Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Demande d'analyse

jp9905

Par jp9905
dans Analyses et éradication malwares

 Partager

Messages recommandés

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut ;)

 

Désolé: je n'ai pas vu ta réponse hier!!

 

Tu peux redémarrer le pc ? Fais le manuellement avec le bouton On/Off si tu n'as pas la main.

 

Une fois ceci fait et Windows redémarré, fais plutôt ce scan (ca ne doit pas planter la pc) =>

 

Étape 1: RootRepeal (de AD)

Télécharger RootRepeal via un clic droit sur l'un des liens ci-dessous:

http://ad13.geekstogo.com/RootRepeal.zip

http://rootrepeal.googlepages.com/RootRepeal.zip

http://rootrepeal.psikotick.com/RootRepeal.zip

Enregistrer le fichier sur le Bureau.

Créer un nouveau dossier nommé RootRepeal à la racine du disque système (généralement C:\)

 

Décompresser l'archive téléchargée dans ce nouveau dossier RootRepeal

 

 

Étape 2: Pas de processus de contrôle en temps réel

Désactiver le module résident de l'antivirus et celui de l'antispyware.

Avira Antivir: clic droit sur l'icône dans la barre des tâches (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"

 

 

 

Étape 3: RootRepeal (de AD)

Dans l'Explorateur, ouvrir le dossier RootRepeal

Faire un double clic sur RootRepeal.exe pour lancer l'outil.

Sous Windows Vista, faire un clic droit sur RootRepeal.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

 

Cliquer sur l'onglet Report (en bas de la fenêtre) comme ceci:

RR-report-bouton.png

 

Cliquer sur le bouton Scan

RR-scan-bouton.png

 

Dans la nouvelle fenêtre Select Scan, cocher:

+ Drivers

+ Files

+ Processes

+ SSDT

+ Stealth Objects

+ Hidden Services

+ Shadow SSDT

RR-select-scan.png

 

Cliquer sur le bouton OK

Dans la nouvelle fenêtre Select Drives, cocher le lecteur système (généralement C:\)

RR-select-drive.png

 

Cliquer sur le bouton OK pour lancer l'analyse

 

Note: Cette analyse prend un certain temps. NE PAS LANCER d'autres programmes tant qu'elle est active.

 

Lorsque l'analyse est terminée, le bouton Save Report sera disponible.

RR-savereport-bouton.png

 

Cliquer sur ce bouton Save Report et enregistrer le fichier rapport dans le dossier RootRepeal sous le nom RootRepeal-$$$$$$.txt

 

Ouvrir le menu File, cliquer sur Exit pour fermer le programme.

 

 

Étape 4: Processus de contrôle en temps réel

Important: Réactiver le module résident de l'antivirus et celui de l'antispyware.

 

 

Étape 5: Résultats

Envoyer en réponse:

*- le rapport de RootRepeal (contenu du fichier RootRepeal-$$$$$$.txt)

Ce rapport peut être très long. Bien vérifier qu'il est complet dans le message envoyé. Si nécessaire, le découper en plusieurs messages.

jp9905 Full Patch Member

jp9905

Posté(e)
  • Auteur
Posté(e)

Bonjour Mr Thanos ;)

 

Ouf!!le pc a redémarré :wahoo:

Je viens de faire le scan avec RootRepeal le voici:

 

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/10/26 14:32

Program Version: Version 1.3.5.0

Windows Version: Windows XP SP3

==================================================

 

Drivers

-------------------

Name: 00000074

Image Path: \Driver\00000074

Address: 0x00000000 Size: 0 File Visible: No Signed: -

Status: -

 

Name: dump_atapi.sys

Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys

Address: 0xEED97000 Size: 98304 File Visible: No Signed: -

Status: -

 

Name: dump_WMILIB.SYS

Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS

Address: 0xEFA50000 Size: 8192 File Visible: No Signed: -

Status: -

 

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xB5789000 Size: 49152 File Visible: No Signed: -

Status: -

 

Name: SYMDS.SYS

Image Path: SYMDS.SYS

Address: 0xF82FB000 Size: 352256 File Visible: No Signed: -

Status: -

 

Name: SYMEFA.SYS

Image Path: SYMEFA.SYS

Address: 0xF82BC000 Size: 184320 File Visible: No Signed: -

Status: -

 

Hidden/Locked Files

-------------------

Path: C:\Documents and Settings\JEAN CHRISTIAN\.homeplayer\imagecache\SantanaGuitar Heaven: Santana Performs The Greatest Guitar Classics Of All TimeWhole Lotta Love (featuring Chris Cornell).jpg

Status: Visible to the Windows API, but not on disk.

