Hacked by X4X
Fermé
vouldeten
Messages postés
2
Date d'inscription
mardi 24 mars 2009
Statut
Membre
Dernière intervention
24 mars 2009
-
24 mars 2009 à 13:03
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 8 oct. 2009 à 22:37
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 8 oct. 2009 à 22:37
A voir également:
- Hacked by X4X
- Facebook hacked - Guide
- Home by me - Télécharger - 3D
- To be filled by o.e.m - Forum Windows
- Message bounced by administrator - Forum Mail
- Zen by deezer avis - Télécharger - Santé & Bien-être
9 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
28 avril 2009 à 14:38
28 avril 2009 à 14:38
créé ton propre message et on t'aidera
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
28 mai 2009 à 14:55
28 mai 2009 à 14:55
Créé ton propre message et on t'aidera
Utilisateur anonyme
17 juil. 2009 à 14:23
17 juil. 2009 à 14:23
salut jlpjlp :)
s'ils savaient à quel point il est dangereux d'utiliser Combofix comme hijackthis !!! ^^
surtout si on ne sait rien faire derriere pour rattraper le coup si le pc plante !!!
s'ils savaient à quel point il est dangereux d'utiliser Combofix comme hijackthis !!! ^^
surtout si on ne sait rien faire derriere pour rattraper le coup si le pc plante !!!
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
24 mars 2009 à 13:04
24 mars 2009 à 13:04
Slt,
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
voiçi le contenu de log.txt (<<qui est affiché)
Logfile of random's system information tool 1.06 (written by random/random)
Run by ESS at 2009-07-17 13:01:49
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 5 GB (14%) free of 38 GB
Total RAM: 1015 MB (66% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\SesamTVMC.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-02-11 365960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-01-26 304736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-30 669168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]
Peer2Peer-FR Toolbar - C:\Program Files\Peer2Peer-FR\tbPee1.dll [2009-06-03 2094616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-06-23 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-30 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
Hotspot Shield Toolbar - C:\Program Files\Hotspot_Shield\tbHots.dll [2008-06-24 1569304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\hssie\HssIE.dll [2009-07-12 218160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - Peer2Peer-FR Toolbar - C:\Program Files\Peer2Peer-FR\tbPee1.dll [2009-06-03 2094616]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-02-11 365960]
{c95a4e8e-816d-4655-8c79-d736da1adb6d} - Hotspot Shield Toolbar - C:\Program Files\Hotspot_Shield\tbHots.dll [2008-06-24 1569304]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-01-26 185872]
"smsm"=C:\WINDOWS\system32\win.exe [2009-07-17 27144]
"regdiit"=C:\WINDOWS\system32\win.exe [2009-07-17 27144]
"CTFMON"=C:\WINDOWS\system32\wscript.exe [2004-08-04 114688]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-09-06 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe [2009-03-10 156672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
C:\Program Files\Creative\Shared Files\CamTray.exe [2005-10-27 299008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-TV]
C:\Program Files\Easy-TV\Easy-TV.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HiChatter]
C:\Program Files\Beyluxe Messenger\Beyluxe Messenger.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2007-09-05 166424]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2007-09-05 141848]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2007-09-05 137752]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyChecker]
C:\Program Files\AnonySurf\CheckProxy.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyWay]
C:\Program Files\ProxyWay\proxyway.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-12-12 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-10-16 16855552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2007-10-11 1826816]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-09-06 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-01-26 185872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIUCU]
C:\DOCUME~1\ESS\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS12 Preload]
C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe [2008-06-09 397456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PalTalk.lnk]
C:\Program Files\Paltalk Messenger\paltalk.exe nas []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ESS^Menu Démarrer^Programmes^Démarrage^MaxTV.lnk]
C:\Program Files\DMV\MaxTV4\maxtv.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ESS^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3
"usnjsvc"=3
"UleadBurningHelper"=2
"ose"=3
"odserv"=3
"Microsoft Office Groove Audit Service"=3
"Keenfinder Service"=2
"JavaQuickStarterService"=2
"IDriverT"=3
"HssTrayService"=3
"HssSrv"=2
"HotspotShieldService"=2
"gusvc"=3
"FirebirdServerDefaultInstance"=3
"FirebirdGuardianDefaultInstance"=2
"Capture Device Service"=2
"Boonty Games"=3
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-24 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2008-10-02 87352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Mask Surf Standard\masksurf.exe"="C:\Program Files\Mask Surf Standard\masksurf.exe:*:Enabled:Mask Surf Standard"
"C:\Program Files\Mask Surf Standard\Tor\tor.exe"="C:\Program Files\Mask Surf Standard\Tor\tor.exe:*:Enabled:Tor"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Program Files\Mask Surf Pro\masksurf.exe"="C:\Program Files\Mask Surf Pro\masksurf.exe:*:Enabled:Mask Surf Pro"
"C:\Program Files\Mask Surf Pro\Tor\tor.exe"="C:\Program Files\Mask Surf Pro\Tor\tor.exe:*:Enabled:Tor"
"C:\Program Files\PPStream\PPStream.exe"="C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ"
"C:\Program Files\PPStream\PPSAP.exe"="C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷"
"C:\Program Files\PPLive\PPLive.exe"="C:\Program Files\PPLive\PPLive.exe:*:Enabled:PPLive"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f827422-72e6-11dd-ba84-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
======List of files/folders created in the last 1 months======
2009-07-17 13:01:51 ----D---- C:\Program Files\trend micro
2009-07-17 13:01:49 ----D---- C:\rsit
2009-07-15 13:32:32 ----RASH---- C:\WINDOWS\system32\win.exe
2009-07-15 00:25:13 ----A---- C:\WINDOWS\system32\GDS32.DLL
2009-07-12 17:04:33 ----D---- C:\Hotspot Shield
2009-07-12 16:33:51 ----A---- C:\WINDOWS\system32\W32N55.INI
2009-07-12 16:33:50 ----A---- C:\WINDOWS\system32\W32N55.DLL
