A voir également:
- System security encore!!
- Reboot system now - Guide
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- Cette action ne peut pas être réalisée car le fichier est ouvert dans system - Guide
- Account-security-noreply@ accountprotection.microsoft.com fake ✓ - Forum Hotmail / Outlook.com
- Fichier ouvert dans system ✓ - Forum Windows
26 réponses
Utilisateur anonyme
7 janv. 2009 à 13:44
7 janv. 2009 à 13:44
Salut,
▶ Télécharge hijackthis
▶ Enregistre la cible sous .... "le bureau"
▶ Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation
▶ Clique sur Install ensuite sur "I Accept"
▶ Clique sur" Do a scan system and save log file"
▶ Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
▶ Tuto hijackthis(Merci à Balltrap34)
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
▶ Télécharge hijackthis
▶ Enregistre la cible sous .... "le bureau"
▶ Fais un double-clic sur "HJTInstall.exe" afin de lancer l'installation
▶ Clique sur Install ensuite sur "I Accept"
▶ Clique sur" Do a scan system and save log file"
▶ Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
▶ Tuto hijackthis(Merci à Balltrap34)
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
Alors gros problèm j ai oublié de le mensionner mais quand j'ouvre internet et que je lance une recherche pour malwarebyte par exemple ainsi que la plupart des programmes qui pouraient m'aider pour détruire le virus la page se ferme instentanément.
Hier j'ai essayé d'installer malwarebyte et demandant à mon père de m'envoyer par mail en fichier compressé depuis son ordi le programme, j'ai lancé l'installation et elle c'est fermée instantanément, comme les pages internet pourtant les pages et les programmes n'étant pas en lien avec la destruction de ce virus s'ouvrent normalement.
Hier j'ai essayé d'installer malwarebyte et demandant à mon père de m'envoyer par mail en fichier compressé depuis son ordi le programme, j'ai lancé l'installation et elle c'est fermée instantanément, comme les pages internet pourtant les pages et les programmes n'étant pas en lien avec la destruction de ce virus s'ouvrent normalement.
Utilisateur anonyme
7 janv. 2009 à 14:03
7 janv. 2009 à 14:03
Re,
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
SDFix (créé par AndyManchesta)
ou http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.
ou http://downloads.andymanchesta.com/RemovalTools/SDFix.exe?thread
ou http://sdfix.net/SDFix.exe
--> Double-cliques sur SDFix.exe et choisis "Install" .
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
• Puis, ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis. pour lancer le script.
• Appuie sur une touche pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau rapport Hijackthis !
•NOTE:Si SDFix ne se lance pas
Clique sur=> Démarrer => Exécuter
Copie/colle ceci :
%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe
Clique sur Ok.
Redémarre et essaie de relance SDFix.
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
SDFix (créé par AndyManchesta)
ou http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.
ou http://downloads.andymanchesta.com/RemovalTools/SDFix.exe?thread
ou http://sdfix.net/SDFix.exe
--> Double-cliques sur SDFix.exe et choisis "Install" .
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
• Puis, ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis. pour lancer le script.
• Appuie sur une touche pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau rapport Hijackthis !
•NOTE:Si SDFix ne se lance pas
Clique sur=> Démarrer => Exécuter
Copie/colle ceci :
%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe
Clique sur Ok.
Redémarre et essaie de relance SDFix.
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
Désolé du temps que sa m'a pris alors voila tout est fait et le rapport est le suivant:
[b]SDFix: Version 1.240 [/b]
Run by Donon on 07.01.2009 at 14:43
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp40.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp41.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp42.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp43.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp3E.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp3F.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp2.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp3.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp4.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp5.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp6.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp7.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp8.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp9.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmpA.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp49.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp4A.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp4B.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp4C.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp4D.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp4E.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp4F.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp10.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp17.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp18.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp19.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp83.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp84.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp85.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp87.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp88.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp86.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp89.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp8A.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp8B.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp8C.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp8D.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp8E.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp8F.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp90.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp91.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp1C.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp94.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp95.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp98.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp99.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmpB.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmpC.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmpD.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmpE.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmpF.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp11.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp5C.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp64.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp12.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp13.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp14.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp15.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp16.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp53.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp50.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp51.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp52.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp54.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp55.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp56.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp57.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp58.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp59.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp5A.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp5B.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp5D.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp5E.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp5F.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp60.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp1A.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp65.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp1B.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp1D.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp61.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp62.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp63.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp70.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp71.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp67.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp68.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp66.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp20.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp23.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp24.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp25.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp1E.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp1F.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp21.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp22.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp26.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp27.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp28.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp29.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp2A.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp2B.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp2C.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp2D.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp2E.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp2F.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp30.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp31.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp32.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp33.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp34.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp35.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp36.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp37.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp38.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp39.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp3A.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp3B.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp3C.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp3D.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp44.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp45.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp46.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp47.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp48.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp69.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp6A.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp6B.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp6C.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp6D.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp6E.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp6F.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp72.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp73.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp74.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp75.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp76.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp77.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp78.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp79.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp7A.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp7B.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp7C.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp7D.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp7E.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp7F.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp80.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp81.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp82.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp92.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp93.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp96.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp97.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp9A.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp9B.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp9C.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp9D.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp9E.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp9F.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmpA0.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmpA1.tmp - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 14:57:20
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Bluewin\\Netopia_Router\\Wizard\\NetAgentBW.exe"="C:\\Program Files\\Bluewin\\Netopia_Router\\Wizard\\NetAgentBW.exe:*:Enabled:NetAgent Bluewin ADSL"
"C:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"="C:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion"
"C:\\WINDOWS\\System32\\dpvsetup.exe"="C:\\WINDOWS\\System32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\System32\\RUNDLL32.EXE"="C:\\WINDOWS\\System32\\RUNDLL32.EXE:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Enabled:RealOne Player"
"C:\\WINDOWS\\System32\\dplaysvr.exe"="C:\\WINDOWS\\System32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRES2.EXE"="C:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRES2.EXE:*:Enabled:Age of Empires"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"="C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat:*:Enabled:La Bataille pour la Terre du Milieu T II"
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"="C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe:*:Enabled:Unreal Tournament 3"
"C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"="C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe:*:Enabled:Star Wars(TM): Empire at War(TM)"
