Troj_generic.za

djchat Messages postés 120 Statut Membre -  
 Utilisateur anonyme -
Bonjour a tous, j'ai fait un antivirus en ligne trend micro et il ma reperé le Troj_generic.za et il n'a pas reussi a me le suprimmer....

Il me desactive mon pare-feu donc un peu embetant, est c'que quelqu'un aurai un outil pour me debarasser de ce trojan?

Merci d'avance!!! ;)
Configuration: Windows XP
Internet Explorer 6.0

12 réponses

  1. Utilisateur anonyme
     
    Bonjour

    Télécharge HijackThis :
    ---> http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis_v2.exe

    Installe le dans son propre dossier :
    - clic droit sur le bureau, tu choisis "nouveau dossier" puis installe-le à l'intérieur.
    Fais un clic droit sur Hijackthis, choisis "renommer" puis marque ceci : abcde.exe
    Double-clic sur HijackThis. Clic sur "I Accept" puis clic sur "do a system scan and save logfile"
    Puis copie et colle ici le rapport qu'il va te générer.

    Démo pour HijackThis si besoin :
    http://pageperso.aol.fr/balltrap34/demohijack.htm
    0
  2. shayne Messages postés 3 Statut Membre
     
    bonjour
    je veux suprimer instant access de mon pc mais j'yarrive pas
    comment je vais faire svp
    0
  3. djchat Messages postés 120 Statut Membre 1
     
    Voila ce que j'ai eu:

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 15:37:19, on 15/06/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\atiptaxx.exe
    C:\Program Files\Creative\ShareDLL\CtNotify.exe
    C:\Program Files\Creative\ShareDLL\MediaDet.Exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Toaster.exe
    C:\PROGRA~1\Wanadoo\Inactivity.exe
    C:\PROGRA~1\Wanadoo\PollingModule.exe
    C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\emule\eMule.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\abcde.exe\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O21 - SSODL: syshelps - {C7F01703-2C06-4434-8CB9-798116E33F6E} - syshelps.dll (file missing)
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    0
  4. Utilisateur anonyme
     
    Télécharge ComboScan sur ton Bureau.
    ---> http://www.techsupportforum.com/sectools/Deckard/dss.exe
    Ferme toutes les applications en cours ; antivirus, pare-feu, etc ..
    Double-clic sur comboscan.exe A la fenêtre qui s'affiche, clic sur OK.
    Soit patient ..
    Le rapport Comboscan.txt s'affichera, copie et colle le contenu de ce fichier ici.
    Attention, il peut avoir deux, trois rapports mets les tous ici stp
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. djchat Messages postés 120 Statut Membre 1
     
    alors voila ce que j'ai eu:

    Deckard's System Scanner v20070611.50
    Run by Chat on 2007-06-15 at 19:56:01
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    System Restore is disabled; attempting to re-enable...success.

    -- Last 1 Restore Point(s) --
    1: 2007-06-15 17:56:06 UTC - RP1 - Point de vérification système

    Backed up registry hives.

    Performed disk cleanup.

    -- HijackThis Clone ------------------------------------------------------------

    Emulating logfile of HijackThis v1.99.1
    Scan saved at 2007-06-15 19:57:24
    Platform: Windows XP Service Pack 2 (5.01.2600)
    MSIE: Internet Explorer (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\system32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\atiptaxx.exe
    C:\Program Files\Creative\ShareDLL\CTNotify.exe
    C:\Program Files\Wanadoo\TaskBarIcon.exe
    C:\Program Files\Creative\ShareDLL\Mediadet.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\CTSVCCDA.EXE
    C:\WINDOWS\system32\FTRTSVC.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\lxcecoms.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\dss.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Wanadoo\SearchPageURL.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll
    O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\SBAudigy\Program\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (file missing)
    O9 - Extra 'Tools' menuitem: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (file missing)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_11) - http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586-jc.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
    O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL
    O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll
    O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll
    O21 - SSODL: syshelps - {C7F01703-2C06-4434-8CB9-798116E33F6E} - syshelps.dll (file missing)
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\Program Files\Grisoft\AVG7\avgemc.exe
    O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe /srvfsys
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSVCCDA.EXE
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\system32\FTRTSVC.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - "C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"
    O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

    -- File Associations -----------------------------------------------------------

    All associations okay.

    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys <Not Verified; Creative Technology Ltd; E-mu Plug-In Architecture>

    S3 PCAMPR5 (PCAMPR5 NDIS Protocol Driver) - c:\windows\system32\pcampr5.sys (file missing)
    S3 PCANDIS5 (PCANDIS5 NDIS Protocol Driver) - c:\windows\system32\pcandis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>

    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 FTRTSVC (France Telecom Routing Table Service) - c:\windows\system32\ftrtsvc.exe <Not Verified; France Telecom; FTRTSVC NT Service>

    S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe

    -- Scheduled Tasks -------------------------------------------------------------

    2007-06-15 17:16:38 406 --a------ C:\WINDOWS\Tasks\Maintenance en 1 clic.job

    -- Files created between 2007-05-15 and 2007-06-15 -----------------------------

    2007-06-15 01:02:10 0 dr-h----- C:\Documents and Settings\Chat.XPSP2-0651A64D8\Recent
    2007-06-15 00:58:36 0 d-------- C:\Program Files\CCleaner
    2007-06-14 22:50:38 0 d-------- C:\Documents and Settings\Chat.XPSP2-0651A64D8\.housecall6.6
    2007-06-14 20:42:01 0 d-------- C:\Program Files\a-squared Free
    2007-06-13 15:36:16 278528 --a------ C:\Program Files\Fichiers communs\FDEUnInstaller.exe <Not Verified; ; FDEUninstaller>