2009-07-12 16:33:49 ----D---- C:\Program Files\SAGEM WiFi manager
2009-07-12 16:15:36 ----D---- C:\Documents and Settings\ESS\Application Data\InstallShield
2009-07-12 16:02:31 ----A---- C:\WINDOWS\system32\ZDCN50.dll
2009-06-28 01:20:56 ----A---- C:\WINDOWS\IceOp Uninstaller.exe
2009-06-28 01:20:46 ----D---- C:\Program Files\IceOp5
2009-06-24 01:04:55 ----D---- C:\Program Files\WinZip
2009-06-23 02:11:55 ----D---- C:\Program Files\Proxifier
2009-06-23 02:11:55 ----A---- C:\WINDOWS\system32\SPORDER.DLL
2009-06-23 02:11:55 ----A---- C:\WINDOWS\system32\PrxerNsp.dll
2009-06-23 02:11:55 ----A---- C:\WINDOWS\system32\PrxerDrv.dll
2009-06-20 13:47:24 ----D---- C:\Program Files\AskBarDis
2009-06-20 13:47:19 ----D---- C:\WINDOWS\Ask & Record Toolbar
2009-06-20 13:47:19 ----D---- C:\Program Files\Ask & Record Toolbar
2009-06-19 21:52:43 ----D---- C:\Program Files\Loki Network
2009-06-18 01:48:05 ----D---- C:\Program Files\Conduit
2009-06-18 01:48:04 ----D---- C:\Program Files\Hotspot_Shield
2009-06-18 01:47:06 ----D---- C:\Program Files\Hotspot Shield
======List of files/folders modified in the last 1 months======
2009-07-17 13:01:51 ----D---- C:\Program Files
2009-07-17 13:01:05 ----D---- C:\WINDOWS\Temp
2009-07-17 09:11:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-17 01:15:17 ----AC---- C:\WINDOWS\ntbtlog.txt
2009-07-17 01:11:55 ----D---- C:\WINDOWS\system32
2009-07-15 23:03:27 ----D---- C:\WINDOWS\Prefetch
2009-07-15 22:57:18 ----SHD---- C:\System Volume Information
2009-07-15 01:50:41 ----D---- C:\Documents and Settings\ESS\Application Data\Skype
2009-07-15 00:43:32 ----HD---- C:\Documents and Settings\ESS\Application Data\skypePM
2009-07-14 13:47:34 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-13 17:49:00 ----SHD---- C:\WINDOWS\CSC
2009-07-13 00:42:24 ----D---- C:\Program Files\SpacialAudio
2009-07-12 18:09:34 ----D---- C:\WINDOWS
2009-07-12 17:33:05 ----D---- C:\Program Files\Mozilla Firefox
2009-07-12 17:04:18 ----D---- C:\WINDOWS\system32\drivers
2009-07-12 16:42:22 ----SHD---- C:\WINDOWS\Installer
2009-07-12 16:34:00 ----HD---- C:\WINDOWS\inf
2009-07-12 16:33:56 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-12 16:25:16 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-12 16:23:07 ----SH---- C:\boot.ini
2009-07-12 16:23:07 ----A---- C:\WINDOWS\win.ini
2009-07-12 16:23:07 ----A---- C:\WINDOWS\system.ini
2009-07-12 16:23:03 ----D---- C:\WINDOWS\pss
2009-07-12 16:15:48 ----D---- C:\Program Files\SAGEM
2009-07-04 16:40:44 ----D---- C:\WINDOWS\Minidump
2009-06-30 07:07:13 ----A---- C:\WINDOWS\NeroDigital.ini
2009-06-25 21:48:18 ----HD---- C:\Documents and Settings\ESS\Application Data\Camfrog
2009-06-25 21:47:38 ----D---- C:\Program Files\Camfrog
2009-06-24 01:05:43 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2009-06-18 19:02:53 ----SD---- C:\Documents and Settings\ESS\Application Data\Microsoft
2009-06-18 19:02:53 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-15 12032]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 ZDCNDIS5;ZDCNDIS5 NDIS5.1 Protocol Driver; \??\C:\WINDOWS\system32\ZDCNDIS5.sys []
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2008-10-23 223128]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-15 9600]
R3 HssDrv;Hotspot Shield Helper Miniport; C:\WINDOWS\system32\DRIVERS\HssDrv.sys [2009-06-01 33840]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-24 5776928]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-16 4615168]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-15 12288]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver; C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2006-01-18 402432]
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2007-07-19 23864]
R3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2006-10-26 27136]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 V0330VID;WebCam Vista; C:\WINDOWS\system32\DRIVERS\V0330Vid.sys [2006-09-12 173632]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2003-09-19 45056]
R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2006-01-18 17664]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S2 VirtualCam;VirtualCamera; C:\WINDOWS\system32\DRIVERS\VirtualCam.sys [2006-12-01 192512]
S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-07-03 29696]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]
S3 mcdevice;mcdevice; C:\WINDOWS\system32\DRIVERS\mcdevice.sys [2008-07-03 323584]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 ntkvpn;Loki VPN Driver Service; C:\WINDOWS\system32\DRIVERS\ntkvpn.sys []
S3 ovt519;D-Link VGA Webcam; C:\WINDOWS\System32\Drivers\ov519vid.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 tapavpn;Steganos Anonym VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapavpn.sys [2007-10-19 24320]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\ZDPNDIS5.SYS []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73600]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [2007-10-16 81920]
R2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2009-06-01 94256]
R2 HssSrv;Hotspot Shield Routing Service; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2009-06-01 331312]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [2007-10-16 2711552]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 HssTrayService;Hotspot Shield Tray Service; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2009-06-01 34352]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2009-05-24 69120]
S4 Capture Device Service;Capture Device Service; C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-30 182768]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
S4 Keenfinder Service;Keenfinder Service; C:\Program Files\Keenfinder\keenfinder.exe C:\Program Files\Keenfinder\keenfinder.dll Service []
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S4 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2008-06-09 53392]
S4 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
Logfile of random's system information tool 1.06 (written by random/random)
Run by ESS at 2009-07-17 13:01:49
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 5 GB (14%) free of 38 GB
Total RAM: 1015 MB (66% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\SesamTVMC.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-02-11 365960]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-01-26 304736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-30 669168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d}]
Peer2Peer-FR Toolbar - C:\Program Files\Peer2Peer-FR\tbPee1.dll [2009-06-03 2094616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2008-06-23 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-30 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