"C:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"="C:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe:*:Enabled:Star Wars(TM): Empire at War(TM): Forces of Corruption(TM)"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"="C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe:*:Enabled:GameCenter"
"C:\\Program Files\\Cyanide\\Loki\\Loki.exe"="C:\\Program Files\\Cyanide\\Loki\\Loki.exe:*:Enabled:Loki"
"C:\\Program Files\\Cyanide\\Loki\\Autorun\\Autorun.exe"="C:\\Program Files\\Cyanide\\Loki\\Autorun\\Autorun.exe:*:Enabled:Loki - AutoRun"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\\WINDOWS\\System32\\PnkBstrA.exe"="C:\\WINDOWS\\System32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\System32\\PnkBstrB.exe"="C:\\WINDOWS\\System32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Sun 31 Oct 2004 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK32.dll"
Mon 12 Dec 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 24 Dec 2008 1,884 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti4E.tmp"
Sun 24 Aug 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 23 Oct 2008 23,552 ...H. --- "C:\Documents and Settings\Donon\Mes documents\anglais\~WRL2520.tmp"
Wed 8 Aug 2007 403 A..H. --- "C:\Program Files\Fichiers communs\Symantec Shared\COH\COHDLU.reg"
Wed 8 Aug 2007 400 A..H. --- "C:\Program Files\Fichiers communs\Symantec Shared\COH\COH32LU.reg"
Wed 27 Aug 2008 51,712 ...H. --- "C:\Documents and Settings\Donon\Application Data\Microsoft\ModŠles\~WRL1898.tmp"
[b]Finished![/b]
[b]SDFix: Version 1.240 [/b]
Run by Donon on 07.01.2009 at 14:43
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp40.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp41.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp42.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp43.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp3E.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp3F.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp2.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp3.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp4.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp5.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp6.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp7.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp8.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp9.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmpA.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp49.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp4A.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp4B.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp4C.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp4D.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp4E.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp4F.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp10.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp17.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp18.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp19.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp83.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp84.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp85.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp87.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp88.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp86.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp89.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp8A.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp8B.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp8C.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp8D.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp8E.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp8F.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp90.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp91.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp1C.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp94.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp95.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp98.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp99.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmpB.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmpC.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmpD.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmpE.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmpF.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp11.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp5C.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp64.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp12.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp13.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp14.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp15.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp16.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp53.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp50.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp51.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp52.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp54.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp55.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp56.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp57.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp58.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp59.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp5A.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp5B.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp5D.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp5E.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp5F.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp60.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp1A.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp65.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp1B.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp1D.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp61.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp62.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp63.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp70.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp71.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp67.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp68.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp66.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp20.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp23.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp24.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp25.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp1E.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp1F.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp21.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp22.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp26.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp27.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp28.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp29.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp2A.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp2B.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp2C.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp2D.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp2E.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp2F.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp30.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp31.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp32.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp33.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp34.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp35.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp36.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp37.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp38.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp39.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp3A.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp3B.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp3C.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp3D.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp44.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp45.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp46.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp47.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp48.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp69.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp6A.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp6B.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp6C.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp6D.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp6E.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp6F.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp72.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp73.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp74.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp75.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp76.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp77.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp78.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp79.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp7A.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp7B.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp7C.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp7D.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp7E.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp7F.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp80.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp81.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp82.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp92.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp93.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp96.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp97.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp9A.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp9B.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp9C.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp9D.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp9E.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmp9F.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmpA0.tmp - Deleted
C:\DOCUME~1\Donon\LOCALS~1\Temp\tmpA1.tmp - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 14:57:20
Windows 5.1.2600 Service Pack 3 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Bluewin\\Netopia_Router\\Wizard\\NetAgentBW.exe"="C:\\Program Files\\Bluewin\\Netopia_Router\\Wizard\\NetAgentBW.exe:*:Enabled:NetAgent Bluewin ADSL"
"C:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"="C:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion"
"C:\\WINDOWS\\System32\\dpvsetup.exe"="C:\\WINDOWS\\System32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\System32\\RUNDLL32.EXE"="C:\\WINDOWS\\System32\\RUNDLL32.EXE:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"="C:\\Program Files\\Real\\RealOne Player\\realplay.exe:*:Enabled:RealOne Player"
"C:\\WINDOWS\\System32\\dplaysvr.exe"="C:\\WINDOWS\\System32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRES2.EXE"="C:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRES2.EXE:*:Enabled:Age of Empires"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat"="C:\\Program Files\\Electronic Arts\\La Bataille pour la Terre du Milieu II\\game.dat:*:Enabled:La Bataille pour la Terre du Milieu T II"
"C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"="C:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe:*:Enabled:Unreal Tournament 3"
"C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"="C:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe:*:Enabled:Star Wars(TM): Empire at War(TM)"
"C:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"="C:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe:*:Enabled:Star Wars(TM): Empire at War(TM): Forces of Corruption(TM)"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe"="C:\\Program Files\\Cyanide\\GameCenter\\GameCenter.exe:*:Enabled:GameCenter"
"C:\\Program Files\\Cyanide\\Loki\\Loki.exe"="C:\\Program Files\\Cyanide\\Loki\\Loki.exe:*:Enabled:Loki"
"C:\\Program Files\\Cyanide\\Loki\\Autorun\\Autorun.exe"="C:\\Program Files\\Cyanide\\Loki\\Autorun\\Autorun.exe:*:Enabled:Loki - AutoRun"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\\WINDOWS\\System32\\PnkBstrA.exe"="C:\\WINDOWS\\System32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\System32\\PnkBstrB.exe"="C:\\WINDOWS\\System32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Sun 31 Oct 2004 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK32.dll"
Mon 12 Dec 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 24 Dec 2008 1,884 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti4E.tmp"
Sun 24 Aug 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 23 Oct 2008 23,552 ...H. --- "C:\Documents and Settings\Donon\Mes documents\anglais\~WRL2520.tmp"
Wed 8 Aug 2007 403 A..H. --- "C:\Program Files\Fichiers communs\Symantec Shared\COH\COHDLU.reg"
Wed 8 Aug 2007 400 A..H. --- "C:\Program Files\Fichiers communs\Symantec Shared\COH\COH32LU.reg"
Wed 27 Aug 2008 51,712 ...H. --- "C:\Documents and Settings\Donon\Application Data\Microsoft\ModŠles\~WRL1898.tmp"
[b]Finished![/b]
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
7 janv. 2009 à 15:30
7 janv. 2009 à 15:30
Re,
▶ Installe - Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31)
▶ Option:1 => Recherche:
▶ Double cliquer sur SmitfraudFix.exe
▶ Sélectionner 1 et pressez =>Entrée dans le menu pour créer
▶ un rapport des fichiers responsables de l'infection. Le rapport se trouve à la racine du disque
système
▶ C:\rapport.txt et colle le rapport génèrer sur le forum.
