Fenêtre pub intempestives
Résolu/Fermé
mel64
-
30 avril 2008 à 14:53
mel64 Messages postés 12 Date d'inscription mercredi 30 avril 2008 Statut Membre Dernière intervention 4 mai 2008 - 4 mai 2008 à 21:18
mel64 Messages postés 12 Date d'inscription mercredi 30 avril 2008 Statut Membre Dernière intervention 4 mai 2008 - 4 mai 2008 à 21:18
A voir également:
- Fenêtre pub intempestives
- Bloqueur de pub youtube - Accueil - Streaming
- Youtube sans pub - Accueil - Streaming
- Netflix avec pub avis - Accueil - Streaming
- YT Siphon : une extension pour contourner la pub sur YouTube - Accueil - Streaming
- Stop pub gratuit - Télécharger - Divers Utilitaires
14 réponses
dou-l
Messages postés
2860
Date d'inscription
vendredi 29 février 2008
Statut
Membre
Dernière intervention
29 décembre 2012
61
30 avril 2008 à 15:02
30 avril 2008 à 15:02
Faudrait que tu post le rapport non ?
Quels genres de problèmes ?
++
Quels genres de problèmes ?
++
dou-l
Messages postés
2860
Date d'inscription
vendredi 29 février 2008
Statut
Membre
Dernière intervention
29 décembre 2012
61
30 avril 2008 à 15:16
30 avril 2008 à 15:16
ok il a instaler un truc en particulier demande lui stp
Télécharge sur le bureau hijackthis
Fait un clic droit sur l'icone hijackthis.
/!\Renome hijackthis en skim.exe ( a le place de hijacktihs.exe) c'est important!!/!\
*Après avoir fais ca double-clic dessus.
*Clic sur Do a system scan and save the log
*A la fin de l'analyse un rapport va etre générer colle le ici.
Une démo d'hijackthis
Télécharge sur le bureau hijackthis
Fait un clic droit sur l'icone hijackthis.
/!\Renome hijackthis en skim.exe ( a le place de hijacktihs.exe) c'est important!!/!\
*Après avoir fais ca double-clic dessus.
*Clic sur Do a system scan and save the log
*A la fin de l'analyse un rapport va etre générer colle le ici.
Une démo d'hijackthis
mel64
Messages postés
12
Date d'inscription
mercredi 30 avril 2008
Statut
Membre
Dernière intervention
4 mai 2008
30 avril 2008 à 15:35
30 avril 2008 à 15:35
L\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [TrayMin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_SAC.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Bits peak locks body] C:\Documents and Settings\All Users\Application Data\Noun Love Bits Peak\Pile Blue.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S61.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Glue Trans] C:\DOCUME~1\JEANYV~1\APPLIC~1\PLATFO~1\Forkeqnoun.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - https://www.epson.eu/support/
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-87e6280cf93fc21a.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.nordnet.com/securite
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{89970AF4-B2EF-48C3-A344-EB35EF136E5B}: NameServer = 81.253.149.9 80.10.246.132
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O24 - Desktop Component 0: (no name) - http://poesie.webnet.fr/poemes/France/sand/2.html#
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [TrayMin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_SAC.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Bits peak locks body] C:\Documents and Settings\All Users\Application Data\Noun Love Bits Peak\Pile Blue.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S61.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Glue Trans] C:\DOCUME~1\JEANYV~1\APPLIC~1\PLATFO~1\Forkeqnoun.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - https://www.epson.eu/support/
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-87e6280cf93fc21a.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.nordnet.com/securite
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{89970AF4-B2EF-48C3-A344-EB35EF136E5B}: NameServer = 81.253.149.9 80.10.246.132
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O24 - Desktop Component 0: (no name) - http://poesie.webnet.fr/poemes/France/sand/2.html#
dou-l
Messages postés
2860
Date d'inscription
vendredi 29 février 2008
Statut
Membre
Dernière intervention
29 décembre 2012
61
30 avril 2008 à 15:37
30 avril 2008 à 15:37
le rapport hijakcthis est mal copie copie le entierement stp
mel64
Messages postés
12
Date d'inscription
mercredi 30 avril 2008
Statut
Membre
Dernière intervention
4 mai 2008
30 avril 2008 à 16:04
30 avril 2008 à 16:04
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:46:49, on 30/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\WINDOWS\System32\drivers\Tray900.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [TrayMin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_SAC.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Bits peak locks body] C:\Documents and Settings\All Users\Application Data\Noun Love Bits Peak\Pile Blue.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S61.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Glue Trans] C:\DOCUME~1\JEANYV~1\APPLIC~1\PLATFO~1\Forkeqnoun.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - https://www.epson.eu/support/
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-87e6280cf93fc21a.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.nordnet.com/securite
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{89970AF4-B2EF-48C3-A344-EB35EF136E5B}: NameServer = 81.253.149.9 80.10.246.132
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O24 - Desktop Component 0: (no name) - http://poesie.webnet.fr/poemes/France/sand/2.html#
Scan saved at 15:46:49, on 30/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\WINDOWS\System32\drivers\Tray900.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [TrayMin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_SAC.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Bits peak locks body] C:\Documents and Settings\All Users\Application Data\Noun Love Bits Peak\Pile Blue.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S61.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Glue Trans] C:\DOCUME~1\JEANYV~1\APPLIC~1\PLATFO~1\Forkeqnoun.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - https://www.epson.eu/support/
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-87e6280cf93fc21a.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.nordnet.com/securite
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{89970AF4-B2EF-48C3-A344-EB35EF136E5B}: NameServer = 81.253.149.9 80.10.246.132
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O24 - Desktop Component 0: (no name) - http://poesie.webnet.fr/poemes/France/sand/2.html#
dou-l
Messages postés
2860
Date d'inscription
vendredi 29 février 2008
Statut
Membre
Dernière intervention
29 décembre 2012
61
30 avril 2008 à 16:09
30 avril 2008 à 16:09
Rends toi sur ce site :
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ces fichier:
C:\Documents and Settings\All Users\Application Data\Noun Love Bits Peak\Pile Blue.exe
C:\DOCUME~1\JEANYV~1\APPLIC~1\PLATFO~1\Forkeqnoun.exe
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre le nom du fichier.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
https://www.virustotal.com/gui/
Clique sur parcourir et cherche ces fichier:
C:\Documents and Settings\All Users\Application Data\Noun Love Bits Peak\Pile Blue.exe
C:\DOCUME~1\JEANYV~1\APPLIC~1\PLATFO~1\Forkeqnoun.exe
Un rapport va s'élaborer ligne à ligne.
Attends la fin. Il doit comprendre le nom du fichier.
Sauvegarde le rapport avec le bloc-note.
Copie le dans ta réponse.
mel64
Messages postés
12
Date d'inscription
mercredi 30 avril 2008
Statut
Membre
Dernière intervention
4 mai 2008
30 avril 2008 à 16:34
30 avril 2008 à 16:34
Je suis désolée mais je ne trouve pas dans le fichier ALL USERS le fichier Application Data
dans ce fichier j'ai le BUREAU; DOCUMENT PARTAGES ; FAVORIS ; MENU DEMARRER
dans ce fichier j'ai le BUREAU; DOCUMENT PARTAGES ; FAVORIS ; MENU DEMARRER
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
dou-l
Messages postés
2860
Date d'inscription
vendredi 29 février 2008
Statut
Membre
Dernière intervention
29 décembre 2012
61
30 avril 2008 à 16:36
30 avril 2008 à 16:36
tu connait noun love bits peak ??
mel64
Messages postés
12
Date d'inscription
mercredi 30 avril 2008
Statut
Membre
Dernière intervention
4 mai 2008
30 avril 2008 à 16:39
30 avril 2008 à 16:39
NON je ne connais pas du tout
dou-l
Messages postés
2860
Date d'inscription
vendredi 29 février 2008
Statut
Membre
Dernière intervention
29 décembre 2012
61
30 avril 2008 à 16:40
30 avril 2008 à 16:40
ok on le vire alors
télécharge OTMoveIt OTMoveit sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
CITATION
C:\Documents and Settings\All Users\Application Data\Noun Love Bits Peak\Pile Blue.exe
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
télécharge OTMoveIt OTMoveit sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
CITATION
C:\Documents and Settings\All Users\Application Data\Noun Love Bits Peak\Pile Blue.exe
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
mel64
Messages postés
12
Date d'inscription
mercredi 30 avril 2008
Statut
Membre
Dernière intervention
4 mai 2008
30 avril 2008 à 17:02
30 avril 2008 à 17:02
File/Folder C:\Documents and Settings\All Users\Application Data\Noun Love Bits Peak\Pile Blue.exe not found.
Created on 04/30/2008 16:59:13
Created on 04/30/2008 16:59:13
dou-l
Messages postés
2860
Date d'inscription
vendredi 29 février 2008
Statut
Membre
Dernière intervention
29 décembre 2012
61
30 avril 2008 à 17:07
30 avril 2008 à 17:07
recommence avec ca
C:\Documents and Settings\All Users\Application Data\Noun Love Bits Peak\PileBlue.exe
C:\Documents and Settings\All Users\Application Data\Noun Love Bits Peak\PileBlue.exe
mel64
Messages postés
12
Date d'inscription
mercredi 30 avril 2008
Statut
Membre
Dernière intervention
4 mai 2008
30 avril 2008 à 17:12
30 avril 2008 à 17:12
j'ai la même réponse
File/Folder C:\Documents and Settings\All Users\Application Data\Noun Love Bits Peak\PileBlue.exe not found.
Created on 04/30/2008 17:11:50
POURTANT QUAND JE VAIS DANS LE FICHIER C/otMOTEIT/MOVEDFILES/DOCUMENT ANS SETTING/ALL USERS/DATA APPLICATION/NOUN LOVE BITS PEAK/ PILEBLUE.EXE
LE FICHIER PILE BLUE y est et la date de création est le 27/04/2008
File/Folder C:\Documents and Settings\All Users\Application Data\Noun Love Bits Peak\PileBlue.exe not found.
Created on 04/30/2008 17:11:50
POURTANT QUAND JE VAIS DANS LE FICHIER C/otMOTEIT/MOVEDFILES/DOCUMENT ANS SETTING/ALL USERS/DATA APPLICATION/NOUN LOVE BITS PEAK/ PILEBLUE.EXE
LE FICHIER PILE BLUE y est et la date de création est le 27/04/2008
dou-l
Messages postés
2860
Date d'inscription
vendredi 29 février 2008
Statut
Membre
Dernière intervention
29 décembre 2012
61
30 avril 2008 à 17:17
30 avril 2008 à 17:17
1) Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.
2) Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau à partir de ce lien :
https://www.malwarebytes.com/
3) A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.
4) Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.
5) Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.
6) MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :
7) Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.
8) MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.
9) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.
10) Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
11) MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)
12) Ferme MBAM en cliquant sur Quitter.
13) Poste le rapport dans ta réponse
2) Télécharge Malwarebytes' Anti-Malware (MBAM) et enregistre le sur ton Bureau à partir de ce lien :
https://www.malwarebytes.com/
3) A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.
4) Double-clique sur l'icône Download_mbam-setup.exe sur ton bureau pour démarrer le programme d'installation.
5) Pendant l'installation, suis les indications (en particulier le choix de la langue et l'autorisation d'accession à Internet). N'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.
6) MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue. La fenêtre principale de MBAM s'affiche :
7) Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.
8) MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.
9) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.
10) Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
11) MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)
12) Ferme MBAM en cliquant sur Quitter.
13) Poste le rapport dans ta réponse
mel64
Messages postés
12
Date d'inscription
mercredi 30 avril 2008
Statut
Membre
Dernière intervention
4 mai 2008
30 avril 2008 à 19:29
30 avril 2008 à 19:29
Malwarebytes' Anti-Malware 1.11
Version de la base de données: 702
Type de recherche: Examen complet (C:\|K:\|)
Eléments examinés: 156644
Temps écoulé: 1 hour(s), 29 minute(s), 51 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
J'ai mon anti-virus qui m'a envoyé deux messages
1)en cours d'analyse j'ai eu : la protection virus et spyware a détecté Adware Sweetbar undefined sur votre ordinateur dois-je le mettre en quarantaire ?
2)a la fin de l'analyse j'ai eu : MODIFICATION DU SYSTEME DETECTEE
Le contrôle du système a détecté une tentative d'association des fichiers.reg à l'application regedit.exe %1% que dois je faire? autoriser cette modification ou bloquer cette modification
Merci pour tout
Version de la base de données: 702
Type de recherche: Examen complet (C:\|K:\|)
Eléments examinés: 156644
Temps écoulé: 1 hour(s), 29 minute(s), 51 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.mysearchnow.com (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
J'ai mon anti-virus qui m'a envoyé deux messages
1)en cours d'analyse j'ai eu : la protection virus et spyware a détecté Adware Sweetbar undefined sur votre ordinateur dois-je le mettre en quarantaire ?
2)a la fin de l'analyse j'ai eu : MODIFICATION DU SYSTEME DETECTEE
Le contrôle du système a détecté une tentative d'association des fichiers.reg à l'application regedit.exe %1% que dois je faire? autoriser cette modification ou bloquer cette modification
Merci pour tout
dou-l
Messages postés
2860
Date d'inscription
vendredi 29 février 2008
Statut
Membre
Dernière intervention
29 décembre 2012
61
30 avril 2008 à 19:32
30 avril 2008 à 19:32
refuse
recolle un hijack stp
recolle un hijack stp
mel64
Messages postés
12
Date d'inscription
mercredi 30 avril 2008
Statut
Membre
Dernière intervention
4 mai 2008
30 avril 2008 à 19:38
30 avril 2008 à 19:38
je fais rien pour la mise en quarantaine et je bloque la modification
c'est ça ?
c'est ça ?
dou-l
Messages postés
2860
Date d'inscription
vendredi 29 février 2008
Statut
Membre
Dernière intervention
29 décembre 2012
61
30 avril 2008 à 19:39
30 avril 2008 à 19:39
met le en quarantaine et refuse et refé un hijack stp
mel64
Messages postés
12
Date d'inscription
mercredi 30 avril 2008
Statut
Membre
Dernière intervention
4 mai 2008
30 avril 2008 à 19:42
30 avril 2008 à 19:42
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:39:39, on 30/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\WINDOWS\System32\drivers\Tray900.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [TrayMin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_SAC.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Bits peak locks body] C:\Documents and Settings\All Users\Application Data\Noun Love Bits Peak\Pile Blue.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S61.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Glue Trans] C:\DOCUME~1\JEANYV~1\APPLIC~1\PLATFO~1\Forkeqnoun.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - https://www.epson.eu/support/
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-87e6280cf93fc21a.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.nordnet.com/securite
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{89970AF4-B2EF-48C3-A344-EB35EF136E5B}: NameServer = 80.10.246.130 81.253.149.10
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O24 - Desktop Component 0: (no name) - http://poesie.webnet.fr/poemes/France/sand/2.html#
Scan saved at 19:39:39, on 30/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\WINDOWS\System32\drivers\Tray900.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Muscbrigade] c:\Musicbrigade\Musicbrigade.exe check
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [PhiBtn] %SystemRoot%\System32\drivers\PhiBtn.exe
O4 - HKLM\..\Run: [TrayMin900] %SystemRoot%\System32\drivers\Tray900.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_SAC.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Bits peak locks body] C:\Documents and Settings\All Users\Application Data\Noun Love Bits Peak\Pile Blue.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S61.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Glue Trans] C:\DOCUME~1\JEANYV~1\APPLIC~1\PLATFO~1\Forkeqnoun.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Antivirus Firewall.lnk = C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\AntivirusFirewall\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - https://www.epson.eu/support/
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-87e6280cf93fc21a.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - https://www.nordnet.com/securite
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{89970AF4-B2EF-48C3-A344-EB35EF136E5B}: NameServer = 80.10.246.130 81.253.149.10
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Antivirus Firewall (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Control Parental (OPTENET_FILTER) - Contrôle Parental - C:\Program Files\Controle Parental\bin\optproxy.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Service Messenger Sharing Folders USN Journal Reader (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O24 - Desktop Component 0: (no name) - http://poesie.webnet.fr/poemes/France/sand/2.html#
dou-l
Messages postés
2860
Date d'inscription
vendredi 29 février 2008
Statut
Membre
Dernière intervention
29 décembre 2012
61
30 avril 2008 à 19:44
30 avril 2008 à 19:44
j'analyse et je revien ^^
mel64
Messages postés
12
Date d'inscription
mercredi 30 avril 2008
Statut
Membre
Dernière intervention
4 mai 2008
1 mai 2008 à 20:34
1 mai 2008 à 20:34
Bonsoir
Je tiens à t'informer que je n'ai plus de fenetres de pub qui apparaissent lorsque je suis sur le net.
Merci beaucoup d'avoir pris du temps pour m'aider.
Aujourd'hui, j'ai installé SPYBOT et fait une analyse et il m'a trouvé trois problèmes. Que dois-je faire ?
Et encore merci
--- Search result list ---
FunWebProducts: [SBI $7D9D33B1] Fichier de configuration (Fichier, nothing done)
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
Microsoft.Windows.Security.InternetExplorer: [SBI $A3433CBF] Réglages (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-3170308123-602024452-957631965-1006\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe
MediaPlex: Cookie traceur (Internet Explorer: JEAN YVES) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-05-01 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-04-16 Includes\Adware.sbi (*)
2008-04-30 Includes\AdwareC.sbi (*)
2008-04-30 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-04-30 Includes\DialerC.sbi (*)
2008-04-30 Includes\HeavyDuty.sbi (*)
2008-04-30 Includes\Hijackers.sbi (*)
2008-04-30 Includes\HijackersC.sbi (*)
2008-04-30 Includes\Keyloggers.sbi (*)
2008-04-30 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-04-22 Includes\Malware.sbi (*)
2008-04-30 Includes\MalwareC.sbi (*)
2008-03-26 Includes\PUPS.sbi (*)
2008-04-30 Includes\PUPSC.sbi (*)
2008-04-30 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-04-30 Includes\SecurityC.sbi (*)
2008-04-16 Includes\Spybots.sbi (*)
2008-04-30 Includes\SpybotsC.sbi (*)
2008-04-16 Includes\Spyware.sbi (*)
2008-04-30 Includes\SpywareC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-04-30 Includes\Trojans.sbi (*)
2008-04-30 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB887998)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB930494)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Media Center 2005 / SP4: Correctif n° 2 pour Windows XP Édition Media Center 2005
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit https://support.microsoft.com/en-us/help/917283/ms06-033-a-vulnerability-in-asp-net-could-allow-information-disclosure
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit https://support.microsoft.com/en-us/help/922770
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit https://support.microsoft.com/en-us/help/928365/description-of-the-security-update-for-the-net-framework-2-0-for-windo
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 10: Mise à jour pour Lecteur Windows Media 10 (KB913800)
/ Windows Media Player 10: Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)
/ Windows Media Player 10: Mise à jour pour Lecteur Windows Media 10 (KB926251)
/ Windows Media Player 11: Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
/ Windows Media Player 11: Correctif pour Lecteur Windows Media 11 (KB939683)
/ Windows Media Player 6.4: Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0
--- Startup entries list ---
Located: HK_LM:Run, adiras
command: adiras.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Adobe Photo Downloader
command: "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
file: C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
size: 63712
MD5: 831FB892A5A5F28BB69DE0AB77FA7281
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 8B9145D229D4E89D15ACB820D4A3A90F
Located: HK_LM:Run, Alcmtr
command: ALCMTR.EXE
file: C:\WINDOWS\ALCMTR.EXE
size: 69632
MD5: 8B4CBBA1EA526830C7F97E7822E2493A
Located: HK_LM:Run, AlwaysReady Power Message APP
command: ARPWRMSG.EXE
file: C:\WINDOWS\ARPWRMSG.EXE
size: 77312
MD5: 9282601AA39B82197384FD51CB42F279
Located: HK_LM:Run, ATICCC
command: "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
file: C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
size: 90112
MD5: 0DC2E1B6951BD2170BC47F0EEBF629B3
Located: HK_LM:Run, Bits peak locks body
command: C:\Documents and Settings\All Users\Application Data\Noun Love Bits Peak\Pile Blue.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, ehTray
command: C:\WINDOWS\ehome\ehtray.exe
file: C:\WINDOWS\ehome\ehtray.exe
size: 64512
MD5: 9C69E6A25F5500501B14AF43311F8D8B
Located: HK_LM:Run, EPSON Stylus DX5000 Series
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_SAC.tmp" /EF "HKLM"
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
size: 131072
MD5: 618ECD183304F68EF68D1CA4C0CA13BA
Located: HK_LM:Run, EverioService
command: "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
file: C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
size: 151552
MD5: 478FEF5411B5D211698B98886639E1F0
Located: HK_LM:Run, F-Secure Manager
command: "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
file: C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
size: 122929
MD5: 855E795383BED05C481575BD0C1C0D37
Located: HK_LM:Run, F-Secure Startup Wizard
command: "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
file: C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE
size: 372736
MD5: D90838CBC9F7412EE26DCC17617E4D17
Located: HK_LM:Run, F-Secure TNB
command: "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
file: C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe
size: 700416
MD5: 9153905D790DC0ADC7B992D0C948D247
Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: B1388BF29A0522C7CCD08A563383401B
Located: HK_LM:Run, MessagerStarter Wanadoo
command: C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
file: C:\PROGRA~1\MESSAG~1\StartMessager.exe
size: 32768
MD5: D7D09A7BFCA85DBE2AF58CE639F00576
Located: HK_LM:Run, Muscbrigade
command: c:\Musicbrigade\Musicbrigade.exe check
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3E4C03CEFAD8DE135263236B61A49C90
Located: HK_LM:Run, News Service
command: "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
file: C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
size: 356352
MD5: 329F9DE88C88917E08F7F3D75704F23B
Located: HK_LM:Run, PhiBtn
command: %SystemRoot%\System32\drivers\PhiBtn.exe
file: C:\WINDOWS\System32\drivers\PhiBtn.exe
size: 155648
MD5: 45F47D5F14B2C709575819BE362D5C75
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: 383145864F6543C97A7E1B78505D2F1C
Located: HK_LM:Run, RTHDCPL
command: RTHDCPL.EXE
file: C:\WINDOWS\RTHDCPL.EXE
size: 16264192
MD5: 692733BE9E923044CEBC96CF882CCEBE
Located: HK_LM:Run, SkyTel
command: SkyTel.EXE
file: C:\WINDOWS\SkyTel.EXE
size: 2879488
MD5: C74B86642F131D76C0EDE673FDF137B2
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
file: C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
size: 75520
MD5: EDF5D27C6D244740418903626DF5741A
Located: HK_LM:Run, TrayMin900
command: %SystemRoot%\System32\drivers\Tray900.exe
file: C:\WINDOWS\System32\drivers\Tray900.exe
size: 266240
MD5: A17B7AE8042EE61285C79FC08E05618D
Located: HK_LM:Run, WOOTASKBARICON
command: C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
file: C:\PROGRA~1\Wanadoo\GestMaj.exe
size: 32768
MD5: 8D6F2C724CFC608872EDE3CC4A7B49B9
Located: HK_LM:Run, WOOWATCH
command: C:\PROGRA~1\Wanadoo\Watch.exe
file: C:\PROGRA~1\Wanadoo\Watch.exe
size: 20480
MD5: 9A29592CD135F6262C429152F7A8DD4A
Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A
Located: HK_CU:Run, CTFMON.EXE
where: PE_C_ADMINISTRATEUR...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A
Located: HK_CU:Run, CTFMON.EXE
where: PE_C_ANTOINE...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A
Located: HK_CU:Run, WOOKIT
where: PE_C_ANTOINE...
command: C:\Program Files\Wanadoo\GestMaj.exe GestionnaireInternet.exe
file: C:\Program Files\Wanadoo\GestMaj.exe
size: 32768
MD5: 8D6F2C724CFC608872EDE3CC4A7B49B9
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-19...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-3170308123-602024452-957631965-1006...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A
Located: HK_CU:Run, CTSyncU.exe
where: S-1-5-21-3170308123-602024452-957631965-1006...
command: "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
file: C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
size: 868352
MD5: 9B21347A00F9D8E9BB2E2928C45D9995
Located: HK_CU:Run, EPSON Stylus DX5000 Series
where: S-1-5-21-3170308123-602024452-957631965-1006...
