Virus

DELPH -  
ep44 Messages postés 7432 Statut Contributeur -
Bonjour,

Depuis qques jours j ai un virus sur mon PC. J ai tout essayé pour l erradier mais rien n y fait (spybot, ad aware, avg anti spyware).
A chaque fois que je rallume mon PC j ai une fenetre AVG anti spyware qui s ouvre il me demande quelle action je veux faire je le nettoie mais ca revient a chaque fois.
J ai egalement une toolbar MIRAR qui apparait et que je ne peux pas supprimer. J ai visité tous les forums a ce sujet egalement mais je n arrive pas a la supprimer.

De plus spybot apparait maintenant en anglais et je ne peux pas changer le language, je n arrive pas a le desinstaller de mon PC je pense que tous ces pbs sont liés.

J espere vraiment que qqun pourra me depanner je ne sais plus quoi faire !!!

Merci d avance pour votre aide
Delph
A voir également:

20 réponses

Réponse 1 / 20
ep44 Messages postés 7432 Statut Contributeur 3
 
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec

------
= Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
-------

= Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
= Appuie sur Y pour commencer le processus de nettoyage.
= Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
= Appuie sur une touche pour redémarrer le PC.
= Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
= Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
= Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
= Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
= Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse

Si SDFix ne se lance pas
Clique sur Démarrer > Exécuter
Copie/colle ceci :
%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe


Clique sur Ok.
Redémarre et essaie de relancer SDFix.
@+
1
Réponse 2 / 20
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonsoir

Connais tu ce programme
C:\Program Files\TELUS_eCare_Lite
1
Réponse 3 / 20
ep44 Messages postés 7432 Statut Contributeur 3
 
Je te propose une chose,
Télécharge Antivir, installe et lance le en mode sans échec pour faire un scan une fois fini tu le supprime et poste son rapport.

Pour télécharger Antivir => http://www.swl1f.net/viewtopic.php?f=14&t=59
Ensuite télécharge les mise à jours que tu installera manuellement aussi en mode sans échec ==> http://dl.antivir.de/down/vdf/ivdf_fusebundle_nt_en.zip
pour instaler les mises à jours tu feras Update > Manual Update > tu iras chercher les mises à jours à l'emplacement de ton téléchargement et tu clique ensuite sur ouvrir, la mise à jour s'effectuera.
Ensuite assure toi que la recherche de rootkit soit activé, dans ce cas fait :
Configuration > Coche expert mode > Scan et coche la case "search for rootkit before scan"
Une fois fait lance le scan en cliquant sur "scan systèm now"

@+
1
Réponse 4 / 20
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonsoir

ok donc si tu as toujours des soucis on pousse la recherche.

Télécharge DiagHelp.zip sur ton bureau http://www.malekal.com/download/DiagHelp.zip
==> Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
==> Un nouveau dossier chercher va être créé DiagHelp
==> Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
==> Une fenêtre va s'ouvrir, choisis l'option 1
==> L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
==> Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
==> Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
==> A nouveau menu Edition / copier
==> Dans un nouveau message ici, faire un clic droit / coller
@+
1

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 20
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonsoir

Encore une trace
Télécharge ToolBar-S&D ( Merci à Eric_71, Angeldark, Sham_Rock et XmichouX )
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Double-clique sur ToolBar-SD afin de lancer l'installation, un raccourci sera ajouté sur le Bureau.
* Double-clique dessus pour démarrer l'outil; choisis la langue.
* Sous Vista, faire un clic droit et "Exécuter en tant qu'administrateur" (Elévation des privilèges), puis -> Continuer.
* Tape 2 puis sur la touche [Entrée] afin de lancer la suppression.
* Patiente jusqu'à la fin de la recherche.
* À la fin du scan, le rapport s'ouvrira dans le Bloc-notes.
* Poste ce rapport, par copier/coller, dans ta prochaine réponse.
* Le rapport se trouve également sous : C:\TB.txt

** Aide en images
https://sites.google.com/site/toolbarsd/aideenimages
1
Réponse 6 / 20
DELPH
 
Le virus est le suivant
NOT-A-VIRUS.MONITOR.WIN32.AKL.25

Merci
delph
0
Réponse 7 / 20
DELPH
 
Bonjour ep44

voici mon rapport hijackthis

merci d avance pour ton aide

Lil KlashLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:09, on 2008-09-04
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Microsoft Encarta\Microsoft Encarta 2007 - Collection DVD\EDICT.EXE
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UltimateEnhancer - {42F64121-5B8C-E553-E3E3-31CB9B3ABD9D} - C:\Program Files\UltimateEnhancer\UltimateEnhancer-2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Mirar - {FD14EE73-F67E-45C0-9F01-731B8011B7DC} - C:\WINDOWS\system32\winje75.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Mirar - {FD14EE72-F67E-45C0-9F01-731B8011B7DC} - C:\WINDOWS\system32\winje75.dll
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [TELUS_eCare_Lite_McciTrayApp] C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [E07FXLRD_2844015] "C:\Program Files\Microsoft Encarta\Microsoft Encarta 2007 - Collection DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?2ae13c51b367427787a90b3686334697
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?2ae13c51b367427787a90b3686334697
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: printers - {9789F2EF-1908-45D5-933B-510E8780A88E} - libwinets.dll (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
0
Réponse 8 / 20
DELPH
 
voici le rapport sdfix


[b]SDFix: Version 1.221 [/b]
Run by Mon Laptop on 2008-09-05 at 00:30

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\Program Files\FBrowsingAdvisor\unins000.exe - Deleted
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll - Deleted
C:\Program Files\PlayMP3z\uninstall.exe - Deleted



Folder C:\Program Files\FBrowsingAdvisor - Removed
Folder C:\Program Files\PlayMP3z - Removed


Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-05 00:37:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:cb,62,ea,39,85,01,03,0a,5e,a7,a8,33,64,02,53,8f,6c,6f,c5,91,f2,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e1,e2,2e,52,0e,df,1a,58,41,db,86,6d,ff,d0,74,12,67,..
"khjeh"=hex:b4,1c,c7,aa,86,9f,8b,e0,a5,bd,5f,16,c9,2a,d0,76,eb,2a,5a,e5,9d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:dc,f1,81,e4,09,33,04,82,94,5b,1d,aa,ab,36,59,36,65,19,12,51,21,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:cb,62,ea,39,85,01,03,0a,5e,a7,a8,33,64,02,53,8f,6c,6f,c5,91,f2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e1,e2,2e,52,0e,df,1a,58,41,db,86,6d,ff,d0,74,12,67,..
"khjeh"=hex:b4,1c,c7,aa,86,9f,8b,e0,a5,bd,5f,16,c9,2a,d0,76,eb,2a,5a,e5,9d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:dc,f1,81,e4,09,33,04,82,94,5b,1d,aa,ab,36,59,36,65,19,12,51,21,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:cb,62,ea,39,85,01,03,0a,5e,a7,a8,33,64,02,53,8f,6c,6f,c5,91,f2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e1,e2,2e,52,0e,df,1a,58,41,db,86,6d,ff,d0,74,12,67,..
"khjeh"=hex:b4,1c,c7,aa,86,9f,8b,e0,a5,bd,5f,16,c9,2a,d0,76,eb,2a,5a,e5,9d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:dc,f1,81,e4,09,33,04,82,94,5b,1d,aa,ab,36,59,36,65,19,12,51,21,..