    -- Find3M Report ---------------------------------------------------------------

    2007-06-15 19:55:34 0 d-------- C:\Program Files\Wanadoo
    2007-06-15 19:46:40 0 d-------- C:\Documents and Settings\Chat.XPSP2-0651A64D8\Application Data\AVG7
    2007-06-15 19:45:18 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-0000000B-00001102-00000004-00511102}.dat
    2007-06-15 19:45:18 24 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000B-00001102-00000004-00511102}.dat
    2007-06-15 11:32:14 0 d-------- C:\Program Files\emule
    2007-06-13 15:37:46 368076 --a------ C:\WINDOWS\system32\perfh00C.dat
    2007-06-13 15:37:46 48856 --a------ C:\WINDOWS\system32\perfc00C.dat
    2007-06-13 15:36:16 0 d-------- C:\Program Files\Inventel
    2007-06-13 15:36:16 0 d-------- C:\Program Files\Fichiers communs
    2007-06-08 08:33:07 0 d-------- C:\Program Files\Everest Poker
    2007-05-31 18:15:22 0 d-------- C:\Program Files\Lx_cats
    2007-05-25 00:27:14 0 d-------- C:\Program Files\MSN Messenger
    2007-05-25 00:26:55 0 d-------- C:\Program Files\Fichiers communs\Microsoft Shared
    2007-05-19 08:33:12 0 d-------- C:\Program Files\7-Zip
    2007-04-23 21:30:38 0 d-------- C:\Documents and Settings\Chat.XPSP2-0651A64D8\Application Data\Adobe
    2007-04-23 21:29:30 0 d-------- C:\Program Files\Fichiers communs\Adobe
    2007-04-18 20:57:10 0 d-------- C:\Program Files\TuneUp Utilities 2007
    2007-04-06 19:13:43 1485 --a------ C:\WINDOWS\mozver.dat

    -- Registry Dump ---------------------------------------------------------------

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
    {53707962-6F74-2D53-2644-206D7942484F} C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    {AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar2.dll
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "AtiPTA"="atiptaxx.exe"
    "Disc Detector"="C:\\Program Files\\Creative\\ShareDLL\\CtNotify.exe"
    "UpdReg"="C:\\WINDOWS\\Updreg.exe"
    "CTStartup"="C:\\Program Files\\Creative\\SBAudigy\\Program\\CTEaxSpl.EXE /run"
    "NeroFilterCheck"="C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NeroCheck.exe"
    "WOOWATCH"="C:\\PROGRA~1\\Wanadoo\\Watch.exe"
    "WOOTASKBARICON"="C:\\PROGRA~1\\Wanadoo\\GestMaj.exe TaskBarIcon.exe"
    "LXCECATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXCEtime.dll,_RunDLLEntry@16"
    "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Ahead\\Lib\\NMBgMonitor.exe\""
    "WOOKIT"="C:\\PROGRA~1\\Wanadoo\\Shell.exe appLaunchClientZone.shl|PARAM= cnx"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
    "Config"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\
    5c,72,75,6e,2e,63,6d,64,00
    "nlsf"=hex(2):63,6d,64,2e,65,78,65,20,2f,43,20,6d,6f,76,65,20,2f,59,20,22,25,\
    53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,5c,73,79,73,73,\
    65,74,75,62,2e,64,6c,6c,22,20,22,25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,\
    79,73,74,65,6d,33,32,5c,73,79,73,73,65,74,75,70,2e,64,6c,6c,22,00
    "tscuninstall"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,\
    33,32,5c,74,73,63,75,70,67,72,64,2e,65,78,65,00

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=dword:00000000

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLowDiskSpaceChecks"=dword:00000001
    "NoStartBanner"=hex:01,00,00,00
    "MemCheckBoxInRunDlg"=dword:00000001
    "NoSMBalloonTip"=dword:00000001
    "NoDesktopCleanupWizard"=dword:00000001
    "NoWelcomeScreen"=dword:00000001
    @=""

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoLowDiskSpaceChecks"=dword:00000001
    "NoStartBanner"=hex:01,00,00,00
    "MemCheckBoxInRunDlg"=dword:00000001
    "NoSMBalloonTip"=dword:00000001
    "NoDesktopCleanupWizard"=dword:00000001
    "NoWelcomeScreen"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "syshelps"="{C7F01703-2C06-4434-8CB9-798116E33F6E}"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
    Authentication Packages REG_MULTI_SZ msv1_0\0\0
    Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
    Notification Packages REG_MULTI_SZ scecli\0\0

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]
    "path"="C:\\Documents and Settings\\All Users.WINDOWS\\Menu Démarrer\\Programmes\\Démarrage\\Adobe Reader Synchronizer.lnk"
    "backup"="C:\\WINDOWS\\pss\\Adobe Reader Synchronizer.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\ADOBEC~1.EXE "
    "item"="Adobe Reader Synchronizer"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Event Reminder.lnk]
    "path"="C:\\Documents and Settings\\All Users.WINDOWS\\Menu Démarrer\\Programmes\\Démarrage\\Event Reminder.lnk"
    "backup"="C:\\WINDOWS\\pss\\Event Reminder.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\BRODER~1\\PRINTM~1\\PMremind.exe "
    "item"="Event Reminder"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    "path"="C:\\Documents and Settings\\All Users.WINDOWS\\Menu Démarrer\\Programmes\\Démarrage\\Lancement rapide d'Adobe Reader.lnk"
    "backup"="C:\\WINDOWS\\pss\\Lancement rapide d'Adobe Reader.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Adobe\\READER~1.0\\Reader\\READER~1.EXE "
    "item"="Lancement rapide d'Adobe Reader"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    "path"="C:\\Documents and Settings\\All Users.WINDOWS\\Menu Démarrer\\Programmes\\Démarrage\\Microsoft Office.lnk"
    "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
    "item"="Microsoft Office"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ADGJDet"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Creative\\SBAudigy\\PROGRAM\\ADGJDet.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="MsnMsgr"
    "hkey"="HKCU"
    "command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="jusched"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GoogleToolbarNotifier"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0

    hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
    UxTuneUp

    -- End of Deckard's System Scanner: finished at 2007-06-15 at 19:57:55 ---------

    Deckard's System Scanner v20070611.50
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft Windows XP Professionnel (build 2600) SP 2.0
    Architecture: X86; Language: French

    CPU 0: Intel(R) Pentium(R) 4 CPU 1.90GHz
    Percentage of Memory in Use: 31%
    Physical Memory (total/avail): 1023.48 MiB / 700.16 MiB
    Pagefile Memory (total/avail): 1246.21 MiB / 1023.77 MiB
    Virtual Memory (total/avail): 2047.88 MiB / 1972.03 MiB

    A: is Removable (No Media)
    C: is Fixed (NTFS) - 19.53 GiB total, 13.84 GiB free.
    D: is Fixed (NTFS) - 105.76 GiB total, 0.52 GiB free.
    F: is Fixed (NTFS) - 92.22 GiB total, 9.97 GiB free.
    G: is Fixed (NTFS) - 128 GiB total, 1.75 GiB free.
    H: is CDROM (CDFS)
    I: is CDROM (CDFS)

    -- Security Center -------------------------------------------------------------

    AUOptions is disabled.
    Windows Internal Firewall is enabled.

    FirstRunDisabled is set.
    AntiVirusDisableNotify is set.
    FirewallDisableNotify is set.
    UpdatesDisableNotify is set.
    AntivirusOverride is set.
    FirewallOverride is set.

    FW: Pare Feu AVG 7.5.469 v7.5.469 (GRISOFT)
    AV: AVG 7.5.472 v7.5.472 (GRISOFT)

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\emule\\eMule.exe"="C:\\Program Files\\emule\\eMule.exe:*:Enabled:eMule.exe"

    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
    APPDATA=C:\Documents and Settings\Chat.XPSP2-0651A64D8\Application Data
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files\Fichiers communs
    COMPUTERNAME=XPSP2-0651A64D8
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Chat.XPSP2-0651A64D8
    LOGONSERVER=\\XPSP2-0651A64D8
    NUMBER_OF_PROCESSORS=1
    OS=Windows_NT
    Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Satsuki Decoder Pack\filtres
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 2, GenuineIntel
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=0102
    ProgramFiles=C:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\CHAT~1.XPS\LOCALS~1\Temp
    TMP=C:\DOCUME~1\CHAT~1.XPS\LOCALS~1\Temp
    USERDOMAIN=XPSP2-0651A64D8
    USERNAME=Chat
    USERPROFILE=C:\Documents and Settings\Chat.XPSP2-0651A64D8
    windir=C:\WINDOWS

    -- User Profiles ---------------------------------------------------------------

    Chat.XPSP2-0651A64D8 [I](admin)[/I]

    -- Add/Remove Programs ---------------------------------------------------------

    --> C:\Program Files\Creative\SBAudigy\Program\Ctzapxx.EXE
    --> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
    --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Creative\SBAudigy\AudioHQ\AudioHQU.isu"
    --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Creative\SBAudigy\Diagnose2.isu"
    --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Creative\SBAudigy\Midi.isu"
    --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Creative\SBAudigy\MiniDisc\MDC.isu"
    --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Creative\SBAudigy\PlayCenter2\Player2.isu"
    --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Creative\SBAudigy\Program\RDefault.isu"
    --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Creative\SBAudigy\Recorder\Recorder.isu"
    --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Creative\SBAudigy\Sound Blaster Audigy Manual\FRENCH\CTManual.isu"
    --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Creative\SBAudigy\SoundFont.isu"
    --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Creative\SBAudigy\SurMix2\SurMix2.isu"
    --> C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Creative\Uninstall\Installer.isu"
    --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\News\CTNews.isu"
    --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\Demo\AUDIGYDEMO.isu"
    --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\QuickStart\QuickStart.isu"
    --> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    --> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    --> C:\WINDOWS\UNRecode.exe /UNINSTALL
    --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"
    a-squared Free 3.0 --> "C:\Program Files\a-squared Free\unins000.exe"
    Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
    Adobe Reader 8 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A80000000002}
    Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
    ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
    AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
    CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
    DVD Audio Extractor 4.2.1 --> "C:\Program Files\DVD Audio Extractor\unins000.exe"
    Gestionnaire Internet --> C:\PROGRA~1\Wanadoo\uninstall.exe
    Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
    J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
    Kaspersky Online Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
    Lexmark 4300 Series --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxceUNST.EXE -NOLICENSE
    Microsoft Office XP Professional avec FrontPage --> MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
    Mozilla Firefox (2.0.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\uninst.exe
    Navigateur Orange --> C:\PROGRA~1\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl
    Nero 7 Essentials --> MsiExec.exe /I{37BA50EE-C851-4394-93DD-A0A611891036}
    PhotoFiltre Studio --> "C:\Program Files\PhotoFiltre Studio\Uninst.exe"
    PokerStars --> C:\Program Files\PokerStars\Uninstall.EXE /u:"PokerStars"
    PowerDVD --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
    PrintMaster --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DD144C1-5EAD-4D55-80A1-ACAF893A4FFE}\setup.exe" anything
    Sound Blaster Audigy --> C:\Program Files\Creative\Uninstall\CTUNINST.EXE /U:UNINST1.INI
    Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    TuneUp Utilities 2007 --> MsiExec.exe /I{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}
    VideoLAN VLC media player 0.8.6a --> C:\Program Files\VideoLAN\VLC\uninstall.exe
    Winamax Poker (remove only) --> "C:\Program Files\WinamaxPoker\uninst.exe"
    Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
    Windows Live Messenger --> MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}

    -- End of Deckard's System Scanner: finished at 2007-06-15 at 19:57:55 ---------
    0
  7. Utilisateur anonyme
     
    pas grand chose !

    Télécharge DiagHelp.zip sur ton bureau
    http://www.malekal.com/download/DiagHelp.zip

    - Fais un clic droit sur le fichier et extraire tout
    - Un nouveau dossier chercher va être créé DiagHelp
    - Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
    - Une fenêtre va s'ouvrir, choisis l'option 1
    - L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
    - A la fin de l'analyse, il te sera redemandé de redémarrer l'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
    - Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
    -- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
    -- A nouveau menu Edition / copier
    -- Dans un nouveau message ici, faire un clic droit / coller
    0
  8. djchat Messages postés 120 Statut Membre 1
     
    Voila:

    DiagHelp version v1.1.1 - http://www.malekal.com
    excute le 15/06/2007 à 20:38:31,96

    Liste des derniers fichies modifies/crees dans windir\system32
    C:\WINDOWS\System32/drivers\avg7core.sys -->27/04/2007 09:05:31
    C:\WINDOWS\System32/drivers\avgmfx86.sys -->26/03/2007 19:05:43
    C:\WINDOWS\System32/drivers\avgclean.sys -->26/03/2007 18:59:47
    C:\WINDOWS\System32/drivers\avgtdi.sys -->26/03/2007 18:59:46
    C:\WINDOWS\System32/drivers\avg7rsxp.sys -->26/03/2007 18:59:46
    C:\WINDOWS\System32/drivers\avg7rsw.sys -->26/03/2007 18:59:45
    C:\WINDOWS\System32/drivers\AvgAsCln.sys -->05/09/2006 18:03:16

    C:\WINDOWS\System32\wpa.dbl -->15/06/2007 19:46:21
    C:\WINDOWS\System32\settingsbkup.sfm -->15/06/2007 19:45:18
    C:\WINDOWS\System32\settings.sfm -->15/06/2007 19:45:18
    C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-0000000B-00001102-00000004-00511102}.dat -->15/06/2007 19:45:18
    C:\WINDOWS\System32\DVCState-{00000002-00000000-0000000B-00001102-00000004-00511102}.dat -->15/06/2007 19:45:18
    C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-0000000B-00001102-00000004-00511102}.rfx -->15/06/2007 19:45:18
    C:\WINDOWS\System32\BMXState-{00000002-00000000-0000000B-00001102-00000004-00511102}.rfx -->15/06/2007 19:45:18
    C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-0000000B-00001102-00000004-00511102}.rfx -->15/06/2007 19:45:18
    C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-0000000B-00001102-00000004-00511102}.rfx -->15/06/2007 19:45:18
    C:\WINDOWS\System32\PerfStringBackup.INI -->13/06/2007 15:37:46
    C:\WINDOWS\System32\perfh00C.dat -->13/06/2007 15:37:46
    C:\WINDOWS\System32\perfh009.dat -->13/06/2007 15:37:46
    C:\WINDOWS\System32\perfc00C.dat -->13/06/2007 15:37:46
    C:\WINDOWS\System32\perfc009.dat -->13/06/2007 15:37:46
    C:\WINDOWS\System32\avgfwafu.dll -->26/04/2007 09:09:46
    C:\WINDOWS\System32\FNTCACHE.DAT -->26/03/2007 19:51:48
    C:\WINDOWS\System32\jupdate-1.5.0_11-b03.log -->21/03/2007 16:07:23
    C:\WINDOWS\System32\Atmfraxx.GID -->01/03/2007 13:46:07
    C:\WINDOWS\System32\satsukidecodersettings.ini -->21/02/2007 23:21:25
    C:\WINDOWS\System32\h323log.txt -->21/02/2007 21:24:44
    C:\WINDOWS\System32\msvcr71.dll -->21/02/2007 21:13:25
    C:\WINDOWS\System32\msvcp71.dll -->21/02/2007 21:13:25
    C:\WINDOWS\System32\ati64hlp.stb -->21/02/2007 21:01:44
    C:\WINDOWS\System32\ati64hl2.stb -->21/02/2007 20:45:15
    C:\WINDOWS\System32\$winnt$.inf -->21/02/2007 20:34:46

    C:\WINDOWS\0.log -->15/06/2007 19:46:44
    C:\WINDOWS\WindowsUpdate.log -->15/06/2007 19:46:43
    C:\WINDOWS\wiadebug.log -->15/06/2007 19:46:43
    C:\WINDOWS\wiaservc.log -->15/06/2007 19:46:41
    C:\WINDOWS\bootstat.dat -->15/06/2007 19:46:19
    C:\WINDOWS\SchedLgU.Txt -->15/06/2007 19:45:16
    C:\WINDOWS\Thumbs.db -->14/06/2007 23:57:17
    C:\WINDOWS\win.ini -->14/06/2007 23:47:49
    C:\WINDOWS\system.ini -->14/06/2007 23:47:49
    C:\WINDOWS\Kit.ini -->14/06/2007 18:32:34
    C:\WINDOWS\NeroDigital.ini -->13/06/2007 16:44:35
    C:\WINDOWS\photos.zip -->09/06/2007 15:44:06
    C:\WINDOWS\{00000002-00000000-0000000B-00001102-00000004-00511102}.CDF -->27/05/2007 09:03:20
    C:\WINDOWS\AviSplitter.INI -->07/05/2007 22:46:26
    C:\WINDOWS\mozver.dat -->06/04/2007 19:13:43

    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 4C78-FD15

    Répertoire de C:\WINDOWS\system32

    19/08/2004 17:09 6 144 csrss.exe
    1 fichier(s) 6 144 octets
    0 Rép(s) 14 843 293 696 octets libres

    Contenu de Downloaded Program Files
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 4C78-FD15

    Répertoire de C:\WINDOWS\Downloaded Program Files

    15/06/2007 19:56 <REP> .
    15/06/2007 19:56 <REP> ..
    21/02/2007 20:29 65 desktop.ini
    14/10/2006 00:16 723 hcImpl.inf
    30/01/2007 17:28 902 jinstall-1_5_0_11.inf
    08/08/2006 11:45 576 kavwebscan.inf
    09/11/2006 15:36 5 019 swflash.inf
    5 fichier(s) 7 285 octets

    Total des fichiers listés :
    5 fichier(s) 7 285 octets
    2 Rép(s) 14 843 289 600 octets libres

    Recherche de rootkit! (Merci S!Ri)

    Recherche d'infections connues

    Export des clefs sensibles..

    Liste des fichiers en exception sur le pare-feu XP SP2

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\emule\\eMule.exe"="C:\\Program Files\\emule\\eMule.exe:*:Enabled:eMule.exe"

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Export de la clef SharedTaskScheduler

    [SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

    Rechercher adresses sensibles dans le fichier HOSTS...
    REGEDIT4

    [taskmgr.exe]

    catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-06-15 20:38:45
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Process list by traversal of KiWaitListHead

    4 - System
    208 - avgemc.exe
    388 - Toaster.exe
    424 - Inactivity.exe
    536 - csrss.exe
    560 - winlogon.exe
    608 - services.exe
    620 - lsass.exe
    772 - svchost.exe
    816 - svchost.exe
    884 - svchost.exe
    996 - avgcc.exe
    1112 - svchost.exe
    1148 - svchost.exe
    1276 - GestionnaireInt
    1316 - explorer.exe
    1348 - PollingModule.e
    1496 - lxcecoms.exe
    1584 - atiptaxx.exe
    1592 - CTNotify.exe
    1672 - TaskBarIcon.exe
    1688 - Mediadet.exe
    1708 - NMBgMonitor.exe
    1744 - ALERTM~1.EXE
    1760 - ComComp.exe
    1816 - NMIndexStoreSvr
    1916 - a2service.exe
    1956 - guard.exe
    1972 - avgamsvr.exe
    2084 - alg.exe
    2440 - Watch.exe
    2960 - msnmsgr.exe
    3076 - IEXPLORE.EXE
    3152 - svchost.exe
    3164 - cmd.exe
    3324 - GoogleToolbarNo
    3400 - usnsvc.exe

    Total number of processes = 37
    NOTE: Under WinXP, this will not show all processes.

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Driver/Module list by traversal of PsLoadedModuleList

    804D7000 - \WINDOWS\system32\ntoskrnl.exe
    806EC000 - \WINDOWS\system32\hal.dll
    F7D2F000 - \WINDOWS\system32\KDCOM.DLL
    F7C3F000 - \WINDOWS\system32\BOOTVID.dll
    F77DF000 - ACPI.sys
    F7D31000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS
    F77CE000 - pci.sys
    F782F000 - isapnp.sys
    F783F000 - ohci1394.sys
    F784F000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS
    F7D33000 - intelide.sys
    F7AAF000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    F785F000 - MountMgr.sys
    F77AF000 - ftdisk.sys
    F7D35000 - dmload.sys
    F7789000 - dmio.sys
    F7AB7000 - PartMgr.sys
    F786F000 - VolSnap.sys
    F7771000 - atapi.sys
    F787F000 - disk.sys
    F788F000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    F7752000 - fltMgr.sys
    F789F000 - PxHelp20.sys
    F773B000 - KSecDD.sys
    F76AE000 - Ntfs.sys
    F7681000 - NDIS.sys
    F7667000 - Mup.sys
    F78AF000 - agp440.sys
    F78DF000 - \SystemRoot\system32\DRIVERS\nic1394.sys
    F797F000 - \SystemRoot\system32\DRIVERS\processr.sys
    F75C1000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys
    F75AD000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    F7B0F000 - \SystemRoot\system32\DRIVERS\RTL8139.SYS
    F749D000 - \SystemRoot\system32\drivers\e10kx2k.sys
    F7479000 - \SystemRoot\system32\drivers\portcls.sys
    F798F000 - \SystemRoot\system32\drivers\drmk.sys
    F7456000 - \SystemRoot\system32\drivers\ks.sys
    F743E000 - \SystemRoot\System32\drivers\ctoss2k.sys
    F7420000 - \SystemRoot\System32\drivers\ctsfm2k.sys
    F7408000 - \SystemRoot\System32\drivers\emupia2k.sys
    F799F000 - \SystemRoot\System32\drivers\ctac32k.sys
    F7D57000 - \SystemRoot\System32\drivers\ctprxy2k.sys
    F7CD7000 - \SystemRoot\system32\DRIVERS\gameenum.sys
    F79AF000 - \SystemRoot\system32\DRIVERS\cdrom.sys
    F79BF000 - \SystemRoot\system32\DRIVERS\redbook.sys
    F79CF000 - \SystemRoot\system32\DRIVERS\imapi.sys
    F7B17000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
    F73E5000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
    F73CD000 - \SystemRoot\system32\drivers\ac97intc.sys
    F7B1F000 - \SystemRoot\system32\DRIVERS\fdc.sys
    F73BC000 - \SystemRoot\system32\DRIVERS\serial.sys
    F7CE3000 - \SystemRoot\system32\DRIVERS\serenum.sys
    F73A8000 - \SystemRoot\system32\DRIVERS\parport.sys
    F79DF000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
    F7B27000 - \SystemRoot\system32\DRIVERS\mouclass.sys
    F7B2F000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
    F7F72000 - \SystemRoot\system32\DRIVERS\audstub.sys
    F79EF000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
    F7CE7000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
    F7391000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
    F79FF000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
    F7A0F000 - \SystemRoot\system32\DRIVERS\raspptp.sys
    F7B37000 - \SystemRoot\system32\DRIVERS\TDI.SYS
    F72E0000 - \SystemRoot\system32\DRIVERS\psched.sys
    F7A1F000 - \SystemRoot\system32\DRIVERS\msgpc.sys
    F7B3F000 - \SystemRoot\system32\DRIVERS\ptilink.sys
    F7B47000 - \SystemRoot\system32\DRIVERS\raspti.sys
    F72AF000 - \SystemRoot\system32\DRIVERS\rdpdr.sys
    F7A2F000 - \SystemRoot\system32\DRIVERS\termdd.sys
    F7D59000 - \SystemRoot\system32\DRIVERS\swenum.sys
    F7253000 - \SystemRoot\system32\DRIVERS\update.sys
    F7CFF000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
    F7A6F000 - \SystemRoot\System32\Drivers\NDProxy.SYS
    F7A7F000 - \SystemRoot\system32\DRIVERS\usbhub.sys
    F7D5B000 - \SystemRoot\system32\DRIVERS\USBD.SYS
    F7B4F000 - \SystemRoot\system32\DRIVERS\flpydisk.sys
    F7D5D000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
    F7F07000 - \SystemRoot\System32\Drivers\Null.SYS
    F7D5F000 - \SystemRoot\System32\Drivers\Beep.SYS
    F7F09000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys
    F7F0A000 - \SystemRoot\System32\Drivers\avgclean.sys
    F7B5F000 - \SystemRoot\System32\drivers\vga.sys
    F7D61000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
    F7B67000 - \SystemRoot\System32\Drivers\Msfs.SYS
    F7B6F000 - \SystemRoot\System32\Drivers\Npfs.SYS
    F7643000 - \SystemRoot\system32\DRIVERS\rasacd.sys
    EED87000 - \SystemRoot\system32\DRIVERS\ipsec.sys
    EED2F000 - \SystemRoot\system32\DRIVERS\tcpip.sys
    EED07000 - \SystemRoot\system32\DRIVERS\netbt.sys
    EECE5000 - \SystemRoot\System32\drivers\afd.sys
    F7A9F000 - \SystemRoot\system32\DRIVERS\netbios.sys
    EEC1A000 - \SystemRoot\system32\DRIVERS\rdbss.sys
    EEBAB000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
    F78EF000 - \SystemRoot\System32\Drivers\Fips.SYS
    EEB8A000 - \SystemRoot\system32\DRIVERS\ipnat.sys
    F78FF000 - \SystemRoot\system32\DRIVERS\wanarp.sys
    F790F000 - \SystemRoot\system32\DRIVERS\arp1394.sys
    EE8FE000 - \SystemRoot\System32\Drivers\avg7core.sys
    F7D65000 - \SystemRoot\System32\Drivers\avg7rsw.sys
    F7B87000 - \SystemRoot\System32\Drivers\avg7rsxp.sys
    EE8DB000 - \SystemRoot\System32\Drivers\Fastfat.SYS
    F791F000 - \SystemRoot\System32\Drivers\Cdfs.SYS
    F7EAF000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
    EE8C3000 - \SystemRoot\System32\Drivers\dump_atapi.sys
    F7D6B000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    BF800000 - \SystemRoot\System32\win32k.sys
    F72A7000 - \SystemRoot\System32\drivers\Dxapi.sys
    F7B97000 - \SystemRoot\System32\watchdog.sys
    BF9C2000 - \SystemRoot\System32\drivers\dxg.sys
    F7E52000 - \SystemRoot\System32\drivers\dxgthk.sys
    BF9D4000 - \SystemRoot\System32\ati2dvag.dll
    BFA08000 - \SystemRoot\System32\ati3d1ag.dll
    B6F08000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
    B6C7B000 - \SystemRoot\system32\drivers\wdmaud.sys
    B6DB8000 - \SystemRoot\system32\drivers\sysaudio.sys
    F7D45000 - \SystemRoot\System32\Drivers\ParVdm.SYS
    F7D75000 - \SystemRoot\System32\Drivers\avgtdi.sys
    B692E000 - \SystemRoot\system32\DRIVERS\ipfltdrv.sys
    B67CC000 - \SystemRoot\system32\DRIVERS\srv.sys
    F7D81000 - \??\C:\WINDOWS\system32\PfModNT.sys
    B6493000 - \SystemRoot\System32\Drivers\HTTP.sys
    B6045000 - \SystemRoot\system32\DRIVERS\sr.sys
    B62D3000 - \??\C:\WINDOWS\system32\PCANDIS5.SYS
    F7F26000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

    Total number of drivers = 124

    Liste des programmes installes

    7-Zip 4.42
    a-squared Free 3.0
    Adobe Flash Player 9 ActiveX
    Adobe Reader 8 - Français
    Archiveur WinRAR
    ATI Display Driver
    AVG 7.5
    AVG Anti-Spyware 7.5
    CCleaner (remove only)
    DVD Audio Extractor 4.2.1
    Gestionnaire Internet
    Google Toolbar for Internet Explorer
    J2SE Runtime Environment 5.0 Update 11
    Kaspersky Online Scanner
    Lexmark 4300 Series
    LightScribe 1.4.124.1
    Microsoft Office XP Professional avec FrontPage
    Mozilla Firefox (2.0.0.1)
    Navigateur Orange
    Nero 7 Essentials
    PhotoFiltre Studio
    PokerStars
    PowerDVD
    PrintMaster
    Sound Blaster Audigy
    Spybot - Search & Destroy 1.4
    TuneUp Utilities 2007
    VideoLAN VLC media player 0.8.6a
    WebFldrs XP
    Winamax Poker (remove only)
    Winamp (remove only)
    Windows Live Messenger

    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 4C78-FD15

    Répertoire de C:\Program Files

    15/06/2007 00:58 <REP> .
    15/06/2007 00:58 <REP> ..
    19/05/2007 08:33 <REP> 7-Zip
    21/02/2007 18:07 <REP> Abbyy FineReader 6.0 Sprint
    23/04/2007 21:29 <REP> Adobe
    14/06/2007 21:33 <REP> a-squared Free
    21/02/2007 17:43 <REP> ATI Multimedia
    26/03/2007 19:48 <REP> Broderbund
    15/06/2007 00:58 <REP> CCleaner
    21/02/2007 17:33 <REP> ComPlus Applications
    21/02/2007 20:49 <REP> Creative
    21/02/2007 18:13 <REP> CyberLink
    06/03/2007 01:52 <REP> DVD Audio Extractor
    15/06/2007 20:15 <REP> emule
    08/06/2007 08:33 <REP> Everest Poker
    14/03/2007 17:54 <REP> fabamusic
    13/06/2007 15:36 <REP> Fichiers communs
    21/02/2007 22:20 <REP> Google
    21/02/2007 21:25 <REP> Grisoft
    14/06/2007 23:53 <REP> Internet Explorer
    13/06/2007 15:36 <REP> Inventel
    21/03/2007 16:07 <REP> Java
    21/02/2007 18:23 <REP> Lexmark 4300 Series
    21/02/2007 18:07 <REP> Lexmark Fax Solutions
    31/05/2007 18:15 <REP> Lx_cats
    21/02/2007 17:40 <REP> Messenger
    21/02/2007 17:36 <REP> microsoft frontpage
    21/02/2007 21:54 <REP> Microsoft Office
    21/02/2007 20:28 <REP> Movie Maker
    06/06/2007 22:59 <REP> Mozilla Firefox
    21/02/2007 17:33 <REP> MSN
    21/02/2007 20:31 <REP> msn gaming zone
    25/05/2007 00:27 <REP> MSN Messenger
    21/02/2007 18:16 <REP> Nero
    21/02/2007 17:34 <REP> NetMeeting
    21/02/2007 20:34 <REP> Outlook Express
    24/02/2007 15:29 <REP> PhotoFiltre Studio
    10/04/2007 20:47 <REP> PokerStars
    21/02/2007 23:21 <REP> Satsuki Decoder Pack
    21/02/2007 21:15 <REP> Securitoo
    21/02/2007 17:33 <REP> Services en ligne
    21/02/2007 21:34 <REP> Spybot - Search & Destroy
    18/04/2007 20:57 <REP> TuneUp Utilities 2007
    21/02/2007 23:20 <REP> VideoLAN
    15/06/2007 19:59 <REP> Wanadoo
    03/04/2007 22:48 <REP> WinamaxPoker
    21/02/2007 21:29 <REP> Winamp
    21/02/2007 20:31 <REP> Windows Media Player
    21/02/2007 20:35 <REP> Windows NT
    21/02/2007 21:12 <REP> WinRAR
    21/02/2007 17:36 <REP> xerox
    0 fichier(s) 0 octets
    51 Rép(s) 14 842 953 728 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 4C78-FD15

    Répertoire de C:\Program Files\fichiers communs

    13/06/2007 15:36 <REP> .
    13/06/2007 15:36 <REP> ..
    23/04/2007 21:29 <REP> Adobe
    21/02/2007 18:19 <REP> Ahead
    26/03/2007 19:47 <REP> Broderbund
    21/02/2007 21:54 <REP> Designer
    13/06/2007 15:36 278 528 FDEUnInstaller.exe
    21/02/2007 17:43 <REP> InstallShield
    21/03/2007 16:06 <REP> Java
    22/02/2007 16:11 <REP> LightScribe
    25/05/2007 00:26 <REP> Microsoft Shared
    21/02/2007 17:34 <REP> MSSoap
    21/02/2007 17:27 <REP> ODBC
    03/04/2007 23:17 <REP> PokerStars.com
    21/02/2007 20:28 <REP> Services
    21/02/2007 17:27 <REP> SpeechEngines
    21/02/2007 21:54 <REP> System
    22/02/2007 00:47 <REP> Wise Installation Wizard
    1 fichier(s) 278 528 octets
    17 Rép(s) 14 842 953 728 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 4C78-FD15

    Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

    21/02/2007 20:37 <REP> .
    21/02/2007 20:37 <REP> ..
    21/02/2007 21:54 <REP> 1033
    21/02/2007 21:54 <REP> 1036
    15/02/2001 06:45 1 318 912 MSONSEXT.DLL
    13/02/2001 09:23 58 784 MSOSV.DLL
    03/06/1999 15:09 122 937 MSOWS409.DLL
    07/03/2001 10:00 127 033 MSOWS40c.DLL
    06/08/2000 10:04 401 462 MSVCP60.DLL
    22/01/2001 04:25 69 632 PKMAXCTL.DLL
    22/01/2001 04:25 872 448 PKMCDO.DLL
    22/01/2001 04:25 159 744 PKMCORE.DLL
    07/02/2001 10:59 106 496 PKMFORMS.DLL
    12/02/2001 05:03 684 032 PKMRES.DLL
    22/01/2001 04:25 28 672 PKMSSTLB.DLL
    22/01/2001 04:25 40 960 PKMTEMPL.DLL
    22/01/2001 04:25 24 576 PKMTRACE.DLL
    22/01/2001 04:25 86 016 PKMWS.DLL
    22/01/2001 04:25 237 568 PROMDEMO.DLL
    22/01/2001 04:25 184 320 SECMGR.DLL
    22/01/2001 04:25 323 584 VAIDDMGR.DLL
    22/01/2001 04:25 32 768 VAIMEM.DLL
    18 fichier(s) 4 879 944 octets
    4 Rép(s) 14 842 953 728 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 4C78-FD15

    Répertoire de C:\

    12/05/2007 18:22 68 096 diff.exe
    12/05/2007 18:22 103 424 grep.exe
    2 fichier(s) 171 520 octets
    0 Rép(s) 14 842 953 728 octets libres
    c:\Documents and Settings\Chat.XPSP2-0651A64D8\.housecall6.6\patch.exe
    c:\Documents and Settings\Chat.XPSP2-0651A64D8\.housecall6.6\tsc.exe
    c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\abcde.exe
    c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\dss.exe
    c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\abcde.exe\HiJackThis_v2.exe
    c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\DiagHelp\catchme.exe
    c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\DiagHelp\diff.exe
    c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\DiagHelp\dumphive.exe
    c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\DiagHelp\FilesInfoCmd.exe
    c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\DiagHelp\find2.exe
    c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\DiagHelp\Fport.exe
    c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\DiagHelp\grep.exe
    c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\DiagHelp\KProcCheck.exe
    c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\DiagHelp\LFiles.exe
    c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\DiagHelp\LISTDLLS.exe
    c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\DiagHelp\pslist.exe
    c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\DiagHelp\streams.exe
    c:\Documents and Settings\Chat.XPSP2-0651A64D8\Bureau\DiagHelp\swreg.exe
    c:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll
    c:\Documents and Settings\All Users.WINDOWS\Application Data\Broderbund Software\Print\PretzlDn.dll
    c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
    c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
    c:\Documents and Settings\All Users.WINDOWS\Application Data\Nero\DrWeb\Drweb32.dll
    c:\Documents and Settings\Chat.XPSP2-0651A64D8\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll

    ****** Fin du rapport DiagHelp
    0
  9. Utilisateur anonyme
     
    Supprime celui-la :  C:\WINDOWS\photos.zip

    Rends toi sur se site
    http://www.virustotal.com/en/virustotalx.html

    En haut à droite clic sur "choisir"
    Tu vas dans C:, windows, system32 tu cherches le processus ci-dessous et tu clic sur "ouvrir"

    C:\Program Files\fichiers communs\FDEUnInstaller.exe

    dès que c'est fait, clic sur "send"
    Tu attends un peu qu'il analyse ton fichier ça peut duré plusieurs minutes et colle le rapport ici une fois qu'il a terminé stp
    0
  10. djchat Messages postés 120 Statut Membre 1
     
    Il y a pas de bloc note qui c'est ouvert comme les autres soft, donc je supose qu'il faut que je te fasse un copier coller...

    STATUS: FINISHEDComplete scanning result of "FDEUnInstaller.exe", received in VirusTotal at 06.16.2007, 02:59:21 (CET).

    Antivirus Version Update Result
    AhnLab-V3 2007.6.16.0 06.15.2007 no virus found
    AntiVir 7.4.0.32 06.15.2007 no virus found
    Authentium 4.93.8 06.16.2007 no virus found
    Avast 4.7.997.0 06.15.2007 no virus found
    AVG 7.5.0.467 06.15.2007 no virus found
    BitDefender 7.2 06.16.2007 no virus found
    CAT-QuickHeal 9.00 06.15.2007 no virus found
    ClamAV devel-20070416 06.16.2007 no virus found
    DrWeb 4.33 06.15.2007 no virus found
    eSafe 7.0.15.0 06.14.2007 no virus found
    eTrust-Vet 30.7.3721 06.15.2007 no virus found
    Ewido 4.0 06.15.2007 no virus found
    FileAdvisor 1 06.16.2007 Not analyzed yet
    Fortinet 2.85.0.0 06.15.2007 no virus found
    F-Prot 4.3.2.48 06.15.2007 no virus found
    F-Secure 6.70.13030.0 06.15.2007 no virus found
    Ikarus T3.1.1.8 06.15.2007 no virus found
    Kaspersky 4.0.2.24 06.16.2007 no virus found
    McAfee 5054 06.15.2007 no virus found
    Microsoft 1.2607 06.16.2007 no virus found
    NOD32v2 2334 06.15.2007 no virus found
    Norman 5.80.02 06.15.2007 no virus found
    Panda 9.0.0.4 06.16.2007 no virus found
    Prevx1 V2 06.16.2007 no virus found
    Sophos 4.18.0 06.12.2007 no virus found
    Sunbelt 2.2.907.0 06.14.2007 no virus found
    Symantec 10 06.16.2007 no virus found
    TheHacker 6.1.6.133 06.15.2007 no virus found
    VBA32 3.12.0.2 06.15.2007 no virus found
    VirusBuster 4.3.23:9 06.15.2007 no virus found
    Webwasher-Gateway 6.0.1 06.15.2007 no virus found

    Aditional Information
    File size: 278528 bytes
    MD5: 9ccdbc6c324cbbacd2f395004e653018
    SHA1: 5cc75dcc90405dcc5e84d35c84948b1da7271c3a
    Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=9ccdbc6c324cbbacd2f395004e653018
    0
  11. djchat Messages postés 120 Statut Membre 1
     
    Ben comme j'l'ai dit plus haut, j'ai fait un scan en ligne et il decouvert un trojan nommé plus haut et en plus depuis il me desactive mon pare feu et mon anti-spyware....

    J'vais refaire un scan en ligne pour etre sur qu'il y est encore, mais en tout cas mon systeme niveau pare-feu et antispyware ne fonctionne pas corectement...
    0
  12. Utilisateur anonyme
     
    Donne moi l'emplacement où est situé ton virus alors ça m'aidera..

    ***
    ¤ Télécharge ce programme puis double clic dessus (ferme ton antivirus s'il te détecte quoi que ce soit)
    http://www.suspectfile.com/systemscan/

    * Coche uniquement ces cases, décoche tout le reste :

    - Recent Files, 60 days

    Puis clic sur scan now, soit patient.
    Une fois qu'il aura terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.
    0