-08-08 16:07 <REP> Common Files

2007-11-22 13:23 <REP> Comptes et Budget V5.0

2006-06-30 03:07 <REP> CONEXANT

2007-07-26 01:57 <REP> Creative

2006-06-30 03:07 <REP> CyberLink

2007-09-27 16:05 <REP> DivX

2007-02-05 03:07 <REP> DVD Decrypter

2006-11-14 13:15 <REP> DVD Shrink

2007-10-12 18:48 <REP> DWGeditor

2007-11-19 17:52 <REP> Fichiers communs

2007-11-11 18:22 <REP> Firefly Studios

2007-11-19 16:50 <REP> Google

2007-05-17 16:13 <REP> Grisoft

2007-08-27 20:21 <REP> Guitar Pro 4

2007-04-01 21:49 <REP> Image-Line

2007-03-02 20:10 <REP> Infogrames

2007-10-10 10:25 <REP> Internet Explorer

2007-11-06 21:14 <REP> iPod

2006-10-30 11:30 <REP> IqonWare AntiVirus

2007-11-06 21:15 <REP> iTunes

2007-04-14 16:58 <REP> Java

2007-01-27 11:45 <REP> Lavasoft

2007-11-22 18:29 <REP> Lexmark X1100 Series

2007-11-10 15:21 <REP> LimeWire

2007-08-08 15:48 <REP> LiveUpdate

2007-03-26 15:46 <REP> Logitech

2006-11-25 16:02 <REP> Ludiclub

2006-10-30 12:02 <REP> Messenger

2007-11-19 18:03 <REP> Messenger Plus! Live

2007-05-19 13:05 <REP> Microsoft CAPICOM 2.1.0.2

2006-06-30 03:10 <REP> microsoft frontpage

2007-10-11 23:24 <REP> Microsoft Office

2007-08-08 16:07 <REP> Motorola Phone Tools

2006-06-30 03:08 <REP> Movie Maker

2007-11-27 10:14 <REP> Mozilla Firefox

2007-05-14 04:13 <REP> MSBuild

2007-03-27 18:30 <REP> MSN

2006-06-30 03:08 <REP> MSN Gaming Zone

2007-08-16 13:34 <REP> MSXML 4.0

2007-05-14 04:17 <REP> MSXML 6.0

2007-10-12 22:45 <REP> MySpace

2007-11-16 18:22 <REP> Navilog1

2007-08-11 14:42 <REP> Nero

2007-06-25 10:57 <REP> NetMeeting

2006-10-31 16:02 <REP> Neuf

2007-06-25 12:53 <REP> neuf_VOD

2006-10-30 22:34 <REP> OfficeUpdate11

2006-06-30 03:08 <REP> Online Services

2006-11-04 11:35 <REP> OpenOffice.org 2.0

2007-06-19 17:08 <REP> Outlook Express

2007-11-16 01:08 <REP> Panda Security

2006-12-12 16:00 <REP> PhotoCite Collection

2007-10-25 22:48 <REP> Picasa2

2007-11-06 21:12 <REP> QuickTime

2006-06-30 03:09 <REP> Realtek AC97

2007-05-14 04:02 <REP> Reference Assemblies

2007-04-30 17:08 <REP> ReflexiveArcade

2007-11-12 15:42 <REP> Rockstar Games

2007-09-13 23:02 <REP> ScreenThemes

2006-06-30 03:09 <REP> Services en ligne

2007-07-02 13:18 <REP> SlySoft

2007-10-14 12:44 <REP> SolidWorks

2007-10-11 23:49 <REP> SolidWorks Installation Manager

2007-05-01 22:06 <REP> TGTSoft

2007-08-20 12:01 <REP> ToniArts

2006-06-30 03:09 <REP> VIA

2007-04-17 13:27 <REP> VideoLAN

2007-09-30 21:06 <REP> VstPlugins

2007-11-19 17:55 <REP> Windows Live

2007-11-19 17:22 <REP> Windows Live Safety Center

2006-11-17 15:15 <REP> Windows Media Connect 2

2007-08-16 13:34 <REP> Windows Media Player

2006-06-30 03:09 <REP> Windows NT

2006-06-30 03:10 <REP> xerox

2007-10-05 02:06 <REP> Zylom Games

0 fichier(s) 0 octets

85 Rép(s) 86,081,028,096 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 78D6-5940

 

Répertoire de C:\Program Files\fichiers communs

 

2007-11-19 17:52 <REP> .