Hotspot Shield Toolbar - C:\Program Files\Hotspot_Shield\tbHots.dll [2008-06-24 1569304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\hssie\HssIE.dll [2009-07-12 218160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{b00f3d7d-ecad-4a3b-bcf7-ba5fc1fd0f8d} - Peer2Peer-FR Toolbar - C:\Program Files\Peer2Peer-FR\tbPee1.dll [2009-06-03 2094616]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-19 259696]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-02-11 365960]
{c95a4e8e-816d-4655-8c79-d736da1adb6d} - Hotspot Shield Toolbar - C:\Program Files\Hotspot_Shield\tbHots.dll [2008-06-24 1569304]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-01-26 185872]
"smsm"=C:\WINDOWS\system32\win.exe [2009-07-17 27144]
"regdiit"=C:\WINDOWS\system32\win.exe [2009-07-17 27144]
"CTFMON"=C:\WINDOWS\system32\wscript.exe [2004-08-04 114688]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-09-06 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service]
C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe [2009-03-10 156672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
C:\Program Files\Creative\Shared Files\CamTray.exe [2005-10-27 299008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-TV]
C:\Program Files\Easy-TV\Easy-TV.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HiChatter]
C:\Program Files\Beyluxe Messenger\Beyluxe Messenger.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2007-09-05 166424]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2007-09-05 141848]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2007-09-05 137752]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-03 455168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyChecker]
C:\Program Files\AnonySurf\CheckProxy.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProxyWay]
C:\Program Files\ProxyWay\proxyway.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-12-12 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-10-16 16855552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
C:\WINDOWS\SkyTel.EXE [2007-10-11 1826816]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-09-06 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-01-26 185872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIUCU]
C:\DOCUME~1\ESS\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS12 Preload]
C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe [2008-06-09 397456]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PalTalk.lnk]
C:\Program Files\Paltalk Messenger\paltalk.exe nas []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ESS^Menu Démarrer^Programmes^Démarrage^MaxTV.lnk]
C:\Program Files\DMV\MaxTV4\maxtv.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^ESS^Menu Démarrer^Programmes^Démarrage^OneNote 2007 - Capture d'écran et lancement.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3
"usnjsvc"=3
"UleadBurningHelper"=2
"ose"=3
"odserv"=3
"Microsoft Office Groove Audit Service"=3
"Keenfinder Service"=2
"JavaQuickStarterService"=2
"IDriverT"=3
"HssTrayService"=3
"HssSrv"=2
"HotspotShieldService"=2
"gusvc"=3
"FirebirdServerDefaultInstance"=3
"FirebirdGuardianDefaultInstance"=2
"Capture Device Service"=2
"Boonty Games"=3
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM WiFi manager\WLANUTL.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-24 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2008-10-02 87352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Mask Surf Standard\masksurf.exe"="C:\Program Files\Mask Surf Standard\masksurf.exe:*:Enabled:Mask Surf Standard"
"C:\Program Files\Mask Surf Standard\Tor\tor.exe"="C:\Program Files\Mask Surf Standard\Tor\tor.exe:*:Enabled:Tor"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player "
"C:\Program Files\Mask Surf Pro\masksurf.exe"="C:\Program Files\Mask Surf Pro\masksurf.exe:*:Enabled:Mask Surf Pro"
"C:\Program Files\Mask Surf Pro\Tor\tor.exe"="C:\Program Files\Mask Surf Pro\Tor\tor.exe:*:Enabled:Tor"
"C:\Program Files\PPStream\PPStream.exe"="C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ"
"C:\Program Files\PPStream\PPSAP.exe"="C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷"
"C:\Program Files\PPLive\PPLive.exe"="C:\Program Files\PPLive\PPLive.exe:*:Enabled:PPLive"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8f827422-72e6-11dd-ba84-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
======List of files/folders created in the last 1 months======
2009-07-17 13:01:51 ----D---- C:\Program Files\trend micro
2009-07-17 13:01:49 ----D---- C:\rsit
2009-07-15 13:32:32 ----RASH---- C:\WINDOWS\system32\win.exe
2009-07-15 00:25:13 ----A---- C:\WINDOWS\system32\GDS32.DLL
2009-07-12 17:04:33 ----D---- C:\Hotspot Shield
2009-07-12 16:33:51 ----A---- C:\WINDOWS\system32\W32N55.INI
2009-07-12 16:33:50 ----A---- C:\WINDOWS\system32\W32N55.DLL
2009-07-12 16:33:49 ----D---- C:\Program Files\SAGEM WiFi manager
2009-07-12 16:15:36 ----D---- C:\Documents and Settings\ESS\Application Data\InstallShield
2009-07-12 16:02:31 ----A---- C:\WINDOWS\system32\ZDCN50.dll
2009-06-28 01:20:56 ----A---- C:\WINDOWS\IceOp Uninstaller.exe
2009-06-28 01:20:46 ----D---- C:\Program Files\IceOp5
2009-06-24 01:04:55 ----D---- C:\Program Files\WinZip
2009-06-23 02:11:55 ----D---- C:\Program Files\Proxifier
2009-06-23 02:11:55 ----A---- C:\WINDOWS\system32\SPORDER.DLL
2009-06-23 02:11:55 ----A---- C:\WINDOWS\system32\PrxerNsp.dll
2009-06-23 02:11:55 ----A---- C:\WINDOWS\system32\PrxerDrv.dll
2009-06-20 13:47:24 ----D---- C:\Program Files\AskBarDis
2009-06-20 13:47:19 ----D---- C:\WINDOWS\Ask & Record Toolbar
2009-06-20 13:47:19 ----D---- C:\Program Files\Ask & Record Toolbar
2009-06-19 21:52:43 ----D---- C:\Program Files\Loki Network
2009-06-18 01:48:05 ----D---- C:\Program Files\Conduit
2009-06-18 01:48:04 ----D---- C:\Program Files\Hotspot_Shield
2009-06-18 01:47:06 ----D---- C:\Program Files\Hotspot Shield
======List of files/folders modified in the last 1 months======
2009-07-17 13:01:51 ----D---- C:\Program Files
2009-07-17 13:01:05 ----D---- C:\WINDOWS\Temp
2009-07-17 09:11:06 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-17 01:15:17 ----AC---- C:\WINDOWS\ntbtlog.txt
2009-07-17 01:11:55 ----D---- C:\WINDOWS\system32
2009-07-15 23:03:27 ----D---- C:\WINDOWS\Prefetch
2009-07-15 22:57:18 ----SHD---- C:\System Volume Information
2009-07-15 01:50:41 ----D---- C:\Documents and Settings\ESS\Application Data\Skype
2009-07-15 00:43:32 ----HD---- C:\Documents and Settings\ESS\Application Data\skypePM
2009-07-14 13:47:34 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-13 17:49:00 ----SHD---- C:\WINDOWS\CSC
