Sujet Précédent Sujet Suivant

Troj_generic.za

djchat Messages postés 120 Statut Membre -  
 Utilisateur anonyme -
Bonjour a tous, j'ai fait un antivirus en ligne trend micro et il ma reperé le Troj_generic.za et il n'a pas reussi a me le suprimmer....

Il me desactive mon pare-feu donc un peu embetant, est c'que quelqu'un aurai un outil pour me debarasser de ce trojan?

Merci d'avance!!! ;)

12 réponses

Réponse 1 / 12
Utilisateur anonyme
 
Bonjour

Télécharge HijackThis :
---> http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis_v2.exe

Installe le dans son propre dossier :
- clic droit sur le bureau, tu choisis "nouveau dossier" puis installe-le à l'intérieur.
Fais un clic droit sur Hijackthis, choisis "renommer" puis marque ceci : abcde.exe
Double-clic sur HijackThis. Clic sur "I Accept" puis clic sur "do a system scan and save logfile"
Puis copie et colle ici le rapport qu'il va te générer.

Démo pour HijackThis si besoin :
http://pageperso.aol.fr/balltrap34/demohijack.htm
0
Réponse 2 / 12
shayne Messages postés 3 Statut Membre
 
bonjour
je veux suprimer instant access de mon pc mais j'yarrive pas
comment je vais faire svp
0
Réponse 3 / 12
djchat Messages postés 120 Statut Membre 1
 
Voila ce que j'ai eu:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:37:19, on 15/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\emule\eMule.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\abcde.exe\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O21 - SSODL: syshelps - {C7F01703-2C06-4434-8CB9-798116E33F6E} - syshelps.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
0
Réponse 4 / 12
Utilisateur anonyme
 
Télécharge ComboScan sur ton Bureau.
---> http://www.techsupportforum.com/sectools/Deckard/dss.exe
Ferme toutes les applications en cours ; antivirus, pare-feu, etc ..
Double-clic sur comboscan.exe A la fenêtre qui s'affiche, clic sur OK.
Soit patient ..
Le rapport Comboscan.txt s'affichera, copie et colle le contenu de ce fichier ici.
Attention, il peut avoir deux, trois rapports mets les tous ici stp
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
djchat Messages postés 120 Statut Membre 1
 
alors voila ce que j'ai eu:

Deckard's System Scanner v20070611.50
Run by Chat on 2007-06-15 at 19:56:01
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.

-- Last 1 Restore Point(s) --
1: 2007-06-15 17:56:06 UTC - RP1 - Point de vérification système

Backed up registry hives.

Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-06-15 19:57:24
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Creative\ShareDLL\CTNotify.exe
C:\Program Files\Wanadoo\TaskBarIcon.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\Grisoft\AVG7\avgupsvc.exe
C:\Program Files\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Wanadoo\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (file missing)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_11) - http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
O21 - SSODL: syshelps - {C7F01703-2C06-4434-8CB9-798116E33F6E} - syshelps.dll (file missing)
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe /srvfsys
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\system32\FTRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - "C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture>

S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing)
S3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 FTRTSVC (France Telecom Routing Table Service) - c:\windows\system32\ftrtsvc.exe <Not Verified; France Telecom; FTRTSVC NT Service>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe

-- Scheduled Tasks -------------------------------------------------------------

2007-06-15 17:16:38 406 --a------ C:\WINDOWS\Tasks\Maintenance en 1 clic.job

-- Files created between 2007-05-15 and 2007-06-15 -----------------------------

2007-06-15 01:02:10 0 dr-h----- C:\Documents and Settings\Chat.XPSP2-0651A64D8\Recent
2007-06-15 00:58:36 0 d-------- C:\Program Files\CCleaner
2007-06-14 22:50:38 0 d-------- C:\Documents and Settings\Chat.XPSP2-0651A64D8\.housecall6.6
2007-06-14 20:42:01 0 d-------- C:\Program Files\a-squared Free
2007-06-13 15:36:16 278528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe <Not Verified; ; FDEUninstaller>