2007-11-19 17:52 <REP> ..

2007-07-02 17:09 <REP> Adobe

2007-08-11 14:43 <REP> Ahead

2007-07-24 15:33 <REP> Apple

2007-10-11 23:43 <REP> Designer

2007-10-12 18:44 <REP> eDrawings2007

2006-06-30 03:08 <REP> InstallShield

2006-11-01 14:16 <REP> Java

2007-03-26 16:04 <REP> LogiShrd

2007-02-14 20:04 <REP> Logitech

2007-01-21 16:49 <REP> Macrovision Shared

2007-10-11 23:43 <REP> Microsoft Shared

2007-07-23 20:56 <REP> Motorola Shared

2006-06-30 03:08 <REP> MSSoap

2007-03-23 11:40 <REP> PC Tools

2007-11-12 01:46 <REP> Services

2007-10-09 21:34 <REP> Solidworks Data

2007-10-12 18:44 <REP> SolidWorks Shared

2006-06-30 03:08 <REP> SpeechEngines

2007-06-19 17:08 <REP> System

0 fichier(s) 0 octets

21 Rép(s) 86,081,024,000 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 78D6-5940

 

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

 

2006-06-30 03:08 <REP> .

2006-06-30 03:08 <REP> ..

2001-05-18 21:57 561,209 MSONSEXT.DLL

1999-06-03 18:09 122,937 MSOWS409.DLL

2001-03-07 13:00 127,033 MSOWS40c.DLL

3 fichier(s) 811,179 octets

2 Rép(s) 86,081,024,000 octets libres

Le volume dans le lecteur C n'a pas de nom.

Le numéro de série du volume est 78D6-5940

 

Répertoire de C:\Program Files\common files

 

2007-08-08 16:07 <REP> .

2007-08-08 16:07 <REP> ..

2007-08-08 16:07 <REP> Motorola Shared

0 fichier(s) 0 octets

3 Rép(s) 86,081,024,000 octets libres

 

 

 

 

c:\Documents and Settings\Administrateur\Bureau\PC Defender.exe

c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe

c:\Documents and Settings\Default User\Bureau\PC Defender.exe

c:\Documents and Settings\Invité\Bureau\PC Defender.exe

c:\Documents and Settings\Marie Christine Duny\.limewire\.NetworkShare\LimeWireWin4.14.10.exe

c:\Documents and Settings\Marie Christine Duny\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe

c:\Documents and Settings\Marie Christine Duny\Application Data\Microsoft\Installer\{8315396A-5EA1-419D-BEC4-978284BDF556}\NewShortcut1_8315396A5EA1419DBEC4978284BDF556.exe

c:\Documents and Settings\Marie Christine Duny\Application Data\Microsoft\Installer\{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}\ARPPRODUCTICON.exe

c:\Documents and Settings\Marie Christine Duny\Bureau\ATF-Cleaner.exe

c:\Documents and Settings\Marie Christine Duny\Bureau\ComboFix.exe

c:\Documents and Settings\Marie Christine Duny\Bureau\dss.exe

c:\Documents and Settings\Marie Christine Duny\Bureau\DiagHelp\DiagHelp\catchme.exe

c:\Documents and Settings\Marie Christine Duny\Bureau\DiagHelp\DiagHelp\diff.exe

c:\Documents and Settings\Marie Christine Duny\Bureau\DiagHelp\DiagHelp\dumphive.exe

c:\Documents and Settings\Marie Christine Duny\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe

c:\Documents and Settings\Marie Christine Duny\Bureau\DiagHelp\DiagHelp\find2.exe

c:\Documents and Settings\Marie Christine Duny\Bureau\DiagHelp\DiagHelp\Fport.exe