▶ Ne pas faire l'option 2 sans un avis d'une personne compétente*<=
Tutoriel Smitfraudix
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
▶ Installe - Télécharge SmitfraudFix (de de S!Ri, balltrap34 et moe31)
▶ Option:1 => Recherche:
▶ Double cliquer sur SmitfraudFix.exe
▶ Sélectionner 1 et pressez =>Entrée dans le menu pour créer
▶ un rapport des fichiers responsables de l'infection. Le rapport se trouve à la racine du disque
système
▶ C:\rapport.txt et colle le rapport génèrer sur le forum.
▶ Ne pas faire l'option 2 sans un avis d'une personne compétente*<=
Tutoriel Smitfraudix
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
encore une foi désolé du temps de réponce mais voila:
SmitFraudFix v2.388
Rapport fait à 16:05:19.81, 07.01.2009
Executé à partir de C:\Documents and Settings\Donon\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Documents and Settings\Donon\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Donon
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Donon\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Donon\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DONON\FAVORIS
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="https://worldofwarcraft.com/en-gb/error/410"
"SubscribedURL"="https://worldofwarcraft.com/en-gb/error/410"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="https://worldofwarcraft.com/en-gb/error/410"
"SubscribedURL"="https://worldofwarcraft.com/en-gb/error/410"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="https://worldofwarcraft.com/en-gb/error/410"
"SubscribedURL"="https://worldofwarcraft.com/en-gb/error/410"
"FriendlyName"=""
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: NETGEAR WG311v3 802.11g Wireless PCI Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{873FC0EF-4A0B-4B50-87F5-D5A348C239D2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{873FC0EF-4A0B-4B50-87F5-D5A348C239D2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{873FC0EF-4A0B-4B50-87F5-D5A348C239D2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
SmitFraudFix v2.388
Rapport fait à 16:05:19.81, 07.01.2009
Executé à partir de C:\Documents and Settings\Donon\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Documents and Settings\Donon\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Donon
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Donon\LOCALS~1\Temp
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Donon\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DONON\FAVORIS
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="https://worldofwarcraft.com/en-gb/error/410"
"SubscribedURL"="https://worldofwarcraft.com/en-gb/error/410"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="https://worldofwarcraft.com/en-gb/error/410"
"SubscribedURL"="https://worldofwarcraft.com/en-gb/error/410"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="https://worldofwarcraft.com/en-gb/error/410"
"SubscribedURL"="https://worldofwarcraft.com/en-gb/error/410"
"FriendlyName"=""
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: NETGEAR WG311v3 802.11g Wireless PCI Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{873FC0EF-4A0B-4B50-87F5-D5A348C239D2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{873FC0EF-4A0B-4B50-87F5-D5A348C239D2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{873FC0EF-4A0B-4B50-87F5-D5A348C239D2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Utilisateur anonyme
7 janv. 2009 à 16:07
7 janv. 2009 à 16:07
Re,
essai sa maintenant:
▶ Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.
▶ Double clique sur RSIT.exe pour lancer l'outil.
▶ Clique sur ' continue ' à l'écran Disclaimer.
▶ Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports
( log.txt & info.txt )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
essai sa maintenant:
▶ Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau.
▶ Double clique sur RSIT.exe pour lancer l'outil.
▶ Clique sur ' continue ' à l'écran Disclaimer.