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\system32\wbem\Performance\WmiApRpl_new.h 357 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Universalis\\atlas3D 12\\bmmatlas\\Atlas_App.exe"="C:\\Program Files\\Universalis\\atlas3D 12\\bmmatlas\\Atlas_App.exe:*:Enabled:Atlas_App"
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe:*:Enabled:MediaManager Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Program Files\TeaTimer (Spybot - Search & Destroy)\TeaTimer.exe"
Fri 20 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 31 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT16.tmp"
Thu 31 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT17.tmp"
Fri 2 May 2008 3,493,888 A..H. --- "C:\Documents and Settings\Mon Laptop\Application Data\U3\temp\Launchpad Removal.exe"
Thu 29 May 2003 65,088 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM"
Thu 29 May 2003 12,732 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM"
Thu 29 May 2003 26,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM"
Thu 29 May 2003 28,062 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM"
Thu 29 May 2003 10,710 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM"
Thu 29 May 2003 10,083 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM"
Thu 29 May 2003 10,257 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM"
Thu 29 May 2003 29,499 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM"
Thu 29 May 2003 12,660 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM"
Thu 29 May 2003 11,031 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM"
Thu 29 May 2003 17,952 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM"
Thu 29 May 2003 9,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM"
Thu 29 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM"
Thu 29 May 2003 13,673 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM"
Thu 29 May 2003 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM"
Thu 29 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM"
Thu 29 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM"
Thu 29 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM"
Thu 29 May 2003 7,243 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM"
Thu 29 May 2003 24,767 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM"
Thu 29 May 2003 7,463 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM"
Thu 29 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM"
Thu 29 May 2003 10,286 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM"
Thu 29 May 2003 25,460 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM"
Thu 29 May 2003 28,866 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM"
Thu 29 May 2003 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM"
Thu 29 May 2003 8,544 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys"
Thu 29 May 2003 33,149 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys"
Thu 29 May 2003 51,150 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI1394.SYS"
Thu 29 May 2003 35,340 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI2DOS.SYS"
Thu 29 May 2003 14,378 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI4DOS.SYS"
Thu 29 May 2003 37,984 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8DOS.SYS"
Thu 29 May 2003 44,828 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8U2.SYS"
Thu 29 May 2003 29,628 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPICD.SYS"
Thu 29 May 2003 52,106 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIEHCI.SYS"
Thu 29 May 2003 49,250 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIOHCI.SYS"
Thu 29 May 2003 50,600 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIUHCI.SYS"
Thu 29 May 2003 161,792 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BOOTSRV.SYS"
Thu 29 May 2003 174,080 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\bootsrv16.sys"
Thu 29 May 2003 21,971 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTCDROM.SYS"
Thu 29 May 2003 30,955 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTDOSM.SYS"
Thu 29 May 2003 202,517 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE"
Thu 29 May 2003 374,038 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE"
Thu 29 May 2003 22,158 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\COUNTRY.SYS"
Thu 29 May 2003 1,608 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DEVICE.COM"
Thu 29 May 2003 15,345 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DISPLAY.SYS"
Thu 29 May 2003 7,840 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DLSHELP.SYS"
Thu 29 May 2003 56,821 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE"
Thu 29 May 2003 64,425 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\FLASHPT.SYS"
Thu 29 May 2003 32,396 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE"
Thu 29 May 2003 14,160 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\HIMEM.SYS"
Thu 29 May 2003 10,898 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYB.COM"
Thu 29 May 2003 53,556 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYBOARD.SYS"
Thu 29 May 2003 15,777 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MODE.COM"
Thu 29 May 2003 37,681 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MOUSE.COM"
Thu 29 May 2003 354,304 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\msbootsrv16.sys"
Thu 29 May 2003 21,180 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE"
Thu 29 May 2003 354,263 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe"
Thu 29 May 2003 8,513 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\NETBIND.COM"
Thu 29 May 2003 41,302 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OAKCDROM.SYS"
Thu 29 May 2003 129,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE"
Thu 29 May 2003 28,439 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Paralink.com"
Thu 29 May 2003 13,770 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE"
Thu 29 May 2003 130,980 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE"
Thu 29 May 2003 11,854 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM"
Thu 29 May 2003 52,715 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM"
Thu 29 May 2003 62,391 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM"
Thu 29 May 2003 11,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com"
Thu 29 May 2003 17,791 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com"
Thu 29 May 2003 17,043 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com"
Thu 29 May 2003 11,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com"
Thu 29 May 2003 18,300 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com"
Thu 29 May 2003 48,224 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com"
Thu 29 May 2003 13,360 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com"
Thu 29 May 2003 9,190 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com"
Thu 29 May 2003 12,567 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com"
Thu 29 May 2003 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM"
Thu 29 May 2003 56,896 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com"
Thu 29 May 2003 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com"
Thu 29 May 2003 9,692 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com"
Thu 29 May 2003 9,537 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM"
Thu 29 May 2003 32,484 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com"
Thu 29 May 2003 52,225 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe"
Thu 29 May 2003 48,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe"
Thu 29 May 2003 50,405 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com"
Thu 29 May 2003 33,860 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe"
Thu 29 May 2003 50,175 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe"
Thu 29 May 2003 50,795 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe"
Thu 29 May 2003 48,223 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com"
Thu 29 May 2003 48,641 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe"
Thu 29 May 2003 49,015 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com"
Thu 29 May 2003 53,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\command.com"
Thu 29 May 2003 44,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM"
Thu 29 May 2003 42,550 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM"

[b]Finished![/b]
0
Réponse 9 / 20
delph
 
salut
concernant malwarebytes, le site est indisponible depuis 2 jours, j espere que je pourrai y acceder bientot...
0
Réponse 10 / 20
DELPH
 
j ai trouvé le lien ci dessous rapport malwarebytes

Malwarebytes' Anti-Malware 1.27
Version de la base de données: 1128
Windows 5.1.2600 Service Pack 3

2008-09-08 23:43:56
mbam-log-2008-09-08 (23-43-56).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 150547
Temps écoulé: 8 hour(s), 47 minute(s), 41 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd14ee73-f67e-45c0-9f01-731b8011b7dc} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fd14ee73-f67e-45c0-9f01-731b8011b7dc} (Adware.BHO) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26EEDAD2-04D7-4C6E-8284-D9C71FFCDC9E}\RP159\A0038202.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26EEDAD2-04D7-4C6E-8284-D9C71FFCDC9E}\RP165\A0043470.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{26EEDAD2-04D7-4C6E-8284-D9C71FFCDC9E}\RP165\A0043480.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winje75.dll (Adware.BHO) -> Quarantined and deleted successfully.
0
Réponse 11 / 20
DELPH
 
rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:14:12, on 2008-09-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Microsoft Encarta\Microsoft Encarta 2007 - Collection DVD\EDICT.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UltimateEnhancer - {42F64121-5B8C-E553-E3E3-31CB9B3ABD9D} - C:\Program Files\UltimateEnhancer\UltimateEnhancer-2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FD14EE73-F67E-45C0-9F01-731B8011B7DC} - (no file)
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {FD14EE72-F67E-45C0-9F01-731B8011B7DC} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [TELUS_eCare_Lite_McciTrayApp] C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [E07FXLRD_2844015] "C:\Program Files\Microsoft Encarta\Microsoft Encarta 2007 - Collection DVD\EDICT.EXE" -m
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?2ae13c51b367427787a90b3686334697
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?2ae13c51b367427787a90b3686334697
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
0
Réponse 12 / 20
delph
 
oui, Telus etait mon fournisseur d acces internet quand je suis partie au canada l annee
par contre avg anti spyware me detecte toujours not-a-virus.monitor.win32.akl.25 emplacement C windows system 32 tdispvol.dll
0
Réponse 13 / 20
delph
 
Avira AntiVir Personal
Report file date: 11 septembre 2008 10:59

Scanning for 1608241 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Save mode
Username: Mon Laptop
Computer name: MON-5FBFE707E9F

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 12:36:36
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:53:28
ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 15:53:44
ANTIVIR3.VDF : 7.0.6.143 314880 Bytes 10/09/2008 21:51:42
Engineversion : 8.1.1.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 02/04/2008 12:36:34
AESCRIPT.DLL : 8.1.0.70 319866 Bytes 03/09/2008 14:22:34
AESCN.DLL : 8.1.0.23 119156 Bytes 15/07/2008 13:58:46
AERDL.DLL : 8.1.1.1 397683 Bytes 03/09/2008 14:22:34
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 13:58:46
AEOFFICE.DLL : 8.1.0.23 196987 Bytes 03/09/2008 14:22:34
AEHEUR.DLL : 8.1.0.51 1397111 Bytes 03/09/2008 14:22:34
AEHELP.DLL : 8.1.0.15 115063 Bytes 29/05/2008 12:08:42
AEGEN.DLL : 8.1.0.36 315764 Bytes 18/08/2008 16:05:36
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 12:02:16
AECORE.DLL : 8.1.1.11 172406 Bytes 03/09/2008 14:22:32
AEBB.DLL : 8.1.0.1 53617 Bytes 18/07/2008 09:20:50
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 10/09/2008 23:22:19
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, E:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 11 septembre 2008 10:59

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
14 processes with 14 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '73' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'E:\' <pas touche !!>


End of the scan: 11 septembre 2008 14:14
Used time: 3:14:45 Hour(s)

The scan has been done completely.

7353 Scanning directories
263129 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
263127 Files not concerned
1240 Archives were scanned
2 Warnings
0 Notes

J ai malheureusement tjrs le même pb...
0
Réponse 14 / 20
DELPH
 
ci dessous mon rapport

DiagHelp version v1.4 - http://www.malekal.com
excute le 2008-09-15 à 14:52:33,89


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->2008-09-15 14:52:32
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->2008-09-15 14:52:26
C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->2008-09-15 14:52:07
C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->2008-09-15 14:51:53
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->2008-09-15 14:39:38
C:\WINDOWS\prefetch\WMIADAP.EXE-2DF425B2.pf -->2008-09-15 14:39:37
C:\WINDOWS\prefetch\MSNTBUP.EXE-0D913FB9.pf -->2008-09-15 14:39:00
C:\WINDOWS\prefetch\ACRORD32.EXE-13285B88.pf -->2008-09-15 14:38:22
C:\WINDOWS\prefetch\AVGW.EXE-2A7BF89D.pf -->2008-09-15 14:36:29
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->2008-09-15 14:36:24

C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->2008-09-08 00:11:08
C:\WINDOWS\System32\drivers\mbam.sys -->2008-09-08 00:11:02
C:\WINDOWS\System32\drivers\avgclean.sys -->2008-07-28 14:54:58
C:\WINDOWS\System32\drivers\avgmfx86.sys -->2008-07-28 14:54:53
C:\WINDOWS\System32\drivers\tcpip.sys -->2008-06-20 13:51:12
C:\WINDOWS\System32\drivers\afd.sys -->2008-06-20 13:40:08
C:\WINDOWS\System32\drivers\tcpip6.sys -->2008-06-20 13:08:27

C:\WINDOWS\System32\PerfStringBackup.INI -->2008-09-15 14:39:49
C:\WINDOWS\System32\perfh00C.dat -->2008-09-15 14:39:49
C:\WINDOWS\System32\perfh009.dat -->2008-09-15 14:39:49
C:\WINDOWS\System32\perfc00C.dat -->2008-09-15 14:39:49
C:\WINDOWS\System32\perfc009.dat -->2008-09-15 14:39:49
C:\WINDOWS\System32\wpa.dbl -->2008-09-15 14:36:13
C:\WINDOWS\System32\FNTCACHE.DAT -->2008-09-09 09:59:25
C:\WINDOWS\System32\spupdwxp.log -->2008-09-04 14:05:53
C:\WINDOWS\System32\qtplugin.log -->2008-09-01 14:37:29
C:\WINDOWS\System32\TZLog.log -->2008-08-30 03:05:35
C:\WINDOWS\System32\MRT.exe -->2008-08-26 22:28:12
C:\WINDOWS\System32\blue.SITENAME -->2008-08-19 19:52:48
C:\WINDOWS\System32\MSDELog.log -->2008-08-19 17:44:28
C:\WINDOWS\System32\d3d9caps.dat -->2008-08-05 16:03:59
C:\WINDOWS\System32\ciadvss.exe -->2008-07-28 15:24:33
C:\WINDOWS\System32\ciadvs.exe -->2008-07-28 15:24:33
C:\WINDOWS\System32\es.dll -->2008-07-07 22:28:20
C:\WINDOWS\System32\mscms.dll -->2008-06-24 18:44:02
C:\WINDOWS\System32\wmpeffects.dll -->2008-06-24 18:12:58
C:\WINDOWS\System32\mshtml.dll -->2008-06-24 10:28:24
C:\WINDOWS\System32\wininet.dll -->2008-06-23 18:28:23
C:\WINDOWS\System32\webcheck.dll -->2008-06-23 18:28:23
C:\WINDOWS\System32\urlmon.dll -->2008-06-23 18:28:23
C:\WINDOWS\System32\url.dll -->2008-06-23 18:28:22
C:\WINDOWS\System32\pngfilt.dll -->2008-06-23 18:28:22