 

Path: c:\documents and settings\jean christian\local settings\application data\mozilla\firefox\profiles\en1yoccw.default\cache\_cache_001_

Status: Allocation size mismatch (API: 2293760, Raw: 2146304)

 

Path: c:\documents and settings\jean christian\local settings\application data\mozilla\firefox\profiles\en1yoccw.default\cache\_cache_002_

Status: Allocation size mismatch (API: 2162688, Raw: 2088960)

 

SSDT

-------------------

#: 012 Function Name: NtAlertResumeThread

Status: Hooked by "<unknown>" at address 0x8211b578

 

#: 013 Function Name: NtAlertThread

Status: Hooked by "<unknown>" at address 0x8211c1f0

 

#: 017 Function Name: NtAllocateVirtualMemory

Status: Hooked by "<unknown>" at address 0x820424d8

 

#: 019 Function Name: NtAssignProcessToJobObject

Status: Hooked by "<unknown>" at address 0x81f39470

 

#: 031 Function Name: NtConnectPort

Status: Hooked by "<unknown>" at address 0x81eb3688

 

#: 041 Function Name: NtCreateKey

Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf5406210

 

#: 043 Function Name: NtCreateMutant

Status: Hooked by "<unknown>" at address 0x81f72e08

 

#: 052 Function Name: NtCreateSymbolicLinkObject

Status: Hooked by "<unknown>" at address 0x81f875a8

 

#: 053 Function Name: NtCreateThread

Status: Hooked by "<unknown>" at address 0x81f67108

 

#: 057 Function Name: NtDebugActiveProcess

Status: Hooked by "<unknown>" at address 0x81f33848

 

#: 063 Function Name: NtDeleteKey

Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf5406490

 

#: 065 Function Name: NtDeleteValueKey

Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf54069f0

 

#: 068 Function Name: NtDuplicateObject

Status: Hooked by "<unknown>" at address 0x82068f48

 

#: 071 Function Name: NtEnumerateKey

Status: Hooked by "sptd.sys" at address 0xf844384c

 

#: 073 Function Name: NtEnumerateValueKey

Status: Hooked by "sptd.sys" at address 0xf8443bec

 

#: 083 Function Name: NtFreeVirtualMemory

Status: Hooked by "<unknown>" at address 0x81f3b0a8

 

#: 089 Function Name: NtImpersonateAnonymousToken

Status: Hooked by "<unknown>" at address 0x81f160c8

 

#: 091 Function Name: NtImpersonateThread

Status: Hooked by "<unknown>" at address 0x82122308

 

#: 097 Function Name: NtLoadDriver

Status: Hooked by "<unknown>" at address 0x81ed2a90

 

#: 108 Function Name: NtMapViewOfSection

Status: Hooked by "<unknown>" at address 0x81fe3290

 

#: 114 Function Name: NtOpenEvent

Status: Hooked by "<unknown>" at address 0x81f16ab0

 

#: 119 Function Name: NtOpenKey

Status: Hooked by "sptd.sys" at address 0xf843e090

 

#: 122 Function Name: NtOpenProcess

Status: Hooked by "<unknown>" at address 0x82041238

 

#: 123 Function Name: NtOpenProcessToken

Status: Hooked by "<unknown>" at address 0x82123670

 

#: 125 Function Name: NtOpenSection

Status: Hooked by "<unknown>" at address 0x81f230c8

 

#: 128 Function Name: NtOpenThread

Status: Hooked by "<unknown>" at address 0x81f24558

 

#: 137 Function Name: NtProtectVirtualMemory

Status: Hooked by "<unknown>" at address 0x81f8f9b0

 

#: 160 Function Name: NtQueryKey

Status: Hooked by "sptd.sys" at address 0xf8443cc4

 

#: 177 Function Name: NtQueryValueKey

Status: Hooked by "sptd.sys" at address 0xf8443b44

 

#: 206 Function Name: NtResumeThread

Status: Hooked by "<unknown>" at address 0x82122468

 

#: 213 Function Name: NtSetContextThread

Status: Hooked by "<unknown>" at address 0x82119b98

 

#: 228 Function Name: NtSetInformationProcess

Status: Hooked by "<unknown>" at address 0x81e59158

 

#: 240 Function Name: NtSetSystemInformation

Status: Hooked by "<unknown>" at address 0x81f285d8

 

#: 247 Function Name: NtSetValueKey

Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xf5406c40

 

