Sujet Précédent Sujet Suivant

Ordinateur qui rame

Fermé
balico - 8 déc. 2009 à 09:33
 balico06 - 10 déc. 2009 à 18:42
Bonjour,

Mon PC rame depuis quelques temps sans toutefois me bloquer totalement.
Il est vrai qu'il a 4 ans et que j'ai empilé un nombre incroyable de logiciels, programmes, utilitaires etc...

N'étant pas un pro de l'informatique mais un lecteur régulier de votre site je me lance et poste le fameux rapport Hijackthis.

Merci pour votre assistance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:27:55, on 07/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Balico\Mes documents\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [MailNotifierSessionManager] C:\Program Files\Orange\Notification Mail\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Balico\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol 52\axcmd.exe" /automount
O4 - HKUS\S-1-5-21-2119481020-3562625198-1139210170-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f006.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8001DE01-8B64-42D0-A0DB-7618DC0AF72D}: NameServer = 192.168.1.1,80.10.246.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{90093DB8-745E-40BA-9619-3D078DF4E4F1}: NameServer = 192.168.1.1,80.10.246.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FB87DFC-19EC-4AF0-9661-BA62417C648E}: NameServer = 192.168.1.1,80.10.246.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe

43 réponses

Réponse 1 / 43
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
8 déc. 2009 à 10:03
bonjour

Télechargez Smitfraudfix.exe
http://siri.urz.free.fr/Fix/SmitfraudFix.php

Regardez le tuto:
http://www.malekal.com/tutorial_SmitFraudfix.php

Exécutez le en choisissant l’option 1

l’outil va générer un rapport

Copie/colle le rapport sur un forum .

note: Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus, etc...) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

Site officiel: http://siri.urz.free.fr/Fix/SmitfraudFix.php


1
Réponse 2 / 43
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
8 déc. 2009 à 12:17
oublie le post 3

es tu bien chez Orange ?

fais ceci

• Télécharge Random's System Information Tool (RSIT) de Random/Random.

http://images.malwareremoval.com/random/RSIT.exe

• Enregistre le sur ton Bureau.

• Double clique sur RSIT.exe pour lancer l'outil.

• Clique sur "Continue" à l'écran Disclaimer.

• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande)

et tu devras accepter la licence.

• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp

Les rapports se trouvent à cet endroit:
C:\rsit\info.txt
C:\rsit\log.txt



1
balico
8 déc. 2009 à 13:52
oui je suis bien chez Orange.
0
Réponse 3 / 43
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
8 déc. 2009 à 13:55
ok

redemarre le pc
puis

1) Désactiver le TeaTimer de Spybot (Merci à Nico et nathandre):
Pour désactiver le TeaTimer :
=> Ouvrir Spybot S&D
=> Dans le menu "Mode", séléctionner le mode avancé.
=> Une fenêtre demande confirmation cliquer sur "oui".
=> Une fois le mode avancé actif, ouvrir l'onglet "Outils".
=> Cliquer sur Résident.
=> La partie Résident comporte deux lignes qui sont normalement cochées :
*Résident "SDHelper" (bloqueur de téléchargements nuisibles pour Internet Explorer) actif.
* Résident "TeaTimer" (Protection des réglages système fondamentaux) actif
=> Décocher la ligne TeaTimer.
=> Redémarrer Spybot (le fermer et le réouvrir)
=> Retourner dans le menu Résident et vérifier qu'il soit bien désactivé

Spybot va géner les outils

2) Téléchargez USBFIX de Chiquitine29, C_xx

http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
ou
https://www.ionos.fr/?affiliate_id=77097

/!\ Utilisateur de vista et windows 7 :
ne pas oublier de désactiver Le contrôle des comptes utilisateurs
https://www.commentcamarche.net/faq/8343-vista-desactiver-l-uac

/!\ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

• Double clic sur le raccourci UsbFix présent sur le bureau .

• Choisir l'option 1 (Recherche)
(d’autres options disponibles, voir le tutoriel).
• Laissez travailler l'outil.

• Ensuite postez le rapport UsbFix.txt qui apparaîtra.

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html



1
balico
8 déc. 2009 à 14:20
l'analyse est bloquée à 50 % depuis un petit moment ?
0
Réponse 4 / 43
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
8 déc. 2009 à 14:59
joli collection de cracks...surtout pour un AV

supprimes les

1) ● Relance UsbFix

● Dans le menu principale cette fois choisit l'option2

Le menu démarrer et les icônes vont à nouveau disparaître.. c'est normal.

Si un message te demande de redémarrer l'ordinateur fais le ...

● Au redémarrage, le fix se relance... laisses l'opération s'effectuer.

● Le bloc note s'ouvre avec un rapport, envoies le dans la prochaine réponse

...................................

2) Téléchargez MalwareByte's Anti-Malware
https://www.majorgeeks.com/files/details/malwarebytes_anti_malware.html

. Sur la page cliques sur Télécharger Malwarebyte's Anti-Malware
. Enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, clique sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. Rends toi dans l'onglet rapport/log
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller


Si tu as besoin d'aide regarde ces tutoriels :
Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam



1

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 43
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
8 déc. 2009 à 17:41
refais un nouveau RSIT de contrôle et postes juste le log
1
Réponse 6 / 43
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
8 déc. 2009 à 20:37
reste deux petite cochonneries


Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

▶ Télécharge List&Kill'em et enregistre le sur ton bureau

http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem.zip

Il ne necessite pas d'installation

▶double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

choisis la langue puis choisis l'option 1 = Mode Recherche

▶laisse travailler l'outil

à la fin du scan la fenêtre se referme seule.

ouvre C:\List'em.txt

▶colle le contenu dans ta prochaine réponse
1
Réponse 7 / 43
balico
8 déc. 2009 à 11:58
SmitFraudFix v2.424

Rapport fait à 11:53:17,46, 07/12/2009
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Balico


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Balico\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Balico\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Balico\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="wbsys.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: SiS191 100/10 Ethernet Device - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{750D2D6C-FA05-4714-884F-EA1C6597E5E7}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8001DE01-8B64-42D0-A0DB-7618DC0AF72D}: NameServer=192.168.1.1,80.10.246.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{90093DB8-745E-40BA-9619-3D078DF4E4F1}: NameServer=192.168.1.1,80.10.246.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{9FB87DFC-19EC-4AF0-9661-BA62417C648E}: NameServer=192.168.1.1,80.10.246.2
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DFE949B4-CBEC-4A9F-845E-0D197D63734B}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{F2DB99C4-312E-419F-9118-CCEC8A2CCC8F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6D10CB95-C462-41C9-9C49-0A3371F559A9}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8001DE01-8B64-42D0-A0DB-7618DC0AF72D}: NameServer=192.168.1.1,80.10.246.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{90093DB8-745E-40BA-9619-3D078DF4E4F1}: NameServer=192.168.1.1,80.10.246.2
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9FB87DFC-19EC-4AF0-9661-BA62417C648E}: NameServer=192.168.1.1,80.10.246.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8001DE01-8B64-42D0-A0DB-7618DC0AF72D}: NameServer=192.168.1.1,80.10.246.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{90093DB8-745E-40BA-9619-3D078DF4E4F1}: NameServer=192.168.1.1,80.10.246.2
HKLM\SYSTEM\CS3\Services\Tcpip\..\{9FB87DFC-19EC-4AF0-9661-BA62417C648E}: NameServer=192.168.1.1,80.10.246.2
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 8 / 43
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
8 déc. 2009 à 12:12
Redémarrer le pc en mode sans échec
https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php

Relancer Smitfraud option 2 Nettoyage
Laisser travailler l’outil
Poster le rapport généré

0
Réponse 9 / 43
balico
8 déc. 2009 à 13:41
Logfile of random's system information tool 1.06 (written by random/random)
Run by Balico at 2009-12-07 13:40:44
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 30 GB (13%) free of 238 GB
Total RAM: 1023 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:41:06, on 07/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Balico\Mes documents\RSIT.exe
C:\Documents and Settings\Balico\Mes documents\Balico.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [MailNotifierSessionManager] C:\Program Files\Orange\Notification Mail\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Balico\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol 52\axcmd.exe" /automount
O4 - HKUS\S-1-5-21-2119481020-3562625198-1139210170-1008\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f006.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8001DE01-8B64-42D0-A0DB-7618DC0AF72D}: NameServer = 192.168.1.1,80.10.246.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{90093DB8-745E-40BA-9619-3D078DF4E4F1}: NameServer = 192.168.1.1,80.10.246.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FB87DFC-19EC-4AF0-9661-BA62417C648E}: NameServer = 192.168.1.1,80.10.246.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe
0
Réponse 10 / 43
balico
8 déc. 2009 à 14:53
############################## | UsbFix V6.059 |

User : Balico (Administrateurs) # CASA
Update on 01/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 14:11:02 | 07/12/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

C:\ -> Disque fixe local # 232,88 Go (29,14 Go free) [446513] # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM # 682,24 Mo (0 Mo free) [Mon disque] # CDFS
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque fixe local # 298,09 Go (111,97 Go free) [Elements] # NTFS
K:\ -> Disque amovible