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S61.tmp" /EF "HKCU"
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
size: 131072
MD5: 618ECD183304F68EF68D1CA4C0CA13BA
Located: HK_CU:Run, Glue Trans
where: S-1-5-21-3170308123-602024452-957631965-1006...
command: C:\DOCUME~1\JEANYV~1\APPLIC~1\PLATFO~1\Forkeqnoun.exe
file: C:\DOCUME~1\JEANYV~1\APPLIC~1\PLATFO~1\Forkeqnoun.exe
size: 486912
MD5: EE18AD63FAD683FB9960C3AC4A976616
Located: HK_CU:Run, MSMSGS
where: S-1-5-21-3170308123-602024452-957631965-1006...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-3170308123-602024452-957631965-1006...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2097488
MD5: A9A5DB6AC3721BE698B996913693D73F
Located: HK_CU:Run, SweetIM
where: S-1-5-21-3170308123-602024452-957631965-1006...
command: C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
file: C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
size: 73840
MD5: 861F1AA8BA517177BE52630C2764C6AB
Located: HK_CU:Run, WOOKIT
where: S-1-5-21-3170308123-602024452-957631965-1006...
command: C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
file: C:\PROGRA~1\Wanadoo\GestMaj.exe
size: 32768
MD5: 8D6F2C724CFC608872EDE3CC4A7B49B9
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A
Located: Démarrage (tous utilisateurs), Antivirus Firewall.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
file: C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
size: 32807
MD5: A1382724DDF830F247AFB0EDCC661E4C
Located: Démarrage (tous utilisateurs), DSLMON.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
file: C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
size: 954475
MD5: 02386BB5189B2C93F1427D05756E1213
Located: Démarrage (tous utilisateurs), Image Transfer.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
file: C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
size: 73728
MD5: 2D7B847DA5E569ED4E0B15FEEFB8FCC4
Located: Démarrage (tous utilisateurs), Microsoft Office.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5BC65464354A9FD3BEAA28E18839734A
Located: Démarrage (tous utilisateurs), Outil de mise à jour Google.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\Google\Google Updater\GoogleUpdater.exe
file: C:\Program Files\Google\Google Updater\GoogleUpdater.exe
size: 125624
MD5: 785478C1E612CDC7D2117A14C2304EBF
Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Programme d'aide de l'Assistant de connexion Windows Live
Path: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 20/09/2007 11:30:18
Date (last access): 01/05/2008 18:08:38
Date (last write): 20/09/2007 11:30:18
Filesize: 328752
Attributes: archive
MD5: 59CF5BF6684AFCF906CADAD39B4214DE
CRC32: C363813C
Version: 4.200.520.1
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\
Long name: swg.dll
Short name:
Date (created): 14/04/2008 21:48:30
Date (last access): 01/05/2008 18:00:14
Date (last write): 14/04/2008 21:48:30
Filesize: 654320
Attributes: archive
MD5: 72D6804DC43CC0CF4F10E699D7738138
CRC32: ABF4BA3E
Version: 2.1.1119.1736
--- ActiveX list ---
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\swdir.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\macromed\Director\
Long name: swdir.dll
Short name:
Date (created): 20/02/2008 09:25:38
Date (last access): 01/05/2008 18:52:46
Date (last write): 07/01/2008 12:26:46
Filesize: 181672
Attributes: archive
MD5: B9360F674059276D5D3E8420216F8191
CRC32: B7DC4223
Version: 10.3.0.24
{20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class)
DPF name:
CLSID name: Checkers Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: msgrchkr.dll
Short name:
Date (created): 28/02/2007 15:21:04
Date (last access): 01/05/2008 17:53:58
Date (last write): 28/02/2007 15:21:04
Filesize: 131472
Attributes: archive
MD5: 1E5CFDF9AEBDD84305A4C8154277A269
CRC32: 73C871D0
Version: 9.5.7087.1
{2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
DPF name:
CLSID name: Minesweeper Flags Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
description:
classification: Legitimate
known filename: minesweeper.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: minesweeper.dll
Short name: MINESW~1.DLL
Date (created): 29/05/2003 16:00:22
Date (last access): 01/05/2008 17:53:58
Date (last write): 29/05/2003 16:00:22
Filesize: 84064
Attributes: archive
MD5: F951FD0EA383DF2D49CA0359E4A86968
CRC32: 50A69718
Version: 7.1.9502.1
{5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class)
DPF name:
CLSID name: UnoCtrl Class
Installer: C:\WINDOWS\Downloaded Program Files\GAME_UNO1.INF
Codebase: http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
description:
classification: Legitimate
known filename: unomsnger.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: GAME_UNO1.dll
Short name: GAME_U~1.DLL
Date (created): 23/11/2006 00:22:42
Date (last access): 01/05/2008 17:53:58
Date (last write): 28/09/2007 05:41:28
Filesize: 381960
Attributes: archive
MD5: 80F4A456633F78A26A3C6B16E64EFEC5
CRC32: 7DFC41A5
Version: 1.0.1201.1
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/...
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 13/11/2006 09:42:02
Date (last access): 01/05/2008 18:02:06
Date (last write): 30/07/2007 20:19:28
Filesize: 203096
Attributes: archive
MD5: 5C9A003E7C6BA03F04DC2D9C82A7E6E0
CRC32: E29E0153
Version: 7.0.6000.381
{79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class)
DPF name:
CLSID name: EPSON Web Printer-SelfTest Control Class
Installer: C:\WINDOWS\Downloaded Program Files\ESTPTEST.INF
Codebase: https://www.epson.eu/support/
description:
classification: Legitimate
known filename: ESTPTest.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\Epson\EST\ESTPTest\
Long name: ESTPTest.ocx
Short name:
Date (created): 16/05/2007 11:05:50
Date (last access): 01/05/2008 18:52:46
Date (last write): 16/05/2007 11:05:50
Filesize: 65536
Attributes: archive
MD5: 599E28F956112B8CC0305AD98934E232
CRC32: D861BFBE
Version: 1.5.3.0
{7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control)
DPF name:
CLSID name: Windows Live Photo Upload Control
Installer: C:\WINDOWS\Downloaded Program Files\MSNPUpld.inf
Codebase: http://cid-87e6280cf93fc21a.spaces.live.com/PhotoUpload/MsnPUpld.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnPUpld.dll
Short name:
Date (created): 02/08/2007 12:31:32
Date (last access): 01/05/2008 17:53:58
Date (last write): 02/08/2007 12:31:32
Filesize: 360320
Attributes: archive
MD5: C670858E2347EAB5C9507A91A142210F
CRC32: B1C9923E
Version: 10.0.916.0
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_11
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_11\bin\
Long name: NPJPI150_11.dll
Short name: NPJPI1~1.DLL
Date (created): 15/12/2006 04:09:16
Date (last access): 01/05/2008 18:52:46
Date (last write): 15/12/2006 04:23:26
Filesize: 75528
Attributes: archive
MD5: 3B3F6984DBF972DAFF1B7E9C44E2FE75
CRC32: 4BDE2041
Version: 5.0.110.3
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
description:
classification: Legitimate
known filename: messengerstatsclient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: messengerstatsclient.dll
Short name: MESSEN~1.DLL
Date (created): 29/05/2003 16:00:20
Date (last access): 01/05/2008 17:53:58
Date (last write): 29/05/2003 16:00:20
Filesize: 160864
Attributes: archive
MD5: B069B555A00AA026F657AA4FD13AE154
CRC32: 89BB01E1
Version: 7.1.9502.1
{8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner)
DPF name:
CLSID name: F-Secure Online Scanner
Installer:
Codebase: https://www.nordnet.com/securite
description:
classification: Legitimate
known filename: fscax.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: fscax.dll
Short name:
Date (created): 28/12/2004 17:14:50
Date (last access): 01/05/2008 17:53:58
Date (last write): 28/12/2004 17:14:50
Filesize: 652736
Attributes: archive
MD5: F51D887B450E56F2879CB219E19E8045
CRC32: B2435F89
Version: 2.0.10.0
{B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class)
DPF name:
CLSID name: AdSignerLCContrl Class
Installer: C:\WINDOWS\Downloaded Program Files\AdSignerADP.inf
Codebase: https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: AdSignerADP.dll
Short name: ADSIGN~1.DLL
Date (created): 27/03/2007 16:19:32
Date (last access): 01/05/2008 17:53:58
Date (last write): 27/03/2007 16:19:32
Filesize: 408912
Attributes: archive
MD5: 358DF60EB3027F0D3EEF54274BBC37EF
CRC32: 617DBC89
Version: 1.3.5.0
{B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer)
DPF name:
CLSID name: MSN Games - Installer
Installer:
Codebase: http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
description:
classification: Legitimate
known filename: ZIntro.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ZIntro.ocx
Short name:
Date (created): 19/02/2007 12:26:28
Date (last access): 01/05/2008 18:52:46
Date (last write): 19/02/2007 12:26:28
Filesize: 159128
Attributes: archive
MD5: E681AC948003CCA59C6C00D3F5EC3D4B
CRC32: C8723760
Version: 9.5.6649.1
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
description:
classification: Legitimate
known filename: MessengerStatsPAClient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MessengerStatsPAClient.dll
Short name: MESSEN~2.DLL
Date (created): 22/02/2007 23:41:12
Date (last access): 01/05/2008 17:53:58
Date (last write): 22/02/2007 23:41:12
Filesize: 304544
Attributes: archive
MD5: 8945CCA5FC4F25168E8B6F401EFAF51F
CRC32: 0F12FD23
Version: 9.5.6907.1
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_11
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_11.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_11\bin\
Long name: NPJPI150_11.dll
Short name: NPJPI1~1.DLL
Date (created): 15/12/2006 04:09:16
Date (last access): 01/05/2008 18:52:46
Date (last write): 15/12/2006 04:23:26
Filesize: 75528
Attributes: archive
MD5: 3B3F6984DBF972DAFF1B7E9C44E2FE75
CRC32: 4BDE2041
Version: 5.0.110.3
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_11
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_11\bin\
Long name: NPJPI150_11.dll
Short name: NPJPI1~1.DLL
Date (created): 15/12/2006 04:09:16
Date (last access): 01/05/2008 18:52:46
Date (last write): 15/12/2006 04:23:26
Filesize: 75528
Attributes: archive
MD5: 3B3F6984DBF972DAFF1B7E9C44E2FE75
CRC32: 4BDE2041
Version: 5.0.110.3
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9e.ocx
Short name:
Date (created): 21/11/2007 02:04:14
Date (last access): 01/05/2008 18:00:14
Date (last write): 21/11/2007 02:04:14
Filesize: 2987392
Attributes: readonly archive
MD5: D3C50535C26190FEAD7785A03499C0AC
CRC32: A77C3E92
Version: 9.0.115.0
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class)
DPF name:
CLSID name: Minesweeper Flags Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
description:
classification: Legitimate