2009-07-13 00:42:24 ----D---- C:\Program Files\SpacialAudio
2009-07-12 18:09:34 ----D---- C:\WINDOWS
2009-07-12 17:33:05 ----D---- C:\Program Files\Mozilla Firefox
2009-07-12 17:04:18 ----D---- C:\WINDOWS\system32\drivers
2009-07-12 16:42:22 ----SHD---- C:\WINDOWS\Installer
2009-07-12 16:34:00 ----HD---- C:\WINDOWS\inf
2009-07-12 16:33:56 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-12 16:25:16 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-12 16:23:07 ----SH---- C:\boot.ini
2009-07-12 16:23:07 ----A---- C:\WINDOWS\win.ini
2009-07-12 16:23:07 ----A---- C:\WINDOWS\system.ini
2009-07-12 16:23:03 ----D---- C:\WINDOWS\pss
2009-07-12 16:15:48 ----D---- C:\Program Files\SAGEM
2009-07-04 16:40:44 ----D---- C:\WINDOWS\Minidump
2009-06-30 07:07:13 ----A---- C:\WINDOWS\NeroDigital.ini
2009-06-25 21:48:18 ----HD---- C:\Documents and Settings\ESS\Application Data\Camfrog
2009-06-25 21:47:38 ----D---- C:\Program Files\Camfrog
2009-06-24 01:05:43 ----D---- C:\Documents and Settings\All Users\Application Data\WinZip
2009-06-18 19:02:53 ----SD---- C:\Documents and Settings\ESS\Application Data\Microsoft
2009-06-18 19:02:53 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 BIOS;BIOS; \??\C:\WINDOWS\system32\drivers\BIOS.sys []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-15 12032]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 ZDCNDIS5;ZDCNDIS5 NDIS5.1 Protocol Driver; \??\C:\WINDOWS\system32\ZDCNDIS5.sys []
R3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2008-10-23 223128]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-15 9600]
R3 HssDrv;Hotspot Shield Helper Miniport; C:\WINDOWS\system32\DRIVERS\HssDrv.sys [2009-06-01 33840]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-24 5776928]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-10-16 4615168]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-15 12288]
R3 SG762_XP;SAGEM 802.11g XG762 1211B Driver; C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2006-01-18 402432]
R3 SSKBFD;Webroot Spy Sweeper Keylogger Shield Keyboard Filter; C:\WINDOWS\System32\Drivers\sskbfd.sys [2007-07-19 23864]
R3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2006-10-26 27136]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 V0330VID;WebCam Vista; C:\WINDOWS\system32\DRIVERS\V0330Vid.sys [2006-09-12 173632]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2003-09-19 45056]
R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2006-01-18 17664]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S2 VirtualCam;VirtualCamera; C:\WINDOWS\system32\DRIVERS\VirtualCam.sys [2006-12-01 192512]
S3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-07-03 29696]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]
S3 mcdevice;mcdevice; C:\WINDOWS\system32\DRIVERS\mcdevice.sys [2008-07-03 323584]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 ntkvpn;Loki VPN Driver Service; C:\WINDOWS\system32\DRIVERS\ntkvpn.sys []
S3 ovt519;D-Link VGA Webcam; C:\WINDOWS\System32\Drivers\ov519vid.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 tapavpn;Steganos Anonym VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapavpn.sys [2007-10-19 24320]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\ZDPNDIS5.SYS []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-04 73600]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [2007-10-16 81920]
R2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2009-06-01 94256]
R2 HssSrv;Hotspot Shield Routing Service; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2009-06-01 331312]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [2007-10-16 2711552]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 HssTrayService;Hotspot Shield Tray Service; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2009-06-01 34352]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2009-05-24 69120]
S4 Capture Device Service;Capture Device Service; C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-30 182768]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
S4 Keenfinder Service;Keenfinder Service; C:\Program Files\Keenfinder\keenfinder.exe C:\Program Files\Keenfinder\keenfinder.dll Service []
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S4 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2008-06-09 53392]
S4 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S4 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
>
carlosNY
17 juil. 2009 à 14:25
17 juil. 2009 à 14:25
télecharge usbfix et fait l'option 2
http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe
MANUEL/
http://sd-1.archive-host.com/membres/up/127028005715545653/Canned_UsbFix.zip
http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe
MANUEL/
http://sd-1.archive-host.com/membres/up/127028005715545653/Canned_UsbFix.zip
carlosNY
>
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
17 juil. 2009 à 22:43
17 juil. 2009 à 22:43
j'ai télechargé usbfix et j'ai fait l'option 2 et voiçi la résultat:
############################## | UsbFix V6.008 |
# User : ESS (Administrateurs) # AYMEN
# Update on 17/07/09 by Chiquitine29 & C_XX
# Start at: 21:29:26 | 17/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 37,26 Go (4,97 Go free) # NTFS
# D:\ # Disque CD-ROM
# F:\ # Disque amovible # 962,07 Mo (961,97 Mo free) # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Fichiers # Dossiers infectieux |
Supprimé ! C:\WINDOWS\system32\win.exe
Supprimé ! C:\WINDOWS\system32\winjpg.jpg
################## | C:\Documents and Settings\ESS\Temporary Internet Files |
Supprimé ! C:\DOCUME~1\ESS\LOCALS~1\Temp\eauninstall.exe
Supprimé ! C:\DOCUME~1\ESS\LOCALS~1\Temp\VSD15.tmp\GoTrustedAdapter\gtdrvierinstall.exe
################## | All Drives ... |
Supprimé ! C:\winfile.jpg
Supprimé ! C:\autorun.inf
Supprimé ! F:\winfile.jpg
Supprimé ! F:\autorun.inf
################## | Registre # Clés Run infectieuses |
Supprimé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "CTFMON"
Supprimé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "regdiit"
Supprimé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "smsm"
Supprimé ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
Supprimé ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
Supprimé ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
Supprimé ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
Supprimé ! HKLM\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe
Supprimé ! HKLM\software\microsoft\windows nt\currentversion\image file execution options\rstrui.exe
Supprimé ! HKLM\software\microsoft\windows nt\currentversion\image file execution options\dwwin.exe