c:\Documents and Settings\Marie Christine Duny\Bureau\DiagHelp\DiagHelp\grep.exe

c:\Documents and Settings\Marie Christine Duny\Bureau\DiagHelp\DiagHelp\gzip.exe

c:\Documents and Settings\Marie Christine Duny\Bureau\DiagHelp\DiagHelp\KProcCheck.exe

c:\Documents and Settings\Marie Christine Duny\Bureau\DiagHelp\DiagHelp\LFiles.exe

c:\Documents and Settings\Marie Christine Duny\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe

c:\Documents and Settings\Marie Christine Duny\Bureau\DiagHelp\DiagHelp\md5sums.exe

c:\Documents and Settings\Marie Christine Duny\Bureau\DiagHelp\DiagHelp\pslist.exe

c:\Documents and Settings\Marie Christine Duny\Bureau\DiagHelp\DiagHelp\sigcheck.exe

c:\Documents and Settings\Marie Christine Duny\Bureau\DiagHelp\DiagHelp\streams.exe

c:\Documents and Settings\Marie Christine Duny\Bureau\DiagHelp\DiagHelp\swreg.exe

c:\Documents and Settings\Marie Christine Duny\Bureau\DiagHelp\DiagHelp\tar.exe

c:\Documents and Settings\Marie Christine Duny\Bureau\HiJackThis\HijackThis.exe

c:\Documents and Settings\Marie Christine Duny\Bureau\sreng2\SREngPS.EXE

c:\Documents and Settings\Marie Christine Duny\Mes documents\Mes programmes d'installation\EClea2_0.exe

c:\Documents and Settings\Marie Christine Duny\Mes documents\Mes programmes d'installation\MPEG2 DVD plugin for NERO.exe

c:\Documents and Settings\Marie Christine Duny\Mes documents\Mes programmes d'installation\Nero 7 Ultra Edition Enhanced 7.5.9.0 Keygen.exe

c:\Documents and Settings\Marie Christine Duny\Mes documents\Mes programmes d'installation\patch_routeur_trio3c.exe

c:\Documents and Settings\Marie Christine Duny\Mes documents\Mes programmes d'installation\dvd decryter\DVD DECRYPTER 4.1.4.0 - SetupDVDDecrypter.exe

c:\Documents and Settings\Marie Christine Duny\Mes documents\Mes programmes d'installation\General-CleanTool\General-CleanTool.exe

c:\Documents and Settings\Marie Christine Duny\Mes documents\Mes programmes d'installation\Nero 7.0.1.2 Ultra Edition with Keygen - English\Nero-7.0.1.2_eng.exe

c:\Documents and Settings\Marie Christine Duny\Mes documents\Mes programmes d'installation\Nero 7.0.1.2 Ultra Edition with Keygen - English\Nero 7 Keygen from Embrace\keygen.exe

c:\Documents and Settings\Marie Christine Duny\Mes documents\Mes programmes d'installation\OpenOffice.org 2.0 Installation Files\instmsia.exe

c:\Documents and Settings\Marie Christine Duny\Mes documents\Mes programmes d'installation\OpenOffice.org 2.0 Installation Files\instmsiw.exe

c:\Documents and Settings\Marie Christine Duny\Mes documents\Mes programmes d'installation\OpenOffice.org 2.0 Installation Files\setup.exe

c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\avewin32.dll

c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll

c:\Documents and Settings\All Users\Application Data\Logishrd\LQCVFX\Filters\MMSEF.dll

c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll

c:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll

c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll

c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\chuzzle\fr-FR\Chuzzle.dll

c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\insaniquarium\fr-FR\insaniquarium.dll

c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\MysterySolitaireSIWeb\fr-FR\bass.dll

c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\MysterySolitaireSIWeb\fr-FR\MysterySolitaireSIWeb.dll

c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\MysterySolitaireSIWeb\fr-FR\Resources.dll

c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\MyZylomExtension\MyZylomExtension.dll

c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\PlaytimeExtension\PlaytimeExtension.dll

c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\PopcapExtension\PopcapExtension.dll

c:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\Zylom\ZylomDeluxeInstaller\ZylomDeluxeInstaller.dll