C:\WINDOWS\WindowsUpdate.log -->2008-09-15 14:39:26
C:\WINDOWS\0.log -->2008-09-15 14:35:44
C:\WINDOWS\wiadebug.log -->2008-09-15 14:35:27
C:\WINDOWS\wiaservc.log -->2008-09-15 14:35:25
C:\WINDOWS\bootstat.dat -->2008-09-15 14:35:00
C:\WINDOWS\SchedLgU.Txt -->2008-09-14 01:23:53
C:\WINDOWS\wmsetup.log -->2008-09-13 20:53:11
C:\WINDOWS\phedit.ini -->2008-09-12 18:35:10
C:\WINDOWS\ntbtlog.txt -->2008-09-11 10:48:43
C:\WINDOWS\tsoc.log -->2008-09-10 10:08:20
C:\WINDOWS\tabletoc.log -->2008-09-10 10:08:20
C:\WINDOWS\ocmsn.log -->2008-09-10 10:08:20
C:\WINDOWS\ocgen.log -->2008-09-10 10:08:20
C:\WINDOWS\ntdtcsetup.log -->2008-09-10 10:08:20
C:\WINDOWS\netfxocm.log -->2008-09-10 10:08:20

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 684
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll

0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll
0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL
0x44160000 0x127000 7.00.6000.16705 C:\WINDOWS\system32\urlmon.dll
0x44360000 0x5cd000 7.00.6000.16705 C:\WINDOWS\system32\ieframe.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x7d200000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll
0x442b0000 0x3c000 7.00.6000.16705 C:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x10000000 0xd000 1.00.0008.0000 C:\WINDOWS\system32\TPwrCfg.DLL
0x02750000 0x15000 1.00.0004.0000 C:\WINDOWS\system32\TPwrReg.dll
0x02770000 0xe000 1.00.0003.0000 C:\WINDOWS\system32\TPSTrace.DLL
0x02810000 0xc000 C:\WINDOWS\system32\TDispVol.dll
0x01720000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x00f10000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x00f70000 0x14000 2.02.0006.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL
0x02b30000 0x56000 7.10.3052.0004 C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCP71.dll
0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
0x01570000 0x2e000 C:\Program Files\WinRAR\rarext.dll
0x016a0000 0x35000 1.00.0000.0000 C:\Program Files\Web Photo Album\webalbumcontext.dll
0x01770000 0x18000 1.00.0001.0000 C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll
0x621a0000 0x10000 7.05.0000.0409 C:\Program Files\Grisoft\AVG7\avgse.dll
0x02b90000 0x2a000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
0x01ec0000 0xe000 7.00.0005.0172 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
0x03780000 0xfd000 1.00.0000.0001 C:\Program Files\UltimateEnhancer\UltimateEnhancer-2.dll
0x61b40000 0x28000 7.00.2632.17573 C:\Program Files\UltimateEnhancer\pcre3.dll
0x4eb80000 0x1a6000 5.01.3102.5581 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll
0x03b90000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x6d7c0000 0x79000 6.00.0020.0006 C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 1104
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x01270000 0x3b000 1.07.0018.0007 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll


Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est E8F2-C1B0

Répertoire de C:\WINDOWS\system

2003-05-29 00:53 4 672 WOWPOST.EXE
1 fichier(s) 4 672 octets
0 Rép(s) 6 974 566 400 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est E8F2-C1B0

Répertoire de C:\WINDOWS\system32

2008-04-14 04:33 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 6 974 566 400 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est E8F2-C1B0

Répertoire de C:\WINDOWS\Downloaded Program Files

2008-08-19 16:58 <REP> .
2008-08-19 16:58 <REP> ..
2007-07-20 17:54 65 desktop.ini
2007-08-06 18:10 68 992 PURfr-fr.dll
2 fichier(s) 69 057 octets

Total des fichiers listés :
2 fichier(s) 69 057 octets
2 Rép(s) 6 974 566 400 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Universalis\\atlas3D 12\\bmmatlas\\Atlas_App.exe"="C:\\Program Files\\Universalis\\atlas3D 12\\bmmatlas\\Atlas_App.exe:*:Enabled:Atlas_App"
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe:*:Enabled:MediaManager Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"="C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"



exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-15 14:54:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:cb,62,ea,39,85,01,03,0a,5e,a7,a8,33,64,02,53,8f,6c,6f,c5,91,f2,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e1,e2,2e,52,0e,df,1a,58,41,db,86,6d,ff,d0,74,12,67,..
"khjeh"=hex:b4,1c,c7,aa,86,9f,8b,e0,a5,bd,5f,16,c9,2a,d0,76,eb,2a,5a,e5,9d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:dc,f1,81,e4,09,33,04,82,94,5b,1d,aa,ab,36,59,36,65,19,12,51,21,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:cb,62,ea,39,85,01,03,0a,5e,a7,a8,33,64,02,53,8f,6c,6f,c5,91,f2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e1,e2,2e,52,0e,df,1a,58,41,db,86,6d,ff,d0,74,12,67,..
"khjeh"=hex:b4,1c,c7,aa,86,9f,8b,e0,a5,bd,5f,16,c9,2a,d0,76,eb,2a,5a,e5,9d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:dc,f1,81,e4,09,33,04,82,94,5b,1d,aa,ab,36,59,36,65,19,12,51,21,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:cb,62,ea,39,85,01,03,0a,5e,a7,a8,33,64,02,53,8f,6c,6f,c5,91,f2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e1,e2,2e,52,0e,df,1a,58,41,db,86,6d,ff,d0,74,12,67,..
"khjeh"=hex:b4,1c,c7,aa,86,9f,8b,e0,a5,bd,5f,16,c9,2a,d0,76,eb,2a,5a,e5,9d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:dc,f1,81,e4,09,33,04,82,94,5b,1d,aa,ab,36,59,36,65,19,12,51,21,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
228 - CEC_MAIN.exe
520 - alg.exe
684 - explorer.exe
784 - guard.exe
800 - avgamsvr.exe
824 - avgemc.exe
832 - cmd.exe
860 - hkcmd.exe
880 - traybar.exe
888 - igfxtray.exe
924 - igfxpers.exe
1040 - RTHDCPL.exe
1052 - TCtrlIOHook.exe
1076 - TFncKy.exe
1080 - csrss.exe
1084 - TDispVol.exe
1104 - winlogon.exe
1148 - services.exe
1160 - lsass.exe
1164 - TPSMain.exe
1228 - CeEKey.exe
1328 - svchost.exe
1348 - PDVDServ.exe
1356 - avgcc.exe
1396 - svchost.exe
1436 - svchost.exe
1476 - svchost.exe
1528 - svchost.exe
1544 - GhostStartTrayA
1552 - eCareTrayApp.ex
1588 - qttask.exe
1604 - ctfmon.exe
1612 - ltmoh.exe
1624 - svchost.exe
1660 - daemon.exe
1668 - msnmsgr.exe
1688 - CTSyncU.exe
1740 - EDICT.EXE
1768 - TPSBattM.exe
1936 - spoolsv.exe
2020 - GoogleUpdater.e
2132 - GoogleUpdaterSe
2356 - MDM.EXE
2380 - sqlservr.exe
2580 - svchost.exe
2928 - CALMAIN.exe
3240 - PMSHost.exe
3264 - firefox.exe