#: 253 Function Name: NtSuspendProcess

Status: Hooked by "<unknown>" at address 0x81f291f8

 

#: 254 Function Name: NtSuspendThread

Status: Hooked by "<unknown>" at address 0x82119620

 

#: 257 Function Name: NtTerminateProcess

Status: Hooked by "<unknown>" at address 0x8212b348

 

#: 258 Function Name: NtTerminateThread

Status: Hooked by "<unknown>" at address 0x82119730

 

#: 267 Function Name: NtUnmapViewOfSection

Status: Hooked by "<unknown>" at address 0x8211e3a8

 

#: 277 Function Name: NtWriteVirtualMemory

Status: Hooked by "<unknown>" at address 0x81f24138

 

Stealth Objects

-------------------

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]

Process: System Address: 0x823651d8 Size: 463

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]

Process: System Address: 0x823651d8 Size: 463

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]

Process: System Address: 0x823651d8 Size: 463

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]

Process: System Address: 0x823651d8 Size: 463

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x823651d8 Size: 463

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x823651d8 Size: 463

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]

Process: System Address: 0x823651d8 Size: 463

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]

Process: System Address: 0x823651d8 Size: 463

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x823651d8 Size: 463

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x823651d8 Size: 463

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x823651d8 Size: 463

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x823651d8 Size: 463

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x823651d8 Size: 463

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x823651d8 Size: 463

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]

Process: System Address: 0x823651d8 Size: 463

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x823651d8 Size: 463

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]

Process: System Address: 0x823651d8 Size: 463

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x823651d8 Size: 463

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]

Process: System Address: 0x823651d8 Size: 463

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x823651d8 Size: 463

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]

Process: System Address: 0x823651d8 Size: 463

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]

Process: System Address: 0x823651d8 Size: 463

 

Object: Hidden Code [Driver: Udfsȅ剒敬ȁఅ敓䥶顬뒀齼⭘, IRP_MJ_CREATE]

Process: System Address: 0x81b021d8 Size: 463

 

Object: Hidden Code [Driver: Udfsȅ剒敬ȁఅ敓䥶顬뒀齼⭘, IRP_MJ_CLOSE]

Process: System Address: 0x81b021d8 Size: 463

 

Object: Hidden Code [Driver: Udfsȅ剒敬ȁఅ敓䥶顬뒀齼⭘, IRP_MJ_READ]

Process: System Address: 0x81b021d8 Size: 463

 

Object: Hidden Code [Driver: Udfsȅ剒敬ȁఅ敓䥶顬뒀齼⭘, IRP_MJ_WRITE]

Process: System Address: 0x81b021d8 Size: 463

 

Object: Hidden Code [Driver: Udfsȅ剒敬ȁఅ敓䥶顬뒀齼⭘, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x81b021d8 Size: 463

 

Object: Hidden Code [Driver: Udfsȅ剒敬ȁఅ敓䥶顬뒀齼⭘, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x81b021d8 Size: 463

 

Object: Hidden Code [Driver: Udfsȅ剒敬ȁఅ敓䥶顬뒀齼⭘, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x81b021d8 Size: 463

 

Object: Hidden Code [Driver: Udfsȅ剒敬ȁఅ敓䥶顬뒀齼⭘, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x81b021d8 Size: 463

 

Object: Hidden Code [Driver: Udfsȅ剒敬ȁఅ敓䥶顬뒀齼⭘, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x81b021d8 Size: 463

 

Object: Hidden Code [Driver: Udfsȅ剒敬ȁఅ敓䥶顬뒀齼⭘, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x81b021d8 Size: 463

 

Object: Hidden Code [Driver: Udfsȅ剒敬ȁఅ敓䥶顬뒀齼⭘, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x81b021d8 Size: 463

 

Object: Hidden Code [Driver: Udfsȅ剒敬ȁఅ敓䥶顬뒀齼⭘, IRP_MJ_CLEANUP]

Process: System Address: 0x81b021d8 Size: 463

 

Object: Hidden Code [Driver: Udfsȅ剒敬ȁఅ敓䥶顬뒀齼⭘, IRP_MJ_PNP]

Process: System Address: 0x81b021d8 Size: 463

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]

Process: System Address: 0x8209a1d8 Size: 463

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]

Process: System Address: 0x8209a1d8 Size: 463

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]

Process: System Address: 0x8209a1d8 Size: 463

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]

Process: System Address: 0x8209a1d8 Size: 463

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8209a1d8 Size: 463

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8209a1d8 Size: 463

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8209a1d8 Size: 463

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8209a1d8 Size: 463

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]