c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{0000278T-TT9K-T8DU-098L-22G2KN550VVG}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{0000278T-TT9K-T8DU-12ET-241L598QQVVA}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{0000278T-TT9K-T8DU-12ET-241L598QQVVQ}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{0000278T-TT9K-T8DU-1KFV-23O5NTEJMVS6}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{0000278T-TT9K-T8DU-1KFV-23O5NTEJMVVF}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{00009BV5-V6E6-N99D-O8SF-9VRP3OLUMVG5}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{00009BV5-V6E6-N99D-O8SF-9VRP3OLUMVGB}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{00009BV5-V6E6-N99D-O8SF-9VRP3OLUMVGP}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{00009BV5-V6E6-N99D-O8SF-9VRP3OLUMVH0}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{00009BV5-V6E6-N99D-O8SF-9VRP3OLUMVIB}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{00009BV5-V6E6-N99D-O8SF-9VRP3OLUMVJ0}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{00009BV5-V6E6-N99D-O8SF-9VRP3OLUMVJ7}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{00009BV5-V6E6-N99D-O8SF-9VRP3OLUMVJS}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{00009BV5-V6E6-N99D-O8SF-9VRP3OLUMVKV}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{00013KEU-UKQE-K6V0-6KK2-254E2EDG6VV2}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{00013KEU-UKQE-K6V0-6KK2-254E2EDG6VVH}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{00013KEU-UKQE-K6V0-6KK2-254E2EDG6VVP}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{00013KEU-UKQE-K6V0-DNSL-22H2BN66GVVO}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{00013KEU-UKQE-K6V0-LCDK-256UOEQ6SVVI}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{00013KEU-UKQE-K6V0-OT7U-252VEQ1T6VVJ}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{0004LVIV-J73B-KKMS-C2FA-NVTL45EG8VVM}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG1-0C15-24GTSFND4VV1}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG1-0C15-24GTSFND4VVA}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG1-79JF-24IHS7M88VVH}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG1-79JF-24IHS7M88VVQ}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG1-79JF-254CM94A2VVP}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG1-7LLS-22TDACKJ0VU0}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG1-83VE-238SHC0H2VVH}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG1-97R9-24PV6P1ROVVC}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG1-FP6A-248DTTL0QVVP}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG1-RTNH-21IOLNPESVV9}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG1-T8BJ-22LI948QUVVG}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG2-5MGN-224B6D89UVV7}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG2-5MGN-224B6D89UVVE}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG2-5MGN-224B6D89UVVL}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG2-BTPP-21HGNJ8AQVVQ}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG2-FTST-22EV6QAI2VV1}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG2-LS5J-229F8D9V0VVQ}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG3-4A90-24BL1LF8IVV6}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG3-4A90-24BL1LF8IVVD}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG3-8AT4-258NF6K78VV2}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG3-8AT4-258NF6K78VVF}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG3-8AT4-258NF6K78VVP}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG3-LM58-24TAN8K5GVVI}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG3-M7KB-24AAHNHOQVVE}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG3-M7KB-24AAHNHOQVVM}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG3-NSEA-256L3V7L2VVM}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG3-RD83-23EFBBCPGVVC}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG3-RD83-24N1V86BSVVP}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG3-T5UV-256BMHGDKVV1}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG3-USK1-22JKKIT3EVV2}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG4-7162-239Q3NAHCVUJ}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG4-9VJM-21SJ3RB1CVVM}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG4-D1JD-22NQ5L514VV4}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG4-JM9C-24JLMUCREVUJ}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVSJ}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVT8}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVTQ}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVU2}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVV0}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG4-MO09-24UF17SCEVVA}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG4-QNSB-2186AUNB4VVQ}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG4-SA0C-22B8SP58AVUA}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG4-SA0C-22B8SP58AVUS}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG4-SA0C-22B8SP58AVV3}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG5-17FO-23BO70OD4VUL}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG5-5V1M-24PA6O41IVVM}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG5-BPAV-24QJBB1JIVUR}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG5-BPAV-24QJBB1JIVV8}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG5-CHL5-24516UNKQVUU}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG5-CHL5-24516UNKQVVE}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG5-EF3Q-2491NM57EVVG}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG5-EF3Q-2491NM57EVVN}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG6-18S6-24RHV5SBEVUU}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG6-18S6-24RHV5SBEVVJ}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG6-4GPR-24EQO8A66VVQ}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG6-5I21-21UMR3484VVO}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG6-IDVP-227RSBD9QVVD}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG6-LH31-23G9CBQV6VUQ}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG6-NHPR-247TGT4QGVVN}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG6-OIK7-230KFTJUEVVO}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG6-OKQM-24KG7RVO4VTV}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG6-OKQM-24KG7RVO4VUM}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG6-OKQM-24KG7RVO4VV3}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG6-OKQM-24KG7RVO4VVE}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG6-S7TH-22P2K55U4VUU}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG6-S8NN-21QHH63O6VVP}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG7-7R56-23RS4QKC0VUD}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG7-7R56-23RS4QKC0VUL}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG7-7R56-23RS4QKC0VUV}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG7-7R56-23RS4QKC0VV8}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG7-9568-243JELPN2VVD}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG7-9568-243JELPN2VVP}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{000HQ7FF-AD7A-3FG7-DNQC-2205T8IBOVVG}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{002AVPFP-JHLQ-ABE4-NC3L-20GMCIJ2SVVO}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{002AVPFP-JHLQ-ABE5-INQH-20B2D80EAVVO}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{1000278T-TT9K-T8DU-1KFV-23O5NTEJMVRN}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Identities\{1000278T-TT9K-T8DU-1KFV-23O5NTEJMVUJ}\xmlparse.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll

c:\Documents and Settings\Marie Christine Duny\Application Data\Mozilla\Firefox\Profiles\umfad4xm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll

 

****** Fin du rapport DiagHelp

Veuillez svp envoyer le fichier C:\upload_moi_SONIC.tar.gz a l'adresse http://upload.malekal.com

 

 

Voilà j'espère qu'avec ces 2 post, tu pourra trouver car M.F bloque tout le temps et c'est vraiment énervant

[Thanos]

salut

 

Il y a une ligne en S4 qui m'interpelle.. La bounty box.. cette installation m'avait causé mon premier problème de pages de pub intempestives.

Il ne s'agit pas d'une infection. Conformément aux conditions générales d'utilisation définies que tu peux trouver sur leur site et que tu as acceptée lors du téléchargement d'un jeu (cf ici par exemple pour une traduction google et la visualisation de la page originale) le service Boonty, à l'image de la BoontyBox, collecte des informations te concernant (configuration, téléchargements effectués, toutes informations strictement personnelles que tu aurais fournies de toi même par un formulaire d'enregistrement ou d'inscription à un jeu concours, etc, à des fins d'amélioration du service strictement dit, et se réserve le droit de fournir à des tiers (références de jeu, âge, genre, endroit géographique, éducation, métier, matériel informatique et en ligne et intérêts de jeu vidéo, activités et achats, mais pas nom ou information de contact) comme les producteurs de jeu pour leur recherche de marché.

On va donc le supprimer, mais sache qu'il réapparaitra après chaque téléchargement de ces petits jeux que tu effectueras.

 

Pour le virer > Elimine le dossier suivant > C:\Program Files\Fichiers communs\BOONTY Shared

 

Vas dans le menu Démarrer > Executer et tu tapes :cmd

 

dans la boite de dialogue qui s'ouvre, tu copie/colles ceci :

sc stop "Boonty Games" => clique sur [entrée]

puis

sc delete "Boonty Games" => clique sur [entrée]

 

Un message t'avertis du succès de l'opération > Quitte l'invite de commandes.

 

Il faut télécharger et installer la dernière version de Java qui corrige des failles de sécurité!

Passe par cette page > http://java.com/fr/download/

Installe Java Runtime Environment Version 6 Update 3

lorsque tu installes la mise à jour, on va te proposer d'installer la Google Toolbar ou/et Google Desktop ! à toi de voir : si tu n'en veux pas, décoche les cases avant de cliquer sur "suivant".

Passe par Ajouter/Supprimer des Programmes et désinstalle >

J2SE Runtime Environment 5.0 Update 10

J2SE Runtime Environment 5.0 Update 11

J2SE Runtime Environment 5.0 Update 3

Java SE Runtime Environment 6 Update 1

Pour en revenir aux problèmes de pubs...je ne vois rien de douteux sur ces rapports désolé!!

Il n'y a pas de trace de rightonadz browser optimizer ou de Adssite Toolbar...

Je t'ai peut être déjà posé la question, mais est ce que tu as le même problème avec IE ??

Est ce que tu veux bien refaire un dernier scan en ligne avec Panda ?

 

@+

Modifié le 28 novembre 2007 par charles ingals

[desdemona]

Bonjour!

 

Pfffffffff! Je comprends pas tout.. la bounty box justement lors d'un précédent probléme on l'avait viré totalement et depuis je n'ai pas retéléchargé des jeux de ce site. Je prends chez zylom. Bon, j'ai recherché le fichier dans C comme tu me l'a demandé et il ne s'y trouvait pas. Ensuite à la premiére commande il me stipule que le service n'a pas été démarré et par contre il confirme l'effacement aprés la deuxième commande!

 

Je t'ai peut être déjà posé la question, mais est ce que tu as le même problème avec IE ??

 

Non! I.E fonctionne normalement, les blocages et les pages de pub intempestives ne se produisent qu'avec Mozilla Firefox!!??

 

Voila le scan Panda :

 

;***********************************************************************************************************************************************************************************

ANALYSIS: 2007-11-28 12:49:47

PROTECTIONS: 1

MALWARE: 11

SUSPECTS: 0

;***********************************************************************************************************************************************************************************

PROTECTIONS

Description Version Active Updated

;===================================================================================================================================================================================

Avira AntiVir PersonalEdition 7.0.1.13

No Yes

;===================================================================================================================================================================================

MALWARE

Id Description Type Active Severity Disinfectable Disinfected Location

;===================================================================================================================================================================================

00139535 Application/Processor HackTools No 0 Yes No C:\Program Files\Navilog1\Process.exe

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Christine Duny\Cookies\marie_christine_duny@xiti[2].txt

00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Christine Duny\Cookies\marie_christine_duny@xiti[1].txt

00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Christine Duny\Cookies\marie_christine_duny@weborama[2].txt

00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Christine Duny\Cookies\marie_christine_duny@adtech[1].txt

00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Christine Duny\Cookies\marie_christine_duny@overture[1].txt

00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Christine Duny\Cookies\marie_christine_duny@smartadserver[3].txt

00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\Marie Christine Duny\Cookies\marie_christine_duny@smartadserver[1].txt

01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Marie Christine Duny\Bureau\ComboFix.exe[nircmd.cfexe]

01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe

01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{96FADBE2-720D-4190-9324-1FCEDBFE9810}\RP73\A0023944.exe[nircmd.cfexe]

01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{96FADBE2-720D-4190-9324-1FCEDBFE9810}\RP73\A0023944.exe[nircmd.exe]

01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\Marie Christine Duny\Bureau\ComboFix.exe[nircmd.exe]

01262593 Application/NirCmd.A HackTools No 0 Yes No C:\ComboFix\nircmd.cfexe

01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{96FADBE2-720D-4190-9324-1FCEDBFE9810}\RP71\A0023928.exe

01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{96FADBE2-720D-4190-9324-1FCEDBFE9810}\RP70\A0023840.exe

01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{96FADBE2-720D-4190-9324-1FCEDBFE9810}\RP71\A0023877.exe

02197130 Trj/Rebooter.J Virus/Trojan No 1 Yes No C:\Program Files\Navilog1\reboot.exe

02673723 Adware/IconAds Adware No 0 Yes No C:\qoobox.zip[qoobox/Quarantine/C/WINDOWS/system32/gzmrotate.dll.vir]

02800612 Generic Malware Virus/Trojan No 0 Yes No C:\qoobox.zip[qoobox/Quarantine/C/WINDOWS/system32/nsm41.dll.vir]

02812218 Adware/AdRotator Adware No 0 Yes No C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll

;===================================================================================================================================================================================

SUSPECTS

Location

;===================================================================================================================================================================================

;===================================================================================================================================================================================

[Thanos]

Salut

 

On a peut être notre coupable....! C'est lui je pense qui fait planter ton Firefox >

 

C:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll

 

J'aimerai te demander quelque chose : est ce que tu peux m'expédier ce fichier ? >

Stp rend toi sur cette page afin d'héberger le dossier ici > http://www.sendspace.com

Clique sur Parcourir pour chercher le fichier en question . Une fois trouvé, sélectionne le puis clique sur le bouton Ouvrir.