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 980
C:\WINDOWS\system32\csrss.exe 1124
C:\WINDOWS\system32\winlogon.exe 1224
C:\WINDOWS\system32\services.exe 1284
C:\WINDOWS\system32\lsass.exe 1296
C:\WINDOWS\system32\Ati2evxx.exe 1524
C:\WINDOWS\system32\svchost.exe 1540
C:\WINDOWS\system32\svchost.exe 1624
C:\WINDOWS\System32\svchost.exe 1736
C:\WINDOWS\system32\svchost.exe 1836
C:\WINDOWS\system32\svchost.exe 1900
C:\WINDOWS\system32\Ati2evxx.exe 2036
C:\WINDOWS\system32\spoolsv.exe 260
C:\Program Files\Avira\AntiVir Desktop\sched.exe 396
C:\WINDOWS\system32\svchost.exe 504
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 924
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 936
C:\WINDOWS\system32\svchost.exe 1040
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe 1076
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE 1068
C:\WINDOWS\System32\svchost.exe 1472
C:\WINDOWS\System32\svchost.exe 1576
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1640
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 1724
C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe 1812
C:\WINDOWS\system32\svchost.exe 1864
C:\WINDOWS\system32\SearchIndexer.exe 144
C:\WINDOWS\System32\alg.exe 2432
C:\WINDOWS\Explorer.EXE 3488
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe 3940
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 3972
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 4040
C:\WINDOWS\system32\ctfmon.exe 2088
C:\Program Files\Mozilla Firefox\firefox.exe 3612
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe 1876
C:\Program Files\Spybot - Search & Destroy 2\SpybotSD.exe 464
C:\WINDOWS\system32\wbem\wmiprvse.exe 2136

################## | Fichiers # Dossiers infectieux |

C:\WINDOWS\System32\autorun.inf
C:\DOCUME~1\Balico\LOCALS~1\Temp\aax111.tmp.exe
E:\autorun.inf
E:\autorun.ini
J:\autorun.inf

################## | Spyware.OnlineGames |


################## | Registre # Clés infectieuses |

[HKCU\SOFTWARE\MediaSolaris]
[HKCU\SOFTWARE\TurboNet]

################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{1f80ca41-5558-11dd-a897-0060b3f537fc}
Shell\AutoRun\command =L:\InstallTomTomHOME.exe

################## | Cracks / Keygens / Serials |

"C:\Documents and Settings\Balico\Mes documents\Programmes\keygen.exe"
25/11/2006 00:23 |Size 118784 |Crc32 52ce3b97 |Md5 a2fcfa38b381163e372a3f195541a848

"C:\Documents and Settings\THOMAS\Mes documents\Crack\Ad-Aware2007.exe"
13/06/2007 13:40 |Size 4452352 |Crc32 e5e85934 |Md5 9f6360e28d56ae0fed9e2aeb22e0a24f

"C:\Documents and Settings\THOMAS\Mes documents\Crack\Ad-Watch2007.exe"
13/06/2007 13:18 |Size 4177920 |Crc32 c7c69398 |Md5 67f518dbd7de862056e93b719b6822eb

"C:\Documents and Settings\THOMAS\Mes documents\Crack\HostFileEditor.exe"
13/06/2007 13:31 |Size 3629056 |Crc32 26019cf4 |Md5 4e535d6cf6494a98c5f190ea15d75236

"C:\Documents and Settings\THOMAS\Mes documents\Crack\LSUpdateManager.exe"
13/06/2007 12:41 |Size 1771664 |Crc32 98cbee9a |Md5 34ed43a5dbc2a835322d47e69e370cd8

"C:\Documents and Settings\THOMAS\Mes documents\Crack\ProcessWatch.exe"
13/06/2007 13:38 |Size 3706880 |Crc32 ce019c71 |Md5 1b69c06901b4f8fcd0e6ecedc8e47e77

"C:\Documents and Settings\THOMAS\Mes documents\Crack\update-cracked.exe"
13/06/2007 13:10 |Size 3158016 |Crc32 af4838cb |Md5 92ba6611261664b91d49b0dbeb73fe53

"C:\Documents and Settings\THOMAS\Mes documents\mes jeux\Mx vs Atv Unleashed\Crack Mx vs atv unleashed\MXvsATV.exe"
19/09/2009 14:32 |Size 18935808 |Crc32 a1e6c82b |Md5 2ae77ef8d2cfe6aff07fc0320948103f

"C:\Program Files\Lavasoft\Ad-Aware 2007\Crack\Ad-Aware2007.exe"
13/06/2007 13:40 |Size 4452352 |Crc32 e5e85934 |Md5 9f6360e28d56ae0fed9e2aeb22e0a24f

"C:\Program Files\Lavasoft\Ad-Aware 2007\Crack\Ad-Watch2007.exe"
13/06/2007 13:18 |Size 4177920 |Crc32 c7c69398 |Md5 67f518dbd7de862056e93b719b6822eb

"C:\Program Files\Lavasoft\Ad-Aware 2007\Crack\HostFileEditor.exe"
13/06/2007 13:31 |Size 3629056 |Crc32 26019cf4 |Md5 4e535d6cf6494a98c5f190ea15d75236

"C:\Program Files\Lavasoft\Ad-Aware 2007\Crack\LSUpdateManager.exe"
13/06/2007 12:41 |Size 1771664 |Crc32 98cbee9a |Md5 34ed43a5dbc2a835322d47e69e370cd8

"C:\Program Files\Lavasoft\Ad-Aware 2007\Crack\ProcessWatch.exe"
13/06/2007 13:38 |Size 3706880 |Crc32 ce019c71 |Md5 1b69c06901b4f8fcd0e6ecedc8e47e77

"C:\Program Files\Lavasoft\Ad-Aware 2007\Crack\update-cracked.exe"
13/06/2007 13:10 |Size 3158016 |Crc32 af4838cb |Md5 92ba6611261664b91d49b0dbeb73fe53

"J:\Balico\Programmes\keygen.exe"
25/11/2006 00:23 |Size 118784 |Crc32 52ce3b97 |Md5 a2fcfa38b381163e372a3f195541a848

"J:\Program Files\Lavasoft\Ad-Aware 2007\Crack\Ad-Aware2007.exe"
13/06/2007 13:40 |Size 4452352 |Crc32 e5e85934 |Md5 9f6360e28d56ae0fed9e2aeb22e0a24f

"J:\Program Files\Lavasoft\Ad-Aware 2007\Crack\Ad-Watch2007.exe"
13/06/2007 13:18 |Size 4177920 |Crc32 c7c69398 |Md5 67f518dbd7de862056e93b719b6822eb

"J:\Program Files\Lavasoft\Ad-Aware 2007\Crack\HostFileEditor.exe"
13/06/2007 13:31 |Size 3629056 |Crc32 26019cf4 |Md5 4e535d6cf6494a98c5f190ea15d75236

"J:\Program Files\Lavasoft\Ad-Aware 2007\Crack\LSUpdateManager.exe"
13/06/2007 12:41 |Size 1771664 |Crc32 98cbee9a |Md5 34ed43a5dbc2a835322d47e69e370cd8

"J:\Program Files\Lavasoft\Ad-Aware 2007\Crack\ProcessWatch.exe"
13/06/2007 13:38 |Size 3706880 |Crc32 ce019c71 |Md5 1b69c06901b4f8fcd0e6ecedc8e47e77

"J:\Program Files\Lavasoft\Ad-Aware 2007\Crack\update-cracked.exe"
13/06/2007 13:10 |Size 3158016 |Crc32 af4838cb |Md5 92ba6611261664b91d49b0dbeb73fe53


################## | ! Fin du rapport # UsbFix V6.059 ! |
0
Réponse 11 / 43
balico
8 déc. 2009 à 15:04
C'est quoi un AV ?
0
Réponse 12 / 43
balico
8 déc. 2009 à 15:28
############################## | UsbFix V6.059 |

User : Balico (Administrateurs) # CASA
Update on 01/12/2009 by Chiquitine29, C_XX & Chimay8
Start at: 15:10:44 | 07/12/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

C:\ -> Disque fixe local # 232,88 Go (32,08 Go free) [446513] # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque fixe local # 298,09 Go (113,64 Go free) [WD Disque dur externe] # NTFS
K:\ -> Disque amovible

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe 980
C:\WINDOWS\system32\csrss.exe 1224
C:\WINDOWS\system32\winlogon.exe 1320
C:\WINDOWS\system32\services.exe 1380
C:\WINDOWS\system32\lsass.exe 1392
C:\WINDOWS\system32\Ati2evxx.exe 1620
C:\WINDOWS\system32\svchost.exe 1640
C:\WINDOWS\system32\svchost.exe 1720
C:\WINDOWS\System32\svchost.exe 1832
C:\WINDOWS\system32\svchost.exe 1924
C:\WINDOWS\system32\svchost.exe 2028
C:\WINDOWS\system32\logonui.exe 188
C:\WINDOWS\system32\Ati2evxx.exe 232
C:\WINDOWS\system32\spoolsv.exe 396
C:\Program Files\Avira\AntiVir Desktop\sched.exe 488
C:\WINDOWS\system32\svchost.exe 608
C:\WINDOWS\Explorer.EXE 1152
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1356
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1460
C:\WINDOWS\system32\svchost.exe 1744
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe 1800
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE 480
C:\WINDOWS\System32\svchost.exe 528
C:\WINDOWS\System32\svchost.exe 568
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 580
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 808
C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe 852
C:\WINDOWS\system32\svchost.exe 868
C:\WINDOWS\system32\SearchIndexer.exe 1056
C:\WINDOWS\system32\wuauclt.exe 1200
C:\WINDOWS\System32\alg.exe 2832
C:\WINDOWS\system32\wbem\wmiprvse.exe 2896