Process: System Address: 0x8209a1d8 Size: 463

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8209a1d8 Size: 463

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]

Process: System Address: 0x8209a1d8 Size: 463

 

Object: Hidden Code [Driver: imagedrv, IRP_MJ_CREATE]

Process: System Address: 0x823661d8 Size: 463

 

Object: Hidden Code [Driver: imagedrv, IRP_MJ_CLOSE]

Process: System Address: 0x823661d8 Size: 463

 

Object: Hidden Code [Driver: imagedrv, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x823661d8 Size: 463

 

Object: Hidden Code [Driver: imagedrv, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x823661d8 Size: 463

 

Object: Hidden Code [Driver: imagedrv, IRP_MJ_POWER]

Process: System Address: 0x823661d8 Size: 463

 

Object: Hidden Code [Driver: imagedrv, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x823661d8 Size: 463

 

Object: Hidden Code [Driver: imagedrv, IRP_MJ_PNP]

Process: System Address: 0x823661d8 Size: 463

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]

Process: System Address: 0x82131630 Size: 463

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]

Process: System Address: 0x82131630 Size: 463

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x82131630 Size: 463

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x82131630 Size: 463

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]

Process: System Address: 0x82131630 Size: 463

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x82131630 Size: 463

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]

Process: System Address: 0x82131630 Size: 463

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]

Process: System Address: 0x823671d8 Size: 463

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]

Process: System Address: 0x823671d8 Size: 463

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]

Process: System Address: 0x823671d8 Size: 463

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x823671d8 Size: 463

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x823671d8 Size: 463

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x823671d8 Size: 463

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]

Process: System Address: 0x823671d8 Size: 463

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]

Process: System Address: 0x823671d8 Size: 463

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]

Process: System Address: 0x823671d8 Size: 463

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x823671d8 Size: 463

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]

Process: System Address: 0x823671d8 Size: 463

 

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]

Process: System Address: 0x81ae1980 Size: 463

 

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]

Process: System Address: 0x81ae1980 Size: 463

 

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x81ae1980 Size: 463

 

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x81ae1980 Size: 463

 

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]

Process: System Address: 0x81ae1980 Size: 463

 

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]

Process: System Address: 0x81ae1980 Size: 463

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]

Process: System Address: 0x8212d980 Size: 463

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]

Process: System Address: 0x8212d980 Size: 463

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8212d980 Size: 463

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8212d980 Size: 463

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]

Process: System Address: 0x8212d980 Size: 463

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8212d980 Size: 463

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]

Process: System Address: 0x8212d980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]

Process: System Address: 0x81e5a980 Size: 463

 

Object: Hidden Code [Driver: winlogonrpc, IRP_MJ_CREATE]

Process: System Address: 0x813ef980 Size: 463

 

Object: Hidden Code [Driver: winlogonrpc, IRP_MJ_CLOSE]

Process: System Address: 0x813ef980 Size: 463

 

Object: Hidden Code [Driver: winlogonrpc, IRP_MJ_READ]

Process: System Address: 0x813ef980 Size: 463

 

Object: Hidden Code [Driver: winlogonrpc, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x813ef980 Size: 463

 

Object: Hidden Code [Driver: winlogonrpc, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x813ef980 Size: 463

 

Object: Hidden Code [Driver: winlogonrpc, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x813ef980 Size: 463

 

Object: Hidden Code [Driver: winlogonrpc, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x813ef980 Size: 463

 

Object: Hidden Code [Driver: winlogonrpc, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x813ef980 Size: 463

 

Object: Hidden Code [Driver: winlogonrpc, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x813ef980 Size: 463

 

Object: Hidden Code [Driver: winlogonrpc, IRP_MJ_SHUTDOWN]

Process: System Address: 0x813ef980 Size: 463

 

Object: Hidden Code [Driver: winlogonrpc, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x813ef980 Size: 463

 

Object: Hidden Code [Driver: winlogonrpc, IRP_MJ_CLEANUP]

Process: System Address: 0x813ef980 Size: 463

 

Object: Hidden Code [Driver: winlogonrpc, IRP_MJ_PNP]

Process: System Address: 0x813ef980 Size: 463

 

Shadow SSDT

-------------------

#: 307 Function Name: NtUserAttachThreadInput

Status: Hooked by "<unknown>" at address 0x82308118

 

#: 383 Function Name: NtUserGetAsyncKeyState

Status: Hooked by "<unknown>" at address 0x81f3d420

 

#: 414 Function Name: NtUserGetKeyboardState

Status: Hooked by "<unknown>" at address 0x820f8530

 