Coche la case "I have read and agree to the terms of service."

Clique enfin sur le bouton Upload File .

Une nouvelle fenêtre va s'ouvrir et te donner le lien d'upload : envoie le moi par MP stp

 

Elimine le fichier nsBrowserOpt.dll ensuite (Firefox doit être éteint).

 

Un peu de ménage dans le pc >

• Télécharge ToolsCleaner sur ton Bureau.
  
• Clique sur Recherche et laisse le scan se terminer.
  
• Clique sur Suppression pour finaliser.
  
• Tu peux, si tu le souhaites, te servir des Options facultatives.
  
• Clique sur Quitter, pour que le rapport puisse se créer.
  
• Poste moi le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur( C:\).
  

Dis moi si les pubs persistent

[desdemona]

OK je t'ai posté le lien d'upload!

 

Voilà le rapport de Toolscleaner :

 

-->- Recherche:

 

C:\Qoobox: trouvé !

C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: trouvé !

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !

C:\Documents and Settings\Marie Christine Duny\Bureau\ComboFix.exe: trouvé !

C:\Documents and Settings\Marie Christine Duny\Bureau\DiagHelp: trouvé !

C:\Documents and Settings\Marie Christine Duny\Bureau\HijackThis: trouvé !

C:\Documents and Settings\Marie Christine Duny\Bureau\DiagHelp\DiagHelp: trouvé !

C:\Documents and Settings\Marie Christine Duny\Bureau\HiJackThis\HijackThis.exe: trouvé !

C:\Program Files\Navilog1: trouvé !

C:\Program Files\Navilog1\Navilog1.bat: trouvé !

 

---------------------------------

-->- Suppression:

 

C:\Documents and Settings\All Users\Bureau\Navilog1.lnk: supprimé !

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !

C:\Documents and Settings\Marie Christine Duny\Bureau\ComboFix.exe: supprimé !

C:\Documents and Settings\Marie Christine Duny\Bureau\HiJackThis\HijackThis.exe: supprimé !

C:\Program Files\Navilog1\Navilog1.bat: supprimé !

C:\Qoobox: supprimé !

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !

C:\Documents and Settings\Marie Christine Duny\Bureau\DiagHelp: supprimé !

C:\Documents and Settings\Marie Christine Duny\Bureau\HijackThis: supprimé !

C:\Program Files\Navilog1: supprimé !

 

Corbeille vidée!

Fichiers temporaires nettoyés !

Point de restauration crée !

 

Pour les fenetres je repasse plus tard ou demain.. histoire de voir!! Merci

[Thanos]

salutt

 

Merci pour la dll En espérant que ca règle le problème : tu me dira ce qu'il en est

[desdemona]

Bonjour Charles!!

 

Rien à dire t'es le meilleur!! -lol- enfin, le forum de Zébulon c'est le meilleur et les admin géniaux!!

 

Tout fonctionne... plus de fenêtres intempestives, plus de plantage de M.F.. trop fort!! C'était quoi ce truc (le fichier que je t'ai envoyé)?? Installé par quoi, tu penses? Histoire de pas reproduire!!

 

En tous cas.. MERCI, MERCI

 

Sinon il me reste encore quelques fichiers textes (les rapports) dans C et sur mon bureau mais je vais les virer manuellement. Il me reste aussi sur le bureau quelques programmes qui nous ont servi pour les recherches : dss.exe, ATF-Cleaner.exe, sreng2, ToolsCleaner2.exe et aussi le fichier programme combofix dans C.

Comment j'enlève.. manuellement ou une désinstallation spéciale??

 

 

A plus tard et encore