▶ Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
▶ Une fois le scan fini , 2 rapports vont apparaitre. Poste le contenu des 2 rapports
( log.txt & info.txt )
(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
Je n'ai qu'un rapport et je ne vois pas de /!\ voila le premier:
Logfile of random's system information tool 1.05 (written by random/random)
Run by Donon at 2009-01-07 16:09:38
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 14 GB (9%) free of 153 GB
Total RAM: 1023 MB (43% free)
======Scheduled tasks folder======
C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
C:\WINDOWS\tasks\Norton AntiVirus - Effectuer une analyse complète du système - Donon.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 1267040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll [2008-02-22 116088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 324416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-19 2436160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ADA8C222-95D2-47B5-950B-AEBC0A508839}]
ORBta - C:\WINDOWS\system32\spria.dll [2006-05-16 52752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-10 737776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-04 343112]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-19 2436160]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 1267040]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-08-13 352256]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Raccourci vers la page des propriétés de High Definition Audio"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 61952]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-21 40960]
"MPS"=C:\ACER\PSM.EXE [2004-03-04 372736]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-04-13 88363]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-08-24 77824]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2004-08-24 2552320]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2004-07-20 57344]
"Alaunch"=C:\Windows\alaunch.exe [2002-05-24 409657]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2005-10-25 151597]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-12-09 225280]
"LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe [2005-12-07 489472]
"LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe [2005-12-07 73728]
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 262144]
"ccApp"=C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [2008-10-17 51048]
"osCheck"=C:\Program Files\Norton AntiVirus\osCheck.exe [2007-08-24 714608]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"339265309"=C:\Documents and Settings\All Users\Application Data\1717705172\339265309.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-04-14 1957888]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-27 68856]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-04-01 67128]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"Orb"=C:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-04-01 507904]
"Veoh"=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-08-13 3660848]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Donon\Menu Démarrer\Programmes\Démarrage
Xfire.lnk - C:\Program Files\Xfire\xfire.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-08-25 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dafafefdefcec]
C:\WINDOWS\system32\dafafefdefcec.dll [2006-05-16 277519]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bluewin\Netopia_Router\Wizard\NetAgentBW.exe"="C:\Program Files\Bluewin\Netopia_Router\Wizard\NetAgentBW.exe:*:Enabled:NetAgent Bluewin ADSL"
"C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe"="C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion"
"C:\WINDOWS\System32\dpvsetup.exe"="C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\System32\RUNDLL32.EXE"="C:\WINDOWS\System32\RUNDLL32.EXE:*:Enabled:Exécuter une DLL en tant qu'application"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\Program Files\Real\RealOne Player\realplay.exe"="C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealOne Player"
"C:\WINDOWS\System32\dplaysvr.exe"="C:\WINDOWS\System32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Microsoft Games\Age of Empires\EMPIRES2.EXE"="C:\Program Files\Microsoft Games\Age of Empires\EMPIRES2.EXE:*:Enabled:Age of Empires"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat"="C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:*:Enabled:La Bataille pour la Terre du Milieu ™ II"
"C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe"="C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3"
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe"="C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars(TM): Empire at War(TM)"
"C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe"="C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:*:Enabled:Star Wars(TM): Empire at War(TM): Forces of Corruption(TM)"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Cyanide\GameCenter\GameCenter.exe"="C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter"
"C:\Program Files\Cyanide\Loki\Loki.exe"="C:\Program Files\Cyanide\Loki\Loki.exe:*:Enabled:Loki"
"C:\Program Files\Cyanide\Loki\Autorun\Autorun.exe"="C:\Program Files\Cyanide\Loki\Autorun\Autorun.exe:*:Enabled:Loki - AutoRun"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\WINDOWS\System32\PnkBstrA.exe"="C:\WINDOWS\System32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\System32\PnkBstrB.exe"="C:\WINDOWS\System32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\Autorun.exe
======List of files/folders created in the last 1 months======
2009-01-07 16:05:27 ----A---- C:\WINDOWS\system32\tmp.txt
2009-01-07 16:05:19 ----A---- C:\rapport.txt
2009-01-07 14:27:02 ----D---- C:\WINDOWS\ERUNT
2009-01-07 14:17:55 ----D---- C:\SDFix
2009-01-06 20:47:27 ----SHD---- C:\Config.Msi
2009-01-06 18:17:09 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-06 18:01:43 ----D---- C:\_OTMoveIt
2009-01-06 17:57:36 ----D---- C:\Program Files\trend micro
2009-01-06 17:57:32 ----D---- C:\rsit
2009-01-05 18:17:54 ----SHD---- C:\FOUND.080
2009-01-05 17:59:06 ----D---- C:\Documents and Settings\All Users\Application Data\1717705172
2008-12-26 14:10:49 ----HD---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-26 14:10:40 ----HD---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-26 11:10:54 ----D---- C:\WINDOWS\Prefetch
2008-12-26 09:29:07 ----HD---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-26 09:28:54 ----HD---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-26 09:28:43 ----HD---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-26 09:28:32 ----HD---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-26 09:28:20 ----HD---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-26 09:28:09 ----HD---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-26 09:27:55 ----HD---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-26 09:27:44 ----HD---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-26 09:27:28 ----HD---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-26 09:27:14 ----HD---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-26 09:27:01 ----HD---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-26 09:26:42 ----HD---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-26 09:26:24 ----HD---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-26 09:25:53 ----HD---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-26 09:25:42 ----HD---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-26 09:25:25 ----HD---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-26 09:25:15 ----HD---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-26 09:24:58 ----HD---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-26 09:24:41 ----HD---- C:\WINDOWS\$NtUninstallKB951376$
2008-12-26 09:24:28 ----HD---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-26 09:19:42 ----D---- C:\WINDOWS\l2schemas
2008-12-26 09:19:41 ----D---- C:\WINDOWS\system32\fr
2008-12-26 09:19:41 ----D---- C:\WINDOWS\system32\bits
2008-12-26 09:17:06 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-26 09:08:32 ----HD---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-26 09:08:28 ----D---- C:\WINDOWS\EHome
2008-12-18 20:24:29 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-12-14 17:03:50 ----SHD---- C:\FOUND.079
2008-12-10 23:23:55 ----HD---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 23:23:50 ----HD---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 23:21:05 ----HD---- C:\WINDOWS\$NtUninstallKB954600_0$
2008-12-10 23:20:56 ----HD---- C:\WINDOWS\$NtUninstallKB956802_0$
2008-12-10 22:28:08 ----SHD---- C:\FOUND.078
======List of files/folders modified in the last 1 months======