#: 416 Function Name: NtUserGetKeyState

Status: Hooked by "<unknown>" at address 0x822d00e0

 

#: 428 Function Name: NtUserGetRawInputData

Status: Hooked by "<unknown>" at address 0x81db3460

 

#: 460 Function Name: NtUserMessageCall

Status: Hooked by "<unknown>" at address 0x813f99d0

 

#: 475 Function Name: NtUserPostMessage

Status: Hooked by "<unknown>" at address 0x813f6ea8

 

#: 476 Function Name: NtUserPostThreadMessage

Status: Hooked by "<unknown>" at address 0x82194f28

 

#: 549 Function Name: NtUserSetWindowsHookEx

Status: Hooked by "<unknown>" at address 0x81f93ab0

 

#: 552 Function Name: NtUserSetWinEventHook

Status: Hooked by "<unknown>" at address 0x81e9c170

 

==EOF==

 

 

Je suppose que je peux supprimer GMER ?

 

A te lire :)

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut ;)

 

Désolé jp9905! je passe par épisode depuis quelques jours et ait un mal fou à me connecter suffisamment longtemps.

 

Le scan RootRepeal ne montre rien d'inquiétant. Est ce que tu peux poster un nouveau rapport RSIT stp ?

jp9905 Full Patch Member

jp9905

Posté(e)
  • Auteur
Posté(e) (modifié)

Salut, :)

 

Je sais pas ce qui se passe mais quelques choses utilise beaucoup de ressource et impossible de faire quoi que se soit a chaque démarrage!!

Voili le rapport:

 

 

Logfile of random's system information tool 1.08 (written by random/random)

Run by JEAN CHRISTIAN at 2010-10-29 01:13:41

Microsoft Windows XP Édition familiale Service Pack 3

System drive C: has 25 GB (32%) free of 76 GB

Total RAM: 511 MB (13% free)

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 01:14:16, on 29/10/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\dllhost.exe

C:\WINDOWS\System32\DVDRAMSV.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe

C:\WINDOWS\System32\00THotkey.exe

C:\WINDOWS\system32\TFNF5.exe

C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

C:\WINDOWS\system32\TPSMain.exe

C:\Program Files\Toshiba\Commandes TOSHIBA\TFncKy.exe

C:\WINDOWS\system32\wscript.exe

C:\WINDOWS\system32\TPSBattM.exe

C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Documents and Settings\JEAN CHRISTIAN\Bureau\RSIT.exe

C:\Program Files\Trend Micro\HiJackThis\JEAN CHRISTIAN.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\IPSBHO.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe

O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe

O4 - HKLM\..\Run: [TFNF5] TFNF5.exe

O4 - HKLM\..\Run: [sigmaTel StacMon] C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe

O4 - HKLM\..\Run: [TPSMain] TPSMain.exe

O4 - HKLM\..\Run: [TFncKy] C:\Program Files\Toshiba\Commandes TOSHIBA\TFncKy.exe

O4 - HKLM\..\Run: [uSB-Set] wscript "C:\Program Files\USB-set\TSR.vbe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

O4 - HKCU\..\Run: [NortonUpdateAgent] C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe

O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')

O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE

O4 - Global Startup: Norton AntiVirus.LNK = C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\uistub.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1272668199695

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe

O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe

O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

 

--

End of file - 8610 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\Maintenance en 1 clic.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{D93BD681-311B-46D3-9362-51DA70343E1D}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\IPSBHO.DLL [2010-05-14 79224]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-14 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-10-14 79648]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2003-09-24 4861952]

"00THotkey"=C:\WINDOWS\System32\00THotkey.exe [2003-05-23 253952]

"000StTHK"=C:\WINDOWS\system32\000StTHK.exe [2001-06-23 24576]

"TFNF5"=C:\WINDOWS\system32\TFNF5.exe [2003-07-18 73728]

"SigmaTel StacMon"=C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe [2003-08-03 86073]

"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2003-05-30 110592]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2003-05-30 614400]

"TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.Exe [2003-03-11 122880]

"TPSMain"=C:\WINDOWS\system32\TPSMain.exe [2003-10-02 266240]

"TFncKy"=C:\Program Files\Toshiba\Commandes TOSHIBA\TFncKy.exe [2003-09-18 102400]

"USB-Set"=wscript C:\Program Files\USB-set\TSR.vbe []

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

"Adobe ARM"=C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

"SunJavaUpdateSched"=C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe [2010-05-14 248552]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"NVIEW"=nview.dll,nViewLoadHook []