-- Find3M Report ---------------------------------------------------------------

2007-06-15 19:55:34 0 d-------- C:\Program Files\Wanadoo
2007-06-15 19:46:40 0 d-------- C:\Documents and Settings\Chat.XPSP2-0651A64D8\Application Data\AVG7
2007-06-15 19:45:18 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-0000000B-00001102-00000004-00511102}.dat
2007-06-15 19:45:18 24 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000B-00001102-00000004-00511102}.dat
2007-06-15 11:32:14 0 d-------- C:\Program Files\emule
2007-06-13 15:37:46 368076 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-06-13 15:37:46 48856 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-06-13 15:36:16 0 d-------- C:\Program Files\Inventel
2007-06-13 15:36:16 0 d-------- C:\Program Files\Fichiers communs
2007-06-08 08:33:07 0 d-------- C:\Program Files\Everest Poker
2007-05-31 18:15:22 0 d-------- C:\Program Files\Lx_cats
2007-05-25 00:27:14 0 d-------- C:\Program Files\MSN Messenger
2007-05-25 00:26:55 0 d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2007-05-19 08:33:12 0 d-------- C:\Program Files\7-Zip
2007-04-23 21:30:38 0 d-------- C:\Documents and Settings\Chat.XPSP2-0651A64D8\Application Data\Adobe
2007-04-23 21:29:30 0 d-------- C:\Program Files\Fichiers communs\Adobe
2007-04-18 20:57:10 0 d-------- C:\Program Files\TuneUp Utilities 2007
2007-04-06 19:13:43 1485 --a------ C:\WINDOWS\mozver.dat

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar2.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AtiPTA"="atiptaxx.exe"
"Disc Detector"="C:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe"
"UpdReg"="C:\\WINDOWS\\Updreg.exe"
"CTStartup"="C:\\Program Files\\Creative\\SBAudigy\\Program\\CTEaxSpl.EXE /run"
"NeroFilterCheck"="C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NeroCheck.exe"
"WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe"
"WOOTASKBARICON"="C:\\PROGRA~1\\Wanadoo\\GestMaj.exe TaskBarIcon.exe"
"LXCECATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCEtime.dll,_RunDLLEntry@16"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMBgMonitor.exe\""
"WOOKIT"="C:\\PROGRA~1\\Wanadoo\\Shell.exe appLaunchClientZone.shl|PARAM= cnx"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"Config"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\
5c,72,75,6e,2e,63,6d,64,00
"nlsf"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\
53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\
65,74,75,62,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,\
79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00
"tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=dword:00000001
"NoStartBanner"=hex:01,00,00,00
"MemCheckBoxInRunDlg"=dword:00000001
"NoSMBalloonTip"=dword:00000001
"NoDesktopCleanupWizard"=dword:00000001
"NoWelcomeScreen"=dword:00000001
@=""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=dword:00000001
"NoStartBanner"=hex:01,00,00,00
"MemCheckBoxInRunDlg"=dword:00000001
"NoSMBalloonTip"=dword:00000001
"NoDesktopCleanupWizard"=dword:00000001
"NoWelcomeScreen"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"syshelps"="{C7F01703-2C06-4434-8CB9-798116E33F6E}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Menu Démarrer\\Programmes\\Démarrage\\Adobe Reader Synchronizer.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
"item"="Adobe Reader Synchronizer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Event Reminder.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Menu Démarrer\\Programmes\\Démarrage\\Event Reminder.lnk"
"backup"="C:\\WINDOWS\\pss\\Event Reminder.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BRODER~1\\PRINTM~1\\PMremind.exe "
"item"="Event Reminder"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Menu Démarrer\\Programmes\\Démarrage\\Lancement rapide d'Adobe Reader.lnk"
"backup"="C:\\WINDOWS\\pss\\Lancement rapide d'Adobe Reader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
"item"="Lancement rapide d'Adobe Reader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users.WINDOWS\\Menu Démarrer\\Programmes\\Démarrage\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ADGJDet"
"hkey"="HKLM"
"command"="C:\\Program Files\\Creative\\SBAudigy\\PROGRAM\\ADGJDet.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GoogleToolbarNotifier"
"hkey"="HKCU"
"command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp

-- End of Deckard's System Scanner: finished at 2007-06-15 at 19:57:55 ---------

Deckard's System Scanner v20070611.50
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professionnel (build 2600) SP 2.0
Architecture: X86; Language: French

CPU 0: Intel(R) Pentium(R) 4 CPU 1.90GHz
Percentage of Memory in Use: 31%
Physical Memory (total/avail): 1023.48 MiB / 700.16 MiB
Pagefile Memory (total/avail): 1246.21 MiB / 1023.77 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1972.03 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 19.53 GiB total, 13.84 GiB free.
D: is Fixed (NTFS) - 105.76 GiB total, 0.52 GiB free.
F: is Fixed (NTFS) - 92.22 GiB total, 9.97 GiB free.
G: is Fixed (NTFS) - 128 GiB total, 1.75 GiB free.
H: is CDROM (CDFS)
I: is CDROM (CDFS)

-- Security Center -------------------------------------------------------------

AUOptions is disabled.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.
UpdatesDisableNotify is set.
AntivirusOverride is set.
FirewallOverride is set.