2009-01-07 16:06:50 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-07 15:54:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-26 14:10:48 ----A---- C:\WINDOWS\imsins.BAK
2008-12-26 11:13:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-26 11:11:52 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-26 11:10:44 ----A---- C:\WINDOWS\setuplog.txt
2008-12-13 07:37:56 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 00:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2005-10-19 82380]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 Fallback;Fallback; C:\WINDOWS\system32\DRIVERS\C4C_FALL.sys [2002-07-08 303171]
R2 Fsks;Fsks; C:\WINDOWS\system32\DRIVERS\C4C_FSKS.sys [2002-07-08 124703]
R2 K56;K56; C:\WINDOWS\system32\DRIVERS\C4C_K56K.sys [2002-07-08 428578]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2001-09-17 17744]
R2 SoftFax;SoftFax; C:\WINDOWS\system32\DRIVERS\C4C_FAXX.sys [2002-07-08 212494]
R2 Tones;Tones; C:\WINDOWS\system32\DRIVERS\C4C_TONE.sys [2002-07-08 59664]
R2 V124;V124; C:\WINDOWS\system32\DRIVERS\C4C_V124.sys [2002-07-08 542223]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2003-11-28 11264]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-25 787456]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2002-11-27 50960]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2002-11-27 16080]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2002-11-27 22384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2004-08-26 2241280]
R3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-12-06 39424]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090106.052\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090106.052\NAVEX15.SYS []
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2004-10-31 6912]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2004-07-02 69504]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\ipsdefs\20081220.001\SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 W8335XP;NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335); C:\WINDOWS\system32\DRIVERS\WG311v3XP.sys [2005-02-22 265984]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2002-06-20 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2002-06-20 39776]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-04-13 1266380]
S3 C4C_BSC2;C4C_BSC2; C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 84788]
S3 catchme;catchme; \??\C:\DOCUME~1\Donon\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 HdAudAddService;Pilote de fonction Microsoft UAA pour Service High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]
S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys []
S3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys []
S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2005-12-06 287360]
S3 Rksample;Rksample; C:\WINDOWS\system32\DRIVERS\C4C_SAMP.sys [2002-07-08 62422]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2002-07-08 591520]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2002-06-20 20128]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2002-06-20 5728]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-23 243064]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 LVPrcSrv;Logitech Process Monitor; c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe [2005-12-09 81920]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-03 66872]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-11-27 65536]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-08-23 243064]
S2 pr2agqwb;Loki Drivers Auto Removal (pr2agqwb); C:\WINDOWS\system32\pr2agqwb.exe [2008-02-25 410984]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-04 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-23 3192184]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-02-22 1251720]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
-----------------EOF-----------------
Logfile of random's system information tool 1.05 (written by random/random)
Run by Donon at 2009-01-07 16:09:38
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 14 GB (9%) free of 153 GB
Total RAM: 1023 MB (43% free)
======Scheduled tasks folder======
C:\WINDOWS\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
C:\WINDOWS\tasks\Norton AntiVirus - Effectuer une analyse complète du système - Donon.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 1267040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll [2008-02-22 116088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 324416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2007-01-19 2436160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ADA8C222-95D2-47B5-950B-AEBC0A508839}]
ORBta - C:\WINDOWS\system32\spria.dll [2006-05-16 52752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-10 737776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-04 343112]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2007-01-19 2436160]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 1267040]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-08-13 352256]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Raccourci vers la page des propriétés de High Definition Audio"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 61952]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-21 40960]
"MPS"=C:\ACER\PSM.EXE [2004-03-04 372736]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-04-13 88363]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-08-24 77824]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2004-08-24 2552320]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2004-07-20 57344]
"Alaunch"=C:\Windows\alaunch.exe [2002-05-24 409657]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2005-10-25 151597]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-12-09 225280]
"LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe [2005-12-07 489472]
"LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe [2005-12-07 73728]
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 262144]
"ccApp"=C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [2008-10-17 51048]
"osCheck"=C:\Program Files\Norton AntiVirus\osCheck.exe [2007-08-24 714608]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"339265309"=C:\Documents and Settings\All Users\Application Data\1717705172\339265309.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-04-14 1957888]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-27 68856]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-04-01 67128]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"Orb"=C:\Program Files\Winamp Remote\bin\OrbTray.exe [2008-04-01 507904]
"Veoh"=C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-08-13 3660848]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Donon\Menu Démarrer\Programmes\Démarrage
Xfire.lnk - C:\Program Files\Xfire\xfire.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2004-08-25 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dafafefdefcec]
C:\WINDOWS\system32\dafafefdefcec.dll [2006-05-16 277519]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bluewin\Netopia_Router\Wizard\NetAgentBW.exe"="C:\Program Files\Bluewin\Netopia_Router\Wizard\NetAgentBW.exe:*:Enabled:NetAgent Bluewin ADSL"
"C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe"="C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion"
"C:\WINDOWS\System32\dpvsetup.exe"="C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\System32\RUNDLL32.EXE"="C:\WINDOWS\System32\RUNDLL32.EXE:*:Enabled:Exécuter une DLL en tant qu'application"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\Program Files\Real\RealOne Player\realplay.exe"="C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealOne Player"
"C:\WINDOWS\System32\dplaysvr.exe"="C:\WINDOWS\System32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Microsoft Games\Age of Empires\EMPIRES2.EXE"="C:\Program Files\Microsoft Games\Age of Empires\EMPIRES2.EXE:*:Enabled:Age of Empires"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat"="C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:*:Enabled:La Bataille pour la Terre du Milieu ™ II"
"C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe"="C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3"
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe"="C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars(TM): Empire at War(TM)"
"C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe"="C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:*:Enabled:Star Wars(TM): Empire at War(TM): Forces of Corruption(TM)"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Cyanide\GameCenter\GameCenter.exe"="C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter"
"C:\Program Files\Cyanide\Loki\Loki.exe"="C:\Program Files\Cyanide\Loki\Loki.exe:*:Enabled:Loki"