"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-04-14 1957888]

"NortonUpdateAgent"=C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe [2010-10-13 2603376]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

C:\Program Files\Picasa2\PicasaMediaDetector.exe [2007-10-23 443968]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-03-01 15872]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vdlDeamon]

C:\Program Files\VIDAL\Communs\VIDAL.exe []

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^LUMIX Simple Viewer.lnk]

C:\PROGRA~1\PANASO~1\LUMIXS~1\PHLEAU~1.EXE [2005-06-13 61440]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Menu Démarrer^Programmes^Démarrage^Secunia PSI.lnk]

C:\PROGRA~1\Secunia\PSI\psi.exe [2009-08-21 900816]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Norton AntiVirus.LNK - C:\Program Files\Norton AntiVirus\Engine\17.7.0.12\uistub.exe

 

C:\Documents and Settings\Menu Démarrer\Programmes\Démarrage

ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=223

"NoDriveAutoRun"=67108863

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1

"NoDriveTypeAutoRun"=223

"NoDriveAutoRun"=67108863

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"

"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"

"C:\eMule\emule.exe"="C:\eMule\emule.exe:*:Disabled:eMule"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\adslTV\adsltv.exe"="C:\Program Files\adslTV\adsltv.exe:*:Disabled:adsltv"

"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe"="C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Disabled:Sony Ericsson Media Manager 1.1"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"

"C:\Documents and Settings\JEAN CHRISTIAN\Application Data\Thinstall\Vidal CD\4000002400003i\java.exe"="C:\Documents and Settings\JEAN CHRISTIAN\Application Data\Thinstall\Vidal CD\4000002400003i\java.exe:*:Disabled:java"

"C:\Program Files\Freeplayer\vlc\vlc.exe"="C:\Program Files\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player"

"C:\Program Files\adslTV\vlc.exe"="C:\Program Files\adslTV\vlc.exe:*:Enabled:VLC media player"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

 

======List of files/folders created in the last 1 months======

 

2010-10-29 00:33:43 ----A---- C:\Program Files\HomePlayer-1.5.9c-full.exe

2010-10-26 14:55:20 ----A---- C:\RootRepeal-$$$$$$.txt

2010-10-26 14:50:23 ----A---- C:\RootRepeal report 10-26-10 (14-50-23).txt

2010-10-26 14:22:10 ----D---- C:\RootRepeal

2010-10-14 01:32:17 ----A---- C:\WINDOWS\system32\javaws.exe

2010-10-14 01:32:17 ----A---- C:\WINDOWS\system32\javaw.exe

2010-10-14 01:32:17 ----A---- C:\WINDOWS\system32\java.exe

2010-10-14 01:23:27 ----A---- C:\Program Files\jre-6u22-windows-i586-s.exe

2010-10-14 00:31:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$

2010-10-14 00:30:59 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$

2010-10-14 00:30:40 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$

2010-10-14 00:30:17 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$

2010-10-14 00:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$

2010-10-14 00:22:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$

2010-10-14 00:19:43 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$

2010-10-14 00:19:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$

2010-10-14 00:18:49 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$

2010-10-11 01:31:18 ----D---- C:\rsit

2010-09-30 00:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$

 

======List of files/folders modified in the last 1 months======

 

2010-10-29 01:13:47 ----D---- C:\WINDOWS\Prefetch

2010-10-29 00:54:41 ----RD---- C:\Program Files

2010-10-28 23:11:37 ----D---- C:\Program Files\Mozilla Firefox

2010-10-28 23:06:15 ----D---- C:\WINDOWS\Temp

2010-10-28 22:43:49 ----SHD---- C:\System Volume Information

2010-10-28 22:43:20 ----D---- C:\Documents and Settings\All Users\Application Data\usb-set

2010-10-28 22:42:48 ----D---- C:\WINDOWS\Registration

2010-10-28 15:37:20 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-10-26 14:29:58 ----D---- C:\WINDOWS\system32\drivers

2010-10-25 09:34:35 ----D---- C:\Documents and Settings\JEAN CHRISTIAN\Application Data\dvdcss

2010-10-24 23:19:05 ----D---- C:\Documents and Settings\All Users\Application Data\Norton