Total number of processes = 49
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntoskrnl.exe
806FF000 - \WINDOWS\system32\hal.dll
F7A4C000 - \WINDOWS\system32\KDCOM.DLL
F795C000 - \WINDOWS\system32\BOOTVID.dll
F7443000 - sptd.sys
F7A4E000 - \WINDOWS\System32\Drivers\WMILIB.SYS
F742B000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
F73FC000 - ACPI.sys
F73EB000 - pci.sys
F754C000 - ohci1394.sys
F755C000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS
F756C000 - isapnp.sys
F7960000 - compbatt.sys
F7964000 - \WINDOWS\system32\DRIVERS\BATTC.SYS
F7B14000 - pciide.sys
F77CC000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F73CD000 - pcmcia.sys
F757C000 - MountMgr.sys
F73AE000 - ftdisk.sys
F7A50000 - dmload.sys
F7388000 - dmio.sys
F7968000 - ACPIEC.sys
F7B15000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
F77D4000 - PartMgr.sys
F758C000 - VolSnap.sys
F7370000 - atapi.sys
F759C000 - disk.sys
F75AC000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F7350000 - fltmgr.sys
F733E000 - sr.sys
F7327000 - KSecDD.sys
F7314000 - WudfPf.sys
F75BC000 - Defrag32b.sys
F7287000 - Ntfs.sys
F725A000 - NDIS.sys
F7240000 - Mup.sys
F778C000 - \SystemRoot\system32\DRIVERS\intelppm.sys
F6F23000 - \SystemRoot\system32\DRIVERS\ialmnt5.sys
F6F0F000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F6EE7000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys
F6CCD000 - \SystemRoot\system32\DRIVERS\NETw4x32.sys
F6CB6000 - \SystemRoot\system32\DRIVERS\Rtenicxp.sys
F78EC000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
F6C92000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F78F4000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F77AC000 - \SystemRoot\system32\DRIVERS\nic1394.sys
F6C46000 - \SystemRoot\system32\drivers\tifm21.sys
F6C32000 - \SystemRoot\system32\DRIVERS\sdbus.sys
F71E8000 - \SystemRoot\system32\DRIVERS\CmBatt.sys
F77BC000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F78FC000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F7904000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F75CC000 - \SystemRoot\system32\DRIVERS\imapi.sys
F790C000 - \SystemRoot\system32\drivers\ASAPIW2k.sys
F75DC000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F75EC000 - \SystemRoot\system32\DRIVERS\redbook.sys
F6C0F000 - \SystemRoot\system32\DRIVERS\ks.sys
F6BA9000 - \SystemRoot\System32\Drivers\alsoqfgk.SYS
F7B73000 - \SystemRoot\system32\DRIVERS\audstub.sys
F75FC000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F7081000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F6B92000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F760C000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F761C000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F780C000 - \SystemRoot\system32\DRIVERS\TDI.SYS
F6B81000 - \SystemRoot\system32\DRIVERS\psched.sys
F762C000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F781C000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F7824000 - \SystemRoot\system32\DRIVERS\raspti.sys
F6B51000 - \SystemRoot\system32\DRIVERS\rdpdr.sys
F763C000 - \SystemRoot\system32\DRIVERS\termdd.sys
F7AA0000 - \SystemRoot\system32\DRIVERS\swenum.sys
F6AF3000 - \SystemRoot\system32\DRIVERS\update.sys
F7A34000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F6AC5000 - \SystemRoot\system32\DRIVERS\MarvinBus.sys
F764C000 - \SystemRoot\System32\Drivers\NDProxy.SYS
AAAC1000 - \SystemRoot\system32\drivers\RtkHDAud.sys
AAA9D000 - \SystemRoot\system32\drivers\portcls.sys
F766C000 - \SystemRoot\system32\drivers\drmk.sys
AA981000 - \SystemRoot\system32\DRIVERS\AGRSM.sys
F7AA8000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F7834000 - \SystemRoot\System32\Drivers\Modem.SYS
F769C000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F7AB8000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7C0A000 - \SystemRoot\System32\Drivers\Null.SYS
F7ABA000 - \SystemRoot\System32\Drivers\Beep.SYS
F7C0B000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys
F7C0C000 - \SystemRoot\System32\Drivers\avgclean.sys
F7854000 - \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
F785C000 - \SystemRoot\System32\drivers\vga.sys
F7ABC000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7ABE000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F7864000 - \SystemRoot\System32\Drivers\Msfs.SYS
F786C000 - \SystemRoot\System32\Drivers\Npfs.SYS
F6A32000 - \SystemRoot\system32\DRIVERS\rasacd.sys
A9C91000 - \SystemRoot\system32\DRIVERS\ipsec.sys
A9C38000 - \SystemRoot\system32\DRIVERS\tcpip.sys
A9BE8000 - \SystemRoot\system32\DRIVERS\netbt.sys
A9BC2000 - \SystemRoot\system32\DRIVERS\ipnat.sys
A9BA0000 - \SystemRoot\System32\drivers\afd.sys
F76CC000 - \SystemRoot\system32\DRIVERS\netbios.sys
F76DC000 - \SystemRoot\system32\DRIVERS\wanarp.sys
AA96D000 - \??\C:\WINDOWS\system32\drivers\TPwSav.sys
A9B75000 - \SystemRoot\system32\DRIVERS\rdbss.sys
AA95D000 - \??\C:\WINDOWS\system32\drivers\pclepci.sys
A99BE000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
F76EC000 - \SystemRoot\system32\DRIVERS\arp1394.sys
F76FC000 - \SystemRoot\System32\Drivers\Fips.SYS
A9855000 - \SystemRoot\System32\Drivers\avg7core.sys
F787C000 - \SystemRoot\system32\DRIVERS\usbccgp.sys
F772C000 - \SystemRoot\System32\Drivers\UVCFTR_S.SYS
A9370000 - \SystemRoot\System32\Drivers\usbvideo.sys
F7AD2000 - \SystemRoot\System32\Drivers\avg7rsw.sys
F788C000 - \SystemRoot\System32\Drivers\avg7rsxp.sys
F775C000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F7C39000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
A8528000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7A9E000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
A9C2C000 - \SystemRoot\System32\drivers\Dxapi.sys
A8558000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F7C5A000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9E4000 - \SystemRoot\System32\ialmdnt5.dll
BF9D5000 - \SystemRoot\System32\ialmrnt5.dll
BFA06000 - \SystemRoot\System32\ialmdev5.DLL
BFA3F000 - \SystemRoot\System32\ialmdd5.DLL
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
A84AC000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
A821B000 - \SystemRoot\system32\drivers\wdmaud.sys
A8388000 - \SystemRoot\system32\drivers\sysaudio.sys
A7BFE000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
A7D03000 - \SystemRoot\System32\Drivers\Aspi32.SYS
F7A58000 - \SystemRoot\System32\Drivers\avgtdi.sys
A7D7B000 - \SystemRoot\System32\Drivers\Defrag32.SYS
A7A05000 - \SystemRoot\System32\Drivers\HTTP.sys
A7963000 - \SystemRoot\system32\DRIVERS\srv.sys
A6093000 - \SystemRoot\system32\drivers\kmixer.sys
F7C34000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 139

Liste des programmes installes

Adobe Reader 7.0.5 - Français
ALPS Touch Pad Driver
AnyDVD
Archiveur WinRAR
AutoUpdate
AVG 7.5
AVG Anti-Spyware 7.5
Barre d'outils Outlook de Windows Live (Windows Live Toolbar)
Bloqueur de fenêtres pop-up (Windows Live Toolbar)
Camera Assistant Software for Toshiba
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
Copernic Agent Professional
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows XP (KB952287)
Creative MediaSource 5
Creative System Information
Creative ZEN V Series (R2)
CSI
CutePDF Writer 2.7
DiscAPI (Studio 10)
DVD de bonus Studio 10
DVD Shrink 3.2
Extension de Windows Live Toolbar (Windows Live Toolbar)
Gestionnaire de disques amovible Creative
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Haali Media Splitter
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Intel(R) Graphics Media Accelerator Driver
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) 6 Update 2
Lecteur Windows Media 11
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes' Anti-Malware
Menus intelligents (Windows Live Toolbar)
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0 French Language Pack
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta 2007 - Collection
Microsoft English TTS Engine
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft SQL Server Desktop Engine (PINNACLESYS)
Microsoft Streets & Trips 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mirar
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB938464)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB946648)
Mise à jour de sécurité pour Windows XP (KB950760)
Mise à jour de sécurité pour Windows XP (KB950762)
Mise à jour de sécurité pour Windows XP (KB950974)
Mise à jour de sécurité pour Windows XP (KB951066)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951698)
Mise à jour de sécurité pour Windows XP (KB951748)
Mise à jour de sécurité pour Windows XP (KB952954)
Mise à jour de sécurité pour Windows XP (KB953839)
Mise à jour pour Windows XP (KB942763)
Mise à jour pour Windows XP (KB951072-v2)
Mise à jour pour Windows XP (KB951978)
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
Mozilla Firefox (3.0.1)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Navigation par onglets (Windows Live Toolbar)
Nero 7 Premium
Norton Ghost
OneCare Advisor (Windows Live Toolbar)
Outil de mise à jour Google
Package de base Microsoft de service de chiffrement pour cartes à puce
PerfectDisk
Pinnacle Instant DVD Recorder
Pinnacle MediaServer
PowerDVD
proDAD Heroglyph 2.5
QuickTime
RAPID (Studio 10)
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Réussir ses CV et Lettres de Motivation
Security Update pour Microsoft .NET Framework 2.0 (KB928365)
SmartSound Quicktracks Plugin
SmartSound Quicktracks Plugin
Studio 10
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Accessibility
TOSHIBA Accessibility
TOSHIBA Controls
TOSHIBA Controls
TOSHIBA Fn-esse
TOSHIBA Hardware Setup
TOSHIBA Hardware Setup
TOSHIBA Hotkey Utility
TOSHIBA Power Saver
TOSHIBA Power Saver
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TTS Wrapper
UltimateEnhancer
USB Storage Driver
Utilitaire Hotkey TOSHIBA
Utility Common Driver
VCW VicMan's Photo Editor 8.1
VideoLAN VLC media player 0.8.6d
Web Photo Album 1.1
WebFldrs XP
Win2PDF 1.50
Windows Communication Foundation
Windows Communication Foundation Language Pack - FRA
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Favorites pour Windows Live Toolbar
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (FRA)
Windows Workflow Foundation
Windows Workflow Foundation FR Language Pack
Windows XP Service Pack 3
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
Yahoo! Install Manager
Yahoo! Toolbar
Yahoo! Toolbar avec bloqueur de fenêtres pop-up
ZENcast Organizer



Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est E8F2-C1B0

Répertoire de C:\Program Files

2008-09-12 18:11 <REP> .
2008-09-12 18:11 <REP> ..
2007-08-15 00:35 <REP> Acro Software
2007-07-20 20:47 <REP> Adobe
2008-08-19 19:22 <REP> AdorageI-GfxDatas
2008-08-19 19:21 <REP> AdorageI-SAL
2007-07-20 20:52 <REP> Apoint2K
2007-07-21 04:07 <REP> Attack on Pearl Harbor
2008-09-02 09:53 <REP> BitComet
2008-08-19 16:38 <REP> Boris FX, Inc
2007-07-20 18:23 <REP> Camera Assistant Software for Toshiba
2007-10-06 15:50 <REP> Canon
2008-09-08 23:53 <REP> CCleaner
2007-11-16 19:34 <REP> Common Files
2007-07-20 17:52 <REP> ComPlus Applications
2007-07-20 20:43 <REP> Copernic Agent
2007-09-29 14:43 <REP> Creative
2007-07-20 20:37 <REP> CyberLink
2008-09-04 10:32 <REP> DAEMON Tools
2008-09-09 22:59 <REP> directx
2007-07-20 20:41 <REP> DVD Shrink
2008-09-04 00:37 <REP> Fichiers communs
2008-09-01 15:13 29 017 528 FileFormatConverters.exe
2007-10-30 06:55 5 836 864 Firefox Setup 2.0.0.8.exe
2007-08-30 05:43 <REP> Google
2007-08-15 00:36 <REP> GPLGS
2008-09-10 10:02 <REP> Grisoft
2007-10-30 08:42 <REP> Haali
2007-07-20 18:25 <REP> Intel
2008-08-30 03:05 <REP> Internet Explorer
2007-07-29 16:19 <REP> Java
2007-07-20 18:26 <REP> ltmoh
2008-09-08 11:48 <REP> Malwarebytes' Anti-Malware
2007-11-10 01:30 <REP> Matroska Pack
2008-09-04 12:54 <REP> Messenger
2008-09-10 09:48 <REP> Messenger Plus! Live
2007-07-20 20:33 <REP> MétéoMédia
2008-09-09 22:53 <REP> Micro Application
2007-07-20 20:55 <REP> Microsoft Encarta
2007-07-20 17:56 <REP> microsoft frontpage
2007-07-20 21:48 <REP> Microsoft Location Finder
2008-09-01 15:14 <REP> Microsoft Office
2008-08-19 17:43 <REP> Microsoft SQL Server
2007-07-20 21:48 <REP> Microsoft Streets & Trips
2007-07-20 20:06 <REP> Microsoft Visual Studio
2007-08-09 04:00 <REP> Microsoft Works
2007-07-20 20:04 <REP> Microsoft.NET
2008-09-04 12:50 <REP> Movie Maker
2008-09-15 14:45 <REP> Mozilla Firefox
2007-07-20 19:57 <REP> MSBuild
2008-09-01 15:13 <REP> MSECache
2007-07-20 17:51 <REP> MSN
2007-07-20 17:51 <REP> MSN Gaming Zone
2008-09-10 09:48 <REP> MSN Messenger
2008-08-05 16:25 <REP> MSXML 4.0
2007-07-20 20:22 <REP> MSXML 6.0
2007-07-20 21:39 <REP> Nero
2008-09-04 12:44 <REP> NetMeeting
2007-07-20 17:52 <REP> Online Services
2008-09-04 12:44 <REP> Outlook Express
2008-08-19 17:46 <REP> Pinnacle
2008-08-19 20:21 <REP> proDAD
2008-08-19 17:55 <REP> QuickTime
2007-07-20 20:47 <REP> Raxco
2007-07-20 18:30 <REP> Realtek
2007-07-20 19:53 <REP> Reference Assemblies
2007-07-20 17:54 <REP> Services en ligne
2007-07-20 20:38 <REP> SlySoft
2008-08-19 17:36 <REP> SmartSound Software
2008-09-08 23:55 <REP> Spybot - Search & Destroy
2007-07-20 20:39 <REP> Stardock
2007-07-20 20:46 <REP> Symantec
2008-09-04 00:54 <REP> TeaTimer (Spybot - Search & Destroy)
2008-09-02 01:03 <REP> TELUS
2007-11-16 19:35 <REP> TELUS_eCare_Lite
2007-07-20 21:32 <REP> TOSHIBA
2008-09-04 16:55 <REP> Trend Micro
2007-07-21 03:42 <REP> Ubi Soft
2008-09-15 14:50 <REP> UltimateEnhancer
2007-10-30 07:48 <REP> Universalis
2008-09-12 18:35 <REP> VCW VicMan's Photo Editor
2008-01-15 18:04 <REP> VideoLAN
2008-09-12 18:11 <REP> Web Photo Album
2007-08-09 02:24 <REP> Windows Live
2007-11-29 21:14 <REP> Windows Live Favorites
2007-11-29 21:14 <REP> Windows Live Toolbar
2007-07-20 19:52 <REP> Windows Media Connect 2
2008-09-04 12:44 <REP> Windows Media Player
2008-09-04 12:44 <REP> Windows NT
2008-07-31 21:05 <REP> WinRAR
2007-07-20 17:56 <REP> xerox
2008-09-08 23:53 <REP> Yahoo!
2 fichier(s) 34 854 392 octets
90 Rép(s) 6 962 397 184 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est E8F2-C1B0

Répertoire de C:\Program Files\fichiers communs

2008-09-04 00:37 <REP> .
2008-09-04 00:37 <REP> ..
2007-07-20 20:49 <REP> Adobe
2007-07-20 21:41 <REP> Ahead
2007-10-06 15:46 <REP> Canon
2007-07-20 20:43 <REP> Copernic
2007-09-29 14:40 <REP> Creative
2007-07-20 20:06 <REP> DESIGNER
2007-07-20 18:32 <REP> InstallShield
2007-07-21 03:58 <REP> Java
2008-09-01 15:14 <REP> Microsoft Shared
2007-07-20 17:53 <REP> MSSoap
2007-07-21 01:45 <REP> ODBC
2007-07-20 20:47 <REP> Raxco
2007-07-20 17:53 <REP> Services
2007-07-21 01:45 <REP> SpeechEngines
2007-07-21 05:17 <REP> Symantec Shared
2008-09-04 12:44 <REP> System
0 fichier(s) 0 octets
18 Rép(s) 6 962 397 184 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est E8F2-C1B0

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

2008-07-31 21:13 <REP> .
2008-07-31 21:13 <REP> ..
2007-07-20 20:06 <REP> 1033
2008-07-31 21:13 <REP> 1036
2005-09-20 12:33 1 293 008 MSONSEXT.DLL
2007-03-22 19:29 39 256 MSOSV.DLL
1999-06-03 18:09 122 937 MSOWS409.DLL
2001-03-07 13:00 127 033 MSOWS40c.DLL
2003-07-11 08:25 80 448 PKMWS.DLL
5 fichier(s) 1 662 682 octets
4 Rép(s) 6 962 393 088 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est E8F2-C1B0

Répertoire de C:\Program Files\common files

2007-11-16 19:34 <REP> .
2007-11-16 19:34 <REP> ..
2007-11-16 19:34 <REP> Motive
0 fichier(s) 0 octets
3 Rép(s) 6 962 393 088 octets libres




c:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\aspiinst.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe
c:\Documents and Settings\Mon Laptop\Application Data\Microsoft\Installer\{EEECE229-49F6-4851-A73A-99B058221F8C}\ARPPRODUCTICON.exe
c:\Documents and Settings\Mon Laptop\Application Data\U3\temp\cleanup.exe
c:\Documents and Settings\Mon Laptop\Application Data\U3\temp\Launchpad Removal.exe
c:\Documents and Settings\Mon Laptop\Bureau\photoshop_photoshop_cs3_evaluation_francais_9635.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\sigcheck.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\Mon Laptop\Local Settings\Temp\ycomp_setup.exe
c:\Documents and Settings\Mon Laptop\Mes documents\Ma musique\Integrale Renaud\Cd n°1\autorun.exe
c:\Documents and Settings\Mon Laptop\Mes documents\Ma musique\Integrale Renaud\Cd n°2\autorun.exe
c:\Documents and Settings\All Users\Application Data\EBLib.dll
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Vista64\EBLib.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
c:\Documents and Settings\Mon Laptop\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_MON-5FBFE707E9F.tar.gz a l'adresse http://upload.malekal.com


Merci
delph
0
Réponse 15 / 20
DELPH
 
CI DESSOUS MON RAPPORT MERCI

DiagHelp version v1.4 - http://www.malekal.com
excute le 2008-09-15 à 14:52:33,89


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->2008-09-15 14:52:32
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->2008-09-15 14:52:26
C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->2008-09-15 14:52:07
C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->2008-09-15 14:51:53
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->2008-09-15 14:39:38
C:\WINDOWS\prefetch\WMIADAP.EXE-2DF425B2.pf -->2008-09-15 14:39:37
C:\WINDOWS\prefetch\MSNTBUP.EXE-0D913FB9.pf -->2008-09-15 14:39:00
C:\WINDOWS\prefetch\ACRORD32.EXE-13285B88.pf -->2008-09-15 14:38:22
C:\WINDOWS\prefetch\AVGW.EXE-2A7BF89D.pf -->2008-09-15 14:36:29
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->2008-09-15 14:36:24

C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->2008-09-08 00:11:08
C:\WINDOWS\System32\drivers\mbam.sys -->2008-09-08 00:11:02
C:\WINDOWS\System32\drivers\avgclean.sys -->2008-07-28 14:54:58
C:\WINDOWS\System32\drivers\avgmfx86.sys -->2008-07-28 14:54:53
C:\WINDOWS\System32\drivers\tcpip.sys -->2008-06-20 13:51:12
C:\WINDOWS\System32\drivers\afd.sys -->2008-06-20 13:40:08
C:\WINDOWS\System32\drivers\tcpip6.sys -->2008-06-20 13:08:27

C:\WINDOWS\System32\PerfStringBackup.INI -->2008-09-15 14:39:49
C:\WINDOWS\System32\perfh00C.dat -->2008-09-15 14:39:49
C:\WINDOWS\System32\perfh009.dat -->2008-09-15 14:39:49
C:\WINDOWS\System32\perfc00C.dat -->2008-09-15 14:39:49
C:\WINDOWS\System32\perfc009.dat -->2008-09-15 14:39:49
C:\WINDOWS\System32\wpa.dbl -->2008-09-15 14:36:13
C:\WINDOWS\System32\FNTCACHE.DAT -->2008-09-09 09:59:25
C:\WINDOWS\System32\spupdwxp.log -->2008-09-04 14:05:53
C:\WINDOWS\System32\qtplugin.log -->2008-09-01 14:37:29
C:\WINDOWS\System32\TZLog.log -->2008-08-30 03:05:35
C:\WINDOWS\System32\MRT.exe -->2008-08-26 22:28:12
C:\WINDOWS\System32\blue.SITENAME -->2008-08-19 19:52:48
C:\WINDOWS\System32\MSDELog.log -->2008-08-19 17:44:28
C:\WINDOWS\System32\d3d9caps.dat -->2008-08-05 16:03:59
C:\WINDOWS\System32\ciadvss.exe -->2008-07-28 15:24:33
C:\WINDOWS\System32\ciadvs.exe -->2008-07-28 15:24:33
C:\WINDOWS\System32\es.dll -->2008-07-07 22:28:20
C:\WINDOWS\System32\mscms.dll -->2008-06-24 18:44:02
C:\WINDOWS\System32\wmpeffects.dll -->2008-06-24 18:12:58
C:\WINDOWS\System32\mshtml.dll -->2008-06-24 10:28:24
C:\WINDOWS\System32\wininet.dll -->2008-06-23 18:28:23
C:\WINDOWS\System32\webcheck.dll -->2008-06-23 18:28:23
C:\WINDOWS\System32\urlmon.dll -->2008-06-23 18:28:23
C:\WINDOWS\System32\url.dll -->2008-06-23 18:28:22
C:\WINDOWS\System32\pngfilt.dll -->2008-06-23 18:28:22