"C:\Program Files\Cyanide\Loki\Autorun\Autorun.exe"="C:\Program Files\Cyanide\Loki\Autorun\Autorun.exe:*:Enabled:Loki - AutoRun"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32"
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"="C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\WINDOWS\System32\PnkBstrA.exe"="C:\WINDOWS\System32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\System32\PnkBstrB.exe"="C:\WINDOWS\System32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\Autorun.exe
======List of files/folders created in the last 1 months======
2009-01-07 16:05:27 ----A---- C:\WINDOWS\system32\tmp.txt
2009-01-07 16:05:19 ----A---- C:\rapport.txt
2009-01-07 14:27:02 ----D---- C:\WINDOWS\ERUNT
2009-01-07 14:17:55 ----D---- C:\SDFix
2009-01-06 20:47:27 ----SHD---- C:\Config.Msi
2009-01-06 18:17:09 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-06 18:01:43 ----D---- C:\_OTMoveIt
2009-01-06 17:57:36 ----D---- C:\Program Files\trend micro
2009-01-06 17:57:32 ----D---- C:\rsit
2009-01-05 18:17:54 ----SHD---- C:\FOUND.080
2009-01-05 17:59:06 ----D---- C:\Documents and Settings\All Users\Application Data\1717705172
2008-12-26 14:10:49 ----HD---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-26 14:10:40 ----HD---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-26 11:10:54 ----D---- C:\WINDOWS\Prefetch
2008-12-26 09:29:07 ----HD---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-26 09:28:54 ----HD---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-26 09:28:43 ----HD---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-26 09:28:32 ----HD---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-26 09:28:20 ----HD---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-26 09:28:09 ----HD---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-26 09:27:55 ----HD---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-26 09:27:44 ----HD---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-26 09:27:28 ----HD---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-26 09:27:14 ----HD---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-26 09:27:01 ----HD---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-26 09:26:42 ----HD---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-26 09:26:24 ----HD---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-26 09:25:53 ----HD---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-26 09:25:42 ----HD---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-26 09:25:25 ----HD---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-26 09:25:15 ----HD---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-26 09:24:58 ----HD---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-26 09:24:41 ----HD---- C:\WINDOWS\$NtUninstallKB951376$
2008-12-26 09:24:28 ----HD---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-26 09:19:42 ----D---- C:\WINDOWS\l2schemas
2008-12-26 09:19:41 ----D---- C:\WINDOWS\system32\fr
2008-12-26 09:19:41 ----D---- C:\WINDOWS\system32\bits
2008-12-26 09:17:06 ----D---- C:\WINDOWS\ServicePackFiles
2008-12-26 09:08:32 ----HD---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-26 09:08:28 ----D---- C:\WINDOWS\EHome
2008-12-18 20:24:29 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard
2008-12-14 17:03:50 ----SHD---- C:\FOUND.079
2008-12-10 23:23:55 ----HD---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 23:23:50 ----HD---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 23:21:05 ----HD---- C:\WINDOWS\$NtUninstallKB954600_0$
2008-12-10 23:20:56 ----HD---- C:\WINDOWS\$NtUninstallKB956802_0$
2008-12-10 22:28:08 ----SHD---- C:\FOUND.078
======List of files/folders modified in the last 1 months======
2009-01-07 16:06:50 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-07 15:54:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-26 14:10:48 ----A---- C:\WINDOWS\imsins.BAK
2008-12-26 11:13:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-26 11:11:52 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-26 11:10:44 ----A---- C:\WINDOWS\setuplog.txt
2008-12-13 07:37:56 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-10 00:24:38 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2005-10-19 82380]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-06-13 184240]
R2 Fallback;Fallback; C:\WINDOWS\system32\DRIVERS\C4C_FALL.sys [2002-07-08 303171]
R2 Fsks;Fsks; C:\WINDOWS\system32\DRIVERS\C4C_FSKS.sys [2002-07-08 124703]
R2 K56;K56; C:\WINDOWS\system32\DRIVERS\C4C_K56K.sys [2002-07-08 428578]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2001-09-17 17744]
R2 SoftFax;SoftFax; C:\WINDOWS\system32\DRIVERS\C4C_FAXX.sys [2002-07-08 212494]
R2 Tones;Tones; C:\WINDOWS\system32\DRIVERS\C4C_TONE.sys [2002-07-08 59664]
R2 V124;V124; C:\WINDOWS\system32\DRIVERS\C4C_V124.sys [2002-07-08 542223]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ASAPIW2K;ASAPIW2K; C:\WINDOWS\System32\Drivers\ASAPIW2K.sys [2003-11-28 11264]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-25 787456]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2002-11-27 50960]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2002-11-27 16080]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2002-11-27 22384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2004-08-26 2241280]
R3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-12-06 39424]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-05 12288]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090106.052\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20090106.052\NAVEX15.SYS []
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2004-10-31 6912]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2004-07-02 69504]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2008-06-13 96432]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\ipsdefs\20081220.001\SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-06-13 22320]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 W8335XP;NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335); C:\WINDOWS\system32\DRIVERS\WG311v3XP.sys [2005-02-22 265984]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2002-06-20 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2002-06-20 39776]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-04-13 1266380]
S3 C4C_BSC2;C4C_BSC2; C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 84788]
S3 catchme;catchme; \??\C:\DOCUME~1\Donon\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 HdAudAddService;Pilote de fonction Microsoft UAA pour Service High Definition Audio; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]
S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys []
S3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys []
S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS [2005-12-06 287360]
S3 Rksample;Rksample; C:\WINDOWS\system32\DRIVERS\C4C_SAMP.sys [2002-07-08 62422]
S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-06-13 31280]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2002-07-08 591520]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2002-06-20 20128]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2002-06-20 5728]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2004-08-25 389120]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe [2007-08-23 243064]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
R2 LVPrcSrv;Logitech Process Monitor; c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe [2005-12-09 81920]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-07-03 66872]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2002-11-27 65536]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S2 LiveUpdate Notice;LiveUpdate Notice; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-10-17 149352]
S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2007-08-23 243064]
S2 pr2agqwb;Loki Drivers Auto Removal (pr2agqwb); C:\WINDOWS\system32\pr2agqwb.exe [2008-02-25 410984]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-04 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LiveUpdate;LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE [2007-08-23 3192184]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Symantec Core LC;Symantec Core LC; C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-02-22 1251720]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
-----------------EOF-----------------
Utilisateur anonyme
7 janv. 2009 à 16:12
7 janv. 2009 à 16:12
Re,
▶ Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte
▶ Mets le à jour
▶ Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
▶ Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
▶ clique sur Rechercher
▶ Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok
▶ Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.
▶ Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection
▶ Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.
Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
Tutoriel pour MalwareByte's
▶ Télécharge et installe MalwareByte's Anti-Malware
Malwarebyte
▶ Mets le à jour
▶ Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
▶ Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
▶ clique sur Rechercher
▶ Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok
▶ Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.
▶ Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection
▶ Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.
Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
Tutoriel pour MalwareByte's
Utilisateur anonyme
7 janv. 2009 à 16:39
7 janv. 2009 à 16:39
Re,
FindyKill de Chiquitine29
▶ Fais un clique droit sur le lien et choisis ( "enregistrer la cible sous ...." )( , destination le bureau .
▶ ( Note importante : si tu as le prg Elibagla sur ton PC , supprimes le ( risque de conflit entre les deux outils ) .
▶ Laisse toi guider pour l'installer.
▶ Double clic sur " FindyKill." pour lancer l'outil .
▶ Choisis La langue:F pour français
▶ Choisis l'option 1 . Puis laisses travailler ...
▶ Une fois terminé, postes le rapport FindyKill.txt qui est généré ...
( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )
Les-risques-securitaires-du-peer-to-peer
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
FindyKill de Chiquitine29
▶ Fais un clique droit sur le lien et choisis ( "enregistrer la cible sous ...." )( , destination le bureau .
▶ ( Note importante : si tu as le prg Elibagla sur ton PC , supprimes le ( risque de conflit entre les deux outils ) .
▶ Laisse toi guider pour l'installer.
▶ Double clic sur " FindyKill." pour lancer l'outil .
▶ Choisis La langue:F pour français
▶ Choisis l'option 1 . Puis laisses travailler ...
▶ Une fois terminé, postes le rapport FindyKill.txt qui est généré ...
( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )
Les-risques-securitaires-du-peer-to-peer
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
Encore une fois désolé pour le retard...^^ voila le rapport:
----------------- FindyKill V4.711 ------------------
* User : Donon - DONONMAISON
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 16:47:38 le 07.01.2009
* Windows XP - Internet Explorer 7.0.5730.13
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
C:\Program Files\Internet Explorer\iexplore.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
»»»» Presence des fichiers dans C:\WINDOWS\system32
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
»»»» Presence des fichiers dans C:\Documents and Settings\Donon\Application Data
»»»» Presence des fichiers dans C:\DOCUME~1\Donon\LOCALS~1\Temp
»»»» Presence des fichiers dans C:\Documents and Settings\Donon\Local Settings\Temporary Internet Files\Content.IE5
Found ! [25.11.2003 10:35] - C:\Program Files\NewTech Infosystems\NTI CD-Maker\FileCD\Readme.txt
Found ! [19.12.2007 19:05] - C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\filelist.txt
Found ! [28.10.2005 16:21] - C:\Program Files\EA GAMES\Harry Potter et le prisonnier d'Azkaban(TM)\filelist.txt
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
NBJ="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
LDM=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
updateMgr="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
Orb="C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
Veoh="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Raccourci vers la page des propriétés de High Definition Audio=HDAudPropShortcut.exe
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
RemoteControl="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MPS=C:\ACER\PSM.EXE
AGRSMMSG=AGRSMMSG.exe
SoundMan=SOUNDMAN.EXE
AlcWzrd=ALCWZRD.EXE
Alcmtr=ALCMTR.EXE
Alaunch=C:\Windows\alaunch.exe
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
Adobe Photo Downloader="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
LogitechCameraAssistant=C:\Program Files\Logitech\Video\CameraAssistant.exe
LogitechVideo[inspector]=C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
LogitechCameraService(E)=C:\WINDOWS\system32\ElkCtrl.exe /automation
ccApp="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
osCheck="C:\Program Files\Norton AntiVirus\osCheck.exe"
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
339265309="C:\Documents and Settings\All Users\Application Data\1717705172\339265309.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
[HKEY_CURRENT_USER\software\local appwizard-generated applications\AOM]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\CameraWindow]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\DestComp]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\hpqptc08]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Launch Tool]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\MMDiag]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\vscap]
--------------- [ Registre / Clés infectieuses ] ----------------
--------------- [ Etat / Services ] ----------------
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
Ndisuio - Type de démarrage = 3
EapHost - Type de démarrage = 3
Ip6Fw - Type de démarrage = 3
SharedAccess - Type de démarrage = 2
wuauserv - Type de démarrage = 2
/!\ wscsvc - Type de démarrage = 4
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur de CD-ROM
E: - Lecteur de CD-ROM
+- Contenu de l'autorun : E:\autorun.inf
[autorun]
open=Autorun.exe
Icon=LotRIcon.exe
Name=The Battle for Middle-earth II
[Special]
Disk=1
ProductGuiID={2A9F95AB-65A3-432c-8631-B8BC5BF7477A}
+- presence des fichiers :