2010-10-24 02:30:00 ----A---- C:\WINDOWS\NeroDigital.ini

2010-10-23 09:26:40 ----D---- C:\Program Files\USB-set

2010-10-14 14:27:30 ----SD---- C:\WINDOWS\Downloaded Program Files

2010-10-14 14:25:02 ----D---- C:\WINDOWS\system32\CatRoot2

2010-10-14 01:33:28 ----SHD---- C:\WINDOWS\Installer

2010-10-14 01:33:16 ----D---- C:\Config.Msi

2010-10-14 01:32:19 ----D---- C:\WINDOWS\system32

2010-10-14 01:31:07 ----A---- C:\WINDOWS\system32\deployJava1.dll

2010-10-14 00:46:31 ----D---- C:\WINDOWS

2010-10-14 00:45:38 ----D---- C:\Program Files\Internet Explorer

2010-10-14 00:31:59 ----A---- C:\WINDOWS\system32\MRT.exe

2010-10-14 00:31:24 ----HD---- C:\WINDOWS\inf

2010-10-14 00:31:22 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-10-14 00:31:13 ----HD---- C:\WINDOWS\$hf_mig$

2010-10-14 00:31:10 ----A---- C:\WINDOWS\imsins.BAK

2010-10-14 00:20:24 ----D---- C:\WINDOWS\ie8updates

2010-10-14 00:19:32 ----D---- C:\WINDOWS\WinSxS

2010-10-06 12:13:46 ----D---- C:\WINDOWS\Microsoft.NET

2010-10-06 12:13:41 ----RSD---- C:\WINDOWS\assembly

2010-10-06 11:24:24 ----D---- C:\Program Files\Fichiers communs\Adobe

2010-10-06 11:24:22 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2010-10-06 10:56:10 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-10-01 16:36:49 ----D---- C:\Documents and Settings\JEAN CHRISTIAN\Application Data\vlc

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R0 agp440;Filtre de bus AGP Intel; C:\WINDOWS\System32\DRIVERS\agp440.sys [2008-04-13 42368]

R0 BsStor;B.H.A Storage Helper Driver; C:\WINDOWS\system32\drivers\BsStor.sys [2002-06-06 9344]

R0 imagedrv;imagedrv; C:\WINDOWS\System32\Drivers\imagedrv.sys [2004-03-02 5504]

R0 imagesrv;imagesrv; C:\WINDOWS\system32\DRIVERS\imagesrv.sys [2004-03-02 125184]

R0 ohci1394;Contrôleur hôte Texas Instruments IEEE 1394 compatible OHCI (Open Host Controller Interface); C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]

R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2007-06-06 639224]

R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\NAV\1108000.005\SYMDS.SYS [2009-11-06 328752]

R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\NAV\1108000.005\SYMEFA.SYS [2010-04-22 173104]

R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\WINDOWS\System32\DRIVERS\TVALZ.SYS [2003-08-07 9216]

R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20101001.001\BHDrvx86.sys []

R1 ccHP;Symantec Hash Provider; C:\WINDOWS\system32\drivers\NAV\1108000.005\ccHPx86.sys [2010-02-26 501888]

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2003-10-24 90416]

R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NAV\1108000.005\SRTSPX.SYS [2010-04-22 43696]

R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\NAV\1108000.005\Ironx86.SYS [2010-04-29 116784]

R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NAV\1108000.005\SYMTDI.SYS [2010-05-06 361904]

R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2003-05-28 17005]

R2 irda;Protocole IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]

R2 Netdevio;TOSHIBA Network Device Usermode I/O Protocol; C:\WINDOWS\System32\DRIVERS\netdevio.sys [2003-01-29 12032]

R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-09-25 140800]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20101027.001\IDSxpx86.sys []

R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]

R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20101028.008\NAVENG.SYS []

R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20101028.008\NAVEX15.SYS []

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-09-24 1370764]

R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-06-06 47360]

R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-20 21248]

R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]

R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]

R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-09-11 38425]

R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NAV\1108000.005\SRTSP.SYS [2010-04-22 325680]

R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\stac97.sys [2003-07-17 230416]

R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []

R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2003-05-30 271728]

R3 TOSHIBASoftModem;TOSHIBA Software Modem; C:\WINDOWS\System32\DRIVERS\LTSM.sys [2002-09-17 809872]

R3 tsdhd;TOSHIBA SD Card Host Controller Driver; C:\WINDOWS\System32\DRIVERS\tsdhd.sys [2003-05-14 25888]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 w70n51;Pilote Intel® PRO/Wireless 7100 Adapter; C:\WINDOWS\System32\DRIVERS\w70n51.sys [2003-03-27 2379776]

S1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys []

S1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys []

S3 epmntdrv;epmntdrv; \??\C:\WINDOWS\system32\epmntdrv.sys []

S3 EuDisk;EASEUS Disk Enumerator; C:\WINDOWS\system32\DRIVERS\EuDisk.sys [2009-12-02 122504]

S3 EuGdiDrv;EuGdiDrv; \??\C:\WINDOWS\system32\EuGdiDrv.sys []

S3 ezplay;VSO Software ezplay; C:\WINDOWS\System32\Drivers\ezplay.sys [2007-06-06 94080]

S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2009-06-22 13224]

S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2009-06-22 25512]

S3 gv3;Pilote processeur Intel GV3; C:\WINDOWS\System32\DRIVERS\gv3.sys [2002-11-20 33792]

S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\System32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]

S3 pciSd;pciSd; C:\WINDOWS\System32\DRIVERS\tossdpci.sys [2003-02-12 15143]

S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]

S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336]

S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]

S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]

S3 s116mgmt;Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s116mgmt.sys [2007-04-03 100488]

S3 s116nd5;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS); C:\WINDOWS\system32\DRIVERS\s116nd5.sys [2007-04-03 23176]

S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s116obex.sys [2007-04-03 98696]

S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\WINDOWS\system32\DRIVERS\s116unic.sys [2007-04-03 99080]

S3 s3017bus;Sony Ericsson Device 3017 driver (WDM); C:\WINDOWS\system32\DRIVERS\s3017bus.sys [2007-12-10 83880]

S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s3017mdfl.sys [2007-12-10 15016]

S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s3017mdm.sys [2007-12-10 110632]

S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s3017mgmt.sys [2007-12-10 104616]

S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS); C:\WINDOWS\system32\DRIVERS\s3017nd5.sys [2007-12-10 25512]

S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s3017obex.sys [2007-12-10 100648]

S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM); C:\WINDOWS\system32\DRIVERS\s3017unic.sys [2007-12-10 110120]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]

S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-30 12032]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\System32\DVDRAMSV.exe [2003-05-23 106496]

R2 Irmon;Moniteur infrarouge; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-10-14 153376]

R2 NAV;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Engine\17.8.0.5\ccSvcHst.exe [2010-02-26 126392]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]

S3 CFSvcs;ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [2003-09-03 28672]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-01 182768]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-09-24 77824]

S3 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

 

 

A te lire ;)

Modifié par jp9905
Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

Je reviens la dessus =>

j'ai réussi a ouvrir le gestionnaire de tache et affiche 40 processus et UC utilisée 75.

Dis moi: est ce que tu as regardé dans l'onglet processus du Gestionnaire de tâches et repéré le/les processus qui consomment le plus de ressources ? Fais le si ce n'est pas le cas. L'entête du rapport montre que la quasi totalité de ta RAM est consommée!

 

Démarre Hijackthis, clique sur "Do a system scan only", et coche les lignes suivantes :

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sigmaTel StacMon] C:\Program Files\SigmaTel\Pilotes Audio SigmaTel AC97\stacmon.exe

O4 - HKLM\..\Run: [uSB-Set] wscript "C:\Program Files\USB-set\TSR.vbe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')

Ferme ton/tes navigateurs puis clique sur "Fix Checked"

 

Quitte ensuite le programme.

 

Par ailleurs, sache que tu peux désactiver ce service sans problème >> NVIDIA Display Driver Service

 

Va dans le menu Démarrer/Executer et tape : services.msc

Valide en cliquant sur OK

 

Cherche le service suivant et double clique dessus: NVIDIA Display Driver Service

 

- Dans le champs "Status du service" sélectionne "arrêté"

- Dans le champs "Type de démarrage" sélectionne"désactivé" puis "Appliquer" puis "ok"

 

Quitte les services.

 

Des infos à son propos ici >> http://www.zebulon.fr/dossiers/39-forceware.html

 

Redémarre le pc et dis moi s'il y a du changement.

jp9905 Full Patch Member

jp9905

Posté(e)
  • Auteur
Posté(e)

Salut,

 

J'ai effectuer et cocher les 9 lignes malheureusement guère de changement!

Par contre avant quand j'ouvrai le gestionnaire de tache il y avait : application,processus,performance,mise en réseau,utilisateur, les onglés ont disparu!!

 

Il y a vraiment quelque chose qui merde :kousto:

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut ;)

Par contre avant quand j'ouvrai le gestionnaire de tache il y avait : application,processus,performance,mise en réseau,utilisateur, les onglés ont disparu!!

Est ce toujours le cas ? Une fausse manip certainement: consulte cette page et dis moi si le problème persiste >> Les onglets du Gestionnaire des tâches ont disparu

après ca, repère les processus qui consomment le plus de mémoire.

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...