# HKLM\software\microsoft\security center "AntiVirusDisableNotify" # -> Reset sucessfully !
# HKLM\software\microsoft\security center "AntiVirusOverride" # -> Reset sucessfully !
# HKLM\software\microsoft\security center "FirewallDisableNotify" # -> Reset sucessfully !
# HKLM\software\microsoft\security center "UpdatesDisableNotify" # -> Reset sucessfully !
################## | Registre # Mountpoints2 |
################## | Listing des fichiers présent |
[10/10/2008 01:29|--a------|1024] - C:\.rnd
[25/08/2008 15:43|--a------|0] - C:\AUTOEXEC.BAT
[12/07/2009 16:23|---hs----|212] - C:\boot.ini
[15/10/2001 00:41|-rahs----|4952] - C:\Bootfont.bin
[25/08/2008 15:43|--a------|0] - C:\CONFIG.SYS
[16/03/2009 23:41|--a------|120] - C:\drmHeader.bin
[23/09/2008 02:56|--a------|117] - C:\finfos.txt
[27/03/2001 00:00|--a------|53248] - C:\gendel32.exe
[18/11/2008 04:44|--a------|164] - C:\install.dat
[25/08/2008 15:43|-rahs----|0] - C:\IO.SYS
[04/04/2009 02:58|--a------|125] - C:\ioSpecial.ini
[09/11/2008 18:28|--a------|1453] - C:\MDL 2.0 Debug.txt
[23/09/2008 02:56|--a------|447] - C:\mpeg.txt
[25/08/2008 15:43|-rahs----|0] - C:\MSDOS.SYS
[04/08/2004 04:38|-rahs----|47564] - C:\NTDETECT.COM
[04/08/2004 04:59|-rahs----|251712] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[12/11/2008 03:09|--ah-----|1073741824] - C:\pfsvoddata.bbv
[25/08/2008 16:56|--a------|573] - C:\RHDSetup.log
[12/07/2009 16:15|--a------|167] - C:\Setup.log
[07/10/2008 13:39|--ah-----|268] - C:\sqmdata00.sqm
[22/10/2008 03:43|--ah-----|268] - C:\sqmdata01.sqm
[23/10/2008 00:26|--ah-----|268] - C:\sqmdata02.sqm
[06/11/2008 17:15|--ah-----|268] - C:\sqmdata03.sqm
[18/02/2009 18:52|--ah-----|268] - C:\sqmdata04.sqm
[07/10/2008 13:39|--ah-----|244] - C:\sqmnoopt00.sqm
[22/10/2008 03:43|--ah-----|244] - C:\sqmnoopt01.sqm
[23/10/2008 00:26|--ah-----|244] - C:\sqmnoopt02.sqm
[06/11/2008 17:15|--ah-----|244] - C:\sqmnoopt03.sqm
[18/02/2009 18:52|--ah-----|172] - C:\sqmnoopt04.sqm
[12/11/2008 04:24|--a------|57] - C:\StvTimeCode.txt
[17/07/2009 21:30|--a------|5053] - C:\UsbFix.txt
[12/11/2008 04:24|--a------|734003136] - C:\VideoBuffer.tmp
[12/07/2009 16:12|--a------|175] - C:\WiFiSetup.log
################## | Vaccination |
# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
################## | Etat / Services / Informations |
# Mode sans echec : OK
# Affichage des fichiers cachés : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # UsbFix V6.008 ! |
############################## | UsbFix V6.008 |
# User : ESS (Administrateurs) # AYMEN
# Update on 17/07/09 by Chiquitine29 & C_XX
# Start at: 21:29:26 | 17/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 37,26 Go (4,97 Go free) # NTFS
# D:\ # Disque CD-ROM
# F:\ # Disque amovible # 962,07 Mo (961,97 Mo free) # FAT32
############################## | Processus actifs |
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## | Fichiers # Dossiers infectieux |
Supprimé ! C:\WINDOWS\system32\win.exe
Supprimé ! C:\WINDOWS\system32\winjpg.jpg
################## | C:\Documents and Settings\ESS\Temporary Internet Files |
Supprimé ! C:\DOCUME~1\ESS\LOCALS~1\Temp\eauninstall.exe
Supprimé ! C:\DOCUME~1\ESS\LOCALS~1\Temp\VSD15.tmp\GoTrustedAdapter\gtdrvierinstall.exe
################## | All Drives ... |
Supprimé ! C:\winfile.jpg
Supprimé ! C:\autorun.inf
Supprimé ! F:\winfile.jpg
Supprimé ! F:\autorun.inf
################## | Registre # Clés Run infectieuses |
Supprimé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "CTFMON"
Supprimé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "regdiit"
Supprimé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "smsm"
Supprimé ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
Supprimé ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
Supprimé ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
Supprimé ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
Supprimé ! HKLM\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe
Supprimé ! HKLM\software\microsoft\windows nt\currentversion\image file execution options\rstrui.exe
Supprimé ! HKLM\software\microsoft\windows nt\currentversion\image file execution options\dwwin.exe