FW: Pare Feu AVG 7.5.469 v7.5.469 (GRISOFT)
AV: AVG 7.5.472 v7.5.472 (GRISOFT)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\emule\\eMule.exe"="C:\\Program Files\\emule\\eMule.exe:*:Enabled:eMule.exe"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\Chat.XPSP2-0651A64D8\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=XPSP2-0651A64D8
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Chat.XPSP2-0651A64D8
LOGONSERVER=\\XPSP2-0651A64D8
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Satsuki Decoder Pack\filtres
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0102
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\CHAT~1.XPS\LOCALS~1\Temp
TMP=C:\DOCUME~1\CHAT~1.XPS\LOCALS~1\Temp
USERDOMAIN=XPSP2-0651A64D8
USERNAME=Chat
USERPROFILE=C:\Documents and Settings\Chat.XPSP2-0651A64D8
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Chat.XPSP2-0651A64D8 [I](admin)[/I]

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Creative\SBAudigy\Program\Ctzapxx.EXE
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Creative\SBAudigy\AudioHQ\AudioHQU.isu"
--> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Creative\SBAudigy\Diagnose2.isu"
--> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Creative\SBAudigy\Midi.isu"
--> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Creative\SBAudigy\MiniDisc\MDC.isu"
--> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Creative\SBAudigy\PlayCenter2\Player2.isu"
--> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Creative\SBAudigy\Program\RDefault.isu"
--> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Creative\SBAudigy\Recorder\Recorder.isu"
--> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Creative\SBAudigy\Sound Blaster Audigy Manual\FRENCH\CTManual.isu"
--> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Creative\SBAudigy\SoundFont.isu"
--> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Creative\SBAudigy\SurMix2\SurMix2.isu"
--> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Creative\Uninstall\Installer.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\News\CTNews.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\Demo\AUDIGYDEMO.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\QuickStart\QuickStart.isu"
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
a-squared Free 3.0 --> "C:\Program Files\a-squared Free\unins000.exe"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A80000000002}
Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
DVD Audio Extractor 4.2.1 --> "C:\Program Files\DVD Audio Extractor\unins000.exe"
Gestionnaire Internet --> C:\PROGRA~1\Wanadoo\uninstall.exe
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Kaspersky Online Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Lexmark 4300 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxceUNST.EXE -NOLICENSE
Microsoft Office XP Professional avec FrontPage --> MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
Mozilla Firefox (2.0.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
Navigateur Orange --> C:\PROGRA~1\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl
Nero 7 Essentials --> MsiExec.exe /I{37BA50EE-C851-4394-93DD-A0A611891036}
PhotoFiltre Studio --> "C:\Program Files\PhotoFiltre Studio\Uninst.exe"
PokerStars --> C:\Program Files\PokerStars\Uninstall.EXE /u:"PokerStars"
PowerDVD --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PrintMaster --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DD144C1-5EAD-4D55-80A1-ACAF893A4FFE}\setup.exe" anything
Sound Blaster Audigy --> C:\Program Files\Creative\Uninstall\CTUNINST.EXE /U:UNINST1.INI
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamax Poker (remove only) --> "C:\Program Files\WinamaxPoker\uninst.exe"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}

-- End of Deckard's System Scanner: finished at 2007-06-15 at 19:57:55 ---------
0
Réponse 6 / 12
Utilisateur anonyme
 
pas grand chose !

Télécharge DiagHelp.zip sur ton bureau
http://www.malekal.com/download/DiagHelp.zip

- Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier chercher va être créé DiagHelp
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
- Une fenêtre va s'ouvrir, choisis l'option 1
- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
- A la fin de l'analyse, il te sera redemandé de redémarrer l'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
-- A nouveau menu Edition / copier
-- Dans un nouveau message ici, faire un clic droit / coller
0
Réponse 7 / 12
djchat Messages postés 120 Statut Membre 1
 
Voila:

DiagHelp version v1.1.1 - http://www.malekal.com
excute le 15/06/2007 à 20:38:31,96

Liste des derniers fichies modifies/crees dans windir\system32
C:\WINDOWS\System32/drivers\avg7core.sys -->27/04/2007 09:05:31
C:\WINDOWS\System32/drivers\avgmfx86.sys -->26/03/2007 19:05:43
C:\WINDOWS\System32/drivers\avgclean.sys -->26/03/2007 18:59:47
C:\WINDOWS\System32/drivers\avgtdi.sys -->26/03/2007 18:59:46
C:\WINDOWS\System32/drivers\avg7rsxp.sys -->26/03/2007 18:59:46
C:\WINDOWS\System32/drivers\avg7rsw.sys -->26/03/2007 18:59:45
C:\WINDOWS\System32/drivers\AvgAsCln.sys -->05/09/2006 18:03:16

C:\WINDOWS\System32\wpa.dbl -->15/06/2007 19:46:21
C:\WINDOWS\System32\settingsbkup.sfm -->15/06/2007 19:45:18
C:\WINDOWS\System32\settings.sfm -->15/06/2007 19:45:18
C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-0000000B-00001102-00000004-00511102}.dat -->15/06/2007 19:45:18
C:\WINDOWS\System32\DVCState-{00000002-00000000-0000000B-00001102-00000004-00511102}.dat -->15/06/2007 19:45:18
C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-0000000B-00001102-00000004-00511102}.rfx -->15/06/2007 19:45:18
C:\WINDOWS\System32\BMXState-{00000002-00000000-0000000B-00001102-00000004-00511102}.rfx -->15/06/2007 19:45:18
C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-0000000B-00001102-00000004-00511102}.rfx -->15/06/2007 19:45:18
C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-0000000B-00001102-00000004-00511102}.rfx -->15/06/2007 19:45:18
C:\WINDOWS\System32\PerfStringBackup.INI -->13/06/2007 15:37:46
C:\WINDOWS\System32\perfh00C.dat -->13/06/2007 15:37:46
C:\WINDOWS\System32\perfh009.dat -->13/06/2007 15:37:46
C:\WINDOWS\System32\perfc00C.dat -->13/06/2007 15:37:46
C:\WINDOWS\System32\perfc009.dat -->13/06/2007 15:37:46
C:\WINDOWS\System32\avgfwafu.dll -->26/04/2007 09:09:46
C:\WINDOWS\System32\FNTCACHE.DAT -->26/03/2007 19:51:48
C:\WINDOWS\System32\jupdate-1.5.0_11-b03.log -->21/03/2007 16:07:23
C:\WINDOWS\System32\Atmfraxx.GID -->01/03/2007 13:46:07
C:\WINDOWS\System32\satsukidecodersettings.ini -->21/02/2007 23:21:25
C:\WINDOWS\System32\h323log.txt -->21/02/2007 21:24:44
C:\WINDOWS\System32\msvcr71.dll -->21/02/2007 21:13:25
C:\WINDOWS\System32\msvcp71.dll -->21/02/2007 21:13:25
C:\WINDOWS\System32\ati64hlp.stb -->21/02/2007 21:01:44
C:\WINDOWS\System32\ati64hl2.stb -->21/02/2007 20:45:15
C:\WINDOWS\System32\$winnt$.inf -->21/02/2007 20:34:46

C:\WINDOWS\0.log -->15/06/2007 19:46:44
C:\WINDOWS\WindowsUpdate.log -->15/06/2007 19:46:43
C:\WINDOWS\wiadebug.log -->15/06/2007 19:46:43
C:\WINDOWS\wiaservc.log -->15/06/2007 19:46:41
C:\WINDOWS\bootstat.dat -->15/06/2007 19:46:19
C:\WINDOWS\SchedLgU.Txt -->15/06/2007 19:45:16
C:\WINDOWS\Thumbs.db -->14/06/2007 23:57:17
C:\WINDOWS\win.ini -->14/06/2007 23:47:49
C:\WINDOWS\system.ini -->14/06/2007 23:47:49
C:\WINDOWS\Kit.ini -->14/06/2007 18:32:34
C:\WINDOWS\NeroDigital.ini -->13/06/2007 16:44:35
C:\WINDOWS\photos.zip -->09/06/2007 15:44:06
C:\WINDOWS\{00000002-00000000-0000000B-00001102-00000004-00511102}.CDF -->27/05/2007 09:03:20
C:\WINDOWS\AviSplitter.INI -->07/05/2007 22:46:26
C:\WINDOWS\mozver.dat -->06/04/2007 19:13:43

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 4C78-FD15

Répertoire de C:\WINDOWS\system32

19/08/2004 17:09 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 14 843 293 696 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 4C78-FD15

Répertoire de C:\WINDOWS\Downloaded Program Files

15/06/2007 19:56 <REP> .
15/06/2007 19:56 <REP> ..
21/02/2007 20:29 65 desktop.ini
14/10/2006 00:16 723 hcImpl.inf
30/01/2007 17:28 902 jinstall-1_5_0_11.inf
08/08/2006 11:45 576 kavwebscan.inf
09/11/2006 15:36 5 019 swflash.inf
5 fichier(s) 7 285 octets

Total des fichiers listés :
5 fichier(s) 7 285 octets
2 Rép(s) 14 843 289 600 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\emule\\eMule.exe"="C:\\Program Files\\emule\\eMule.exe:*:Enabled:eMule.exe"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

Rechercher adresses sensibles dans le fichier HOSTS...
REGEDIT4

[taskmgr.exe]

catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-15 20:38:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden files ...

scan completed successfully
hidden files: 0

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
208 - avgemc.exe
388 - Toaster.exe
424 - Inactivity.exe
536 - csrss.exe
560 - winlogon.exe
608 - services.exe
620 - lsass.exe
772 - svchost.exe
816 - svchost.exe
884 - svchost.exe
996 - avgcc.exe
1112 - svchost.exe
1148 - svchost.exe
1276 - GestionnaireInt
1316 - explorer.exe
1348 - PollingModule.e
1496 - lxcecoms.exe
1584 - atiptaxx.exe
1592 - CTNotify.exe
1672 - TaskBarIcon.exe
1688 - Mediadet.exe
1708 - NMBgMonitor.exe
1744 - ALERTM~1.EXE
1760 - ComComp.exe
1816 - NMIndexStoreSvr
1916 - a2service.exe
1956 - guard.exe
1972 - avgamsvr.exe
2084 - alg.exe
2440 - Watch.exe
2960 - msnmsgr.exe
3076 - IEXPLORE.EXE
3152 - svchost.exe
3164 - cmd.exe
3324 - GoogleToolbarNo
3400 - usnsvc.exe

Total number of processes = 37
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntoskrnl.exe
806EC000 - \WINDOWS\system32\hal.dll
F7D2F000 - \WINDOWS\system32\KDCOM.DLL
F7C3F000 - \WINDOWS\system32\BOOTVID.dll
F77DF000 - ACPI.sys
F7D31000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS
F77CE000 - pci.sys
F782F000 - isapnp.sys
F783F000 - ohci1394.sys
F784F000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS
F7D33000 - intelide.sys
F7AAF000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F785F000 - MountMgr.sys
F77AF000 - ftdisk.sys
F7D35000 - dmload.sys
F7789000 - dmio.sys
F7AB7000 - PartMgr.sys
F786F000 - VolSnap.sys
F7771000 - atapi.sys
F787F000 - disk.sys
F788F000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F7752000 - fltMgr.sys
F789F000 - PxHelp20.sys
F773B000 - KSecDD.sys
F76AE000 - Ntfs.sys
F7681000 - NDIS.sys
F7667000 - Mup.sys
F78AF000 - agp440.sys
F78DF000 - \SystemRoot\system32\DRIVERS\nic1394.sys
F797F000 - \SystemRoot\system32\DRIVERS\processr.sys
F75C1000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys
F75AD000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F7B0F000 - \SystemRoot\system32\DRIVERS\RTL8139.SYS
F749D000 - \SystemRoot\system32\drivers\e10kx2k.sys
F7479000 - \SystemRoot\system32\drivers\portcls.sys
F798F000 - \SystemRoot\system32\drivers\drmk.sys
F7456000 - \SystemRoot\system32\drivers\ks.sys
F743E000 - \SystemRoot\System32\drivers\ctoss2k.sys
F7420000 - \SystemRoot\System32\drivers\ctsfm2k.sys
F7408000 - \SystemRoot\System32\drivers\emupia2k.sys
F799F000 - \SystemRoot\System32\drivers\ctac32k.sys
F7D57000 - \SystemRoot\System32\drivers\ctprxy2k.sys
F7CD7000 - \SystemRoot\system32\DRIVERS\gameenum.sys
F79AF000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F79BF000 - \SystemRoot\system32\DRIVERS\redbook.sys
F79CF000 - \SystemRoot\system32\DRIVERS\imapi.sys
F7B17000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
F73E5000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F73CD000 - \SystemRoot\system32\drivers\ac97intc.sys
F7B1F000 - \SystemRoot\system32\DRIVERS\fdc.sys
F73BC000 - \SystemRoot\system32\DRIVERS\serial.sys
F7CE3000 - \SystemRoot\system32\DRIVERS\serenum.sys
F73A8000 - \SystemRoot\system32\DRIVERS\parport.sys
F79DF000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F7B27000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F7B2F000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F7F72000 - \SystemRoot\system32\DRIVERS\audstub.sys
F79EF000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F7CE7000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F7391000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F79FF000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F7A0F000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F7B37000 - \SystemRoot\system32\DRIVERS\TDI.SYS
F72E0000 - \SystemRoot\system32\DRIVERS\psched.sys
F7A1F000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F7B3F000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F7B47000 - \SystemRoot\system32\DRIVERS\raspti.sys
F72AF000 - \SystemRoot\system32\DRIVERS\rdpdr.sys
F7A2F000 - \SystemRoot\system32\DRIVERS\termdd.sys
F7D59000 - \SystemRoot\system32\DRIVERS\swenum.sys
F7253000 - \SystemRoot\system32\DRIVERS\update.sys
F7CFF000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F7A6F000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F7A7F000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F7D5B000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F7B4F000 - \SystemRoot\system32\DRIVERS\flpydisk.sys
F7D5D000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7F07000 - \SystemRoot\System32\Drivers\Null.SYS
F7D5F000 - \SystemRoot\System32\Drivers\Beep.SYS
F7F09000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys
F7F0A000 - \SystemRoot\System32\Drivers\avgclean.sys
F7B5F000 - \SystemRoot\System32\drivers\vga.sys
F7D61000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F7B67000 - \SystemRoot\System32\Drivers\Msfs.SYS
F7B6F000 - \SystemRoot\System32\Drivers\Npfs.SYS
F7643000 - \SystemRoot\system32\DRIVERS\rasacd.sys
EED87000 - \SystemRoot\system32\DRIVERS\ipsec.sys
EED2F000 - \SystemRoot\system32\DRIVERS\tcpip.sys
EED07000 - \SystemRoot\system32\DRIVERS\netbt.sys
EECE5000 - \SystemRoot\System32\drivers\afd.sys
F7A9F000 - \SystemRoot\system32\DRIVERS\netbios.sys
EEC1A000 - \SystemRoot\system32\DRIVERS\rdbss.sys
EEBAB000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
F78EF000 - \SystemRoot\System32\Drivers\Fips.SYS
EEB8A000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F78FF000 - \SystemRoot\system32\DRIVERS\wanarp.sys
F790F000 - \SystemRoot\system32\DRIVERS\arp1394.sys
EE8FE000 - \SystemRoot\System32\Drivers\avg7core.sys
F7D65000 - \SystemRoot\System32\Drivers\avg7rsw.sys
F7B87000 - \SystemRoot\System32\Drivers\avg7rsxp.sys
EE8DB000 - \SystemRoot\System32\Drivers\Fastfat.SYS
F791F000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F7EAF000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
EE8C3000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7D6B000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F72A7000 - \SystemRoot\System32\drivers\Dxapi.sys
F7B97000 - \SystemRoot\System32\watchdog.sys
BF9C2000 - \SystemRoot\System32\drivers\dxg.sys
F7E52000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D4000 - \SystemRoot\System32\ati2dvag.dll
BFA08000 - \SystemRoot\System32\ati3d1ag.dll
B6F08000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
B6C7B000 - \SystemRoot\system32\drivers\wdmaud.sys
B6DB8000 - \SystemRoot\system32\drivers\sysaudio.sys
F7D45000 - \SystemRoot\System32\Drivers\ParVdm.SYS
F7D75000 - \SystemRoot\System32\Drivers\avgtdi.sys
B692E000 - \SystemRoot\system32\DRIVERS\ipfltdrv.sys
B67CC000 - \SystemRoot\system32\DRIVERS\srv.sys
F7D81000 - \??\C:\WINDOWS\system32\PfModNT.sys
B6493000 - \SystemRoot\System32\Drivers\HTTP.sys
B6045000 - \SystemRoot\system32\DRIVERS\sr.sys
B62D3000 - \??\C:\WINDOWS\system32\PCANDIS5.SYS
F7F26000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 124

Liste des programmes installes

7-Zip 4.42
a-squared Free 3.0
Adobe Flash Player 9 ActiveX
Adobe Reader 8 - Français
Archiveur WinRAR
ATI Display Driver
AVG 7.5
AVG Anti-Spyware 7.5
CCleaner (remove only)
DVD Audio Extractor 4.2.1
Gestionnaire Internet
Google Toolbar for Internet Explorer
J2SE Runtime Environment 5.0 Update 11
Kaspersky Online Scanner
Lexmark 4300 Series
LightScribe 1.4.124.1
Microsoft Office XP Professional avec FrontPage
Mozilla Firefox (2.0.0.1)
Navigateur Orange
Nero 7 Essentials
PhotoFiltre Studio
PokerStars
PowerDVD
PrintMaster
Sound Blaster Audigy
Spybot - Search & Destroy 1.4
TuneUp Utilities 2007
VideoLAN VLC media player 0.8.6a
WebFldrs XP
Winamax Poker (remove only)
Winamp (remove only)
Windows Live Messenger

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 4C78-FD15

Répertoire de C:\Program Files

15/06/2007 00:58 <REP> .
15/06/2007 00:58 <REP> ..
19/05/2007 08:33 <REP> 7-Zip
21/02/2007 18:07 <REP> Abbyy FineReader 6.0 Sprint
23/04/2007 21:29 <REP> Adobe
14/06/2007 21:33 <REP> a-squared Free
21/02/2007 17:43 <REP> ATI Multimedia
26/03/2007 19:48 <REP> Broderbund
15/06/2007 00:58 <REP> CCleaner
21/02/2007 17:33 <REP> ComPlus Applications
21/02/2007 20:49 <REP> Creative
21/02/2007 18:13 <REP> CyberLink
06/03/2007 01:52 <REP> DVD Audio Extractor
15/06/2007 20:15 <REP> emule
08/06/2007 08:33 <REP> Everest Poker
14/03/2007 17:54 <REP> fabamusic
13/06/2007 15:36 <REP> Fichiers communs
21/02/2007 22:20 <REP> Google
21/02/2007 21:25 <REP> Grisoft
14/06/2007 23:53 <REP> Internet Explorer
13/06/2007 15:36 <REP> Inventel
21/03/2007 16:07 <REP> Java
21/02/2007 18:23 <REP> Lexmark 4300 Series
21/02/2007 18:07 <REP> Lexmark Fax Solutions
31/05/2007 18:15 <REP> Lx_cats
21/02/2007 17:40 <REP> Messenger
21/02/2007 17:36 <REP> microsoft frontpage
21/02/2007 21:54 <REP> Microsoft Office
21/02/2007 20:28 <REP> Movie Maker
06/06/2007 22:59 <REP> Mozilla Firefox
21/02/2007 17:33 <REP> MSN
21/02/2007 20:31 <REP> msn gaming zone
25/05/2007 00:27 <REP> MSN Messenger
21/02/2007 18:16 <REP> Nero
21/02/2007 17:34 <REP> NetMeeting
21/02/2007 20:34 <REP> Outlook Express
24/02/2007 15:29 <REP> PhotoFiltre Studio
10/04/2007 20:47 <REP> PokerStars
21/02/2007 23:21 <REP> Satsuki Decoder Pack
21/02/2007 21:15 <REP> Securitoo
21/02/2007 17:33 <REP> Services en ligne
21/02/2007 21:34 <REP> Spybot - Search & Destroy
18/04/2007 20:57 <REP> TuneUp Utilities 2007
21/02/2007 23:20 <REP> VideoLAN
15/06/2007 19:59 <REP> Wanadoo
03/04/2007 22:48 <REP> WinamaxPoker
21/02/2007 21:29 <REP> Winamp
21/02/2007 20:31 <REP> Windows Media Player
21/02/2007 20:35 <REP> Windows NT
21/02/2007 21:12 <REP> WinRAR
21/02/2007 17:36 <REP> xerox
0 fichier(s) 0 octets
51 Rép(s) 14 842 953 728 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 4C78-FD15

Répertoire de C:\Program Files\fichiers communs

13/06/2007 15:36 <REP> .
13/06/2007 15:36 <REP> ..
23/04/2007 21:29 <REP> Adobe
21/02/2007 18:19 <REP> Ahead
26/03/2007 19:47 <REP> Broderbund
21/02/2007 21:54 <REP> Designer
13/06/2007 15:36 278 528 FDEUnInstaller.exe
21/02/2007 17:43 <REP> InstallShield
21/03/2007 16:06 <REP> Java
22/02/2007 16:11 <REP> LightScribe
25/05/2007 00:26 <REP> Microsoft Shared
21/02/2007 17:34 <REP> MSSoap
21/02/2007 17:27 <REP> ODBC
03/04/2007 23:17 <REP> PokerStars.com
21/02/2007 20:28 <REP> Services
21/02/2007 17:27 <REP> SpeechEngines
21/02/2007 21:54 <REP> System
22/02/2007 00:47 <REP> Wise Installation Wizard
1 fichier(s) 278 528 octets
17 Rép(s) 14 842 953 728 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 4C78-FD15

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

21/02/2007 20:37 <REP> .
21/02/2007 20:37 <REP> ..
21/02/2007 21:54 <REP> 1033
21/02/2007 21:54 <REP> 1036
15/02/2001 06:45 1 318 912 MSONSEXT.DLL
13/02/2001 09:23 58 784 MSOSV.DLL
03/06/1999 15:09 122 937 MSOWS409.DLL
07/03/2001 10:00 127 033 MSOWS40c.DLL
06/08/2000 10:04 401 462 MSVCP60.DLL
22/01/2001 04:25 69 632 PKMAXCTL.DLL
22/01/2001 04:25 872 448 PKMCDO.DLL
22/01/2001 04:25 159 744 PKMCORE.DLL
07/02/2001 10:59 106 496 PKMFORMS.DLL
12/02/2001 05:03 684 032 PKMRES.DLL
22/01/2001 04:25 28 672 PKMSSTLB.DLL
22/01/2001 04:25 40 960 PKMTEMPL.DLL
22/01/2001 04:25 24 576 PKMTRACE.DLL
22/01/2001 04:25 86 016 PKMWS.DLL
22/01/2001 04:25 237 568 PROMDEMO.DLL
22/01/2001 04:25 184 320 SECMGR.DLL
22/01/2001 04:25 323 584 VAIDDMGR.DLL
22/01/2001 04:25 32 768 VAIMEM.DLL
18 fichier(s) 4 879 944 octets
4 Rép(s) 14 842 953 728 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 4C78-FD15

Répertoire de C:\

12/05/2007 18:22 68 096 diff.exe
12/05/2007 18:22 103 424 grep.exe
2 fichier(s) 171 520 octets
0 Rép(s) 14 842 953 728 octets libres
c:\Documents and Settings\Chat.XPSP2-0651A64D8\.housecall6.6\patch.exe
c:\Documents and Settings\Chat.XPSP2-0651A64D8\.housecall6.6\tsc.exe
c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\abcde.exe
c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\dss.exe
c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\abcde.exe\HiJackThis_v2.exe
c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\Broderbund Software\Print\PretzlDn.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\DrWeb\Drweb32.dll
c:\Documents and Settings\Chat.XPSP2-0651A64D8\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

****** Fin du rapport DiagHelp
0
Réponse 8 / 12
Utilisateur anonyme
 
Supprime celui-la :  C:\WINDOWS\photos.zip

Rends toi sur se site
http://www.virustotal.com/en/virustotalx.html

En haut à droite clic sur "choisir"
Tu vas dans C:, windows, system32 tu cherches le processus ci-dessous et tu clic sur "ouvrir"

C:\Program Files\fichiers communs\FDEUnInstaller.exe

dès que c'est fait, clic sur "send"
Tu attends un peu qu'il analyse ton fichier ça peut duré plusieurs minutes et colle le rapport ici une fois qu'il a terminé stp
0
Réponse 9 / 12
djchat Messages postés 120 Statut Membre 1
 
Il y a pas de bloc note qui c'est ouvert comme les autres soft, donc je supose qu'il faut que je te fasse un copier coller...

STATUS: FINISHEDComplete scanning result of "FDEUnInstaller.exe", received in VirusTotal at 06.16.2007, 02:59:21 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.6.16.0 06.15.2007 no virus found
AntiVir 7.4.0.32 06.15.2007 no virus found
Authentium 4.93.8 06.16.2007 no virus found
Avast 4.7.997.0 06.15.2007 no virus found
AVG 7.5.0.467 06.15.2007 no virus found
BitDefender 7.2 06.16.2007 no virus found
CAT-QuickHeal 9.00 06.15.2007 no virus found
ClamAV devel-20070416 06.16.2007 no virus found
DrWeb 4.33 06.15.2007 no virus found
eSafe 7.0.15.0 06.14.2007 no virus found
eTrust-Vet 30.7.3721 06.15.2007 no virus found
Ewido 4.0 06.15.2007 no virus found
FileAdvisor 1 06.16.2007 Not analyzed yet
Fortinet 2.85.0.0 06.15.2007 no virus found
F-Prot 4.3.2.48 06.15.2007 no virus found
F-Secure 6.70.13030.0 06.15.2007 no virus found
Ikarus T3.1.1.8 06.15.2007 no virus found
Kaspersky 4.0.2.24 06.16.2007 no virus found
McAfee 5054 06.15.2007 no virus found
Microsoft 1.2607 06.16.2007 no virus found
NOD32v2 2334 06.15.2007 no virus found
Norman 5.80.02 06.15.2007 no virus found
Panda 9.0.0.4 06.16.2007 no virus found
Prevx1 V2 06.16.2007 no virus found
Sophos 4.18.0 06.12.2007 no virus found
Sunbelt 2.2.907.0 06.14.2007 no virus found
Symantec 10 06.16.2007 no virus found
TheHacker 6.1.6.133 06.15.2007 no virus found
VBA32 3.12.0.2 06.15.2007 no virus found
VirusBuster 4.3.23:9 06.15.2007 no virus found
Webwasher-Gateway 6.0.1 06.15.2007 no virus found

Aditional Information
File size: 278528 bytes
MD5: 9ccdbc6c324cbbacd2f395004e653018
SHA1: 5cc75dcc90405dcc5e84d35c84948b1da7271c3a
Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=9ccdbc6c324cbbacd2f395004e653018
0
Réponse 10 / 12
Utilisateur anonyme
 
Où en est ton problème ?
0
Réponse 11 / 12
djchat Messages postés 120 Statut Membre 1
 
Ben comme j'l'ai dit plus haut, j'ai fait un scan en ligne et il decouvert un trojan nommé plus haut et en plus depuis il me desactive mon pare feu et mon anti-spyware....

J'vais refaire un scan en ligne pour etre sur qu'il y est encore, mais en tout cas mon systeme niveau pare-feu et antispyware ne fonctionne pas corectement...
0
Réponse 12 / 12
Utilisateur anonyme
 
Donne moi l'emplacement où est situé ton virus alors ça m'aidera..

***
¤ Télécharge ce programme puis double clic dessus (ferme ton antivirus s'il te détecte quoi que ce soit)
http://www.suspectfile.com/systemscan/

* Coche uniquement ces cases, décoche tout le reste :

- Recent Files, 60 days

Puis clic sur scan now, soit patient.
Une fois qu'il aura terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.
0