known filename: MineSweeper.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\
Long name: MineSweeper.dll
Short name: MINESW~1.DLL
Date (created): 28/02/2007 14:21:04
Date (last access): 01/05/2008 18:52:46
Date (last write): 28/02/2007 14:21:04
Filesize: 130472
Attributes: archive
MD5: E661E91B5929632665683222D509D271
CRC32: 63A9B975
Version: 9.5.6986.1
--- Process list ---
PID: 0 ( 0) [System]
PID: 672 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 896 ( 672) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 940 ( 672) \??\C:\WINDOWS\system32\winlogon.exe
size: 506368
PID: 984 ( 940) C:\WINDOWS\system32\services.exe
size: 108544
MD5: 732E0B1ABAACE15D80EC19056B0A2AF9
PID: 996 ( 940) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 9F3744A5C6F49291A7A685040A013399
PID: 1148 ( 984) C:\WINDOWS\system32\Ati2evxx.exe
size: 401408
MD5: 688E49AFEF3A07FCA943250D6A9729AA
PID: 1180 ( 984) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1240 ( 984) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1280 ( 984) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1316 ( 984) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1344 ( 940) C:\WINDOWS\system32\Ati2evxx.exe
size: 401408
MD5: 688E49AFEF3A07FCA943250D6A9729AA
PID: 1576 ( 984) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1608 ( 984) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1808 ( 984) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: B4EF928E4FAD79364A80ACBA6D999934
PID: 344 ( 984) C:\WINDOWS\arservice.exe
size: 58880
MD5: 9F9AA480BAAF48695B920C425FFE5425
PID: 468 ( 984) C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
size: 32807
MD5: A1382724DDF830F247AFB0EDCC661E4C
PID: 484 ( 984) C:\WINDOWS\system32\CTsvcCDA.exe
size: 44032
MD5: 3C8B6609712F4FF78E521F6DCFC4032B
PID: 516 ( 984) C:\WINDOWS\eHome\ehRecvr.exe
size: 237568
MD5: 5D1347AA5AE6E2F77D7F4F8372D95AC9
PID: 540 ( 984) C:\WINDOWS\eHome\ehSched.exe
size: 103424
MD5: 980EEEA91776357518892C5544768E2B
PID: 564 ( 984) C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
size: 36947
MD5: 237A88D8AF60024CB91CB5D7903B3CC9
PID: 572 ( 564) C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
size: 290304
MD5: 8F78E6C547071B95D7D17F6D8B708926
PID: 608 ( 984) C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
size: 278581
MD5: D12006C7A59CD32442344D411A4ECC40
PID: 692 ( 984) C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
size: 61490
MD5: A796880CED6D0849E0D8DFC35821D931
PID: 740 ( 572) C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
size: 248320
MD5: 3B4D0D6DAC74BC6CEBCA11F88EBB6528
PID: 820 ( 984) C:\WINDOWS\System32\FTRTSVC.exe
size: 40960
MD5: D1261099E03EEE90976EA19002995B89
PID: 144 ( 692) C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
size: 180274
MD5: 7DC7D1F5E4F27B13FA3954B848860D36
PID: 1216 ( 984) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
size: 138680
MD5: D213C2B1CE0FAEAB59EC0C55B4493F94
PID: 1512 ( 984) C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 2044 ( 692) C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
size: 65585
MD5: 872F3321742B9F679255BB9A031C4121
PID: 2108 ( 984) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
size: 266343
MD5: B216B03852DF788C7E2AFDF6C6E8A9B0
PID: 2184 ( 984) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 2248 ( 984) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: 9651E5D850B6F6BD7C77C70AA06F02BF
PID: 2364 ( 984) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
size: 20480
MD5: 5A0C788C5BC5F2C993CB60940ADCF95E
PID: 2452 ( 692) C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
size: 32826
MD5: 69118DA5CACB250D06389287DDC1BF45
PID: 2460 ( 692) C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
size: 270387
MD5: F5937DD8CDFA5160D84B22C504B32806
PID: 2476 ( 692) C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
size: 159804
MD5: E32C981D8CB776B68CEEAC49DC7D8273
PID: 2672 ( 984) C:\WINDOWS\ehome\mcrdsvc.exe
size: 99328
MD5: 52404CC76E9D53843BDF97564BB16BED
PID: 3008 ( 692) C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
size: 180224
MD5: D680E8EF997361114DF93BB268CE3C63
PID: 3436 (3408) C:\WINDOWS\Explorer.EXE
size: 1036288
MD5: 4C33E5B9A6197B6ED215F6CFBA0A2DAA
PID: 3548 (3436) C:\WINDOWS\ehome\ehtray.exe
size: 64512
MD5: 9C69E6A25F5500501B14AF43311F8D8B
PID: 3564 (3436) C:\WINDOWS\ARPWRMSG.EXE
size: 77312
MD5: 9282601AA39B82197384FD51CB42F279
PID: 3592 (3436) C:\Program Files\Messager Wanadoo\StartMessager.exe
size: 32768
MD5: D7D09A7BFCA85DBE2AF58CE639F00576
PID: 3636 (3436) C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
size: 122929
MD5: 855E795383BED05C481575BD0C1C0D37
PID: 3676 (3436) C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
size: 356352
MD5: 329F9DE88C88917E08F7F3D75704F23B
PID: 3688 (3436) C:\WINDOWS\System32\drivers\PhiBtn.exe
size: 155648
MD5: 45F47D5F14B2C709575819BE362D5C75
PID: 3700 (3436) C:\WINDOWS\System32\drivers\Tray900.exe
size: 266240
MD5: A17B7AE8042EE61285C79FC08E05618D
PID: 3724 (3608) C:\Program Files\Wanadoo\TaskBarIcon.exe
size: 61440
MD5: F9710A77123CC3FD09D062F2AF33E473
PID: 3752 (3584) C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
size: 45056
MD5: 64C4C17BF6A40FF1CD21205E6FD415B8
PID: 3844 (3436) C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
size: 151552
MD5: 478FEF5411B5D211698B98886639E1F0
PID: 3892 ( 984) C:\WINDOWS\system32\dllhost.exe
size: 5120
MD5: D66259C3BCEFC9CAEB481ED52A4EAC74
PID: 3900 (3436) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A
PID: 3908 (3436) C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
size: 63712
MD5: 831FB892A5A5F28BB69DE0AB77FA7281
PID: 3956 ( 984) C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
size: 204863
MD5: C81474EFD014D51C8A1B17129F8D4DEB
PID: 3964 (3436) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
size: 131072
MD5: 618ECD183304F68EF68D1CA4C0CA13BA
PID: 3996 (3436) C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: 383145864F6543C97A7E1B78505D2F1C
PID: 268 (3436) C:\WINDOWS\RTHDCPL.EXE
size: 16264192
MD5: 692733BE9E923044CEBC96CF882CCEBE
PID: 1948 ( 984) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 2FE681D10C5FC343DBBC0610B8DD4D24
PID: 3252 (3636) C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
size: 86064
MD5: A38CCE2B6C770CC26755D790E0F59F10
PID: 3484 (1180) C:\WINDOWS\eHome\ehmsas.exe
size: 46592
MD5: DAEFB050AC8FEE4F1097FCF7CB97220E
PID: 3536 (3436) C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
size: 75520
MD5: EDF5D27C6D244740418903626DF5741A
PID: 3600 (3436) C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
PID: 3572 (3436) C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
size: 73840
MD5: 861F1AA8BA517177BE52630C2764C6AB
PID: 3812 (3436) C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
size: 868352
MD5: 9B21347A00F9D8E9BB2E2928C45D9995
PID: 1516 (4040) C:\Program Files\Internet Explorer\iexplore.exe
size: 93184
MD5: 833E2B3F0E2484C0F2B804AE871B4381
PID: 1916 (1648) C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
size: 819200
MD5: 5D17C66B5620142A06B7391BE20C0476
PID: 2092 (3636) C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
size: 233537
MD5: 63A3D48CFAFA534B2F48DAB91BD6B618
PID: 2876 (3436) C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
size: 32807
MD5: A1382724DDF830F247AFB0EDCC661E4C
PID: 324 (3436) C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
size: 954475
MD5: 02386BB5189B2C93F1427D05756E1213
PID: 3420 (1916) C:\PROGRA~1\Wanadoo\ComComp.exe
size: 249856
MD5: 5D589D0436C4C2D285B3418E79E78A21
PID: 1340 (3436) C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
size: 73728
MD5: 2D7B847DA5E569ED4E0B15FEEFB8FCC4
PID: 2964 (3436) C:\Program Files\Google\Google Updater\GoogleUpdater.exe
size: 125624
MD5: 785478C1E612CDC7D2117A14C2304EBF
PID: 4136 (1916) C:\PROGRA~1\Wanadoo\Toaster.exe
size: 69632
MD5: C2D1BD2B433571ECEC29924ACE5D7C62
PID: 4168 (1916) C:\PROGRA~1\Wanadoo\Inactivity.exe
size: 32768
MD5: 5F6DBF75D05462EED92B42376E89D9FE
PID: 4212 (1916) C:\PROGRA~1\Wanadoo\PollingModule.exe
size: 69632
MD5: EDF02F58940FD56C12357D150F5397C0
PID: 4228 (1180) C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
size: 45056
MD5: 68E404DB5525373FE0554ED2607F0C82
PID: 4704 (3420) C:\Program Files\Wanadoo\Watch.exe
size: 20480
MD5: 9A29592CD135F6262C429152F7A8DD4A
PID: 4948 (3752) C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
size: 45056
MD5: 64C4C17BF6A40FF1CD21205E6FD415B8
PID: 4956 (3752) C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
size: 45056
MD5: 64C4C17BF6A40FF1CD21205E6FD415B8
PID: 5744 (1280) C:\WINDOWS\system32\wuauclt.exe
size: 53080
MD5: F3E9065EB617A7E3A832A7976BFA021B
PID: 4072 (3536) C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
size: 251648
MD5: 572BCED88BF2A1FBA0C2B10AC172F3DB
PID: 2140 (3436) C:\Program Files\Ahead\nero\Nero StartSmart\NeroStartSmart.exe
size: 4784215
MD5: 1176C9DCCFACFDCBD130FC088E57BD9A
PID: 5876 (5460) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2097488
MD5: A9A5DB6AC3721BE698B996913693D73F
PID: 500 (3436) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 6004 (3420) C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
size: 344064
MD5: 529BE156D65E9330B0932F628D6C92E6
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 01/05/2008 18:58:33
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
https://www.orange.fr/portail
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*https://fr.yahoo.com/?p=us
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: Optenet PC [over MSAFD Tcpip [TCP/IP]]
GUID: {55555555-DF30-11CF-8927-00AA00539F1C}
Filename: C:\Program Files\Controle Parental\bin\lsp.dll
--- Uninstall list ---
(AddressBook)
Adobe Flash Player ActiveX 9.0.115.0 (Adobe Flash Player ActiveX)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
publisher: Adobe Systems Incorporated
help link: https://helpx.adobe.com/flash-player.html
Adobe Shockwave Player 10.3.0.24 (Adobe Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
publisher: Adobe Systems, Inc.
help link: https://helpx.adobe.com/shockwave.html
Adobe® Photoshop® Album Edition Découverte 3.2 3.2.0 (Adobe® Photoshop® Album Edition Découverte 3.2)
install location: C:\Program Files\Adobe\Photoshop Album Edition Découverte\
uninstall cmd: MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
publisher: https://www.adobe.com/fr/
readme: C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\readme.txt
ATI Display Driver 8.282.1-060802a-035868C-ATI (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AudibleManager 2147315712.2147348480.1410432.1310008 (AudibleManager)
uninstall cmd: C:\Documents and Settings\JEAN YVES\Mes documents\armellelecunff\Audible\Bin\Upgrade.exe /Uninstall
publisher: Audible, Inc.
AviSynth 2.5 (AviSynth)
uninstall cmd: "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Microsoft Away Mode 6.0.0160.0 (AwayMode160)
uninstall cmd: "C:\WINDOWS\$NtUninstallAwayMode160$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/902437
AntiVirus Firewall (BackWeb-6588780 Uninstaller)
uninstall cmd: C:\PROGRA~1\ANTIVI~1\Common\fsbwih.exe /uninstall
(Branding)
CCleaner (remove only) (CCleaner)
uninstall cmd: "C:\Program Files\CCleaner\uninst.exe"
(Connection Manager)
(Creative Audio CD Ripper)
uninstall cmd: "C:\Program Files\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe" /remove /l0x040c
Creative Software AutoUpdate (Creative Software AutoUpdate)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c /remove
(Creative Sync Manager (Unicode))
uninstall cmd: "C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /l0x040c
(Creative Video Converter)
uninstall cmd: "C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /l0x040c
(Creative ZEN (DVP-FL0001))
(DirectAnimation)
(DirectDrawEx)
(DXM_Runtime)
EPSON Logiciel imprimante (EPSON Printer and Utilities)
uninstall cmd: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan (EPSON Scanner)
uninstall cmd: C:\Program Files\epson\escndv\setup\setup.exe /r
ESDX5000_CX4900 Guide d’utilisation (ESDX5000_CX4900 Guide d’utilisation)
install location: C:\Program Files\EPSON\TPMANUAL\ESDX5000_CX4900\USE_G
uninstall cmd: C:\Program Files\EPSON\TPMANUAL\ESDX5000_CX4900\USE_G\DOCUNINS.EXE
Wanadoo (EspaceWanadoo.exe)
uninstall cmd: C:\PROGRA~1\Wanadoo\SondageDesinstallation.exe
Express Rip (ExpressRip)
uninstall cmd: C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
publisher: NCH Swift Sound
(F-Secure Anti-Spyware)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
(F-Secure Anti-Spyware Scanner)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
(F-Secure Anti-Virus)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
(F-Secure Anti-Virus Client Security Installer)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
(F-Secure DAAS)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
(F-Secure Diagnostics)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
(F-Secure E-mail Scanning)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
(F-Secure FWES)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
(F-Secure GUI)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
(F-Secure Help)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
(F-Secure Internet Shield)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
(F-Secure Management Agent)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
(F-Secure Spam Control)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
(F-Secure Spam Scanner)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
(F-Secure TNB)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
(Fontcore)
Navigateur Orange (FranceTelecomUninstall_FTBrowser)
install location: C:\PROGRA~1\Wanadoo\WOOBrowser
uninstall cmd: C:\PROGRA~1\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl
Gestionnaire Internet (GestionnaireInternet.exe)
uninstall cmd: C:\PROGRA~1\Wanadoo\uninstall.exe
Golden Records (Golden)
uninstall cmd: C:\Program Files\NCH Swift Sound\Golden\uninst.exe
publisher: NCH Swift Sound
Outil de mise à jour Google 2.2.1111.1511 (Google Updater)
uninstall cmd: "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Je tiens à t'informer que je n'ai plus de fenetres de pub qui apparaissent lorsque je suis sur le net.
Merci beaucoup d'avoir pris du temps pour m'aider.
Aujourd'hui, j'ai installé SPYBOT et fait une analyse et il m'a trouvé trois problèmes. Que dois-je faire ?
Et encore merci
--- Search result list ---
FunWebProducts: [SBI $7D9D33B1] Fichier de configuration (Fichier, nothing done)
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf
Microsoft.Windows.Security.InternetExplorer: [SBI $A3433CBF] Réglages (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-3170308123-602024452-957631965-1006\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe
MediaPlex: Cookie traceur (Internet Explorer: JEAN YVES) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-05-01 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-04-16 Includes\Adware.sbi (*)
2008-04-30 Includes\AdwareC.sbi (*)
2008-04-30 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-04-30 Includes\DialerC.sbi (*)
2008-04-30 Includes\HeavyDuty.sbi (*)
2008-04-30 Includes\Hijackers.sbi (*)
2008-04-30 Includes\HijackersC.sbi (*)
2008-04-30 Includes\Keyloggers.sbi (*)
2008-04-30 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-04-22 Includes\Malware.sbi (*)
2008-04-30 Includes\MalwareC.sbi (*)
2008-03-26 Includes\PUPS.sbi (*)
2008-04-30 Includes\PUPSC.sbi (*)
2008-04-30 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-04-30 Includes\SecurityC.sbi (*)
2008-04-16 Includes\Spybots.sbi (*)
2008-04-30 Includes\SpybotsC.sbi (*)
2008-04-16 Includes\Spyware.sbi (*)
2008-04-30 Includes\SpywareC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-04-30 Includes\Trojans.sbi (*)
2008-04-30 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB887998)
/ .NETFramework / 1.0: Microsoft .NET Framework 1.0 Hotfix (KB930494)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ Media Center 2005 / SP4: Correctif n° 2 pour Windows XP Édition Media Center 2005
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit https://support.microsoft.com/en-us/help/917283/ms06-033-a-vulnerability-in-asp-net-could-allow-information-disclosure
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit https://support.microsoft.com/en-us/help/922770
/ Microsoft .NET Framework 2.0: This Security Update is for Microsoft .NET Framework 2.0. \n
If you later install a more recent service pack, this Security Update will be uninstalled automatically. \n
For more information, visit https://support.microsoft.com/en-us/help/928365/description-of-the-security-update-for-the-net-framework-2-0-for-windo
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 10: Mise à jour pour Lecteur Windows Media 10 (KB913800)
/ Windows Media Player 10: Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)
/ Windows Media Player 10: Mise à jour pour Lecteur Windows Media 10 (KB926251)
/ Windows Media Player 11: Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
/ Windows Media Player 11: Correctif pour Lecteur Windows Media 11 (KB939683)
/ Windows Media Player 6.4: Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0
--- Startup entries list ---
Located: HK_LM:Run, adiras
command: adiras.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Adobe Photo Downloader
command: "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
file: C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
size: 63712
MD5: 831FB892A5A5F28BB69DE0AB77FA7281
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 8B9145D229D4E89D15ACB820D4A3A90F
Located: HK_LM:Run, Alcmtr
command: ALCMTR.EXE
file: C:\WINDOWS\ALCMTR.EXE
size: 69632
MD5: 8B4CBBA1EA526830C7F97E7822E2493A
Located: HK_LM:Run, AlwaysReady Power Message APP
command: ARPWRMSG.EXE
file: C:\WINDOWS\ARPWRMSG.EXE
size: 77312
MD5: 9282601AA39B82197384FD51CB42F279
Located: HK_LM:Run, ATICCC
command: "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
file: C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
size: 90112
MD5: 0DC2E1B6951BD2170BC47F0EEBF629B3
Located: HK_LM:Run, Bits peak locks body
command: C:\Documents and Settings\All Users\Application Data\Noun Love Bits Peak\Pile Blue.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, ehTray
command: C:\WINDOWS\ehome\ehtray.exe
file: C:\WINDOWS\ehome\ehtray.exe
size: 64512
MD5: 9C69E6A25F5500501B14AF43311F8D8B
Located: HK_LM:Run, EPSON Stylus DX5000 Series
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_SAC.tmp" /EF "HKLM"
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
size: 131072
MD5: 618ECD183304F68EF68D1CA4C0CA13BA
Located: HK_LM:Run, EverioService
command: "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
file: C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
size: 151552
MD5: 478FEF5411B5D211698B98886639E1F0
Located: HK_LM:Run, F-Secure Manager
command: "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
file: C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
size: 122929
MD5: 855E795383BED05C481575BD0C1C0D37
Located: HK_LM:Run, F-Secure Startup Wizard
command: "C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE" /reboot
file: C:\Program Files\AntivirusFirewall\FSGUI\FSSW.EXE
size: 372736
MD5: D90838CBC9F7412EE26DCC17617E4D17
Located: HK_LM:Run, F-Secure TNB
command: "C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
file: C:\Program Files\AntivirusFirewall\TNB\TNBUtil.exe
size: 700416
MD5: 9153905D790DC0ADC7B992D0C948D247
Located: HK_LM:Run, KernelFaultCheck
command: %systemroot%\system32\dumprep 0 -k
file: C:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: B1388BF29A0522C7CCD08A563383401B
Located: HK_LM:Run, MessagerStarter Wanadoo
command: C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
file: C:\PROGRA~1\MESSAG~1\StartMessager.exe
size: 32768
MD5: D7D09A7BFCA85DBE2AF58CE639F00576
Located: HK_LM:Run, Muscbrigade
command: c:\Musicbrigade\Musicbrigade.exe check
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
file: C:\WINDOWS\system32\NeroCheck.exe
size: 155648
MD5: 3E4C03CEFAD8DE135263236B61A49C90
Located: HK_LM:Run, News Service
command: "C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe"
file: C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
size: 356352
MD5: 329F9DE88C88917E08F7F3D75704F23B
Located: HK_LM:Run, PhiBtn
command: %SystemRoot%\System32\drivers\PhiBtn.exe
file: C:\WINDOWS\System32\drivers\PhiBtn.exe
size: 155648
MD5: 45F47D5F14B2C709575819BE362D5C75
Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: 383145864F6543C97A7E1B78505D2F1C
Located: HK_LM:Run, RTHDCPL
command: RTHDCPL.EXE
file: C:\WINDOWS\RTHDCPL.EXE
size: 16264192
MD5: 692733BE9E923044CEBC96CF882CCEBE
Located: HK_LM:Run, SkyTel
command: SkyTel.EXE
file: C:\WINDOWS\SkyTel.EXE
size: 2879488
MD5: C74B86642F131D76C0EDE673FDF137B2
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
file: C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
size: 75520
MD5: EDF5D27C6D244740418903626DF5741A
Located: HK_LM:Run, TrayMin900
command: %SystemRoot%\System32\drivers\Tray900.exe
file: C:\WINDOWS\System32\drivers\Tray900.exe
size: 266240
MD5: A17B7AE8042EE61285C79FC08E05618D
Located: HK_LM:Run, WOOTASKBARICON
command: C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
file: C:\PROGRA~1\Wanadoo\GestMaj.exe
size: 32768
MD5: 8D6F2C724CFC608872EDE3CC4A7B49B9
Located: HK_LM:Run, WOOWATCH
command: C:\PROGRA~1\Wanadoo\Watch.exe
file: C:\PROGRA~1\Wanadoo\Watch.exe
size: 20480
MD5: 9A29592CD135F6262C429152F7A8DD4A
Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A
Located: HK_CU:Run, CTFMON.EXE
where: PE_C_ADMINISTRATEUR...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A
Located: HK_CU:Run, CTFMON.EXE
where: PE_C_ANTOINE...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A
Located: HK_CU:Run, WOOKIT
where: PE_C_ANTOINE...
command: C:\Program Files\Wanadoo\GestMaj.exe GestionnaireInternet.exe
file: C:\Program Files\Wanadoo\GestMaj.exe
size: 32768
MD5: 8D6F2C724CFC608872EDE3CC4A7B49B9
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-19...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-3170308123-602024452-957631965-1006...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A
Located: HK_CU:Run, CTSyncU.exe
where: S-1-5-21-3170308123-602024452-957631965-1006...
command: "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
file: C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
size: 868352
MD5: 9B21347A00F9D8E9BB2E2928C45D9995
Located: HK_CU:Run, EPSON Stylus DX5000 Series
where: S-1-5-21-3170308123-602024452-957631965-1006...
command: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S61.tmp" /EF "HKCU"
file: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
size: 131072
MD5: 618ECD183304F68EF68D1CA4C0CA13BA
Located: HK_CU:Run, Glue Trans
where: S-1-5-21-3170308123-602024452-957631965-1006...
command: C:\DOCUME~1\JEANYV~1\APPLIC~1\PLATFO~1\Forkeqnoun.exe
file: C:\DOCUME~1\JEANYV~1\APPLIC~1\PLATFO~1\Forkeqnoun.exe
size: 486912
MD5: EE18AD63FAD683FB9960C3AC4A976616
Located: HK_CU:Run, MSMSGS
where: S-1-5-21-3170308123-602024452-957631965-1006...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-3170308123-602024452-957631965-1006...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2097488
MD5: A9A5DB6AC3721BE698B996913693D73F
Located: HK_CU:Run, SweetIM
where: S-1-5-21-3170308123-602024452-957631965-1006...
command: C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
file: C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
size: 73840
MD5: 861F1AA8BA517177BE52630C2764C6AB
Located: HK_CU:Run, WOOKIT
where: S-1-5-21-3170308123-602024452-957631965-1006...
command: C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe
file: C:\PROGRA~1\Wanadoo\GestMaj.exe
size: 32768
MD5: 8D6F2C724CFC608872EDE3CC4A7B49B9
Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A
Located: Démarrage (tous utilisateurs), Antivirus Firewall.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
file: C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
size: 32807
MD5: A1382724DDF830F247AFB0EDCC661E4C
Located: Démarrage (tous utilisateurs), DSLMON.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
file: C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
size: 954475
MD5: 02386BB5189B2C93F1427D05756E1213
Located: Démarrage (tous utilisateurs), Image Transfer.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
file: C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
size: 73728
MD5: 2D7B847DA5E569ED4E0B15FEEFB8FCC4
Located: Démarrage (tous utilisateurs), Microsoft Office.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5BC65464354A9FD3BEAA28E18839734A
Located: Démarrage (tous utilisateurs), Outil de mise à jour Google.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\Google\Google Updater\GoogleUpdater.exe
file: C:\Program Files\Google\Google Updater\GoogleUpdater.exe
size: 125624
MD5: 785478C1E612CDC7D2117A14C2304EBF
Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
--- Browser helper object list ---
{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Programme d'aide de l'Assistant de connexion Windows Live
Path: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 20/09/2007 11:30:18
Date (last access): 01/05/2008 18:08:38
Date (last write): 20/09/2007 11:30:18
Filesize: 328752
Attributes: archive
MD5: 59CF5BF6684AFCF906CADAD39B4214DE
CRC32: C363813C
Version: 4.200.520.1
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\
Long name: swg.dll
Short name:
Date (created): 14/04/2008 21:48:30
Date (last access): 01/05/2008 18:00:14
Date (last write): 14/04/2008 21:48:30
Filesize: 654320
Attributes: archive
MD5: 72D6804DC43CC0CF4F10E699D7738138
CRC32: ABF4BA3E
Version: 2.1.1119.1736
--- ActiveX list ---
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\swdir.inf
Codebase: http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\macromed\Director\
Long name: swdir.dll
Short name:
Date (created): 20/02/2008 09:25:38
Date (last access): 01/05/2008 18:52:46
Date (last write): 07/01/2008 12:26:46
Filesize: 181672
Attributes: archive
MD5: B9360F674059276D5D3E8420216F8191
CRC32: B7DC4223
Version: 10.3.0.24
{20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class)
DPF name:
CLSID name: Checkers Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: msgrchkr.dll
Short name:
Date (created): 28/02/2007 15:21:04
Date (last access): 01/05/2008 17:53:58
Date (last write): 28/02/2007 15:21:04
Filesize: 131472
Attributes: archive
MD5: 1E5CFDF9AEBDD84305A4C8154277A269
CRC32: 73C871D0
Version: 9.5.7087.1
{2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class)
DPF name:
CLSID name: Minesweeper Flags Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
description:
classification: Legitimate
known filename: minesweeper.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: minesweeper.dll
Short name: MINESW~1.DLL
Date (created): 29/05/2003 16:00:22
Date (last access): 01/05/2008 17:53:58
Date (last write): 29/05/2003 16:00:22
Filesize: 84064
Attributes: archive
MD5: F951FD0EA383DF2D49CA0359E4A86968
CRC32: 50A69718
Version: 7.1.9502.1
{5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class)
DPF name:
CLSID name: UnoCtrl Class
Installer: C:\WINDOWS\Downloaded Program Files\GAME_UNO1.INF
Codebase: http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
description:
classification: Legitimate
known filename: unomsnger.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: GAME_UNO1.dll
Short name: GAME_U~1.DLL
Date (created): 23/11/2006 00:22:42
Date (last access): 01/05/2008 17:53:58
Date (last write): 28/09/2007 05:41:28
Filesize: 381960
Attributes: archive
MD5: 80F4A456633F78A26A3C6B16E64EFEC5
CRC32: 7DFC41A5
Version: 1.0.1201.1
{6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
DPF name:
CLSID name: WUWebControl Class
Installer: C:\WINDOWS\Downloaded Program Files\wuweb.inf
Codebase: http://update.microsoft.com/...
description:
classification: Legitimate
known filename: wuweb.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\
Long name: wuweb.dll
Short name:
Date (created): 13/11/2006 09:42:02
Date (last access): 01/05/2008 18:02:06
Date (last write): 30/07/2007 20:19:28
Filesize: 203096
Attributes: archive
MD5: 5C9A003E7C6BA03F04DC2D9C82A7E6E0
CRC32: E29E0153
Version: 7.0.6000.381
{79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class)
DPF name:
CLSID name: EPSON Web Printer-SelfTest Control Class
Installer: C:\WINDOWS\Downloaded Program Files\ESTPTEST.INF
Codebase: https://www.epson.eu/support/
description:
classification: Legitimate
known filename: ESTPTest.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\Epson\EST\ESTPTest\
Long name: ESTPTest.ocx
Short name:
Date (created): 16/05/2007 11:05:50
Date (last access): 01/05/2008 18:52:46
Date (last write): 16/05/2007 11:05:50
Filesize: 65536
Attributes: archive
MD5: 599E28F956112B8CC0305AD98934E232
CRC32: D861BFBE
Version: 1.5.3.0
{7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control)
DPF name:
CLSID name: Windows Live Photo Upload Control
Installer: C:\WINDOWS\Downloaded Program Files\MSNPUpld.inf
Codebase: http://cid-87e6280cf93fc21a.spaces.live.com/PhotoUpload/MsnPUpld.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MsnPUpld.dll
Short name:
Date (created): 02/08/2007 12:31:32
Date (last access): 01/05/2008 17:53:58
Date (last write): 02/08/2007 12:31:32
Filesize: 360320
Attributes: archive
MD5: C670858E2347EAB5C9507A91A142210F
CRC32: B1C9923E
Version: 10.0.916.0
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_11
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.5.0_11\bin\
Long name: NPJPI150_11.dll
Short name: NPJPI1~1.DLL
Date (created): 15/12/2006 04:09:16
Date (last access): 01/05/2008 18:52:46
Date (last write): 15/12/2006 04:23:26
Filesize: 75528
Attributes: archive
MD5: 3B3F6984DBF972DAFF1B7E9C44E2FE75
CRC32: 4BDE2041
Version: 5.0.110.3
{8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
description:
classification: Legitimate
known filename: messengerstatsclient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: messengerstatsclient.dll
Short name: MESSEN~1.DLL
Date (created): 29/05/2003 16:00:20
Date (last access): 01/05/2008 17:53:58
Date (last write): 29/05/2003 16:00:20
Filesize: 160864
Attributes: archive
MD5: B069B555A00AA026F657AA4FD13AE154
CRC32: 89BB01E1
Version: 7.1.9502.1
{8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner)
DPF name:
CLSID name: F-Secure Online Scanner
Installer:
Codebase: https://www.nordnet.com/securite
description:
classification: Legitimate
known filename: fscax.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: fscax.dll
Short name:
Date (created): 28/12/2004 17:14:50
Date (last access): 01/05/2008 17:53:58
Date (last write): 28/12/2004 17:14:50
Filesize: 652736
Attributes: archive
MD5: F51D887B450E56F2879CB219E19E8045
CRC32: B2435F89
Version: 2.0.10.0
{B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class)
DPF name:
CLSID name: AdSignerLCContrl Class
Installer: C:\WINDOWS\Downloaded Program Files\AdSignerADP.inf
Codebase: https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.0.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: AdSignerADP.dll
Short name: ADSIGN~1.DLL
Date (created): 27/03/2007 16:19:32
Date (last access): 01/05/2008 17:53:58
Date (last write): 27/03/2007 16:19:32
Filesize: 408912
Attributes: archive
MD5: 358DF60EB3027F0D3EEF54274BBC37EF
CRC32: 617DBC89
Version: 1.3.5.0
{B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer)
DPF name:
CLSID name: MSN Games - Installer
Installer:
Codebase: http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
description:
classification: Legitimate
known filename: ZIntro.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ZIntro.ocx
Short name:
Date (created): 19/02/2007 12:26:28
Date (last access): 01/05/2008 18:52:46
Date (last write): 19/02/2007 12:26:28
Filesize: 159128
Attributes: archive
MD5: E681AC948003CCA59C6C00D3F5EC3D4B
CRC32: C8723760
Version: 9.5.6649.1
{C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
description:
classification: Legitimate
known filename: MessengerStatsPAClient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MessengerStatsPAClient.dll
Short name: MESSEN~2.DLL
Date (created): 22/02/2007 23:41:12
Date (last access): 01/05/2008 17:53:58
Date (last write): 22/02/2007 23:41:12
Filesize: 304544
Attributes: archive
MD5: 8945CCA5FC4F25168E8B6F401EFAF51F
CRC32: 0F12FD23
Version: 9.5.6907.1
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_11
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_11.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_11\bin\
Long name: NPJPI150_11.dll
Short name: NPJPI1~1.DLL
Date (created): 15/12/2006 04:09:16
Date (last access): 01/05/2008 18:52:46
Date (last write): 15/12/2006 04:23:26
Filesize: 75528
Attributes: archive
MD5: 3B3F6984DBF972DAFF1B7E9C44E2FE75
CRC32: 4BDE2041
Version: 5.0.110.3
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
DPF name: Java Runtime Environment 1.5.0
CLSID name: Java Plug-in 1.5.0_11
Installer:
Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.5.0_11\bin\
Long name: NPJPI150_11.dll
Short name: NPJPI1~1.DLL
Date (created): 15/12/2006 04:09:16
Date (last access): 01/05/2008 18:52:46
Date (last write): 15/12/2006 04:23:26
Filesize: 75528
Attributes: archive
MD5: 3B3F6984DBF972DAFF1B7E9C44E2FE75
CRC32: 4BDE2041
Version: 5.0.110.3
{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9e.ocx
Short name:
Date (created): 21/11/2007 02:04:14
Date (last access): 01/05/2008 18:00:14
Date (last write): 21/11/2007 02:04:14
Filesize: 2987392
Attributes: readonly archive
MD5: D3C50535C26190FEAD7785A03499C0AC
CRC32: A77C3E92
Version: 9.0.115.0
{F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class)
DPF name:
CLSID name: Minesweeper Flags Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
description:
classification: Legitimate
known filename: MineSweeper.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.1\
Long name: MineSweeper.dll
Short name: MINESW~1.DLL
Date (created): 28/02/2007 14:21:04
Date (last access): 01/05/2008 18:52:46
Date (last write): 28/02/2007 14:21:04
Filesize: 130472
Attributes: archive
MD5: E661E91B5929632665683222D509D271
CRC32: 63A9B975
Version: 9.5.6986.1
--- Process list ---
PID: 0 ( 0) [System]
PID: 672 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 896 ( 672) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 940 ( 672) \??\C:\WINDOWS\system32\winlogon.exe
size: 506368
PID: 984 ( 940) C:\WINDOWS\system32\services.exe
size: 108544
MD5: 732E0B1ABAACE15D80EC19056B0A2AF9
PID: 996 ( 940) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 9F3744A5C6F49291A7A685040A013399
PID: 1148 ( 984) C:\WINDOWS\system32\Ati2evxx.exe
size: 401408
MD5: 688E49AFEF3A07FCA943250D6A9729AA
PID: 1180 ( 984) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1240 ( 984) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1280 ( 984) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1316 ( 984) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1344 ( 940) C:\WINDOWS\system32\Ati2evxx.exe
size: 401408
MD5: 688E49AFEF3A07FCA943250D6A9729AA
PID: 1576 ( 984) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1608 ( 984) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 1808 ( 984) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: B4EF928E4FAD79364A80ACBA6D999934
PID: 344 ( 984) C:\WINDOWS\arservice.exe
size: 58880
MD5: 9F9AA480BAAF48695B920C425FFE5425
PID: 468 ( 984) C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
size: 32807
MD5: A1382724DDF830F247AFB0EDCC661E4C
PID: 484 ( 984) C:\WINDOWS\system32\CTsvcCDA.exe
size: 44032
MD5: 3C8B6609712F4FF78E521F6DCFC4032B
PID: 516 ( 984) C:\WINDOWS\eHome\ehRecvr.exe
size: 237568
MD5: 5D1347AA5AE6E2F77D7F4F8372D95AC9
PID: 540 ( 984) C:\WINDOWS\eHome\ehSched.exe
size: 103424
MD5: 980EEEA91776357518892C5544768E2B
PID: 564 ( 984) C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
size: 36947
MD5: 237A88D8AF60024CB91CB5D7903B3CC9
PID: 572 ( 564) C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
size: 290304
MD5: 8F78E6C547071B95D7D17F6D8B708926
PID: 608 ( 984) C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
size: 278581
MD5: D12006C7A59CD32442344D411A4ECC40
PID: 692 ( 984) C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
size: 61490
MD5: A796880CED6D0849E0D8DFC35821D931
PID: 740 ( 572) C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
size: 248320
MD5: 3B4D0D6DAC74BC6CEBCA11F88EBB6528
PID: 820 ( 984) C:\WINDOWS\System32\FTRTSVC.exe
size: 40960
MD5: D1261099E03EEE90976EA19002995B89
PID: 144 ( 692) C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
size: 180274
MD5: 7DC7D1F5E4F27B13FA3954B848860D36
PID: 1216 ( 984) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
size: 138680
MD5: D213C2B1CE0FAEAB59EC0C55B4493F94
PID: 1512 ( 984) C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
size: 322120
MD5: 11F714F85530A2BD134074DC30E99FCA
PID: 2044 ( 692) C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
size: 65585
MD5: 872F3321742B9F679255BB9A031C4121
PID: 2108 ( 984) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
size: 266343
MD5: B216B03852DF788C7E2AFDF6C6E8A9B0
PID: 2184 ( 984) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 1BD6C2F707A275CB7C16FD99FE0F31CA
PID: 2248 ( 984) C:\WINDOWS\system32\wdfmgr.exe
size: 38912
MD5: 9651E5D850B6F6BD7C77C70AA06F02BF
PID: 2364 ( 984) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
size: 20480
MD5: 5A0C788C5BC5F2C993CB60940ADCF95E
PID: 2452 ( 692) C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
size: 32826
MD5: 69118DA5CACB250D06389287DDC1BF45
PID: 2460 ( 692) C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
size: 270387
MD5: F5937DD8CDFA5160D84B22C504B32806
PID: 2476 ( 692) C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
size: 159804
MD5: E32C981D8CB776B68CEEAC49DC7D8273
PID: 2672 ( 984) C:\WINDOWS\ehome\mcrdsvc.exe
size: 99328
MD5: 52404CC76E9D53843BDF97564BB16BED
PID: 3008 ( 692) C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
size: 180224
MD5: D680E8EF997361114DF93BB268CE3C63
PID: 3436 (3408) C:\WINDOWS\Explorer.EXE
size: 1036288
MD5: 4C33E5B9A6197B6ED215F6CFBA0A2DAA
PID: 3548 (3436) C:\WINDOWS\ehome\ehtray.exe
size: 64512
MD5: 9C69E6A25F5500501B14AF43311F8D8B
PID: 3564 (3436) C:\WINDOWS\ARPWRMSG.EXE
size: 77312
MD5: 9282601AA39B82197384FD51CB42F279
PID: 3592 (3436) C:\Program Files\Messager Wanadoo\StartMessager.exe
size: 32768
MD5: D7D09A7BFCA85DBE2AF58CE639F00576
PID: 3636 (3436) C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
size: 122929
MD5: 855E795383BED05C481575BD0C1C0D37
PID: 3676 (3436) C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
size: 356352
MD5: 329F9DE88C88917E08F7F3D75704F23B
PID: 3688 (3436) C:\WINDOWS\System32\drivers\PhiBtn.exe
size: 155648
MD5: 45F47D5F14B2C709575819BE362D5C75
PID: 3700 (3436) C:\WINDOWS\System32\drivers\Tray900.exe
size: 266240
MD5: A17B7AE8042EE61285C79FC08E05618D
PID: 3724 (3608) C:\Program Files\Wanadoo\TaskBarIcon.exe
size: 61440
MD5: F9710A77123CC3FD09D062F2AF33E473
PID: 3752 (3584) C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
size: 45056
MD5: 64C4C17BF6A40FF1CD21205E6FD415B8
PID: 3844 (3436) C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
size: 151552
MD5: 478FEF5411B5D211698B98886639E1F0
PID: 3892 ( 984) C:\WINDOWS\system32\dllhost.exe
size: 5120
MD5: D66259C3BCEFC9CAEB481ED52A4EAC74
PID: 3900 (3436) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5584247B568C2E53934873F4B655FE6A
PID: 3908 (3436) C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
size: 63712
MD5: 831FB892A5A5F28BB69DE0AB77FA7281
PID: 3956 ( 984) C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
size: 204863
MD5: C81474EFD014D51C8A1B17129F8D4DEB
PID: 3964 (3436) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
size: 131072
MD5: 618ECD183304F68EF68D1CA4C0CA13BA
PID: 3996 (3436) C:\Program Files\QuickTime\qttask.exe
size: 282624
MD5: 383145864F6543C97A7E1B78505D2F1C
PID: 268 (3436) C:\WINDOWS\RTHDCPL.EXE
size: 16264192
MD5: 692733BE9E923044CEBC96CF882CCEBE
PID: 1948 ( 984) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: 2FE681D10C5FC343DBBC0610B8DD4D24
PID: 3252 (3636) C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
size: 86064
MD5: A38CCE2B6C770CC26755D790E0F59F10
PID: 3484 (1180) C:\WINDOWS\eHome\ehmsas.exe
size: 46592
MD5: DAEFB050AC8FEE4F1097FCF7CB97220E
PID: 3536 (3436) C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
size: 75520
MD5: EDF5D27C6D244740418903626DF5741A
PID: 3600 (3436) C:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259
PID: 3572 (3436) C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
size: 73840
MD5: 861F1AA8BA517177BE52630C2764C6AB
PID: 3812 (3436) C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
size: 868352
MD5: 9B21347A00F9D8E9BB2E2928C45D9995
PID: 1516 (4040) C:\Program Files\Internet Explorer\iexplore.exe
size: 93184
MD5: 833E2B3F0E2484C0F2B804AE871B4381
PID: 1916 (1648) C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
size: 819200
MD5: 5D17C66B5620142A06B7391BE20C0476
PID: 2092 (3636) C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
size: 233537
MD5: 63A3D48CFAFA534B2F48DAB91BD6B618
PID: 2876 (3436) C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
size: 32807
MD5: A1382724DDF830F247AFB0EDCC661E4C
PID: 324 (3436) C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
size: 954475
MD5: 02386BB5189B2C93F1427D05756E1213
PID: 3420 (1916) C:\PROGRA~1\Wanadoo\ComComp.exe
size: 249856
MD5: 5D589D0436C4C2D285B3418E79E78A21
PID: 1340 (3436) C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
size: 73728
MD5: 2D7B847DA5E569ED4E0B15FEEFB8FCC4
PID: 2964 (3436) C:\Program Files\Google\Google Updater\GoogleUpdater.exe
size: 125624
MD5: 785478C1E612CDC7D2117A14C2304EBF
PID: 4136 (1916) C:\PROGRA~1\Wanadoo\Toaster.exe
size: 69632
MD5: C2D1BD2B433571ECEC29924ACE5D7C62
PID: 4168 (1916) C:\PROGRA~1\Wanadoo\Inactivity.exe
size: 32768
MD5: 5F6DBF75D05462EED92B42376E89D9FE
PID: 4212 (1916) C:\PROGRA~1\Wanadoo\PollingModule.exe
size: 69632
MD5: EDF02F58940FD56C12357D150F5397C0
PID: 4228 (1180) C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
size: 45056
MD5: 68E404DB5525373FE0554ED2607F0C82
PID: 4704 (3420) C:\Program Files\Wanadoo\Watch.exe
size: 20480
MD5: 9A29592CD135F6262C429152F7A8DD4A
PID: 4948 (3752) C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
size: 45056
MD5: 64C4C17BF6A40FF1CD21205E6FD415B8
PID: 4956 (3752) C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
size: 45056
MD5: 64C4C17BF6A40FF1CD21205E6FD415B8
PID: 5744 (1280) C:\WINDOWS\system32\wuauclt.exe
size: 53080
MD5: F3E9065EB617A7E3A832A7976BFA021B
PID: 4072 (3536) C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
size: 251648
MD5: 572BCED88BF2A1FBA0C2B10AC172F3DB
PID: 2140 (3436) C:\Program Files\Ahead\nero\Nero StartSmart\NeroStartSmart.exe
size: 4784215
MD5: 1176C9DCCFACFDCBD130FC088E57BD9A
PID: 5876 (5460) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2097488
MD5: A9A5DB6AC3721BE698B996913693D73F
PID: 500 (3436) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5146448
MD5: 2ECA8CDEED7C82F879E766DA92A3561A
PID: 6004 (3420) C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
size: 344064
MD5: 529BE156D65E9330B0932F628D6C92E6
PID: 4 ( 0) System
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 01/05/2008 18:58:33
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
https://www.orange.fr/portail
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\SearchAssistant
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://red.clientapps.yahoo.com/customize/fuji/defaults/su/*https://fr.yahoo.com/?p=us
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: Optenet PC [over MSAFD Tcpip [TCP/IP]]
GUID: {55555555-DF30-11CF-8927-00AA00539F1C}
Filename: C:\Program Files\Controle Parental\bin\lsp.dll
--- Uninstall list ---
(AddressBook)
Adobe Flash Player ActiveX 9.0.115.0 (Adobe Flash Player ActiveX)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
publisher: Adobe Systems Incorporated
help link: https://helpx.adobe.com/flash-player.html
Adobe Shockwave Player 10.3.0.24 (Adobe Shockwave Player)
uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
publisher: Adobe Systems, Inc.
help link: https://helpx.adobe.com/shockwave.html
Adobe® Photoshop® Album Edition Découverte 3.2 3.2.0 (Adobe® Photoshop® Album Edition Découverte 3.2)
install location: C:\Program Files\Adobe\Photoshop Album Edition Découverte\
uninstall cmd: MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
publisher: https://www.adobe.com/fr/
readme: C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\readme.txt
ATI Display Driver 8.282.1-060802a-035868C-ATI (ATI Display Driver)
uninstall cmd: rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AudibleManager 2147315712.2147348480.1410432.1310008 (AudibleManager)
uninstall cmd: C:\Documents and Settings\JEAN YVES\Mes documents\armellelecunff\Audible\Bin\Upgrade.exe /Uninstall
publisher: Audible, Inc.
AviSynth 2.5 (AviSynth)
uninstall cmd: "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Microsoft Away Mode 6.0.0160.0 (AwayMode160)
uninstall cmd: "C:\WINDOWS\$NtUninstallAwayMode160$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: https://support.microsoft.com/en-us/help/902437
AntiVirus Firewall (BackWeb-6588780 Uninstaller)
uninstall cmd: C:\PROGRA~1\ANTIVI~1\Common\fsbwih.exe /uninstall
(Branding)
CCleaner (remove only) (CCleaner)
uninstall cmd: "C:\Program Files\CCleaner\uninst.exe"
(Connection Manager)
(Creative Audio CD Ripper)
uninstall cmd: "C:\Program Files\Creative Installation Information\CD_RIPPER_UNICODE_2\Setup.exe" /remove /l0x040c
Creative Software AutoUpdate (Creative Software AutoUpdate)
uninstall cmd: RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x40c /remove
(Creative Sync Manager (Unicode))
uninstall cmd: "C:\Program Files\Creative Installation Information\CREATIVE_SYNC_MANAGER_U\Setup.exe" /remove /l0x040c
(Creative Video Converter)
uninstall cmd: "C:\Program Files\Creative Installation Information\CREATIVE_VIDEO_CONVERTER\Setup.exe" /remove /l0x040c
(Creative ZEN (DVP-FL0001))
(DirectAnimation)
(DirectDrawEx)
(DXM_Runtime)
EPSON Logiciel imprimante (EPSON Printer and Utilities)
uninstall cmd: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan (EPSON Scanner)
uninstall cmd: C:\Program Files\epson\escndv\setup\setup.exe /r
ESDX5000_CX4900 Guide d’utilisation (ESDX5000_CX4900 Guide d’utilisation)
install location: C:\Program Files\EPSON\TPMANUAL\ESDX5000_CX4900\USE_G
uninstall cmd: C:\Program Files\EPSON\TPMANUAL\ESDX5000_CX4900\USE_G\DOCUNINS.EXE
Wanadoo (EspaceWanadoo.exe)
uninstall cmd: C:\PROGRA~1\Wanadoo\SondageDesinstallation.exe
Express Rip (ExpressRip)
uninstall cmd: C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
publisher: NCH Swift Sound
(F-Secure Anti-Spyware)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
(F-Secure Anti-Spyware Scanner)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
(F-Secure Anti-Virus)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
(F-Secure Anti-Virus Client Security Installer)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
(F-Secure DAAS)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
(F-Secure Diagnostics)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
(F-Secure E-mail Scanning)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
(F-Secure FWES)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
(F-Secure GUI)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
(F-Secure Help)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
(F-Secure Internet Shield)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
(F-Secure Management Agent)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
(F-Secure Spam Control)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
(F-Secure Spam Scanner)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
(F-Secure TNB)
uninstall cmd: "C:\Program Files\AntivirusFirewall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
(Fontcore)
Navigateur Orange (FranceTelecomUninstall_FTBrowser)
install location: C:\PROGRA~1\Wanadoo\WOOBrowser
uninstall cmd: C:\PROGRA~1\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl
Gestionnaire Internet (GestionnaireInternet.exe)
uninstall cmd: C:\PROGRA~1\Wanadoo\uninstall.exe
Golden Records (Golden)
uninstall cmd: C:\Program Files\NCH Swift Sound\Golden\uninst.exe
publisher: NCH Swift Sound
Outil de mise à jour Google 2.2.1111.1511 (Google Updater)
uninstall cmd: "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
dou-l
Messages postés
2860
Date d'inscription
vendredi 29 février 2008
Statut
Membre
Dernière intervention
29 décembre 2012
61
1 mai 2008 à 20:36
1 mai 2008 à 20:36
salut,
télécharge smitfraudfix: smitfraudfix
# Double clique sur l'icone de smitfraud pui choisis l'option 1 et poste le rapport.
Tient moi au courant a+.
télécharge smitfraudfix: smitfraudfix
# Double clique sur l'icone de smitfraud pui choisis l'option 1 et poste le rapport.
Tient moi au courant a+.
mel64
Messages postés
12
Date d'inscription
mercredi 30 avril 2008
Statut
Membre
Dernière intervention
4 mai 2008
1 mai 2008 à 20:54
1 mai 2008 à 20:54
SmitFraudFix v2.319
Rapport fait à 20:51:53,65, 01/05/2008
Executé à partir de C:\Documents and Settings\JEAN YVES\Mes documents\melou.gounif\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\System32\drivers\Tray900.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\JEAN YVES
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\JEAN YVES\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JEANYV~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://poesie.webnet.fr/poemes/France/sand/2.html#"
"SubscribedURL"="http://poesie.webnet.fr/poemes/France/sand/2.html#"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 81.253.149.1
DNS Server Search Order: 80.10.246.3
HKLM\SYSTEM\CCS\Services\Tcpip\..\{89970AF4-B2EF-48C3-A344-EB35EF136E5B}: NameServer=81.253.149.1 80.10.246.3
HKLM\SYSTEM\CS3\Services\Tcpip\..\{89970AF4-B2EF-48C3-A344-EB35EF136E5B}: NameServer=81.253.149.1 80.10.246.3
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Rapport fait à 20:51:53,65, 01/05/2008
Executé à partir de C:\Documents and Settings\JEAN YVES\Mes documents\melou.gounif\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\ANTIVI~1\backweb\6588780\Program\SERVIC~1.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\program\fsbwsys.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Controle Parental\bin\optproxy.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsrw.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\FSGUI\ispnews.exe
C:\WINDOWS\System32\drivers\PhiBtn.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\System32\drivers\Tray900.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\ANTIVI~1\ANTI-S~1\fsaw.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AntivirusFirewall\backweb\6588780\Program\fspex.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\JEAN YVES
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\JEAN YVES\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JEANYV~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://poesie.webnet.fr/poemes/France/sand/2.html#"
"SubscribedURL"="http://poesie.webnet.fr/poemes/France/sand/2.html#"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 81.253.149.1
DNS Server Search Order: 80.10.246.3
HKLM\SYSTEM\CCS\Services\Tcpip\..\{89970AF4-B2EF-48C3-A344-EB35EF136E5B}: NameServer=81.253.149.1 80.10.246.3
HKLM\SYSTEM\CS3\Services\Tcpip\..\{89970AF4-B2EF-48C3-A344-EB35EF136E5B}: NameServer=81.253.149.1 80.10.246.3
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
dou-l
Messages postés
2860
Date d'inscription
vendredi 29 février 2008
Statut
Membre
Dernière intervention
29 décembre 2012
61
3 mai 2008 à 13:19
3 mai 2008 à 13:19
ok ou en sont tes soucis ?? vire les virus de spybot !
mel64
Messages postés
12
Date d'inscription
mercredi 30 avril 2008
Statut
Membre
Dernière intervention
4 mai 2008
4 mai 2008 à 21:18
4 mai 2008 à 21:18
Bonsoir
J'ai corrigé les problèmes que SPYBOT m'avait trouvé.
J'ai ensuite fait une analyse complète par mon anti-virus f-sécur qui m'a détecté deux virus que j'ai mis en quarantaine.
Maintenant, tout est ok.
Je te remercie beaucoup pour ton aide.
Peut être à une prochaine fois pour de nouvelles questions car je ne suis pas experte en informatique
a+
J'ai corrigé les problèmes que SPYBOT m'avait trouvé.
J'ai ensuite fait une analyse complète par mon anti-virus f-sécur qui m'a détecté deux virus que j'ai mis en quarantaine.
Maintenant, tout est ok.
Je te remercie beaucoup pour ton aide.
Peut être à une prochaine fois pour de nouvelles questions car je ne suis pas experte en informatique
a+
30 avril 2008 à 15:11
Dès que je vais sur internet depuis deux jours, j'ai des fenetres de publicités qui s'affichent sans arrêt.
Mon fils est allé sur le net pour mettre des thèmes sur sa psp et depuis la pub envahie les pages du net
Search Navipromo version 3.5.5 commencé le 30/04/2008 à 14:07:37,37
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "JEAN YVES"
Mise à jour le 29.04.2008 à 20h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180
Système de fichiers : NTFS
Executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\WINDOWS" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "c:\docume~1\alluse~1\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\JEAN YVES\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Antoine\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\JEAN YVES\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Antoine\locals~1\applic~1" ***
*** Recherche dossiers dans "C:\Documents and Settings\JEAN YVES\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***
*** Recherche dossiers dans "C:\DOCUME~1\Antoine\menudm~1\progra~1" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
Aucun Fichier trouvé
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\WINDOWS\system32" *
* Recherche dans "C:\Documents and Settings\JEAN YVES\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *
* Recherche dans "C:\DOCUME~1\Antoine\locals~1\applic~1" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\WINDOWS\system32" :
* Dans "C:\Documents and Settings\JEAN YVES\locals~1\applic~1" :
* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :
* Dans "C:\DOCUME~1\Antoine\locals~1\applic~1" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 30/04/2008 à 14:26:26,56 ***