# HKLM\software\microsoft\security center "AntiVirusDisableNotify" # -> Reset sucessfully !
# HKLM\software\microsoft\security center "AntiVirusOverride" # -> Reset sucessfully !
# HKLM\software\microsoft\security center "FirewallDisableNotify" # -> Reset sucessfully !
# HKLM\software\microsoft\security center "UpdatesDisableNotify" # -> Reset sucessfully !
################## | Registre # Mountpoints2 |
################## | Listing des fichiers présent |
[10/10/2008 01:29|--a------|1024] - C:\.rnd
[25/08/2008 15:43|--a------|0] - C:\AUTOEXEC.BAT
[12/07/2009 16:23|---hs----|212] - C:\boot.ini
[15/10/2001 00:41|-rahs----|4952] - C:\Bootfont.bin
[25/08/2008 15:43|--a------|0] - C:\CONFIG.SYS
[16/03/2009 23:41|--a------|120] - C:\drmHeader.bin
[23/09/2008 02:56|--a------|117] - C:\finfos.txt
[27/03/2001 00:00|--a------|53248] - C:\gendel32.exe
[18/11/2008 04:44|--a------|164] - C:\install.dat
[25/08/2008 15:43|-rahs----|0] - C:\IO.SYS
[04/04/2009 02:58|--a------|125] - C:\ioSpecial.ini
[09/11/2008 18:28|--a------|1453] - C:\MDL 2.0 Debug.txt
[23/09/2008 02:56|--a------|447] - C:\mpeg.txt
[25/08/2008 15:43|-rahs----|0] - C:\MSDOS.SYS
[04/08/2004 04:38|-rahs----|47564] - C:\NTDETECT.COM
[04/08/2004 04:59|-rahs----|251712] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[12/11/2008 03:09|--ah-----|1073741824] - C:\pfsvoddata.bbv
[25/08/2008 16:56|--a------|573] - C:\RHDSetup.log
[12/07/2009 16:15|--a------|167] - C:\Setup.log
[07/10/2008 13:39|--ah-----|268] - C:\sqmdata00.sqm
[22/10/2008 03:43|--ah-----|268] - C:\sqmdata01.sqm
[23/10/2008 00:26|--ah-----|268] - C:\sqmdata02.sqm
[06/11/2008 17:15|--ah-----|268] - C:\sqmdata03.sqm
[18/02/2009 18:52|--ah-----|268] - C:\sqmdata04.sqm
[07/10/2008 13:39|--ah-----|244] - C:\sqmnoopt00.sqm
[22/10/2008 03:43|--ah-----|244] - C:\sqmnoopt01.sqm
[23/10/2008 00:26|--ah-----|244] - C:\sqmnoopt02.sqm
[06/11/2008 17:15|--ah-----|244] - C:\sqmnoopt03.sqm
[18/02/2009 18:52|--ah-----|172] - C:\sqmnoopt04.sqm
[12/11/2008 04:24|--a------|57] - C:\StvTimeCode.txt
[17/07/2009 21:30|--a------|5053] - C:\UsbFix.txt
[12/11/2008 04:24|--a------|734003136] - C:\VideoBuffer.tmp
[12/07/2009 16:12|--a------|175] - C:\WiFiSetup.log
################## | Vaccination |
# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
################## | Etat / Services / Informations |
# Mode sans echec : OK
# Affichage des fichiers cachés : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | Cracks / Keygens / Serials |
################## | ! Fin du rapport # UsbFix V6.008 ! |
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
>
carlosNY
17 juil. 2009 à 22:47
17 juil. 2009 à 22:47
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 2. Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
_________________
lance tool cleaner pour virer ce qui a été utilisé:
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
__________________
pour verifier ton pc
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
kaspersky en ligne
https://www.informatruc.com
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 2. Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
_________________
lance tool cleaner pour virer ce qui a été utilisé:
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
__________________
pour verifier ton pc
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
kaspersky en ligne
https://www.informatruc.com
carlosNY
>
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
17 juil. 2009 à 22:58
17 juil. 2009 à 22:58
le rapport généré. (C:\TB.txt):
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : ESS ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:7 Go)
D:\ (CD or DVD)
F:\ (USB) - FAT32 - Total:962 Mo (Free:0 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 17/07/2009|21:49 )
C:\WINDOWS\iun6002.exe
-----------\\ SUPPRESSION
Echec ! - C:\Program Files\AskBarDis\bar
Supprime! - C:\Program Files\AskBarDis\unins00.exe
Supprime! - C:\Program Files\AskBarDis\unins000.dat
Supprime! - C:\Program Files\AskBarDis\unins000.exe
Supprime! - C:\Program Files\AskBarDis\bar\bin
Supprime! - C:\WINDOWS\iun6002.exe
Supprime! - C:\Program Files\AskBarDis
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(ESS) - {27A2FD41-CB23-4518-AB5C-C25BAFFDE531} => switchproxy
(ESS) - {40a1f5d7-afc2-498f-b264-02668d616ff6} => megamanager
(ESS) - {71e95839-6f7e-470d-be54-77012fec6345} => proxysel
(ESS) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
(ESS) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} => hotspot_shield
(ESS) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 17/07/2009|21:50 - Option : [2]
-----------\\ Fin du rapport a 21:50:28,60
[ Rapport ToolsCleaner version 2.3.7 (par A.Rothstein & dj QUIOU) ]
--> Recherche:
C:\TB.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\Toolbar SD: trouvé !
C:\UsbFix: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\ESS\Bureau\ToolBarSD.exe: trouvé !
C:\Documents and Settings\ESS\Bureau\UsbFix.exe: trouvé !
C:\Documents and Settings\ESS\Bureau\UsbFix.txt: trouvé !
C:\Documents and Settings\ESS\Bureau\UsbFix.lnk: trouvé !