C:\WINDOWS\WindowsUpdate.log -->2008-09-15 14:39:26
C:\WINDOWS\0.log -->2008-09-15 14:35:44
C:\WINDOWS\wiadebug.log -->2008-09-15 14:35:27
C:\WINDOWS\wiaservc.log -->2008-09-15 14:35:25
C:\WINDOWS\bootstat.dat -->2008-09-15 14:35:00
C:\WINDOWS\SchedLgU.Txt -->2008-09-14 01:23:53
C:\WINDOWS\wmsetup.log -->2008-09-13 20:53:11
C:\WINDOWS\phedit.ini -->2008-09-12 18:35:10
C:\WINDOWS\ntbtlog.txt -->2008-09-11 10:48:43
C:\WINDOWS\tsoc.log -->2008-09-10 10:08:20
C:\WINDOWS\tabletoc.log -->2008-09-10 10:08:20
C:\WINDOWS\ocmsn.log -->2008-09-10 10:08:20
C:\WINDOWS\ocgen.log -->2008-09-10 10:08:20
C:\WINDOWS\ntdtcsetup.log -->2008-09-10 10:08:20
C:\WINDOWS\netfxocm.log -->2008-09-10 10:08:20

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 684
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll
0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll
0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL
0x44160000 0x127000 7.00.6000.16705 C:\WINDOWS\system32\urlmon.dll
0x44360000 0x5cd000 7.00.6000.16705 C:\WINDOWS\system32\ieframe.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x7d200000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll
0x442b0000 0x3c000 7.00.6000.16705 C:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x10000000 0xd000 1.00.0008.0000 C:\WINDOWS\system32\TPwrCfg.DLL
0x02750000 0x15000 1.00.0004.0000 C:\WINDOWS\system32\TPwrReg.dll
0x02770000 0xe000 1.00.0003.0000 C:\WINDOWS\system32\TPSTrace.DLL
0x02810000 0xc000 C:\WINDOWS\system32\TDispVol.dll
0x01720000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x00f10000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x00f70000 0x14000 2.02.0006.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL
0x02b30000 0x56000 7.10.3052.0004 C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCP71.dll
0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
0x01570000 0x2e000 C:\Program Files\WinRAR\rarext.dll
0x016a0000 0x35000 1.00.0000.0000 C:\Program Files\Web Photo Album\webalbumcontext.dll
0x01770000 0x18000 1.00.0001.0000 C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll
0x621a0000 0x10000 7.05.0000.0409 C:\Program Files\Grisoft\AVG7\avgse.dll
0x02b90000 0x2a000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
0x01ec0000 0xe000 7.00.0005.0172 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
0x03780000 0xfd000 1.00.0000.0001 C:\Program Files\UltimateEnhancer\UltimateEnhancer-2.dll
0x61b40000 0x28000 7.00.2632.17573 C:\Program Files\UltimateEnhancer\pcre3.dll
0x4eb80000 0x1a6000 5.01.3102.5581 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll
0x03b90000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x6d7c0000 0x79000 6.00.0020.0006 C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 1104
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x01270000 0x3b000 1.07.0018.0007 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll


Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est E8F2-C1B0

Répertoire de C:\WINDOWS\system

2003-05-29 00:53 4 672 WOWPOST.EXE
1 fichier(s) 4 672 octets
0 Rép(s) 6 974 566 400 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est E8F2-C1B0

Répertoire de C:\WINDOWS\system32

2008-04-14 04:33 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 6 974 566 400 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est E8F2-C1B0

Répertoire de C:\WINDOWS\Downloaded Program Files

2008-08-19 16:58 <REP> .
2008-08-19 16:58 <REP> ..
2007-07-20 17:54 65 desktop.ini
2007-08-06 18:10 68 992 PURfr-fr.dll
2 fichier(s) 69 057 octets

Total des fichiers listés :
2 fichier(s) 69 057 octets
2 Rép(s) 6 974 566 400 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Universalis\\atlas3D 12\\bmmatlas\\Atlas_App.exe"="C:\\Program Files\\Universalis\\atlas3D 12\\bmmatlas\\Atlas_App.exe:*:Enabled:Atlas_App"
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe:*:Enabled:MediaManager Application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"="C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"



exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-15 14:54:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:cb,62,ea,39,85,01,03,0a,5e,a7,a8,33,64,02,53,8f,6c,6f,c5,91,f2,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e1,e2,2e,52,0e,df,1a,58,41,db,86,6d,ff,d0,74,12,67,..
"khjeh"=hex:b4,1c,c7,aa,86,9f,8b,e0,a5,bd,5f,16,c9,2a,d0,76,eb,2a,5a,e5,9d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:dc,f1,81,e4,09,33,04,82,94,5b,1d,aa,ab,36,59,36,65,19,12,51,21,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:cb,62,ea,39,85,01,03,0a,5e,a7,a8,33,64,02,53,8f,6c,6f,c5,91,f2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e1,e2,2e,52,0e,df,1a,58,41,db,86,6d,ff,d0,74,12,67,..
"khjeh"=hex:b4,1c,c7,aa,86,9f,8b,e0,a5,bd,5f,16,c9,2a,d0,76,eb,2a,5a,e5,9d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:dc,f1,81,e4,09,33,04,82,94,5b,1d,aa,ab,36,59,36,65,19,12,51,21,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:cb,62,ea,39,85,01,03,0a,5e,a7,a8,33,64,02,53,8f,6c,6f,c5,91,f2,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,e1,e2,2e,52,0e,df,1a,58,41,db,86,6d,ff,d0,74,12,67,..
"khjeh"=hex:b4,1c,c7,aa,86,9f,8b,e0,a5,bd,5f,16,c9,2a,d0,76,eb,2a,5a,e5,9d,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:dc,f1,81,e4,09,33,04,82,94,5b,1d,aa,ab,36,59,36,65,19,12,51,21,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
228 - CEC_MAIN.exe
520 - alg.exe
684 - explorer.exe
784 - guard.exe
800 - avgamsvr.exe
824 - avgemc.exe
832 - cmd.exe
860 - hkcmd.exe
880 - traybar.exe
888 - igfxtray.exe
924 - igfxpers.exe
1040 - RTHDCPL.exe
1052 - TCtrlIOHook.exe
1076 - TFncKy.exe
1080 - csrss.exe
1084 - TDispVol.exe
1104 - winlogon.exe
1148 - services.exe
1160 - lsass.exe
1164 - TPSMain.exe
1228 - CeEKey.exe
1328 - svchost.exe
1348 - PDVDServ.exe
1356 - avgcc.exe
1396 - svchost.exe
1436 - svchost.exe
1476 - svchost.exe
1528 - svchost.exe
1544 - GhostStartTrayA
1552 - eCareTrayApp.ex
1588 - qttask.exe
1604 - ctfmon.exe
1612 - ltmoh.exe
1624 - svchost.exe
1660 - daemon.exe
1668 - msnmsgr.exe
1688 - CTSyncU.exe
1740 - EDICT.EXE
1768 - TPSBattM.exe
1936 - spoolsv.exe
2020 - GoogleUpdater.e
2132 - GoogleUpdaterSe
2356 - MDM.EXE
2380 - sqlservr.exe
2580 - svchost.exe
2928 - CALMAIN.exe
3240 - PMSHost.exe
3264 - firefox.exe