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\WINDOWS\System32\autorun.inf
Supprimé ! C:\DOCUME~1\Balico\LOCALS~1\Temp\aax111.tmp.exe
Supprimé ! J:\autorun.inf

################## | Spyware.OnlineGames |


################## | Registre # Clés infectieuses |

Supprimé ! [HKCU\SOFTWARE\MediaSolaris]
Supprimé ! [HKCU\SOFTWARE\TurboNet]

################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{1f80ca41-5558-11dd-a897-0060b3f537fc}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[06/02/2006 23:28|--a------|983] C:\868000446513.dat
[21/06/2000 05:27|--a------|22469] C:\ackfont.pcx
[11/02/2002 09:22|--a------|18182] C:\acknex.mdf
[01/06/2002 03:09|--a------|76459] C:\acknex.wdf
[27/03/2002 05:35|--a------|1063596] C:\ak47.mdl
[22/04/2002 21:23|--a------|4056] C:\ak47.wav
[08/04/2002 00:42|--a------|1401992] C:\ak74.mdl
[15/05/2000 11:08|--a------|134656] C:\alien
[16/04/2002 01:28|--a------|2175432] C:\asylumlogo.avi
[16/11/2009 10:00|--a------|100] C:\AUTOEXEC.BAT
[23/04/2002 18:46|--a------|291656] C:\baum1_0.wmb
[23/04/2002 19:22|--a------|92288] C:\baum2_0.wmb
[24/04/2002 21:48|--a------|48336] C:\baum3_0.wmb
[07/12/2009 09:14|---hs----|216] C:\boot.ini
[14/04/2008 13:00|-rahs----|4952] C:\Bootfont.bin
[24/04/2002 02:07|--a------|34609] C:\bu5_0.pcx
[30/04/2001 03:27|--a------|322] C:\bulhole.pcx
[03/11/2005 12:56|--a------|14950] C:\button-Menue12.bmp
[03/11/2005 12:57|--a------|14950] C:\button-Menue12a.bmp
[03/11/2005 12:57|--a------|14950] C:\button-Menue13.bmp
[03/11/2005 12:57|--a------|14950] C:\button-Menue13a.bmp
[03/11/2005 12:58|--a------|14950] C:\button-Menue15.bmp
[03/11/2005 12:58|--a------|14950] C:\button-Menue15a.bmp
[03/11/2005 13:00|--a------|14950] C:\button-Menue16.bmp
[03/11/2005 13:00|--a------|14950] C:\button-Menue16a.bmp
[03/11/2005 13:00|--a------|14950] C:\button-Menue17.bmp
[03/11/2005 13:00|--a------|14950] C:\button-Menue17a.bmp
[03/11/2005 13:01|--a------|14950] C:\button-Menue18.bmp
[03/11/2005 13:01|--a------|14950] C:\button-Menue18a.bmp
[28/05/2002 22:01|--a------|230456] C:\cast.bmp
[31/12/2006 16:49|--a------|4096] C:\cdcops.log
[08/02/2001 20:11|--a------|16944] C:\click_one.wav
[08/02/2001 20:11|--a------|46580] C:\click_two.wav
[06/04/2007 18:55|--a------|35] C:\CommMgr.log
[07/02/2006 15:19|--a------|0] C:\CONFIG.SYS
[14/03/2006 19:49|--a------|140] C:\config.txt
[02/12/2006 18:41|--a------|0] C:\conmgr.log
[02/05/2002 03:01|--a------|63030] C:\Courie14.bmp
[14/05/2002 05:23|--a------|88632] C:\Courie24.bmp
[09/05/2002 22:15|--a------|29750] C:\Courier9_rot.bmp
[12/05/2002 23:06|--a------|600056] C:\credit_back.bmp
[09/01/2004 22:33|--a------|3239936] C:\CT3.exe
[29/12/2006 10:46|--a------|1512856] C:\daemon-tools_daemon_tools_4.0.8_anglais_10729.exe
[14/05/2002 23:23|--a------|94068] C:\door1.wav
[06/11/2003 00:42|--a------|4050924] C:\dschungel.wmb
[02/06/2002 23:20|--a------|7655844] C:\dschungel_lager.wmb
[30/05/2002 06:06|--a------|8842] C:\einstellungen.wdl
[21/05/2002 22:05|--a------|15924] C:\electro1.mdl
[21/05/2002 22:05|--a------|13188] C:\electro2.mdl
[21/05/2002 22:05|--a------|25572] C:\electro3.mdl
[11/03/2006 17:42|--a------|27] C:\expand.txt
[25/03/2002 21:23|--a------|49306] C:\explo4.pcx
[03/05/2002 21:39|--a------|76152] C:\explos1.wav
[16/02/2007 18:25|--a------|3410] C:\ExtractLog.txt
[20/03/2002 19:37|--a------|685] C:\fadenkreuz.pcx
[14/05/2002 20:34|--a------|198056] C:\fahrs.wmb
[04/03/2001 23:59|--a------|18054] C:\flare0.pcx
[04/03/2001 23:59|--a------|46069] C:\flare1.pcx
[05/03/2001 00:01|--a------|32708] C:\flare2.pcx
[05/03/2001 00:08|--a------|15090] C:\flare3.pcx
[15/04/2002 06:44|--a------|89463] C:\gras_0.pcx
[18/05/2002 00:45|--a------|302328] C:\hochsi.wmb
[30/05/2002 00:20|--a------|59672] C:\holz2.wmb
[01/05/2001 20:02|--a------|138788] C:\hueybody.mdl
[17/05/2001 22:08|--a------|133892] C:\huprop.mdl
[17/05/2001 22:09|--a------|134156] C:\hutprop.mdl
[21/05/2002 22:27|--a------|6564] C:\h_lampe1.mdl
[21/05/2002 22:27|--a------|6564] C:\h_lampe2.mdl
[05/04/2006 05:54|--a------|282] C:\IComTracer.log
[03/06/2002 02:07|--a------|3718400] C:\imsteutzpunkt.wmb
[14/05/2002 06:44|--a------|1373] C:\info.wdl
[17/02/2009 21:17|--a------|439] C:\INSTALL.LOG
[12/05/2002 00:07|--a------|26456] C:\invert_back_0.bmp
[12/05/2002 00:06|--a------|26456] C:\invert_back_1.bmp
[07/02/2006 15:19|-rahs----|0] C:\IO.SYS
[21/05/2002 01:29|--a------|414486] C:\jungle.wav
[06/11/2003 01:08|--a------|30851] C:\ki.wdl
[01/05/2001 02:40|--a------|35284] C:\knochen2_0.mdl
[22/05/2002 19:52|--a------|336] C:\knopf.bmp
[03/06/2002 02:17|--a------|9047232] C:\lagerhaus.wmb
[29/04/2002 22:50|--a------|20948] C:\lampe1_0.wmb
[11/10/2004 06:18|--a------|19] C:\LANG.TXT
[09/04/2003 09:44|--a------|10] C:\Language.txt
[30/04/2002 00:23|--a------|12056] C:\leben.bmp
[06/05/2002 22:48|--a------|45636] C:\level_schalter.wmb
[22/04/2002 06:44|--a------|5658] C:\lflare.wdl
[09/11/1999 02:50|--a------|17826] C:\licht.mdl
[07/05/2002 12:46|--a------|262688] C:\licht8.mdl
[21/05/2002 22:17|--a------|276404] C:\lift2.wmb
[28/05/2002 22:02|--a------|230456] C:\load.bmp
[12/05/2002 09:26|--a------|360056] C:\load_back.bmp
[03/11/2005 13:43|--a------|921654] C:\load_spiel_6.bmp
[03/11/2005 13:44|--a------|1440054] C:\load_spiel_7.bmp
[03/11/2005 13:45|--a------|2359350] C:\load_spiel_8.bmp
[31/05/2002 01:10|--a------|15142552] C:\logo.avi
[28/01/2001 01:51|--a------|921656] C:\logodark.bmp
[14/04/2002 03:15|--a------|1177068] C:\m16.mdl
[05/05/2002 02:03|--a------|1053076] C:\m16_solo.mdl
[29/04/2002 22:45|--a------|15500] C:\m1_10_1024.bmp
[29/04/2002 22:46|--a------|15500] C:\m1_1_1024.bmp
[29/04/2002 22:46|--a------|15500] C:\m1_2_1024.bmp
[29/04/2002 22:46|--a------|15500] C:\m1_3_1024.bmp
[29/04/2002 22:46|--a------|15500] C:\m1_4_1024.bmp
[29/04/2002 22:46|--a------|15500] C:\m1_5_1024.bmp
[29/04/2002 22:45|--a------|15500] C:\m1_6_1024.bmp
[29/04/2002 22:45|--a------|15500] C:\m1_7_1024.bmp
[29/04/2002 22:45|--a------|15500] C:\m1_8_1024.bmp
[29/04/2002 22:45|--a------|15500] C:\m1_9_1024.bmp
[29/04/2002 22:51|--a------|15500] C:\m2_10_1024.bmp
[29/04/2002 22:53|--a------|15500] C:\m2_1_1024.bmp
[29/04/2002 22:53|--a------|15500] C:\m2_2_1024.bmp
[29/04/2002 22:52|--a------|15500] C:\m2_3_1024.bmp
[29/04/2002 22:52|--a------|15500] C:\m2_4_1024.bmp
[29/04/2002 22:52|--a------|15500] C:\m2_5_1024.bmp
[29/04/2002 22:52|--a------|15500] C:\m2_6_1024.bmp
[29/04/2002 22:52|--a------|15500] C:\m2_7_1024.bmp
[29/04/2002 22:52|--a------|15500] C:\m2_8_1024.bmp
[29/04/2002 22:52|--a------|15500] C:\m2_9_1024.bmp
[29/04/2002 23:55|--a------|15500] C:\m3_1_1024.bmp
[29/04/2002 23:55|--a------|15500] C:\m3_2_1024.bmp
[29/04/2002 23:56|--a------|15500] C:\m3_3_1024.bmp
[21/05/2002 05:28|--a------|1049932] C:\magazin2.MDL
[09/04/2002 23:21|--a------|1356308] C:\magnum.mdl
[23/04/2002 22:56|--a------|36132] C:\magnum_solo.MDL
[14/11/2005 10:49|--a------|168130] C:\Manual.pdf
[08/05/2002 02:35|--a------|1256] C:\maus.bmp
[01/05/2001 01:42|--a------|133172] C:\medbox.mdl
[07/05/2002 19:47|--a------|1440054] C:\Menuback.bmp
[01/05/2001 02:38|--a------|37052] C:\microuzi.mdl
[31/05/2002 04:06|--a------|47404] C:\mine.wmb
[02/12/2006 22:14|--a------|17873] C:\MP4debug.log
[07/02/2006 15:19|-rahs----|0] C:\MSDOS.SYS
[29/05/2002 00:08|--a------|1121762] C:\musik2.wav
[29/04/2002 23:50|--a------|15500] C:\m_leer.bmp
[14/04/2008 13:00|-rahs----|47564] C:\NTDETECT.COM
[14/04/2008 13:00|-rahs----|252240] C:\ntldr
[04/08/2004 13:00|--a------|2] C:\oem.tag
[01/05/2001 01:43|--a------|131924] C:\oildrum.mdl
[28/05/2002 22:02|--a------|230456] C:\options.bmp
[?|?|?] C:\pagefile.sys
[20/12/1998 06:03|--a------|954] C:\palette.pcx
[06/11/2003 00:42|--a------|768] C:\PALETTE.RAW
[26/05/2002 02:51|--a------|50984] C:\palm1_0.mdl
[15/04/2002 06:00|--a------|93723] C:\palme1_0.pcx
[15/04/2002 06:00|--a------|106865] C:\palme2_0.pcx
[06/11/2003 00:54|--a------|85433] C:\panels.wdl
[20/12/1998 06:06|--a------|945] C:\particle.pcx
[21/03/2002 03:44|--a------|925] C:\particle2.pcx
[07/04/2002 21:39|--a------|16292] C:\patrone1.bmp
[14/04/2002 07:14|--a------|23606] C:\pfl2_0.pcx
[14/04/2002 09:36|--a------|4664] C:\pfl2_1.pcx
[14/04/2002 10:25|--a------|13996] C:\pflanze.pcx
[14/04/2002 06:57|--a------|13996] C:\pfl_0.pcx
[28/01/2008 19:15|--a------|1691] C:\photodex-presenter-install.log
[10/04/2002 22:23|--a------|21284] C:\plant1.mdl
[25/04/2002 00:02|--a------|28540] C:\plant2_0.mdl
[25/04/2002 00:15|--a------|11788] C:\plant3_0.mdl
[25/04/2002 08:17|--a------|70624] C:\plant4_0.mdl
[25/04/2002 08:21|--a------|34784] C:\plant5_0.mdl
[25/04/2002 23:12|--a------|50824] C:\plant6_0.mdl
[06/02/2006 23:28|--ah-----|16249] C:\Prodlog.txt
[07/12/2009 11:55|--a------|6276] C:\rapport.txt
[01/05/2001 02:39|--a------|37104] C:\schadel_0.mdl
[29/04/2002 03:51|--a------|29424] C:\schalter_1.wmb
[29/04/2002 03:52|--a------|29424] C:\schalter_2.wmb
[22/05/2002 00:01|--a------|36632] C:\schluessel.MDL
[25/04/2002 00:50|--a------|15732] C:\schmerz1.wav
[25/04/2002 00:52|--a------|15222] C:\schmerz2.wav
[25/04/2002 00:52|--a------|18548] C:\schmerz3.wav
[21/05/2002 22:36|--a------|26284] C:\schreibtisch1.mdl
[12/05/2002 22:26|--a------|23816] C:\schrift_pan.bmp
[14/05/2002 18:28|--a------|12660] C:\schritt_holz_1.wav
[14/05/2002 18:28|--a------|7028] C:\schritt_holz_2.wav
[14/05/2002 03:14|--a------|6966] C:\schritt_kies_1.wav
[14/05/2002 03:14|--a------|7412] C:\schritt_kies_2.wav
[14/05/2002 18:30|--a------|6804] C:\schritt_metal_1.wav
[14/05/2002 18:30|--a------|8148] C:\schritt_metal_2.wav
[20/05/2002 21:46|--a------|8340] C:\schritt_stein_1.wav
[20/05/2002 21:46|--a------|10932] C:\schritt_stein_2.wav
[14/05/2002 01:43|--a------|15540] C:\schritt_wald_1.wav
[14/05/2002 01:44|--a------|17140] C:\schritt_wald_2.wav
[14/05/2002 01:44|--a------|14580] C:\schritt_wald_3.wav
[21/03/2002 04:20|--a------|1413] C:\schuss.pcx
[23/04/2002 00:25|--a------|697] C:\schuss_punkt.pcx
[28/05/2002 03:33|--a------|2359352] C:\schwarz.bmp
[22/11/2009 14:46|--a------|159] C:\Setup.log
[19/04/2002 02:40|--a------|983094] C:\sky09.bmp
[26/05/2002 01:33|--a------|983096] C:\sky09_n.bmp
[22/05/2002 19:50|--a------|26456] C:\slider_back.bmp
[12/04/2002 00:47|--a------|1461124] C:\sniper.mdl
[02/06/2002 22:24|--a------|1084836] C:\sniper_solo.MDL
[01/05/2002 21:39|--a------|782960] C:\sniper_zoom.pcx
[03/05/2002 01:58|--a------|1016172] C:\soldat.MDL
[03/05/2002 01:59|--a------|1016172] C:\soldat2.MDL
[02/05/2001 01:34|--a------|197388] C:\soldat3.mdl
[07/02/2006 15:59|--a------|164] C:\soundmax.log
[28/05/2002 00:28|--a------|17680] C:\spieler.wdl
[28/05/2002 23:55|--a------|176196] C:\stein1.wmb
[26/05/2002 22:55|--a------|47220] C:\stein2.wmb
[22/05/2002 21:28|--a------|37756] C:\sterben.wav
[21/05/2002 22:36|--a------|35744] C:\strassenlampe1.mdl
[31/10/2005 16:56|--a------|700416] C:\StubInstaller.exe
[21/05/2002 22:30|--a------|10684] C:\stuhl1.mdl
[15/11/2006 19:54|--a------|940] C:\t3r8
[15/11/2006 19:54|--a------|6416] C:\t3r8.1
[13/11/2006 07:43|--a------|940] C:\t51k
[13/11/2006 07:43|--a------|6416] C:\t51k.1
[03/11/2005 13:06|--a------|14950] C:\tastatur.bmp
[03/11/2005 13:06|--a------|14950] C:\tastatur_a.bmp
[13/04/2002 03:18|--a------|45636] C:\teur1.wmb
[21/05/2002 04:47|--a------|23876] C:\teur2.wmb
[09/05/2002 04:26|--a------|26456] C:\text_leiste.bmp
[21/05/2002 19:01|--a------|46356] C:\trep_beg.wmb
[03/06/2002 00:43|--a------|2846860] C:\tunnelsystem.wmb
[17/05/2002 00:16|--a------|22094] C:\turbine_k.wav
[09/04/2009 19:51|--a------|1501] C:\updatedatfix.log
[07/12/2009 15:25|--a------|14470] C:\UsbFix.txt
[23/04/2002 23:05|--a------|1174632] C:\uzi.mdl
[23/04/2002 23:05|--a------|37052] C:\uzi_solo.MDL
[22/05/2002 21:54|--a------|251958] C:\Verdan22.bmp
[22/05/2002 19:33|--a------|31030] C:\Verdana8.bmp
[26/05/2002 20:49|--a------|31030] C:\Verdana8_braun.bmp
[13/05/2002 01:17|--a------|37804] C:\waffe1.wav
[16/05/2002 23:46|--a------|84464] C:\waffe1_nachladen.wav
[13/05/2002 01:11|--a------|6172] C:\waffe2.wav
[16/05/2002 23:46|--a------|82800] C:\waffe2_nachladen.wav
[13/05/2002 01:18|--a------|6890] C:\waffe3.wav
[16/05/2002 23:56|--a------|74608] C:\waffe3_nachladen.wav
[07/04/2002 23:36|--a------|15076] C:\waffe4.wav
[08/04/2002 00:45|--a------|81908] C:\waffe4_nachladen.wav
[13/05/2002 01:16|--a------|25330] C:\waffe5.wav
[16/05/2002 23:54|--a------|79784] C:\waffe5_nachladen.wav
[02/06/2002 21:03|--a------|20693] C:\waffen.wdl
[03/05/2002 23:54|--a------|41596] C:\waffe_aufheben.wav
[23/05/2002 19:25|--a------|45636] C:\wand.wmb
[20/05/2002 20:43|--a------|45924] C:\wand1.wmb
[06/11/2003 22:50|--a------|540672] C:\WAR-Soldiers.exe
[06/11/2003 22:49|--a------|10266] C:\war-soldiers.wdl
[15/04/2002 20:53|--a------|375564] C:\warlock.mdl
[25/04/2002 00:42|--a------|45636] C:\wasser.wmb
[21/05/2002 22:27|--a------|136916] C:\wcrat2_0.mdl
[21/05/2002 22:27|--a------|131508] C:\wcrate1.mdl
[21/05/2002 22:27|--a------|136916] C:\wcrate2.mdl
[21/05/2002 22:27|--a------|131508] C:\wcrat_0.mdl
[03/06/2002 01:55|--a------|14071] C:\welt.wdl
[20/01/1999 08:45|--a------|28992] C:\wham.wav

################## | Vaccination |

# C:\autorun.inf -> Dossier créé par UsbFix.
# J:\autorun.inf -> Dossier créé par UsbFix.

################## | Cracks / Keygens / Serials |

"C:\Documents and Settings\Balico\Mes documents\Programmes\keygen.exe"
25/11/2006 00:23 |Size 118784 |Crc32 52ce3b97 |Md5 a2fcfa38b381163e372a3f195541a848

"C:\Documents and Settings\THOMAS\Mes documents\Crack\Ad-Aware2007.exe"
13/06/2007 13:40 |Size 4452352 |Crc32 e5e85934 |Md5 9f6360e28d56ae0fed9e2aeb22e0a24f

"C:\Documents and Settings\THOMAS\Mes documents\Crack\Ad-Watch2007.exe"
13/06/2007 13:18 |Size 4177920 |Crc32 c7c69398 |Md5 67f518dbd7de862056e93b719b6822eb

"C:\Documents and Settings\THOMAS\Mes documents\Crack\HostFileEditor.exe"
13/06/2007 13:31 |Size 3629056 |Crc32 26019cf4 |Md5 4e535d6cf6494a98c5f190ea15d75236

"C:\Documents and Settings\THOMAS\Mes documents\Crack\LSUpdateManager.exe"
13/06/2007 12:41 |Size 1771664 |Crc32 98cbee9a |Md5 34ed43a5dbc2a835322d47e69e370cd8

"C:\Documents and Settings\THOMAS\Mes documents\Crack\ProcessWatch.exe"
13/06/2007 13:38 |Size 3706880 |Crc32 ce019c71 |Md5 1b69c06901b4f8fcd0e6ecedc8e47e77

"C:\Documents and Settings\THOMAS\Mes documents\Crack\update-cracked.exe"
13/06/2007 13:10 |Size 3158016 |Crc32 af4838cb |Md5 92ba6611261664b91d49b0dbeb73fe53

"C:\Documents and Settings\THOMAS\Mes documents\mes jeux\Mx vs Atv Unleashed\Crack Mx vs atv unleashed\MXvsATV.exe"
19/09/2009 14:32 |Size 18935808 |Crc32 a1e6c82b |Md5 2ae77ef8d2cfe6aff07fc0320948103f

"C:\Program Files\Lavasoft\Ad-Aware 2007\Crack\Ad-Aware2007.exe"
13/06/2007 13:40 |Size 4452352 |Crc32 e5e85934 |Md5 9f6360e28d56ae0fed9e2aeb22e0a24f

"C:\Program Files\Lavasoft\Ad-Aware 2007\Crack\Ad-Watch2007.exe"
13/06/2007 13:18 |Size 4177920 |Crc32 c7c69398 |Md5 67f518dbd7de862056e93b719b6822eb

"C:\Program Files\Lavasoft\Ad-Aware 2007\Crack\HostFileEditor.exe"
13/06/2007 13:31 |Size 3629056 |Crc32 26019cf4 |Md5 4e535d6cf6494a98c5f190ea15d75236

"C:\Program Files\Lavasoft\Ad-Aware 2007\Crack\LSUpdateManager.exe"
13/06/2007 12:41 |Size 1771664 |Crc32 98cbee9a |Md5 34ed43a5dbc2a835322d47e69e370cd8

"C:\Program Files\Lavasoft\Ad-Aware 2007\Crack\ProcessWatch.exe"
13/06/2007 13:38 |Size 3706880 |Crc32 ce019c71 |Md5 1b69c06901b4f8fcd0e6ecedc8e47e77

"C:\Program Files\Lavasoft\Ad-Aware 2007\Crack\update-cracked.exe"
13/06/2007 13:10 |Size 3158016 |Crc32 af4838cb |Md5 92ba6611261664b91d49b0dbeb73fe53

"J:\Balico\Programmes\keygen.exe"
25/11/2006 00:23 |Size 118784 |Crc32 52ce3b97 |Md5 a2fcfa38b381163e372a3f195541a848

"J:\Program Files\Lavasoft\Ad-Aware 2007\Crack\Ad-Aware2007.exe"
13/06/2007 13:40 |Size 4452352 |Crc32 e5e85934 |Md5 9f6360e28d56ae0fed9e2aeb22e0a24f

"J:\Program Files\Lavasoft\Ad-Aware 2007\Crack\Ad-Watch2007.exe"
13/06/2007 13:18 |Size 4177920 |Crc32 c7c69398 |Md5 67f518dbd7de862056e93b719b6822eb

"J:\Program Files\Lavasoft\Ad-Aware 2007\Crack\HostFileEditor.exe"
13/06/2007 13:31 |Size 3629056 |Crc32 26019cf4 |Md5 4e535d6cf6494a98c5f190ea15d75236

"J:\Program Files\Lavasoft\Ad-Aware 2007\Crack\LSUpdateManager.exe"
13/06/2007 12:41 |Size 1771664 |Crc32 98cbee9a |Md5 34ed43a5dbc2a835322d47e69e370cd8

"J:\Program Files\Lavasoft\Ad-Aware 2007\Crack\ProcessWatch.exe"
13/06/2007 13:38 |Size 3706880 |Crc32 ce019c71 |Md5 1b69c06901b4f8fcd0e6ecedc8e47e77

"J:\Program Files\Lavasoft\Ad-Aware 2007\Crack\update-cracked.exe"
13/06/2007 13:10 |Size 3158016 |Crc32 af4838cb |Md5 92ba6611261664b91d49b0dbeb73fe53
0
Réponse 13 / 43
balico
8 déc. 2009 à 17:16
Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3321
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/12/2009 17:16:49
mbam-log-2009-12-07 (17-16-49).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 256317
Temps écoulé: 1 hour(s), 43 minute(s), 17 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 14 / 43
balico
8 déc. 2009 à 20:24
Logfile of random's system information tool 1.06 (written by random/random)
Run by Balico at 2009-12-07 20:25:14
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 37 GB (15%) free of 238 GB
Total RAM: 1023 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:29, on 07/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Balico\Mes documents\RSIT(2).exe
C:\Documents and Settings\Balico\Mes documents\Balico.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [MailNotifierSessionManager] C:\Program Files\Orange\Notification Mail\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Balico\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol 52\axcmd.exe" /automount
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f006.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8001DE01-8B64-42D0-A0DB-7618DC0AF72D}: NameServer = 192.168.1.1,80.10.246.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{90093DB8-745E-40BA-9619-3D078DF4E4F1}: NameServer = 192.168.1.1,80.10.246.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FB87DFC-19EC-4AF0-9661-BA62417C648E}: NameServer = 192.168.1.1,80.10.246.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe
0
Réponse 15 / 43
balico
9 déc. 2009 à 01:40
List'em by g3n-h@ckm@n 1.1.3.1

Thx to Chiquitine29.....& CCM team

User : Balico (Administrateurs) # CASA
Update on 08/12/2009 by g3n-h@ckm@n ::::: 12:30
Start at: 22:18:41 | 07/12/2009
Contact : g3n-h@ckm@n sur CCM

Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]

C:\ -> Disque fixe local | 232,88 Go (34,96 Go free) [446513] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
K:\ -> Disque amovible

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe 980
C:\WINDOWS\system32\csrss.exe 1224
C:\WINDOWS\system32\winlogon.exe 1320
C:\WINDOWS\system32\services.exe 1380
C:\WINDOWS\system32\lsass.exe 1392
C:\WINDOWS\system32\Ati2evxx.exe 1620
C:\WINDOWS\system32\svchost.exe 1640
C:\WINDOWS\system32\svchost.exe 1720
C:\WINDOWS\System32\svchost.exe 1832
C:\WINDOWS\system32\svchost.exe 1924
C:\WINDOWS\system32\svchost.exe 2028
C:\WINDOWS\system32\Ati2evxx.exe 232
C:\WINDOWS\system32\spoolsv.exe 396
C:\Program Files\Avira\AntiVir Desktop\sched.exe 488
C:\WINDOWS\system32\svchost.exe 608
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1356
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1460
C:\WINDOWS\system32\svchost.exe 1744
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe 1800
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE 480
C:\WINDOWS\System32\svchost.exe 528
C:\WINDOWS\System32\svchost.exe 568
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 580
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe 808
C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe 852
C:\WINDOWS\system32\svchost.exe 868
C:\WINDOWS\system32\SearchIndexer.exe 1056
C:\WINDOWS\System32\alg.exe 2832
C:\WINDOWS\explorer.exe 3220
C:\WINDOWS\system32\ctfmon.exe 2544
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe 2236
C:\WINDOWS\system32\wscntfy.exe 2800
C:\Program Files\Mozilla Firefox\firefox.exe 3916
C:\Documents and Settings\Balico\Bureau\List_Kill'em.exe 3776
C:\WINDOWS\system32\cmd.exe 3444
C:\WINDOWS\system32\SearchProtocolHost.exe 3696
C:\WINDOWS\system32\SearchFilterHost.exe 1340
C:\WINDOWS\system32\wbem\wmiprvse.exe 2504
C:\Documents and Settings\Balico\Local Settings\Temp\F6.tmp\pv.exe 3392

======================
Keys "Run"
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
Google Update REG_SZ "C:\Documents and Settings\Balico\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
AlcoholAutomount REG_SZ "C:\Program Files\Alcohol 52\axcmd.exe" /automount

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MailNotifierSessionManager REG_SZ C:\Program Files\Orange\Notification Mail\SessionManager\SessionManager.exe
LogitechVideoRepair REG_SZ C:\Program Files\Logitech\Video\ISStart.exe
SoundMAXPnP REG_SZ C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
StartCCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
AppleSyncNotifier REG_SZ C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
Malwarebytes' Anti-Malware REG_SZ C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername REG_DWORD 0 (0x0)
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 1 (0x1)
undockwithoutlogon REG_DWORD 1 (0x1)

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun REG_DWORD 145 (0x91)
NoDriveAutoRun REG_DWORD 145 (0x91)
HonorAutoRunSetting REG_DWORD 0 (0x0)

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
HonorAutoRunSetting REG_DWORD 0 (0x0)
NoDriveAutoRun REG_DWORD 145 (0x91)
NoDriveTypeAutoRun REG_DWORD 145 (0x91)

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS REG_SZ wbsys.dll

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\uTorrent\uTorrent.exe REG_SZ C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
C:\Documents and Settings\Balico\Mes documents\BitTorrent Downloads\fscommand\Vividas_ep18.exe REG_SZ C:\Documents and Settings\Balico\Mes documents\BitTorrent Downloads\fscommand\Vividas_ep18.exe:*:Disabled:Vividas Player
C:\Documents and Settings\Balico\Mes documents\BitTorrent Downloads\dora léon le lion du cirque.zip\fscommand\Vividas_ep18.exe REG_SZ C:\Documents and Settings\Balico\Mes documents\BitTorrent Downloads\dora léon le lion du cirque.zip\fscommand\Vividas_ep18.exe:*:Disabled:Vividas Player
C:\Documents and Settings\Balico\Mes documents\BitTorrent Downloads\dora léon le lion du cirque.zip\dora JEU PC léon le lion du cirque\fscommand\Vividas_ep18.exe REG_SZ C:\Documents and Settings\Balico\Mes documents\BitTorrent Downloads\dora léon le lion du cirque.zip\dora JEU PC léon le lion du cirque\fscommand\Vividas_ep18.exe:*:Enabled:Vividas Player
C:\Documents and Settings\Balico\Mes documents\BitTorrent Downloads\DORA clique et crée N°8 la famille buzza buzza\fscommand\Vividas_ep8.exe REG_SZ C:\Documents and Settings\Balico\Mes documents\BitTorrent Downloads\DORA clique et crée N°8 la famille buzza buzza\fscommand\Vividas_ep8.exe:*:Enabled:Vividas Player
C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger
C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
C:\Program Files\Scrabble2009\ScrabblePCR.exe REG_SZ C:\Program Files\Scrabble2009\ScrabblePCR.exe:*:Enabled:Scrabble™ Interactif Edition 2009
C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Scrabble2009\ScrabblePCR.exe REG_SZ C:\Program Files\Scrabble2009\ScrabblePCR.exe:*:Enabled:ScrabblePCR
C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe
C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe
C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe REG_SZ C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe

===============
BHO :
======
[<NO NAME> REG_SZ ]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0347C33E-8762-4905-BF09-768834316C61}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{053F9267-DC04-4294-A72C-58F732D338C0}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{53707962-6F74-2D53-2644-206D7942484F}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{d3e23b4b-f153-4687-82c2-816319dd3c5a}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ https://www.msn.com/fr-fr

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3
EapHost : 0x3
SharedAccess : 0x2
wuauserv : 0x2

=========

=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

Rapport d'analyse
233 Go total, 34,97 Go libre (15%), 4% fragment‚ (fragmentation du fichier 9%)

Il ne vous est pas n‚cessaire de d‚fragmenter ce volume.

==========
Programs
==========

3GP Video Converter 3
7-Zip
a-squared Free
a2FreeSetup.exe
Ad-Aware
AdbeRdr810_en_US.exe
Adobe
Alcohol 52
Alcohol Soft
Alcohol52_FE_1.9.6.5429.exe
Analog Devices
Apple Software Update
ATI Technologies
Audacity
AutoGK
AUTORUN.INF
Avira
AviSynth 2.5
Ballance.ico
Barbie(TM)
Bonjour
BSplayer
CCleaner
ccleaner.setup140.exe
CleanUp!
Common Files
ComPlus Applications
CyberLink
data1.cab
data1.hdr
data2.cab
directx
DivX
DNA
Dsetup.dll
Eidos Interactive
eMule
Extras
EZFace
Fichiers communs
free-downloads
Freez 3GP Video Converter
GameHouse
Google
help
Hewlett-Packard
HP
ImTOO
Install.exe
InstallShield Installation Information
install_flash_player.exe
Intel
Internet Explorer
InterVideo
iPod
iTunes
Java
Kellogg's Asie
Kodak
Launch.exe
Launch.ini
Lavalys
Lavasoft
LG Electronics
LG PC Suite
Lilo & Stitch Ouragan sur Hawa‹
Logiciel Photo Orange
Logitech
Malwarebytes' Anti-Malware
Media Player Classic
mes donn‚es
Messenger
Messenger Plus! Live
MessengerPlus! 3
Microsoft
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Office
Microsoft Silverlight
Microsoft SQL Server Compact Edition
Microsoft Sync Framework
Microsoft Visual Studio
Microsoft Works
Mindscape
Movie Maker
Mozilla Firefox
MSBuild
MSN
MSN Apps
MSN Gaming Zone
MSXML 4.0
Multi_Media_France
Nero
NetMeeting
Network Stumbler
NFO viewer
Online Services
orange
OrangeHSS
Outlook Express
PeerGuardian2
perfect disk d‚fragmenteur
Photo Mixer 3.0
Photodex
PhotoFiltre Studio
PIXELA
QuickTime
Raccourcis de programmes
Raxco
Real
Real Alternative
Reference Assemblies
Rockstar Games
SAGEM WiFi manager
Samsung
Satsuki Decoder Pack
scrabble
Scrabble2009
SCRABBLE© Interactif EDITION 2007
Securitoo
Services en ligne
Session 1
Setup
Skype
Sony Corporation
Sony Print Service
SopCast
Spybot - Search & Destroy
Spybot - Search & Destroy 2
Stardock
startup.exe
SUPER
THQ
TmNationsForever
TomTom DesktopSuite
TomTom HOME 2
TomTom International B.V
Tomtomax Maxi-Box
Trend Micro
TribalWeb.net
TVAnts
Ubi Soft
Unlocker
uTorrent
VideoLAN
VirtualDub
VLC
vso
Wanadoo
Web Media Player
Winamp
WinAVI MP4 Converter
Windows Desktop Search
Windows Live
Windows Live Safety Center
Windows Live SkyDrive
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
wmp11-windowsxp-x86-FR-FR.exe
xerox
[C51].nfo

¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
C:\Program Files\Multi_Media_France
C:\Program Files\VLC
C:\WINDOWS\iun6002.exe
C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\System32\ACTSKN43.ocx
C:\WINDOWS\System32\drivers\etc\hosts.msn
C:\WINDOWS\System32\drivers\lvuvc.hs
C:\WINDOWS\system32\drivers\Sonyhcp.dll
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe
C:\Documents and Settings\Balico\LOCAL Settings\Temp\ttmax_maxibox_v2.0.19.exe
C:\Documents and Settings\Balico\LOCAL Settings\Temp\_is1.exe
C:\Documents and Settings\Balico\LOCAL Settings\Temp\_is5.exe
C:\Documents and Settings\Balico\LOCAL Settings\Temp\_is6.exe
C:\Documents and Settings\Balico\LOCAL Settings\Temp\_is7.exe
C:\Documents and Settings\Balico\LOCAL Settings\Temp\{8ED75F97-106A-7C76-4EC8-80850588D7C2}-msa.exe
C:\Documents and Settings\Balico\LOCAL Settings\Temp\tmp28.tmp

¤¤¤¤¤¤¤¤¤¤ Keys :

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
"HKLM\Software\Trymedia Systems"

=========
Rootkits
=========

catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-07 22:21:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:d2,7b,5a,a2,53,9d,d9,90,7b,88,6d,6d,a5,bb,c7,0a,01,a4,8a,7e,14,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:86,33,76,d1,05,cc,91,c2,d4,1c,78,9f,98,22,dc,37,cc,18,24,a9,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:44,14,f8,ee,7f,9f,16,99,0d,ef,06,13,43,1f,75,73,c3,bc,57,9f,60,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:b6,35,ec,ca,9f,0c,38,48,70,5f,90,9c,20,4b,2e,c3,dc,fa,87,d7,75,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,31,e9,2e,59,bf,a7,c8,c0,59,00,56,2a,6f,5f,28,c2,97,..
"khjeh"=hex:0a,25,ae,ab,5e,a6,39,c1,bc,f0,23,b9,62,59,74,8c,d3,19,42,27,e5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8b,92,6c,85,72,ec,83,47,b2,dd,6c,4c,76,8f,28,eb,5d,24,86,44,8a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:40,26,55,97,e8,1a,a4,94,49,e8,da,7d,20,4e,66,af,4b,a6,05,dd,ed,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:b6,35,ec,ca,9f,0c,38,48,70,5f,90,9c,20,4b,2e,c3,dc,fa,87,d7,75,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:44,14,f8,ee,7f,9f,16,99,0d,ef,06,13,43,1f,75,73,c3,bc,57,9f,60,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:b6,35,ec,ca,9f,0c,38,48,70,5f,90,9c,20,4b,2e,c3,dc,fa,87,d7,75,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,31,e9,2e,59,bf,a7,c8,c0,59,00,56,2a,6f,5f,28,c2,97,..
"khjeh"=hex:0a,25,ae,ab,5e,a6,39,c1,bc,f0,23,b9,62,59,74,8c,d3,19,42,27,e5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8b,92,6c,85,72,ec,83,47,b2,dd,6c,4c,76,8f,28,eb,5d,24,86,44,8a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:44,14,f8,ee,7f,9f,16,99,0d,ef,06,13,43,1f,75,73,c3,bc,57,9f,60,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:b6,35,ec,ca,9f,0c,38,48,70,5f,90,9c,20,4b,2e,c3,dc,fa,87,d7,75,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,31,e9,2e,59,bf,a7,c8,c0,59,00,56,2a,6f,5f,28,c2,97,..
"khjeh"=hex:0a,25,ae,ab,5e,a6,39,c1,bc,f0,23,b9,62,59,74,8c,d3,19,42,27,e5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8b,92,6c,85,72,ec,83,47,b2,dd,6c,4c,76,8f,28,eb,5d,24,86,44,8a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:44,14,f8,ee,7f,9f,16,99,0d,ef,06,13,43,1f,75,73,c3,bc,57,9f,60,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:b6,35,ec,ca,9f,0c,38,48,70,5f,90,9c,20,4b,2e,c3,dc,fa,87,d7,75,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,31,e9,2e,59,bf,a7,c8,c0,59,00,56,2a,6f,5f,28,c2,97,..
"khjeh"=hex:0a,25,ae,ab,5e,a6,39,c1,bc,f0,23,b9,62,59,74,8c,d3,19,42,27,e5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8b,92,6c,85,72,ec,83,47,b2,dd,6c,4c,76,8f,28,eb,5d,24,86,44,8a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:44,14,f8,ee,7f,9f,16,99,0d,ef,06,13,43,1f,75,73,c3,bc,57,9f,60,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:b6,35,ec,ca,9f,0c,38,48,70,5f,90,9c,20,4b,2e,c3,dc,fa,87,d7,75,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,31,e9,2e,59,bf,a7,c8,c0,59,00,56,2a,6f,5f,28,c2,97,..
"khjeh"=hex:0a,25,ae,ab,5e,a6,39,c1,bc,f0,23,b9,62,59,74,8c,d3,19,42,27,e5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8b,92,6c,85,72,ec,83,47,b2,dd,6c,4c,76,8f,28,eb,5d,24,86,44,8a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:44,14,f8,ee,7f,9f,16,99,0d,ef,06,13,43,1f,75,73,c3,bc,57,9f,60,..
"p0"="C:\Program Files\Alcohol Soft\Alcohol 52\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:b6,35,ec,ca,9f,0c,38,48,70,5f,90,9c,20,4b,2e,c3,dc,fa,87,d7,75,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,31,e9,2e,59,bf,a7,c8,c0,59,00,56,2a,6f,5f,28,c2,97,..
"khjeh"=hex:0a,25,ae,ab,5e,a6,39,c1,bc,f0,23,b9,62,59,74,8c,d3,19,42,27,e5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8b,92,6c,85,72,ec,83,47,b2,dd,6c,4c,76,8f,28,eb,5d,24,86,44,8a,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:02,e0,63,0f,d5,0d,f9,6a,cf,9d,47,e7,e1,82,2e,d2,ec,ab,fa,25,ff,..
"p0"="C:\Program Files\Alcohol 52\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:b6,35,ec,ca,9f,0c,38,48,70,5f,90,9c,20,4b,2e,c3,dc,fa,87,d7,75,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,31,e9,2e,59,bf,a7,c8,c0,59,00,56,2a,6f,5f,28,c2,97,..
"khjeh"=hex:0a,25,ae,ab,5e,a6,39,c1,bc,f0,23,b9,62,59,74,8c,d3,19,42,27,e5,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:8b,92,6c,85,72,ec,83,47,b2,dd,6c,4c,76,8f,28,eb,5d,24,86,44,8a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:ecc24041
"s2"=dword:6ad14240
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:9c,b5,bb,de,e7,db,49,f7,ae,9f,af,bb,a9,0f,dd,c5,06,37,fd,d3,90,..
"p0"="C:\Program Files\Alcohol 52\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:e1,23,6c,e1,60,90,36,58,ca,21,9c,3d,9c,d3,e5,76,e3,2c,5d,be,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:cd,f9,6a,2e,fc,33,5b,31,18,97,16,f9,ae,98,d0,e3,f5,53,3f,85,a3,..
"p0"="C:\Program Files\Alcohol 52\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet011\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:e1,23,6c,e1,60,90,36,58,ca,21,9c,3d,9c,d3,e5,76,e3,2c,5d,be,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:cd,f9,6a,2e,fc,33,5b,31,18,97,16,f9,ae,98,d0,e3,f5,53,3f,85,a3,..
"p0"="C:\Program Files\Alcohol 52\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet012\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:e1,23,6c,e1,60,90,36,58,ca,21,9c,3d,9c,d3,e5,76,e3,2c,5d,be,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:cd,f9,6a,2e,fc,33,5b,31,18,97,16,f9,ae,98,d0,e3,f5,53,3f,85,a3,..
"p0"="C:\Program Files\Alcohol 52\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet013\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:e1,23,6c,e1,60,90,36,58,ca,21,9c,3d,9c,d3,e5,76,e3,2c,5d,be,13,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:9c,b5,bb,de,e7,db,49,f7,ae,9f,af,bb,a9,0f,dd,c5,06,37,fd,d3,90,..
"p0"="C:\Program Files\Alcohol 52\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet014\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000001
"khjeh"=hex:e1,23,6c,e1,60,90,36,58,ca,21,9c,3d,9c,d3,e5,76,e3,2c,5d,be,13,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG11.00.00.01WORKSTATION"="C932FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A2D97226D213B555BA7FD869164D67945DDF4E4DA5C535526903DA56C00A7B416323B11398E13EE8B194363A6BE5B882F88684E0B209EB7EFDD313A5944B0263A01A5834E2BAC3EF5EA8069527501897EBBCD250C00A1647591058591867A903CAAF7BD2572BC6C9BDAD64A0BBECA650DF1E0C4474069F0CF4DED60F8F3986034EB7BFA3FA46A27ECF450EC50EB0A77E08B725FA316B5601565BDCFA7F4F119D9FF96C6E925897ED1983E382C6404743180BB8481FE0EAAF0195DC64B269A1623534ED8E2B5F4BCB1F72EA67D0F81297491004912DBDF6F57E8F6DA538FC79B28815D3F6130DC59D700DCC99DCE9F8C7D6AD69508C8FF2035D404AAF60B3BCC2194152A8DD4AF240994655D3DE57517303446E14B016BDDCAF935384426C709D69CEC03E632F235F318375E18FB7D48C91263D7ED4C599DA89E709BBB8B703A080CD9B63BC0B0C00CC9B43A5EAB6A0DCCA9824C5F3C6ACAA06101401DFDAC0FDE7B982574AE1C477085DF514B034B600FCD41534D0F6814D41D33E931DCFDFBAAF0A3AEF2FE74972040A6C3764C3FB6576892528F0E508175E6DF7C6934476B0E9A429945388FBED6454262B4F2DB9D08E590E159B5910B1820C53802E19008F2D66DCC16063203D4FE747A1FDEA9E5A1BD9AF7FDEC6D01857D3073D9BE3DAD5139F8308C649DD8771601B603FAD3AEC7B1409818D5E661D0B5AEC8CCDEE4C5C3C14F28BB9C1C1C7F9CF0DC0285882C88E88C24B39FECCE3CD2B0611FB377A4B4AFAA083AE86BB4B1DBA2EAF9183D10239A6A59DBE3C6866D6C4F3021EEEF1A0E302AA3DE107A1379119332E9578640064551F5038607D70DE1B7EAB73FAA02E3447501AD2E52A8014D875521539DC7FFCEEC0CB89E739A224158FEBFE74DB99E961F48CC479F272645B71443577BF0E73C1C10ED50127F3670EB7378629D8DD3655219C3ECA7BABC47548425D1C76913C0F7BAB8613BBAAEE54A714131C3447D0A180E88A1A2A9E7E70BF1DB9C1CD41CF0EEB4AC9B4CC6484AAB69EF280EC77F4B4621FB95AC493DB09BEB93BB7F8A8AB67B4A2903494927548E084B9416766E0F33B051DB078A3AD6F531394030CA750B91C040F90B1F794D8450ABCFB695B56B52372CCF757BE46492F34BED880F141968CD03F7E26B0B5FA2508958120F41D48D55424BE53A67EB0A5BFF5A734100805127F5D66D8A634C16967A35719A4FEE834AAC247C672323131EA3A0C685C31FDDF19EBE5939BEB349AA78738C9B1CB4EBF088A096D0EBFCBECFD50DB4387CDEFCC3D30CC05A440CDE9DD29900834D59E2218242F66B68AF59BD73F1D4C9471BD509EB12041AA157C292FB002"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BF7CD221-C241-8100-9978-4F32856C9627}]

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤)
0
Réponse 16 / 43
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
9 déc. 2009 à 05:00
ok dans cet ordre stp

1) Suppression :

REDEMARRE EN MODE SANS ECHEC ,

https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php

puis :

▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

mais cette fois-ci :

▶ choisis l'option 2 = Mode Destruction

laisse travailler l'outil

▶ colle le contenu de C:\Kill'em.txt dans ta réponse après avoir redémarré en mode normal

2) vois si tu trouves et supprmes : C:\WINDOWS\system32\tmp.txt

3) ▶ Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/

* Lance-le.(clic droit "en tant qu'administrateur" pour Vista) Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
* Ensuite, choisis Registre, puis Chercher des erreurs. Une fois terminé, répare toutes les erreurs tant de fois qu il en trouve a l analyse
* Veille a ce que dans les options le reglage soit au demarrage de windows et réglé sur "effacement securisé" 35 passes (guttman)

4) apres Ccleaner, refais un nouveau RSIT

0
Réponse 17 / 43
balico
9 déc. 2009 à 07:09
Kill'em by g3n-h@ckm@n 1.1.3.1

User : Balico () # CASA
Update on 08/12/2009 by g3n-h@ckm@n ::::: 12:30
Start at: 06:55:58 | 08/12/2009
Contact : g3n-h@ckm@n sur CCM

Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

C:\ -> Disque fixe local | 232,88 Go (34,98 Go free) [446513] | NTFS
D:\ -> Disque CD-ROM
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
K:\ -> Disque amovible


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\WINDOWS\System32\smss.exe 128
C:\WINDOWS\system32\csrss.exe 192
C:\WINDOWS\system32\winlogon.exe 216
C:\WINDOWS\system32\services.exe 260
C:\WINDOWS\system32\lsass.exe 272
C:\WINDOWS\system32\svchost.exe 428
C:\WINDOWS\system32\svchost.exe 504
C:\WINDOWS\system32\svchost.exe 560
C:\WINDOWS\Explorer.EXE 856
C:\Documents and Settings\Balico\Bureau\List_Kill'em.exe 1048
C:\WINDOWS\system32\cmd.exe 1060
C:\WINDOWS\system32\wbem\wmiprvse.exe 1144
C:\Documents and Settings\Balico\Local Settings\Temp\1.tmp\pv.exe 1216

Detections :
==========


¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
"C:\Program Files\Multi_Media_France"
"C:\Program Files\VLC"
"C:\WINDOWS\iun6002.exe"
"C:\WINDOWS\system32\404Fix.exe"
"C:\WINDOWS\System32\ACTSKN43.ocx"
"C:\WINDOWS\System32\drivers\etc\hosts.msn"
"C:\WINDOWS\System32\drivers\lvuvc.hs"
"C:\WINDOWS\system32\drivers\Sonyhcp.dll"
"C:\WINDOWS\system32\dumphive.exe"
"C:\WINDOWS\system32\IEDFix.exe"
"C:\WINDOWS\system32\Process.exe"
"C:\WINDOWS\system32\SrchSTS.exe"
"C:\WINDOWS\system32\tmp.reg"
"C:\WINDOWS\system32\VACFix.exe"
"C:\WINDOWS\system32\VCCLSID.exe"
"C:\WINDOWS\system32\WS2Fix.exe"
C:\Documents and Settings\Balico\LOCAL Settings\Temp\ttmax_maxibox_v2.0.19.exe
C:\Documents and Settings\Balico\LOCAL Settings\Temp\_is1.exe
C:\Documents and Settings\Balico\LOCAL Settings\Temp\_is5.exe
C:\Documents and Settings\Balico\LOCAL Settings\Temp\_is6.exe
C:\Documents and Settings\Balico\LOCAL Settings\Temp\_is7.exe
C:\Documents and Settings\Balico\LOCAL Settings\Temp\{8ED75F97-106A-7C76-4EC8-80850588D7C2}-msa.exe
C:\Documents and Settings\Balico\LOCAL Settings\Temp\tmp28.tmp


¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :

Quarantine :

404Fix.exe.Kill'em
ACTSKN43.OCX.Kill'em
dumphive.exe.Kill'em
hosts.msn.Kill'em
IEDFix.exe.Kill'em
iun6002.exe.Kill'em
lvuvc.hs.Kill'em
Multi_Media_France.Kill'em
Process.exe.Kill'em
QTSBandwidthCache.Kill'em
Sonyhcp.dll.Kill'em
SrchSTS.exe.Kill'em
tmp.reg.Kill'em
tmp28.tmp.Kill'em
ttmax_maxibox_v2.0.19.exe.Kill'em
VACFix.exe.Kill'em
VCCLSID.exe.Kill'em
VLC.Kill'em
WS2Fix.exe.Kill'em
_is1.exe.Kill'em
_is5.exe.Kill'em
_is6.exe.Kill'em
_is7.exe.Kill'em
{8ED75F97-106A-7C76-4EC8-80850588D7C2}-msa.exe.Kill'em

==============
host file OK !
==============

========
Registry
========
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
Deleted : HKLM\Software\Trymedia Systems

============
Disk Cleaned
============

================
Prefetch cleaned :
================

Layout.ini
NTOSBOOT-B00DFAAD.pf



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 18 / 43
balico
9 déc. 2009 à 07:23
Logfile of random's system information tool 1.06 (written by random/random)
Run by Balico at 2009-12-08 07:23:28
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 36 GB (15%) free of 238 GB
Total RAM: 1023 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:23:44, on 08/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Balico\Mes documents\RSIT(3).exe
C:\Documents and Settings\Balico\Mes documents\Balico.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [MailNotifierSessionManager] C:\Program Files\Orange\Notification Mail\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Balico\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol 52\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f006.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8001DE01-8B64-42D0-A0DB-7618DC0AF72D}: NameServer = 192.168.1.1,80.10.246.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{90093DB8-745E-40BA-9619-3D078DF4E4F1}: NameServer = 192.168.1.1,80.10.246.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FB87DFC-19EC-4AF0-9661-BA62417C648E}: NameServer = 192.168.1.1,80.10.246.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe
0
Réponse 19 / 43
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
9 déc. 2009 à 07:28
as tu suivi l'ordre des étapes du post 18
et en particulier les étapes 2 et 3

0
balico
9 déc. 2009 à 08:08
oui mais à l'étape 2 je n'ai pas trouvé le fichier C:\WINDOWS\system32\tmp.txt (peut être pas cherché où il faut ?).

A l'étape 3, je n'ai pas trouvé à l'endroit indiqué "les options le réglage soit au démarrage de windows et réglé sur "effacement securisé" 35 passes (guttman)".

Je te dis à ce soir car je pars bosser.
Merci encore pour ta patience !
0
balico > balico
9 déc. 2009 à 19:24
çà y est, j'ai trouvé et viré le fichier C:\WINDOWS\system32\tmp.txt



Logfile of random's system information tool 1.06 (written by random/random)
Run by Balico at 2009-12-08 19:23:21
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 36 GB (15%) free of 238 GB
Total RAM: 1023 MB (34% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:23:38, on 08/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Balico\Mes documents\RSIT(3).exe
C:\Documents and Settings\Balico\Mes documents\Balico.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: free-downloads Toolbar - {d3e23b4b-f153-4687-82c2-816319dd3c5a} - C:\Program Files\free-downloads\tbfree.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [MailNotifierSessionManager] C:\Program Files\Orange\Notification Mail\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Balico\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol 52\axcmd.exe" /automount
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f006.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8001DE01-8B64-42D0-A0DB-7618DC0AF72D}: NameServer = 192.168.1.1,80.10.246.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{90093DB8-745E-40BA-9619-3D078DF4E4F1}: NameServer = 192.168.1.1,80.10.246.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{9FB87DFC-19EC-4AF0-9661-BA62417C648E}: NameServer = 192.168.1.1,80.10.246.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol 52\StarWind\StarWindServiceAE.exe
0
balico
9 déc. 2009 à 18:20
me revoilou
0
Réponse 20 / 43
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 2 274
9 déc. 2009 à 18:34
relances usbfix option 2

ce que je cherche devrait être pris en charge par lui


0

Discussions similaires

j'ai renversé de l'eau sur mon pc portable
sardine -
moudubulbe -

14 réponses
Comment taper l'arobase sur un pc hp ?
kadem -
Tatopoulosse -

5 réponses