C:\Documents and Settings\ESS\Bureau\Rsit.exe: trouvé !
C:\Documents and Settings\ESS\Menu Démarrer\Programmes\UsbFix: trouvé !
C:\Documents and Settings\ESS\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: trouvé !
C:\Documents and Settings\ESS\Recent\UsbFix.lnk: trouvé !
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : ESS ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:37 Go (Free:7 Go)
D:\ (CD or DVD)
F:\ (USB) - FAT32 - Total:962 Mo (Free:0 Go)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 17/07/2009|21:49 )
C:\WINDOWS\iun6002.exe
-----------\\ SUPPRESSION
Echec ! - C:\Program Files\AskBarDis\bar
Supprime! - C:\Program Files\AskBarDis\unins00.exe
Supprime! - C:\Program Files\AskBarDis\unins000.dat
Supprime! - C:\Program Files\AskBarDis\unins000.exe
Supprime! - C:\Program Files\AskBarDis\bar\bin
Supprime! - C:\WINDOWS\iun6002.exe
Supprime! - C:\Program Files\AskBarDis
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ Extensions
(ESS) - {27A2FD41-CB23-4518-AB5C-C25BAFFDE531} => switchproxy
(ESS) - {40a1f5d7-afc2-498f-b264-02668d616ff6} => megamanager
(ESS) - {71e95839-6f7e-470d-be54-77012fec6345} => proxysel
(ESS) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
(ESS) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} => hotspot_shield
(ESS) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 17/07/2009|21:50 - Option : [2]
-----------\\ Fin du rapport a 21:50:28,60
[ Rapport ToolsCleaner version 2.3.7 (par A.Rothstein & dj QUIOU) ]
--> Recherche:
C:\TB.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\Toolbar SD: trouvé !
C:\UsbFix: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\ESS\Bureau\ToolBarSD.exe: trouvé !
C:\Documents and Settings\ESS\Bureau\UsbFix.exe: trouvé !
C:\Documents and Settings\ESS\Bureau\UsbFix.txt: trouvé !
C:\Documents and Settings\ESS\Bureau\UsbFix.lnk: trouvé !
C:\Documents and Settings\ESS\Bureau\Rsit.exe: trouvé !
C:\Documents and Settings\ESS\Menu Démarrer\Programmes\UsbFix: trouvé !
C:\Documents and Settings\ESS\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: trouvé !
C:\Documents and Settings\ESS\Recent\UsbFix.lnk: trouvé !
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
vouldeten
Messages postés
2
Date d'inscription
mardi 24 mars 2009
Statut
Membre
Dernière intervention
24 mars 2009
24 mars 2009 à 13:26
24 mars 2009 à 13:26
merci,
Mais j'arrive pas a le executer, apres le telechargement sur le bureau, il m'affiche le message suivant:
C:/Documents and Settings/admin/bureau/RSIT.exe n'est pas une application win 32 valide.
Mais j'arrive pas a le executer, apres le telechargement sur le bureau, il m'affiche le message suivant:
C:/Documents and Settings/admin/bureau/RSIT.exe n'est pas une application win 32 valide.
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
24 mars 2009 à 13:27
24 mars 2009 à 13:27
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
et
Telecharge FindyKill sur ton bureau :
--> http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
--> Lance l installation avec les parametres par default
--> Double clic sur le raccourci FindyKill sur ton bureau
--> Au menu principal,choisi l option 1 (Recherche)
--> Post le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
et
Telecharge FindyKill sur ton bureau :
--> http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill.exe
--> Lance l installation avec les parametres par default
--> Double clic sur le raccourci FindyKill sur ton bureau
--> Au menu principal,choisi l option 1 (Recherche)
--> Post le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé a la racine du disque
titan_sb
Messages postés
1
Date d'inscription
mardi 28 avril 2009
Statut
Membre
Dernière intervention
28 avril 2009
28 avril 2009 à 14:22
28 avril 2009 à 14:22
J'ai le même problème avec mon navigateur IE qui affiche "Hacked by X4X ....".
Symantec Endpoint Protection quej'utilise et qui est à jour n'a rien détecté.
Help !
Symantec Endpoint Protection quej'utilise et qui est à jour n'a rien détecté.
Help !
oders
Messages postés
1
Date d'inscription
jeudi 28 mai 2009
Statut
Membre
Dernière intervention
28 mai 2009
28 mai 2009 à 14:53
28 mai 2009 à 14:53
bonjour,
moi j'ai utilisé le COmboFixe et voila le rapport
omboFix 09-05-26.05 - lemir 28/05/2009 12:20:29.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1015.723 [GMT 0:00]
Lancé depuis: C:\Documents and Settings\lemir\Bureau\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\system32\setup.ini
C:\WINDOWS\system32\win.exe
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-28 au 2009-05-28 ))))))))))))))))))))))))))))))))))))
.
2009-05-19 20:30:24 . 2009-05-19 20:32:49 0 d-----w C:\Program Files\NDSROM Player
2009-05-12 19:13:55 . 2009-05-12 19:14:25 0 d-----w C:\Program Files\eMule
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-28 12:23:24 . 2009-04-06 22:03:16 3100192 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2009-05-28 12:22:31 . 2009-04-06 22:03:16 8264 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2009-05-28 12:22:31 . 2009-04-06 22:03:16 65568 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2009-05-28 12:22:31 . 2009-04-06 22:03:16 43544 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2009-05-28 12:10:11 . 2001-08-28 12:00:00 49932 ----a-w C:\WINDOWS\system32\perfc00C.dat
2009-05-28 12:10:11 . 2001-08-28 12:00:00 371070 ----a-w C:\WINDOWS\system32\perfh00C.dat
2009-05-28 12:05:57 . 2009-04-06 22:03:17 0 d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-05-20 14:56:24 . 2009-04-06 22:03:45 94643 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2009-05-20 14:56:24 . 2009-04-06 22:03:45 105395 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2009-04-13 18:47:26 . 2009-04-13 18:47:26 0 d-----w C:\Program Files\AT_FRflights
2009-04-06 23:23:26 . 2007-03-03 20:39:06 112144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2009-04-06 23:22:50 . 2009-04-06 23:22:47 112144 ----a-w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.2.678\X86\kl1.sys
2009-04-06 23:22:47 . 2009-04-06 23:17:55 686704 ----a-w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.2.678\updater.dll
2009-04-06 23:17:31 . 2009-04-06 23:17:31 187168 ----a-w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.2.678\klif.sys
2009-04-06 23:17:27 . 2009-04-06 23:17:24 45168 ----a-w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.2.678\fssync.dll
2009-04-06 23:17:21 . 2009-04-06 23:17:05 338544 ----a-w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.2.678\ckahum.dll
2009-04-06 23:16:43 . 2009-04-06 23:16:32 211568 ----a-w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.2.678\avp.exe
2009-04-06 22:03:18 . 2009-04-06 22:03:18 0 d-----w C:\Program Files\Kaspersky Lab
2009-04-06 21:24:16 . 2007-07-11 16:12:53 0 d-----w C:\Program Files\Fichiers communs\Network Associates
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 17:36:48 872448]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-02-26 11:34:28 131072]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-02-26 11:34:28 155648]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-02-26 11:33:56 131072]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe" [2004-02-22 23:44:44 32881]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-03-18 12:51:47 180269]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 01:04:34 39792]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 20:00:00 94208]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" [2009-04-06 23:23:25 211568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe]
"Debugger"=C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dwwin.exe]
"Debugger"=C:\WINDOWS\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys [22/03/2009 14:51:18 58048]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\drivers\klim5.sys [02/02/2007 12:31:52 24344]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-regdiit - C:\WINDOWS\system32\win.exe
HKLM-Explorer_Run-PC-CF5CA85FF204 - .vbe
SafeBoot-procexp90.Sys
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.mini20.com
IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {76ABA7C8-B470-4E1D-A4B0-6FCCCA6B0FC2} = 82.151.90.1,212.217.0.1
.
j'ai maintenant l'accès aux registre et "haked by X4X " est disparu de mon navidateur
est ce que le problème est réglé , merci d'analyser le rapport
moi j'ai utilisé le COmboFixe et voila le rapport
omboFix 09-05-26.05 - lemir 28/05/2009 12:20:29.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1015.723 [GMT 0:00]
Lancé depuis: C:\Documents and Settings\lemir\Bureau\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\system32\setup.ini
C:\WINDOWS\system32\win.exe
D:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-28 au 2009-05-28 ))))))))))))))))))))))))))))))))))))
.
2009-05-19 20:30:24 . 2009-05-19 20:32:49 0 d-----w C:\Program Files\NDSROM Player
2009-05-12 19:13:55 . 2009-05-12 19:14:25 0 d-----w C:\Program Files\eMule
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-28 12:23:24 . 2009-04-06 22:03:16 3100192 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2009-05-28 12:22:31 . 2009-04-06 22:03:16 8264 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2009-05-28 12:22:31 . 2009-04-06 22:03:16 65568 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2009-05-28 12:22:31 . 2009-04-06 22:03:16 43544 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2009-05-28 12:10:11 . 2001-08-28 12:00:00 49932 ----a-w C:\WINDOWS\system32\perfc00C.dat
2009-05-28 12:10:11 . 2001-08-28 12:00:00 371070 ----a-w C:\WINDOWS\system32\perfh00C.dat
2009-05-28 12:05:57 . 2009-04-06 22:03:17 0 d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-05-20 14:56:24 . 2009-04-06 22:03:45 94643 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2009-05-20 14:56:24 . 2009-04-06 22:03:45 105395 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2009-04-13 18:47:26 . 2009-04-13 18:47:26 0 d-----w C:\Program Files\AT_FRflights
2009-04-06 23:23:26 . 2007-03-03 20:39:06 112144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2009-04-06 23:22:50 . 2009-04-06 23:22:47 112144 ----a-w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.2.678\X86\kl1.sys
2009-04-06 23:22:47 . 2009-04-06 23:17:55 686704 ----a-w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.2.678\updater.dll
2009-04-06 23:17:31 . 2009-04-06 23:17:31 187168 ----a-w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.2.678\klif.sys
2009-04-06 23:17:27 . 2009-04-06 23:17:24 45168 ----a-w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.2.678\fssync.dll
2009-04-06 23:17:21 . 2009-04-06 23:17:05 338544 ----a-w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.2.678\ckahum.dll
2009-04-06 23:16:43 . 2009-04-06 23:16:32 211568 ----a-w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.2.678\avp.exe
2009-04-06 22:03:18 . 2009-04-06 22:03:18 0 d-----w C:\Program Files\Kaspersky Lab
2009-04-06 21:24:16 . 2007-07-11 16:12:53 0 d-----w C:\Program Files\Fichiers communs\Network Associates
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 17:36:48 872448]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-02-26 11:34:28 131072]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-02-26 11:34:28 155648]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-02-26 11:33:56 131072]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe" [2004-02-22 23:44:44 32881]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-03-18 12:51:47 180269]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 01:04:34 39792]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 20:00:00 94208]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations\avp.exe" [2009-04-06 23:23:25 211568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe]
"Debugger"=C:\WINDOWS\system32\wscript.exe /E:vbs C:\WINDOWS\system32\winjpg.jpg
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dwwin.exe]
"Debugger"=C:\WINDOWS\system32\win.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys [22/03/2009 14:51:18 58048]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\drivers\klim5.sys [02/02/2007 12:31:52 24344]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKLM-Run-regdiit - C:\WINDOWS\system32\win.exe
HKLM-Explorer_Run-PC-CF5CA85FF204 - .vbe
SafeBoot-procexp90.Sys
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.mini20.com
IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {76ABA7C8-B470-4E1D-A4B0-6FCCCA6B0FC2} = 82.151.90.1,212.217.0.1
.
j'ai maintenant l'accès aux registre et "haked by X4X " est disparu de mon navidateur
est ce que le problème est réglé , merci d'analyser le rapport