Found ! [04.02.2006 11:03][-r-------] - E:\autorun.inf
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! --------------------
----------------- FindyKill V4.711 ------------------
* User : Donon - DONONMAISON
* Emplacement : C:\Program Files\FindyKill
* Outils Mis a jours le 05/01/09 par Chiquitine29
* Recherche effectuée à 16:47:38 le 07.01.2009
* Windows XP - Internet Explorer 7.0.5730.13
((((((((((((((((( *** Recherche *** ))))))))))))))))))
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\ACER\PSM.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
C:\Program Files\Internet Explorer\iexplore.exe
--------------- [ Fichiers/Dossiers infectieux ] ----------------
»»»» Presence des fichiers dans C:
»»»» Presence des fichiers dans C:\WINDOWS
»»»» Presence des fichiers dans C:\WINDOWS\Prefetch
»»»» Presence des fichiers dans C:\WINDOWS\system32
»»»» Presence des fichiers dans C:\WINDOWS\system32\drivers
»»»» Presence des fichiers dans C:\Documents and Settings\Donon\Application Data
»»»» Presence des fichiers dans C:\DOCUME~1\Donon\LOCALS~1\Temp
»»»» Presence des fichiers dans C:\Documents and Settings\Donon\Local Settings\Temporary Internet Files\Content.IE5
Found ! [25.11.2003 10:35] - C:\Program Files\NewTech Infosystems\NTI CD-Maker\FileCD\Readme.txt
Found ! [19.12.2007 19:05] - C:\Program Files\Electronic Arts\La Bataille pour la Terre du Milieu II\filelist.txt
Found ! [28.10.2005 16:21] - C:\Program Files\EA GAMES\Harry Potter et le prisonnier d'Azkaban(TM)\filelist.txt
--------------- [ Registre / Startup ] ----------------
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
NBJ="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
swg=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
LDM=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
updateMgr="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
Orb="C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
Veoh="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
Raccourci vers la page des propriétés de High Definition Audio=HDAudPropShortcut.exe
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
RemoteControl="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MPS=C:\ACER\PSM.EXE
AGRSMMSG=AGRSMMSG.exe
SoundMan=SOUNDMAN.EXE
AlcWzrd=ALCWZRD.EXE
Alcmtr=ALCMTR.EXE
Alaunch=C:\Windows\alaunch.exe
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
TkBellExe="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
Adobe Photo Downloader="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
LogitechCameraAssistant=C:\Program Files\Logitech\Video\CameraAssistant.exe
LogitechVideo[inspector]=C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
LogitechCameraService(E)=C:\WINDOWS\system32\ElkCtrl.exe /automation
ccApp="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
osCheck="C:\Program Files\Norton AntiVirus\osCheck.exe"
QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
339265309="C:\Documents and Settings\All Users\Application Data\1717705172\339265309.exe"
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
[HKEY_CURRENT_USER\software\local appwizard-generated applications\AOM]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\CameraWindow]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\DestComp]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\hpqptc08]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\Launch Tool]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\MMDiag]
[HKEY_CURRENT_USER\software\local appwizard-generated applications\vscap]
--------------- [ Registre / Clés infectieuses ] ----------------
--------------- [ Etat / Services ] ----------------
+- Services : [ Auto=2 / Demande=3 / Désactivé=4 ]
Ndisuio - Type de démarrage = 3
EapHost - Type de démarrage = 3
Ip6Fw - Type de démarrage = 3
SharedAccess - Type de démarrage = 2
wuauserv - Type de démarrage = 2
/!\ wscsvc - Type de démarrage = 4
--------------- [ Recherche dans supports amovibles] ----------------
+- Informations :
C: - Lecteur fixe
D: - Lecteur de CD-ROM
E: - Lecteur de CD-ROM
+- Contenu de l'autorun : E:\autorun.inf
[autorun]
open=Autorun.exe
Icon=LotRIcon.exe
Name=The Battle for Middle-earth II
[Special]
Disk=1
ProductGuiID={2A9F95AB-65A3-432c-8631-B8BC5BF7477A}
+- presence des fichiers :
Found ! [04.02.2006 11:03][-r-------] - E:\autorun.inf
--------------- [ Registre / Mountpoint2 ] ----------------
-> Not found !
------------------- ! Fin du rapport ! --------------------
Utilisateur anonyme
7 janv. 2009 à 17:22
7 janv. 2009 à 17:22
Re,
Findykill de chiquitine29 option 2:
▶ Branche tes disques amovibles à ton PC ( (clefs USB, disque dur externe, etc...) sans les ouvrir
▶ Double-clique sur le raccourci FindyKill sur ton bureau
▶ Au menu principal, choisisl'option 2 (Suppression)
/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\
▶ Ensuite, poste le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
Findykill de chiquitine29 option 2:
▶ Branche tes disques amovibles à ton PC ( (clefs USB, disque dur externe, etc...) sans les ouvrir
▶ Double-clique sur le raccourci FindyKill sur ton bureau
▶ Au menu principal, choisisl'option 2 (Suppression)
/!\ Il y aura 2 redémarrages, laisse travailler l'outil jusqu'à l'apparition du message "nettoyage effectué" /!\
▶ Ensuite, poste le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
Si un rapport ne passe pas faire une alerte à la conciergerie avec le /!\ jaune.
Utilisateur anonyme
7 janv. 2009 à 17:25
7 janv. 2009 à 17:25
Re,
Tu n'es pas obliger de le brancher mais si tu n'as pas de clé alors cela ne te concerne pas .
fait l'option 2
Tu n'es pas obliger de le brancher mais si tu n'as pas de clé alors cela ne te concerne pas .
fait l'option 2