Total number of processes = 49
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntoskrnl.exe
806FF000 - \WINDOWS\system32\hal.dll
F7A4C000 - \WINDOWS\system32\KDCOM.DLL
F795C000 - \WINDOWS\system32\BOOTVID.dll
F7443000 - sptd.sys
F7A4E000 - \WINDOWS\System32\Drivers\WMILIB.SYS
F742B000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
F73FC000 - ACPI.sys
F73EB000 - pci.sys
F754C000 - ohci1394.sys
F755C000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS
F756C000 - isapnp.sys
F7960000 - compbatt.sys
F7964000 - \WINDOWS\system32\DRIVERS\BATTC.SYS
F7B14000 - pciide.sys
F77CC000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F73CD000 - pcmcia.sys
F757C000 - MountMgr.sys
F73AE000 - ftdisk.sys
F7A50000 - dmload.sys
F7388000 - dmio.sys
F7968000 - ACPIEC.sys
F7B15000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
F77D4000 - PartMgr.sys
F758C000 - VolSnap.sys
F7370000 - atapi.sys
F759C000 - disk.sys
F75AC000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F7350000 - fltmgr.sys
F733E000 - sr.sys
F7327000 - KSecDD.sys
F7314000 - WudfPf.sys
F75BC000 - Defrag32b.sys
F7287000 - Ntfs.sys
F725A000 - NDIS.sys
F7240000 - Mup.sys
F778C000 - \SystemRoot\system32\DRIVERS\intelppm.sys
F6F23000 - \SystemRoot\system32\DRIVERS\ialmnt5.sys
F6F0F000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F6EE7000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys
F6CCD000 - \SystemRoot\system32\DRIVERS\NETw4x32.sys
F6CB6000 - \SystemRoot\system32\DRIVERS\Rtenicxp.sys
F78EC000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
F6C92000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F78F4000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F77AC000 - \SystemRoot\system32\DRIVERS\nic1394.sys
F6C46000 - \SystemRoot\system32\drivers\tifm21.sys
F6C32000 - \SystemRoot\system32\DRIVERS\sdbus.sys
F71E8000 - \SystemRoot\system32\DRIVERS\CmBatt.sys
F77BC000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F78FC000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F7904000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F75CC000 - \SystemRoot\system32\DRIVERS\imapi.sys
F790C000 - \SystemRoot\system32\drivers\ASAPIW2k.sys
F75DC000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F75EC000 - \SystemRoot\system32\DRIVERS\redbook.sys
F6C0F000 - \SystemRoot\system32\DRIVERS\ks.sys
F6BA9000 - \SystemRoot\System32\Drivers\alsoqfgk.SYS
F7B73000 - \SystemRoot\system32\DRIVERS\audstub.sys
F75FC000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F7081000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F6B92000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F760C000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F761C000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F780C000 - \SystemRoot\system32\DRIVERS\TDI.SYS
F6B81000 - \SystemRoot\system32\DRIVERS\psched.sys
F762C000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F781C000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F7824000 - \SystemRoot\system32\DRIVERS\raspti.sys
F6B51000 - \SystemRoot\system32\DRIVERS\rdpdr.sys
F763C000 - \SystemRoot\system32\DRIVERS\termdd.sys
F7AA0000 - \SystemRoot\system32\DRIVERS\swenum.sys
F6AF3000 - \SystemRoot\system32\DRIVERS\update.sys
F7A34000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F6AC5000 - \SystemRoot\system32\DRIVERS\MarvinBus.sys
F764C000 - \SystemRoot\System32\Drivers\NDProxy.SYS
AAAC1000 - \SystemRoot\system32\drivers\RtkHDAud.sys
AAA9D000 - \SystemRoot\system32\drivers\portcls.sys
F766C000 - \SystemRoot\system32\drivers\drmk.sys
AA981000 - \SystemRoot\system32\DRIVERS\AGRSM.sys
F7AA8000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F7834000 - \SystemRoot\System32\Drivers\Modem.SYS
F769C000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F7AB8000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7C0A000 - \SystemRoot\System32\Drivers\Null.SYS
F7ABA000 - \SystemRoot\System32\Drivers\Beep.SYS
F7C0B000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys
F7C0C000 - \SystemRoot\System32\Drivers\avgclean.sys
F7854000 - \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
F785C000 - \SystemRoot\System32\drivers\vga.sys
F7ABC000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7ABE000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F7864000 - \SystemRoot\System32\Drivers\Msfs.SYS
F786C000 - \SystemRoot\System32\Drivers\Npfs.SYS
F6A32000 - \SystemRoot\system32\DRIVERS\rasacd.sys
A9C91000 - \SystemRoot\system32\DRIVERS\ipsec.sys
A9C38000 - \SystemRoot\system32\DRIVERS\tcpip.sys
A9BE8000 - \SystemRoot\system32\DRIVERS\netbt.sys
A9BC2000 - \SystemRoot\system32\DRIVERS\ipnat.sys
A9BA0000 - \SystemRoot\System32\drivers\afd.sys
F76CC000 - \SystemRoot\system32\DRIVERS\netbios.sys
F76DC000 - \SystemRoot\system32\DRIVERS\wanarp.sys
AA96D000 - \??\C:\WINDOWS\system32\drivers\TPwSav.sys
A9B75000 - \SystemRoot\system32\DRIVERS\rdbss.sys
AA95D000 - \??\C:\WINDOWS\system32\drivers\pclepci.sys
A99BE000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
F76EC000 - \SystemRoot\system32\DRIVERS\arp1394.sys
F76FC000 - \SystemRoot\System32\Drivers\Fips.SYS
A9855000 - \SystemRoot\System32\Drivers\avg7core.sys
F787C000 - \SystemRoot\system32\DRIVERS\usbccgp.sys
F772C000 - \SystemRoot\System32\Drivers\UVCFTR_S.SYS
A9370000 - \SystemRoot\System32\Drivers\usbvideo.sys
F7AD2000 - \SystemRoot\System32\Drivers\avg7rsw.sys
F788C000 - \SystemRoot\System32\Drivers\avg7rsxp.sys
F775C000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F7C39000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
A8528000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7A9E000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
A9C2C000 - \SystemRoot\System32\drivers\Dxapi.sys
A8558000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F7C5A000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9E4000 - \SystemRoot\System32\ialmdnt5.dll
BF9D5000 - \SystemRoot\System32\ialmrnt5.dll
BFA06000 - \SystemRoot\System32\ialmdev5.DLL
BFA3F000 - \SystemRoot\System32\ialmdd5.DLL
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
A84AC000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
A821B000 - \SystemRoot\system32\drivers\wdmaud.sys
A8388000 - \SystemRoot\system32\drivers\sysaudio.sys
A7BFE000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
A7D03000 - \SystemRoot\System32\Drivers\Aspi32.SYS
F7A58000 - \SystemRoot\System32\Drivers\avgtdi.sys
A7D7B000 - \SystemRoot\System32\Drivers\Defrag32.SYS
A7A05000 - \SystemRoot\System32\Drivers\HTTP.sys
A7963000 - \SystemRoot\system32\DRIVERS\srv.sys
A6093000 - \SystemRoot\system32\drivers\kmixer.sys
F7C34000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 139

Liste des programmes installes

Adobe Reader 7.0.5 - Français
ALPS Touch Pad Driver
AnyDVD
Archiveur WinRAR
AutoUpdate
AVG 7.5
AVG Anti-Spyware 7.5
Barre d'outils Outlook de Windows Live (Windows Live Toolbar)
Bloqueur de fenêtres pop-up (Windows Live Toolbar)
Camera Assistant Software for Toshiba
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
CD/DVD Drive Acoustic Silencer
Compatibility Pack for the 2007 Office system
Copernic Agent Professional
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows XP (KB952287)
Creative MediaSource 5
Creative System Information
Creative ZEN V Series (R2)
CSI
CutePDF Writer 2.7
DiscAPI (Studio 10)
DVD de bonus Studio 10
DVD Shrink 3.2
Extension de Windows Live Toolbar (Windows Live Toolbar)
Gestionnaire de disques amovible Creative
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Haali Media Splitter
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Media Format 11 SDK (KB929399)
Intel(R) Graphics Media Accelerator Driver
Java 2 Runtime Environment, SE v1.4.2_05
Java(TM) 6 Update 2
Lecteur Windows Media 11
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes' Anti-Malware
Menus intelligents (Windows Live Toolbar)
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0 French Language Pack
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Encarta 2007 - Collection
Microsoft English TTS Engine
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft SQL Server Desktop Engine (PINNACLESYS)
Microsoft Streets & Trips 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mirar
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB938464)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB946648)
Mise à jour de sécurité pour Windows XP (KB950760)
Mise à jour de sécurité pour Windows XP (KB950762)
Mise à jour de sécurité pour Windows XP (KB950974)
Mise à jour de sécurité pour Windows XP (KB951066)
Mise à jour de sécurité pour Windows XP (KB951376-v2)
Mise à jour de sécurité pour Windows XP (KB951698)
Mise à jour de sécurité pour Windows XP (KB951748)
Mise à jour de sécurité pour Windows XP (KB952954)
Mise à jour de sécurité pour Windows XP (KB953839)
Mise à jour pour Windows XP (KB942763)
Mise à jour pour Windows XP (KB951072-v2)
Mise à jour pour Windows XP (KB951978)
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
Mozilla Firefox (3.0.1)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Navigation par onglets (Windows Live Toolbar)
Nero 7 Premium
Norton Ghost
OneCare Advisor (Windows Live Toolbar)
Outil de mise à jour Google
Package de base Microsoft de service de chiffrement pour cartes à puce
PerfectDisk
Pinnacle Instant DVD Recorder
Pinnacle MediaServer
PowerDVD
proDAD Heroglyph 2.5
QuickTime
RAPID (Studio 10)
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Réussir ses CV et Lettres de Motivation
Security Update pour Microsoft .NET Framework 2.0 (KB928365)
SmartSound Quicktracks Plugin
SmartSound Quicktracks Plugin
Studio 10
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Accessibility
TOSHIBA Accessibility
TOSHIBA Controls
TOSHIBA Controls
TOSHIBA Fn-esse
TOSHIBA Hardware Setup
TOSHIBA Hardware Setup
TOSHIBA Hotkey Utility
TOSHIBA Power Saver
TOSHIBA Power Saver
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TTS Wrapper
UltimateEnhancer
USB Storage Driver
Utilitaire Hotkey TOSHIBA
Utility Common Driver
VCW VicMan's Photo Editor 8.1
VideoLAN VLC media player 0.8.6d
Web Photo Album 1.1
WebFldrs XP
Win2PDF 1.50
Windows Communication Foundation
Windows Communication Foundation Language Pack - FRA
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Favorites pour Windows Live Toolbar
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (FRA)
Windows Workflow Foundation
Windows Workflow Foundation FR Language Pack
Windows XP Service Pack 3
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
Yahoo! Install Manager
Yahoo! Toolbar
Yahoo! Toolbar avec bloqueur de fenêtres pop-up
ZENcast Organizer



Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est E8F2-C1B0

Répertoire de C:\Program Files

2008-09-12 18:11 <REP> .
2008-09-12 18:11 <REP> ..
2007-08-15 00:35 <REP> Acro Software
2007-07-20 20:47 <REP> Adobe
2008-08-19 19:22 <REP> AdorageI-GfxDatas
2008-08-19 19:21 <REP> AdorageI-SAL
2007-07-20 20:52 <REP> Apoint2K
2007-07-21 04:07 <REP> Attack on Pearl Harbor
2008-09-02 09:53 <REP> BitComet
2008-08-19 16:38 <REP> Boris FX, Inc
2007-07-20 18:23 <REP> Camera Assistant Software for Toshiba
2007-10-06 15:50 <REP> Canon
2008-09-08 23:53 <REP> CCleaner
2007-11-16 19:34 <REP> Common Files
2007-07-20 17:52 <REP> ComPlus Applications
2007-07-20 20:43 <REP> Copernic Agent
2007-09-29 14:43 <REP> Creative
2007-07-20 20:37 <REP> CyberLink
2008-09-04 10:32 <REP> DAEMON Tools
2008-09-09 22:59 <REP> directx
2007-07-20 20:41 <REP> DVD Shrink
2008-09-04 00:37 <REP> Fichiers communs
2008-09-01 15:13 29 017 528 FileFormatConverters.exe
2007-10-30 06:55 5 836 864 Firefox Setup 2.0.0.8.exe
2007-08-30 05:43 <REP> Google
2007-08-15 00:36 <REP> GPLGS
2008-09-10 10:02 <REP> Grisoft
2007-10-30 08:42 <REP> Haali
2007-07-20 18:25 <REP> Intel
2008-08-30 03:05 <REP> Internet Explorer
2007-07-29 16:19 <REP> Java
2007-07-20 18:26 <REP> ltmoh
2008-09-08 11:48 <REP> Malwarebytes' Anti-Malware
2007-11-10 01:30 <REP> Matroska Pack
2008-09-04 12:54 <REP> Messenger
2008-09-10 09:48 <REP> Messenger Plus! Live
2007-07-20 20:33 <REP> MétéoMédia
2008-09-09 22:53 <REP> Micro Application
2007-07-20 20:55 <REP> Microsoft Encarta
2007-07-20 17:56 <REP> microsoft frontpage
2007-07-20 21:48 <REP> Microsoft Location Finder
2008-09-01 15:14 <REP> Microsoft Office
2008-08-19 17:43 <REP> Microsoft SQL Server
2007-07-20 21:48 <REP> Microsoft Streets & Trips
2007-07-20 20:06 <REP> Microsoft Visual Studio
2007-08-09 04:00 <REP> Microsoft Works
2007-07-20 20:04 <REP> Microsoft.NET
2008-09-04 12:50 <REP> Movie Maker
2008-09-15 14:45 <REP> Mozilla Firefox
2007-07-20 19:57 <REP> MSBuild
2008-09-01 15:13 <REP> MSECache
2007-07-20 17:51 <REP> MSN
2007-07-20 17:51 <REP> MSN Gaming Zone
2008-09-10 09:48 <REP> MSN Messenger
2008-08-05 16:25 <REP> MSXML 4.0
2007-07-20 20:22 <REP> MSXML 6.0
2007-07-20 21:39 <REP> Nero
2008-09-04 12:44 <REP> NetMeeting
2007-07-20 17:52 <REP> Online Services
2008-09-04 12:44 <REP> Outlook Express
2008-08-19 17:46 <REP> Pinnacle
2008-08-19 20:21 <REP> proDAD
2008-08-19 17:55 <REP> QuickTime
2007-07-20 20:47 <REP> Raxco
2007-07-20 18:30 <REP> Realtek
2007-07-20 19:53 <REP> Reference Assemblies
2007-07-20 17:54 <REP> Services en ligne
2007-07-20 20:38 <REP> SlySoft
2008-08-19 17:36 <REP> SmartSound Software
2008-09-08 23:55 <REP> Spybot - Search & Destroy
2007-07-20 20:39 <REP> Stardock
2007-07-20 20:46 <REP> Symantec
2008-09-04 00:54 <REP> TeaTimer (Spybot - Search & Destroy)
2008-09-02 01:03 <REP> TELUS
2007-11-16 19:35 <REP> TELUS_eCare_Lite
2007-07-20 21:32 <REP> TOSHIBA
2008-09-04 16:55 <REP> Trend Micro
2007-07-21 03:42 <REP> Ubi Soft
2008-09-15 14:50 <REP> UltimateEnhancer
2007-10-30 07:48 <REP> Universalis
2008-09-12 18:35 <REP> VCW VicMan's Photo Editor
2008-01-15 18:04 <REP> VideoLAN
2008-09-12 18:11 <REP> Web Photo Album
2007-08-09 02:24 <REP> Windows Live
2007-11-29 21:14 <REP> Windows Live Favorites
2007-11-29 21:14 <REP> Windows Live Toolbar
2007-07-20 19:52 <REP> Windows Media Connect 2
2008-09-04 12:44 <REP> Windows Media Player
2008-09-04 12:44 <REP> Windows NT
2008-07-31 21:05 <REP> WinRAR
2007-07-20 17:56 <REP> xerox
2008-09-08 23:53 <REP> Yahoo!
2 fichier(s) 34 854 392 octets
90 Rép(s) 6 962 397 184 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est E8F2-C1B0

Répertoire de C:\Program Files\fichiers communs

2008-09-04 00:37 <REP> .
2008-09-04 00:37 <REP> ..
2007-07-20 20:49 <REP> Adobe
2007-07-20 21:41 <REP> Ahead
2007-10-06 15:46 <REP> Canon
2007-07-20 20:43 <REP> Copernic
2007-09-29 14:40 <REP> Creative
2007-07-20 20:06 <REP> DESIGNER
2007-07-20 18:32 <REP> InstallShield
2007-07-21 03:58 <REP> Java
2008-09-01 15:14 <REP> Microsoft Shared
2007-07-20 17:53 <REP> MSSoap
2007-07-21 01:45 <REP> ODBC
2007-07-20 20:47 <REP> Raxco
2007-07-20 17:53 <REP> Services
2007-07-21 01:45 <REP> SpeechEngines
2007-07-21 05:17 <REP> Symantec Shared
2008-09-04 12:44 <REP> System
0 fichier(s) 0 octets
18 Rép(s) 6 962 397 184 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est E8F2-C1B0

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

2008-07-31 21:13 <REP> .
2008-07-31 21:13 <REP> ..
2007-07-20 20:06 <REP> 1033
2008-07-31 21:13 <REP> 1036
2005-09-20 12:33 1 293 008 MSONSEXT.DLL
2007-03-22 19:29 39 256 MSOSV.DLL
1999-06-03 18:09 122 937 MSOWS409.DLL
2001-03-07 13:00 127 033 MSOWS40c.DLL
2003-07-11 08:25 80 448 PKMWS.DLL
5 fichier(s) 1 662 682 octets
4 Rép(s) 6 962 393 088 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est E8F2-C1B0

Répertoire de C:\Program Files\common files

2007-11-16 19:34 <REP> .
2007-11-16 19:34 <REP> ..
2007-11-16 19:34 <REP> Motive
0 fichier(s) 0 octets
3 Rép(s) 6 962 393 088 octets libres




c:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\aspiinst.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe
c:\Documents and Settings\Mon Laptop\Application Data\Microsoft\Installer\{EEECE229-49F6-4851-A73A-99B058221F8C}\ARPPRODUCTICON.exe
c:\Documents and Settings\Mon Laptop\Application Data\U3\temp\cleanup.exe
c:\Documents and Settings\Mon Laptop\Application Data\U3\temp\Launchpad Removal.exe
c:\Documents and Settings\Mon Laptop\Bureau\photoshop_photoshop_cs3_evaluation_francais_9635.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\sigcheck.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\Mon Laptop\Local Settings\Temp\ycomp_setup.exe
c:\Documents and Settings\Mon Laptop\Mes documents\Ma musique\Integrale Renaud\Cd n°1\autorun.exe
c:\Documents and Settings\Mon Laptop\Mes documents\Ma musique\Integrale Renaud\Cd n°2\autorun.exe
c:\Documents and Settings\All Users\Application Data\EBLib.dll
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Vista64\EBLib.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
c:\Documents and Settings\Mon Laptop\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_MON-5FBFE707E9F.tar.gz a l'adresse http://upload.malekal.com
0
Réponse 16 / 20
DELPH
 
le voici


-----------\\ ToolBar S&D 1.2.0 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU T5300 @ 1.73GHz )
BIOS : Ver 1.00PARTTBL0
USER : Mon Laptop ( Administrator )
BOOT : Normal boot
Antivirus : AVG 7.5.524 7.5.524 (Activated)
C:\ (Local Disk) - NTFS - Total : 107 Go Free : 6 Go
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total : 41 Go Free : 19 Go
F:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 14-09-2008|23:30 )
Option : [1] ( 2008-09-16|10:35 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\MONLAP~1\MENUDM~1\PROGRA~1\PlayMP3z

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2fbr%2faccess%2fallinone.asp%3f"
"Search Bar"="https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 2008-09-16|10:36 - Option : [1]

-----------\\ Fin du rapport a 10:36:25,30
0
Réponse 17 / 20
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonjour

Ne t'inquiète pas je vais te guider et t'aider à désinfecter ton PC.

Télécharge sur le Bureau HijackThis

http://download.hijackthis.eu/HJTInstall.exe

= Double-clique sur dessus pour l'installer
= Clique sur Do a system scan and save the log
= Colle le rapport
si problème voir l'aide
http://www.swl1f.net/viewtopic.php?f=14&t=153&p=1100#p1100
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

@+
-1
Réponse 18 / 20
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonsoir

très bien ;)

Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation
http://www.swl1f.net/viewtopic.php?f=14&t=68


=> Installe le
=> Ensuite va en mode sans echec


Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel


=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport

--------------------------

ensuite

* Télécharge CCleaner
https://filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser
http://www.swl1f.net/viewtopic.php?f=14&t=69

--------------------------

Ensuite refais un nouveau HijackThis

@+
-1
Réponse 19 / 20
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonsoir

lee lien marche pour moi ?
-1
Réponse 20 / 20
ep44 Messages postés 7432 Statut Contributeur 3
 
Bonsoir

pour verif
Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau


Double clique sur le OAD pour le lancer

- nom de fichier à rechercher tape ou fais un copier coller de : Mirar
- Type de recherche : sélectionne l'option 6 puis valide [entree]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.
-1

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses