Qu'est ce que jai? Trojan?????
Fermé
jedetestelesvirus
Messages postés
90
Date d'inscription
mercredi 31 octobre 2007
Statut
Membre
Dernière intervention
7 octobre 2010
-
15 sept. 2008 à 23:31
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 - 22 sept. 2008 à 18:21
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 - 22 sept. 2008 à 18:21
A voir également:
- Qu'est ce que jai? Trojan?????
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Csrss.exe trojan - Forum Virus
- Trojan win32 - Forum Virus
- Csrss.exe : processus suspect/virus ? - Forum Virus
- Trojan agent ✓ - Forum Virus
14 réponses
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
15 sept. 2008 à 23:32
15 sept. 2008 à 23:32
Salut,
Fais un scan avec cet antispyware :
Telecharge malwarebytes + tutoriel :
-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
Fais un scan avec cet antispyware :
Telecharge malwarebytes + tutoriel :
-> https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examun complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
jedetestelesvirus
Messages postés
90
Date d'inscription
mercredi 31 octobre 2007
Statut
Membre
Dernière intervention
7 octobre 2010
3
16 sept. 2008 à 01:49
16 sept. 2008 à 01:49
Malwarebytes' Anti-Malware 1.28
Database version: 1134
Windows 5.1.2600 Service Pack 2
2008-09-15 19:34:42
mbam-log-2008-09-15 (19-34-42).txt
Scan type: Full Scan (C:\|)
Objects scanned: 295814
Time elapsed: 1 hour(s), 57 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 12
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audio-Video Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\eChanblard\EvID4226Patch.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\blphcckoj0etfl.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcckoj0etfl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcckoj0etfl.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Database version: 1134
Windows 5.1.2600 Service Pack 2
2008-09-15 19:34:42
mbam-log-2008-09-15 (19-34-42).txt
Scan type: Full Scan (C:\|)
Objects scanned: 295814
Time elapsed: 1 hour(s), 57 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 12
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Audio-Video Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\Program Files\eChanblard\EvID4226Patch.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\blphcckoj0etfl.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcckoj0etfl.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcckoj0etfl.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
16 sept. 2008 à 13:15
16 sept. 2008 à 13:15
Salut jedetestelesvirus,,
Télécharge HijackThis ici :
-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/Hijenr.gif
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
Post le rapport généré ici stp...
@+
Télécharge HijackThis ici :
-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/Hijenr.gif
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
Post le rapport généré ici stp...
@+
jedetestelesvirus
Messages postés
90
Date d'inscription
mercredi 31 octobre 2007
Statut
Membre
Dernière intervention
7 octobre 2010
3
16 sept. 2008 à 23:35
16 sept. 2008 à 23:35
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:35:09, on 2008-09-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Fichiers communs\Skyscape\smARTupdate.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - C:\Program Files\FlashKeeper\GetFlash.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Guillaume\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - https://www.fileplanet.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110911471796
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://www.gamespy.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D6586F4F-9F9F-4995-88D5-75E4A651E759} - http://www.wgfed.com/index.html
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Scan saved at 17:35:09, on 2008-09-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Fichiers communs\Skyscape\smARTupdate.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - C:\Program Files\FlashKeeper\GetFlash.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Guillaume\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - https://www.fileplanet.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110911471796
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://www.gamespy.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D6586F4F-9F9F-4995-88D5-75E4A651E759} - http://www.wgfed.com/index.html
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
18 sept. 2008 à 12:19
18 sept. 2008 à 12:19
Salut,
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
@+
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
@+
jedetestelesvirus
Messages postés
90
Date d'inscription
mercredi 31 octobre 2007
Statut
Membre
Dernière intervention
7 octobre 2010
3
18 sept. 2008 à 23:28
18 sept. 2008 à 23:28
Voici le fichier report:
[b]SDFix: Version 1.226 [/b]
Run by Papa on 2008-09-18 at 16:53
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Rootkit Found :
C:\WINDOWS\system32\drivers\tdssserv.sys - Rootkit.Win32.Agent.cku
[b]Name [/b]:
tdssserv
[b]Path [/b]:
\systemroot\system32\drivers\TDSSserv.sys
tdssserv - Deleted
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\system32\drivers\tdssserv.sys - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by
Gmer, http://www.gmer.net
Rootkit scan 2008-09-18 17:04:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED
61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:a4,7d,39,fd,0f,ed,90,87,d5,c8,ab,73,21,b8,ef,8d,5c,dd,33,ec
,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E
364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:6a,3f,da,08,10,48,80,7a,67,98,2e,f8,79,76,61,76,21,4e,42,db
,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293
C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:50,c7,cb,5d,b3,75,8f,2a,7b,62,84,ce,4a,a2,66,65,c1,5d,a3,c0
,04,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239
224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:6a,3f,da,08,10,48,80,7a,67,98,2e,f8,79,76,61,76,21,4e,42,db
,9a,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239
224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,10,62,b1,5c,c0,fa,a4,d2,c0,83,2d,4a,c4,44,b3,6c,46
,..
"khjeh"=hex:06,b2,9d,9e,e1,45,c9,cb,dd,4a,a7,ad,3a,07,c4,34,35,5e,3b,1f
,31,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239
224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2f,4a,14,e9,72,c6,f7,26,cc,3d,c4,aa,08,08,aa,48,96,de,bc,bd
,39,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED
61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:50,c7,cb,5d,b3,75,8f,2a,7b,62,84,ce,4a,a2,66,65,c1,5d,a3,c0
,04,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E
364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:6a,3f,da,08,10,48,80,7a,67,98,2e,f8,79,76,61,76,21,4e,42,db
,9a,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E
364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,10,62,b1,5c,c0,fa,a4,d2,c0,83,2d,4a,c4,44,b3,6c,46
,..
"khjeh"=hex:06,b2,9d,9e,e1,45,c9,cb,dd,4a,a7,ad,3a,07,c4,34,35,5e,3b,1f
,31,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E
364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2f,4a,14,e9,72,c6,f7,26,cc,3d,c4,aa,08,08,aa,48,96,de,bc,bd
,39,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="ADF510AB15EA9F6B6358DBF8965AF8D116D99
84E6FB3544300FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127B
ECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C9
DB7CE019D40AA5CA6A0AC4980AC79336A679F7FCD410ADC66E5E6A2B38171321D796A30
C5F94AFCEAEEA2A4E802F1F1CF75EB1EA46207CDBCBDB7CE5233C34FAF200B7B2553253
D1DD84E8BFD68E2FC3451732211EEB837E17DDF5259E17E9037C12FDBD9EA12EC0B7346
7839218DCB805DAEBBA062CFA8CC5ECC7F7132D8F457915CE4CA2AEB1CA48A42635E811
01F131F2C62921AD033674003ECF8A8DAFE29E72BEE926362DE4F119002E4C2613ABDC1
0FCCDB5995EA11271BF3813463B5374147137FC9F7CB641913D0F782C5E5C7118C7AA4C
549EB1CB73D334F21A3A282BB71B114F6037EB0DD3E1077425B70E900EE2B4A6AED5151
BE2B0CDDA42256FE9C7C6D07E52E97743B1CC4776711A953241663DCB5D73F6AAA38A5D
756B76194CBD1AD42F8793B663148363E3B2B6524B872ED21F830D8960D49E8A2B0135C
20546E9D6573B50F2E66F56F48EB407D74990B578E6B724A789EDB855012B5E06F67E12
C427D0BC0E8236AC34509BDCECDCAF970532870BF28B97E6DAC40758D4857508CDEA373
7EA7547CC41809E1382C716DCECF2C506B30DC55D534E17C85629D71367656BE7C708A1
CCA59C6C19F84D5A8CA96DA088110AB96B91902C6EE6A5593E477E98E72BBFAC9F252FD
446D3BE78082727965BE3AEB0D56408FA7F4FEBE941684175A1C76FD999C844F250F2B3
9DF565FB48ADC150919AEC2DFC446353C6A8EF47A6DB98111B66C234275F322FEC56C0C
98EAA17C12AD086EA7189415D79B54D093E58DB1D4DC4B95BE1791E013C2AD5F184FCF4
03A52ED46836F17993CC633D848B660508EDE637712C2DF9E74FE46F08A5531A1D8A2AC
FD73EA88B33A1AB97FDEA5FC9AA720A697EE055C06C3B3278DA9EC9459E64C587FDA022
8C6C45C3C69854EB3C1AB9BC7FAE9BC0834C72F08B514DBCB90849446E87F7F372C75E2
CF734C21D7E9CBDD40D67C1DE5BB6954DE1DCB392BE77551900C0F7DFDAE851BD1ABA65
D412DDD084C9904AEFE22B719EBACB7F30EF29E6E15EC17F1C58E5606E0D2EE1D4C18D9
CFEA60C14EE0E065072E0222CACFB58CE976C68C205E006B375FE0DFC9D62B5D7EDF005
C291CE6C5BD6A6C39D354AE6ED99A06C5221A2B6ED77581192145DC29EFB4FE5BC5C416
D46E2B7110F67F4A94E22B4C7EE5CEABA8238C90A1B701152117B5992D7A74C4AE60BDC
79BF1BCEDF84297EFD4ADD6920CE9D52260737230CFF8F140A37247BB97EC32DD37D4F8
6E35C591F8CE8F93E22A0FC37CA10F8C8161AEBE9472AE5C3BF202DED3A284251808508
E275273E394BD8D0D1B9519"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\para
meters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:en
abled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Palm\\HOTSYNC.EXE"="C:\\Program
Files\\Palm\\HOTSYNC.EXE:*:Disabled:HotSync© Manager Application"
"C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"="C:\\Program Files\\EA
GAMES\\MOHDA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.
exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.
exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\EA GAMES\\MOHDA\\moh_spearhead.exe"="C:\\Program
Files\\EA GAMES\\MOHDA\\moh_spearhead.exe:*:Enabled:Medal of Honor
Allied Assault(tm) Spearhead"
"C:\\Program Files\\EA GAMES\\MOHDA\\fpupdate.exe"="C:\\Program
Files\\EA GAMES\\MOHDA\\fpupdate.exe:*:Enabled:fpupdate"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program
Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program
Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program
Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\EA GAMES\\MOHDA\\moh_Breakthrough.exe"="C:\\Program
Files\\EA GAMES\\MOHDA\\moh_Breakthrough.exe:*:Enabled:Medal of Honor
Allied Assault(tm) Breakthrough"
"C:\\Program Files\\Call of Duty Game of the Year
Edition\\CoDMP.exe"="C:\\Program Files\\Call of Duty Game of the Year
Edition\\CoDMP.exe:*:Enabled:CoDMP"
"C:\\Program Files\\EA GAMES\\Battlefield
1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield
1942\\BF1942.exe:*:Enabled:BF1942"
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program
Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
"C:\\Program Files\\JVTorrent\\btdownloadgui.exe"="C:\\Program
Files\\JVTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\EA GAMES\\Battlefield
Vietnam\\BfVietnam.exe"="C:\\Program Files\\EA GAMES\\Battlefield
Vietnam\\BfVietnam.exe:*:Disabled:bfvietnam"
"C:\\Program Files\\Microsoft Games\\Age of
Mythology\\aom.exe"="C:\\Program Files\\Microsoft Games\\Age of
Mythology\\aom.exe:*:Enabled:Age of Mythology"
"C:\\Program Files\\Microsoft Games\\Age of Empires
II\\EMPIRES2.ICD"="C:\\Program Files\\Microsoft Games\\Age of Empires
II\\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\\Program Files\\MSN Gaming Zone\\zclient.exe"="C:\\Program
Files\\MSN Gaming Zone\\zclient.exe:*:Enabled:Zone Datafile"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.
exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Documents and
Settings\\Guillaume\\Bureau\\Guillaume\\kazaa.exe"="C:\\Documents and
Settings\\Guillaume\\Bureau\\Guillaume\\kazaa.exe:*:Enabled:Kazaa Media
Desktop"
"C:\\Program Files\\Firefly Studios\\Stronghold
2\\Stronghold2.exe"="C:\\Program Files\\Firefly Studios\\Stronghold
2\\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program
Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\EA GAMES\\Medal of Honor Pacific
Assault(tm)\\mohpa.exe"="C:\\Program Files\\EA GAMES\\Medal of Honor
Pacific Assault(tm)\\mohpa.exe:*:Enabled:Medal of Honor Pacific
Assault(tm)"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program
Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program
Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital
Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital
Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital
Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital
Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program
Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital
Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital
Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital
Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital
Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Documents and Settings\\Guillaume\\Bureau\\G-G
Boom\\patch_trad_fr.exe"="C:\\Documents and
Settings\\Guillaume\\Bureau\\G-G
Boom\\patch_trad_fr.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Activision\\Call of Duty
2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty
2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\Steam\\SteamApps\\amecaret\\day of defeat
source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\amecaret\\day of
defeat source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\SteamApps\\amecaret\\counter-strike
source\\hl2.exe"="C:\\Program
Files\\Steam\\SteamApps\\amecaret\\counter-strike
source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\SteamApps\\amecaret\\half-life 2
deathmatch\\hl2.exe"="C:\\Program
Files\\Steam\\SteamApps\\amecaret\\half-life 2
deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\World of
Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\Program Files\\World of
Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of
Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\\Program
Files\\World of
Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizz
ard Downloader"
"C:\\Program Files\\World of
Warcraft\\WoW-2.0.3-enUS-downloader.exe"="C:\\Program Files\\World of
Warcraft\\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Microsoft
Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft
Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Silkroad\\srobot.exe"="C:\\Program
Files\\Silkroad\\srobot.exe:*:Enabled:HookSrv"
"C:\\Documents and
Settings\\Guillaume\\Bureau\\cam\\Sro_Deepblue7\\Nouveau
dossier\\srobot.exe"="C:\\Documents and
Settings\\Guillaume\\Bureau\\cam\\Sro_Deepblue7\\Nouveau
dossier\\srobot.exe:*:Enabled:HookSrv"
"C:\\Documents and
Settings\\Guillaume\\Bureau\\cam\\srobot\\srobot.exe"="C:\\Documents
and
Settings\\Guillaume\\Bureau\\cam\\srobot\\srobot.exe:*:Enabled:HookSrv"
"C:\\Program Files\\Warcraft III\\War3.exe"="C:\\Program
Files\\Warcraft III\\War3.exe:*:Enabled:Warcraft III"
"C:\\Documents and
Settings\\Guillaume\\Bureau\\WoW-BurningCrusade-enUS-Installer-download
er.exe"="C:\\Documents and
Settings\\Guillaume\\Bureau\\WoW-BurningCrusade-enUS-Installer-download
er.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Fichiers
communs\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Fichiers
communs\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Microsoft Games\\Age of Empires
II\\EMPIRES2.EXE"="C:\\Program Files\\Microsoft Games\\Age of Empires
II\\EMPIRES2.EXE:*:Enabled:Age of Empires II"
"C:\\Documents and
Settings\\Guillaume\\Bureau\\silkroad\\srobot\\srobot.exe"="C:\\Documen
ts and
Settings\\Guillaume\\Bureau\\silkroad\\srobot\\srobot.exe:*:Enabled:Hoo
kSrv"
"C:\\Program Files\\World of Warcraft\\Repair.exe"="C:\\Program
Files\\World of Warcraft\\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\\Program Files\\Warcraft III Demo\\War3Demo.exe"="C:\\Program
Files\\Warcraft III Demo\\War3Demo.exe:*:Enabled:Warcraft III Demo"
"C:\\Documents and
Settings\\Guillaume\\Bureau\\eMule0.48a\\eMule0.48a\\emule.exe"="C:\\Do
cuments and
Settings\\Guillaume\\Bureau\\eMule0.48a\\eMule0.48a\\emule.exe:*:Enable
d:eMule"
"C:\\Documents and
Settings\\Guillaume\\Bureau\\crack\\eMule0.48a\\eMule0.48a\\emule.exe"=
"C:\\Documents and
Settings\\Guillaume\\Bureau\\crack\\eMule0.48a\\eMule0.48a\\emule.exe:*
:Enabled:eMule"
"C:\\Documents and
Settings\\Guillaume\\Bureau\\eMule0.48a\\emule.exe"="C:\\Documents and
Settings\\Guillaume\\Bureau\\eMule0.48a\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program
Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Starcraft\\StarCraft.exe"="C:\\Program
Files\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"C:\\Program Files\\Steam\\steam.exe"="C:\\Program
Files\\Steam\\steam.exe:*:Enabled:Steam"
"C:\\Documents and Settings\\Guillaume\\Local
Settings\\Temp\\nsd23F.tmp\\utorrent.exe"="C:\\Documents and
Settings\\Guillaume\\Local
Settings\\Temp\\nsd23F.tmp\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Silkroad\\TbotSroBot0919\\server.exe"="C:\\Program
Files\\Silkroad\\TbotSroBot0919\\server.exe:*:Enabled:server"
"C:\\Program Files\\WINSOS\\winsos.exe"="C:\\Program
Files\\Winsos\\winsos.exe:*:Enabled:Winsos"
"C:\\Program Files\\WINSOS\\anti-spy.exe"="C:\\Program
Files\\Winsos\\anti-spy.exe:*:Enabled:anti-spy Winsos"
"C:\\Program Files\\WINSOS\\help.exe"="C:\\Program
Files\\Winsos\\help.exe:*:Enabled:Winsos Help"
"C:\\Program Files\\Steam\\SteamApps\\amecaret\\source sdk
base\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\amecaret\\source
sdk base\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\TrackMania Nations
ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations
ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\Program
Files\\Silkroad\\TBotSro1107\\TServer1106b.exe"="C:\\Program
Files\\Silkroad\\TBotSro1107\\TServer1106b.exe:*:Enabled:TServer1106b"
"C:\\Program Files\\BitLord2\\BitLord.exe"="C:\\Program
Files\\BitLord2\\BitLord.exe:*:Enabled: "
"C:\\Program Files\\ROBLOX
Corporation\\ROBLOX\\Roblox.exe"="C:\\Program Files\\ROBLOX
Corporation\\ROBLOX\\Roblox.exe:*:Enabled:ROBLOX Game"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network
Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"G:\\ut\\ut\\Copie (4) de gg.exe"="G:\\ut\\ut\\Copie (4) de
gg.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Return to Castle
Wolfenstein\\WolfMP.exe"="C:\\Program Files\\Return to Castle
Wolfenstein\\WolfMP.exe:*:Enabled:WolfMP"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program
Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"="C:\\Program
Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"="C:\\Program
Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program
Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\eChanblard\\emule.exe"="C:\\Program
Files\\eChanblard\\emule.exe:*:Enabled:eChanblard"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program
Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live
Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program
Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live
Messenger (Phone)"
"G:\\autres\\ut\\tu pueeeesawdfeefe\\Copie de
ffdx.exe"="G:\\autres\\ut\\tu pueeeesawdfeefe\\Copie de
ffdx.exe:*:Enabled:æTorrent"
"C:\\Documents and
Settings\\Guillaume\\Bureau\\Silkroad_Full-Client_Downloader.exe"="C:\\
Documents and
Settings\\Guillaume\\Bureau\\Silkroad_Full-Client_Downloader.exe:*:Enab
led:Full-Client Downloader"
"C:\\guillaume\\lime\\LimeWire\\LimeWire.exe"="C:\\guillaume\\lime\\Lim
eWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program
Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\All Users\\Application
Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All
Users\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game
Manager"
"C:\\Nexon\\Combat Arms\\NMService.exe"="C:\\Nexon\\Combat
Arms\\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"="C:\\WINDOWS\\p
chealth\\helpctr\\binaries\\helpctr.exe:*:Enabled:Assistance … distance
- Windows Messenger et voix"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program
Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\para
meters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:en
abled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network
Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program
Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live
Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program
Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live
Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Sat 15 Sep 2007 1,056 A.SH. --- "C:\xdhjaw3o.sys"
Thu 17 Jan 2008 72 A.SH. --- "C:\WINDOWS\S220F34F1.tmp"
Thu 5 Jun 2003 24,576 A..H. --- "C:\Program Files\RamBoost
XP\StopRam.exe"
Thu 14 Aug 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot -
Search & Destroy\SDUpdate.exe"
Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Program Files\Spybot -
Search & Destroy\SpybotSD.exe"
Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Program Files\Spybot -
Search & Destroy\TeaTimer.exe"
Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Program Files\TeaTimer
(Spybot - Search & Destroy)\TeaTimer.exe"
Thu 5 Aug 2004 1,689,088 ...H. ---
"C:\WINDOWS\system32\125354.dll"
Thu 5 Aug 2004 1,689,088 ...H. ---
"C:\WINDOWS\system32\198b710.dll"
Thu 5 Aug 2004 82,944 ...H. ---
"C:\WINDOWS\system32\5960d18.dll"
Thu 5 Aug 2004 82,944 ...H. ---
"C:\WINDOWS\system32\a201b78.dll"
Thu 11 May 2006 56 ..SHR ---
"C:\WINDOWS\system32\D9B58A1B5A.sys"
Thu 11 May 2006 848 A.SH. ---
"C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 5 Nov 2005 4,348 A.SH. --- "C:\Documents and Settings\All
Users\DRM\DRMv1.bak"
Thu 9 Nov 2006 20,480 ...H. --- "C:\Nexon\Combat
Arms\HShield\17265798.dll"
Thu 9 Nov 2006 20,480 ...H. --- "C:\Nexon\Combat
Arms\HShield\99ba002.dll"
Thu 15 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All
Users\DRM\Cache\Indiv02.tmp"
Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Fichiers
communs\Motorola Shared\MotPCSDrivers\difxapi.dll"
Sat 5 Nov 2005 4,348 ...H. --- "C:\Documents and
Settings\Aur‚lie\Mes documents\Ma musique\Sauvegarde de la
licence\drmv1key.bak"
Sun 9 Sep 2007 20 A..H. --- "C:\Documents and
Settings\Aur‚lie\Mes documents\Ma musique\Sauvegarde de la
licence\drmv1lic.bak"
Wed 4 Jul 2007 400 A.SH. --- "C:\Documents and
Settings\Aur‚lie\Mes documents\Ma musique\Sauvegarde de la
licence\drmv2key.bak"
[b]Finished![/b]
___________________________________________________________________________________________
Voici le hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:41, on 2008-09-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Fichiers communs\Skyscape\smARTupdate.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Fichiers communs\Skyscape\smARTupdate.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - C:\Program Files\FlashKeeper\GetFlash.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Guillaume\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - https://www.fileplanet.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110911471796
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://www.gamespy.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D6586F4F-9F9F-4995-88D5-75E4A651E759} - http://www.wgfed.com/index.html
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[b]SDFix: Version 1.226 [/b]
Run by Papa on 2008-09-18 at 16:53
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Rootkit Found :
C:\WINDOWS\system32\drivers\tdssserv.sys - Rootkit.Win32.Agent.cku
[b]Name [/b]:
tdssserv
[b]Path [/b]:
\systemroot\system32\drivers\TDSSserv.sys
tdssserv - Deleted
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\system32\drivers\tdssserv.sys - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by
Gmer, http://www.gmer.net
Rootkit scan 2008-09-18 17:04:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED
61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
"h0"=dword:00000001
"ujdew"=hex:a4,7d,39,fd,0f,ed,90,87,d5,c8,ab,73,21,b8,ef,8d,5c,dd,33,ec
,5f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E
364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:6a,3f,da,08,10,48,80,7a,67,98,2e,f8,79,76,61,76,21,4e,42,db
,9a,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293
C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:50,c7,cb,5d,b3,75,8f,2a,7b,62,84,ce,4a,a2,66,65,c1,5d,a3,c0
,04,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239
224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:6a,3f,da,08,10,48,80,7a,67,98,2e,f8,79,76,61,76,21,4e,42,db
,9a,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239
224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,10,62,b1,5c,c0,fa,a4,d2,c0,83,2d,4a,c4,44,b3,6c,46
,..
"khjeh"=hex:06,b2,9d,9e,e1,45,c9,cb,dd,4a,a7,ad,3a,07,c4,34,35,5e,3b,1f
,31,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239
224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2f,4a,14,e9,72,c6,f7,26,cc,3d,c4,aa,08,08,aa,48,96,de,bc,bd
,39,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED
61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:50,c7,cb,5d,b3,75,8f,2a,7b,62,84,ce,4a,a2,66,65,c1,5d,a3,c0
,04,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E
364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:6a,3f,da,08,10,48,80,7a,67,98,2e,f8,79,76,61,76,21,4e,42,db
,9a,..
"p0"="C:\Program Files\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E
364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,10,62,b1,5c,c0,fa,a4,d2,c0,83,2d,4a,c4,44,b3,6c,46
,..
"khjeh"=hex:06,b2,9d,9e,e1,45,c9,cb,dd,4a,a7,ad,3a,07,c4,34,35,5e,3b,1f
,31,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E
364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:2f,4a,14,e9,72,c6,f7,26,cc,3d,c4,aa,08,08,aa,48,96,de,bc,bd
,39,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDSSserv]
"start"=dword:00000001
"type"=dword:00000001
"imagepath"=str(2):"\systemroot\system32\drivers\TDSSserv.sys"
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG08.00.00.01WORKSTATION"="ADF510AB15EA9F6B6358DBF8965AF8D116D99
84E6FB3544300FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127B
ECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C9
DB7CE019D40AA5CA6A0AC4980AC79336A679F7FCD410ADC66E5E6A2B38171321D796A30
C5F94AFCEAEEA2A4E802F1F1CF75EB1EA46207CDBCBDB7CE5233C34FAF200B7B2553253
D1DD84E8BFD68E2FC3451732211EEB837E17DDF5259E17E9037C12FDBD9EA12EC0B7346
7839218DCB805DAEBBA062CFA8CC5ECC7F7132D8F457915CE4CA2AEB1CA48A42635E811
01F131F2C62921AD033674003ECF8A8DAFE29E72BEE926362DE4F119002E4C2613ABDC1
0FCCDB5995EA11271BF3813463B5374147137FC9F7CB641913D0F782C5E5C7118C7AA4C
549EB1CB73D334F21A3A282BB71B114F6037EB0DD3E1077425B70E900EE2B4A6AED5151
BE2B0CDDA42256FE9C7C6D07E52E97743B1CC4776711A953241663DCB5D73F6AAA38A5D
756B76194CBD1AD42F8793B663148363E3B2B6524B872ED21F830D8960D49E8A2B0135C
20546E9D6573B50F2E66F56F48EB407D74990B578E6B724A789EDB855012B5E06F67E12
C427D0BC0E8236AC34509BDCECDCAF970532870BF28B97E6DAC40758D4857508CDEA373
7EA7547CC41809E1382C716DCECF2C506B30DC55D534E17C85629D71367656BE7C708A1
CCA59C6C19F84D5A8CA96DA088110AB96B91902C6EE6A5593E477E98E72BBFAC9F252FD
446D3BE78082727965BE3AEB0D56408FA7F4FEBE941684175A1C76FD999C844F250F2B3
9DF565FB48ADC150919AEC2DFC446353C6A8EF47A6DB98111B66C234275F322FEC56C0C
98EAA17C12AD086EA7189415D79B54D093E58DB1D4DC4B95BE1791E013C2AD5F184FCF4
03A52ED46836F17993CC633D848B660508EDE637712C2DF9E74FE46F08A5531A1D8A2AC
FD73EA88B33A1AB97FDEA5FC9AA720A697EE055C06C3B3278DA9EC9459E64C587FDA022
8C6C45C3C69854EB3C1AB9BC7FAE9BC0834C72F08B514DBCB90849446E87F7F372C75E2
CF734C21D7E9CBDD40D67C1DE5BB6954DE1DCB392BE77551900C0F7DFDAE851BD1ABA65
D412DDD084C9904AEFE22B719EBACB7F30EF29E6E15EC17F1C58E5606E0D2EE1D4C18D9
CFEA60C14EE0E065072E0222CACFB58CE976C68C205E006B375FE0DFC9D62B5D7EDF005
C291CE6C5BD6A6C39D354AE6ED99A06C5221A2B6ED77581192145DC29EFB4FE5BC5C416
D46E2B7110F67F4A94E22B4C7EE5CEABA8238C90A1B701152117B5992D7A74C4AE60BDC
79BF1BCEDF84297EFD4ADD6920CE9D52260737230CFF8F140A37247BB97EC32DD37D4F8
6E35C591F8CE8F93E22A0FC37CA10F8C8161AEBE9472AE5C3BF202DED3A284251808508
E275273E394BD8D0D1B9519"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\para
meters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:en
abled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Palm\\HOTSYNC.EXE"="C:\\Program
Files\\Palm\\HOTSYNC.EXE:*:Disabled:HotSync© Manager Application"
"C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"="C:\\Program Files\\EA
GAMES\\MOHDA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.
exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.
exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\EA GAMES\\MOHDA\\moh_spearhead.exe"="C:\\Program
Files\\EA GAMES\\MOHDA\\moh_spearhead.exe:*:Enabled:Medal of Honor
Allied Assault(tm) Spearhead"
"C:\\Program Files\\EA GAMES\\MOHDA\\fpupdate.exe"="C:\\Program
Files\\EA GAMES\\MOHDA\\fpupdate.exe:*:Enabled:fpupdate"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program
Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program
Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program
Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\EA GAMES\\MOHDA\\moh_Breakthrough.exe"="C:\\Program
Files\\EA GAMES\\MOHDA\\moh_Breakthrough.exe:*:Enabled:Medal of Honor
Allied Assault(tm) Breakthrough"
"C:\\Program Files\\Call of Duty Game of the Year
Edition\\CoDMP.exe"="C:\\Program Files\\Call of Duty Game of the Year
Edition\\CoDMP.exe:*:Enabled:CoDMP"
"C:\\Program Files\\EA GAMES\\Battlefield
1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield
1942\\BF1942.exe:*:Enabled:BF1942"
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"="C:\\Program
Files\\Microsoft Games\\Halo\\halo.exe:*:Enabled:Halo"
"C:\\Program Files\\JVTorrent\\btdownloadgui.exe"="C:\\Program
Files\\JVTorrent\\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\\Program Files\\EA GAMES\\Battlefield
Vietnam\\BfVietnam.exe"="C:\\Program Files\\EA GAMES\\Battlefield
Vietnam\\BfVietnam.exe:*:Disabled:bfvietnam"
"C:\\Program Files\\Microsoft Games\\Age of
Mythology\\aom.exe"="C:\\Program Files\\Microsoft Games\\Age of
Mythology\\aom.exe:*:Enabled:Age of Mythology"
"C:\\Program Files\\Microsoft Games\\Age of Empires
II\\EMPIRES2.ICD"="C:\\Program Files\\Microsoft Games\\Age of Empires
II\\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\\Program Files\\MSN Gaming Zone\\zclient.exe"="C:\\Program
Files\\MSN Gaming Zone\\zclient.exe:*:Enabled:Zone Datafile"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.
exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Documents and
Settings\\Guillaume\\Bureau\\Guillaume\\kazaa.exe"="C:\\Documents and
Settings\\Guillaume\\Bureau\\Guillaume\\kazaa.exe:*:Enabled:Kazaa Media
Desktop"
"C:\\Program Files\\Firefly Studios\\Stronghold
2\\Stronghold2.exe"="C:\\Program Files\\Firefly Studios\\Stronghold
2\\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program
Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\EA GAMES\\Medal of Honor Pacific
Assault(tm)\\mohpa.exe"="C:\\Program Files\\EA GAMES\\Medal of Honor
Pacific Assault(tm)\\mohpa.exe:*:Enabled:Medal of Honor Pacific
Assault(tm)"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program
Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program
Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital
Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital
Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital
Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital
Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program
Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital
Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital
Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital
Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital
Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital
Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Documents and Settings\\Guillaume\\Bureau\\G-G
Boom\\patch_trad_fr.exe"="C:\\Documents and
Settings\\Guillaume\\Bureau\\G-G
Boom\\patch_trad_fr.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Activision\\Call of Duty
2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty
2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\Steam\\SteamApps\\amecaret\\day of defeat
source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\amecaret\\day of
defeat source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\SteamApps\\amecaret\\counter-strike
source\\hl2.exe"="C:\\Program
Files\\Steam\\SteamApps\\amecaret\\counter-strike
source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Steam\\SteamApps\\amecaret\\half-life 2
deathmatch\\hl2.exe"="C:\\Program
Files\\Steam\\SteamApps\\amecaret\\half-life 2
deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\World of
Warcraft\\WoW-1.12.0-enUS-downloader.exe"="C:\\Program Files\\World of
Warcraft\\WoW-1.12.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of
Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\\Program
Files\\World of
Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizz
ard Downloader"
"C:\\Program Files\\World of
Warcraft\\WoW-2.0.3-enUS-downloader.exe"="C:\\Program Files\\World of
Warcraft\\WoW-2.0.3-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Microsoft
Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft
Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Silkroad\\srobot.exe"="C:\\Program
Files\\Silkroad\\srobot.exe:*:Enabled:HookSrv"
"C:\\Documents and
Settings\\Guillaume\\Bureau\\cam\\Sro_Deepblue7\\Nouveau
dossier\\srobot.exe"="C:\\Documents and
Settings\\Guillaume\\Bureau\\cam\\Sro_Deepblue7\\Nouveau
dossier\\srobot.exe:*:Enabled:HookSrv"
"C:\\Documents and
Settings\\Guillaume\\Bureau\\cam\\srobot\\srobot.exe"="C:\\Documents
and
Settings\\Guillaume\\Bureau\\cam\\srobot\\srobot.exe:*:Enabled:HookSrv"
"C:\\Program Files\\Warcraft III\\War3.exe"="C:\\Program
Files\\Warcraft III\\War3.exe:*:Enabled:Warcraft III"
"C:\\Documents and
Settings\\Guillaume\\Bureau\\WoW-BurningCrusade-enUS-Installer-download
er.exe"="C:\\Documents and
Settings\\Guillaume\\Bureau\\WoW-BurningCrusade-enUS-Installer-download
er.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Fichiers
communs\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Fichiers
communs\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Microsoft Games\\Age of Empires
II\\EMPIRES2.EXE"="C:\\Program Files\\Microsoft Games\\Age of Empires
II\\EMPIRES2.EXE:*:Enabled:Age of Empires II"
"C:\\Documents and
Settings\\Guillaume\\Bureau\\silkroad\\srobot\\srobot.exe"="C:\\Documen
ts and
Settings\\Guillaume\\Bureau\\silkroad\\srobot\\srobot.exe:*:Enabled:Hoo
kSrv"
"C:\\Program Files\\World of Warcraft\\Repair.exe"="C:\\Program
Files\\World of Warcraft\\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\\Program Files\\Warcraft III Demo\\War3Demo.exe"="C:\\Program
Files\\Warcraft III Demo\\War3Demo.exe:*:Enabled:Warcraft III Demo"
"C:\\Documents and
Settings\\Guillaume\\Bureau\\eMule0.48a\\eMule0.48a\\emule.exe"="C:\\Do
cuments and
Settings\\Guillaume\\Bureau\\eMule0.48a\\eMule0.48a\\emule.exe:*:Enable
d:eMule"
"C:\\Documents and
Settings\\Guillaume\\Bureau\\crack\\eMule0.48a\\eMule0.48a\\emule.exe"=
"C:\\Documents and
Settings\\Guillaume\\Bureau\\crack\\eMule0.48a\\eMule0.48a\\emule.exe:*
:Enabled:eMule"
"C:\\Documents and
Settings\\Guillaume\\Bureau\\eMule0.48a\\emule.exe"="C:\\Documents and
Settings\\Guillaume\\Bureau\\eMule0.48a\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program
Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Starcraft\\StarCraft.exe"="C:\\Program
Files\\Starcraft\\StarCraft.exe:*:Enabled:Starcraft"
"C:\\Program Files\\Steam\\steam.exe"="C:\\Program
Files\\Steam\\steam.exe:*:Enabled:Steam"
"C:\\Documents and Settings\\Guillaume\\Local
Settings\\Temp\\nsd23F.tmp\\utorrent.exe"="C:\\Documents and
Settings\\Guillaume\\Local
Settings\\Temp\\nsd23F.tmp\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Silkroad\\TbotSroBot0919\\server.exe"="C:\\Program
Files\\Silkroad\\TbotSroBot0919\\server.exe:*:Enabled:server"
"C:\\Program Files\\WINSOS\\winsos.exe"="C:\\Program
Files\\Winsos\\winsos.exe:*:Enabled:Winsos"
"C:\\Program Files\\WINSOS\\anti-spy.exe"="C:\\Program
Files\\Winsos\\anti-spy.exe:*:Enabled:anti-spy Winsos"
"C:\\Program Files\\WINSOS\\help.exe"="C:\\Program
Files\\Winsos\\help.exe:*:Enabled:Winsos Help"
"C:\\Program Files\\Steam\\SteamApps\\amecaret\\source sdk
base\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\amecaret\\source
sdk base\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\TrackMania Nations
ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations
ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\Program
Files\\Silkroad\\TBotSro1107\\TServer1106b.exe"="C:\\Program
Files\\Silkroad\\TBotSro1107\\TServer1106b.exe:*:Enabled:TServer1106b"
"C:\\Program Files\\BitLord2\\BitLord.exe"="C:\\Program
Files\\BitLord2\\BitLord.exe:*:Enabled: "
"C:\\Program Files\\ROBLOX
Corporation\\ROBLOX\\Roblox.exe"="C:\\Program Files\\ROBLOX
Corporation\\ROBLOX\\Roblox.exe:*:Enabled:ROBLOX Game"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network
Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"G:\\ut\\ut\\Copie (4) de gg.exe"="G:\\ut\\ut\\Copie (4) de
gg.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Return to Castle
Wolfenstein\\WolfMP.exe"="C:\\Program Files\\Return to Castle
Wolfenstein\\WolfMP.exe:*:Enabled:WolfMP"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program
Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"="C:\\Program
Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit"
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"="C:\\Program
Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program
Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\eChanblard\\emule.exe"="C:\\Program
Files\\eChanblard\\emule.exe:*:Enabled:eChanblard"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program
Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live
Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program
Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live
Messenger (Phone)"
"G:\\autres\\ut\\tu pueeeesawdfeefe\\Copie de
ffdx.exe"="G:\\autres\\ut\\tu pueeeesawdfeefe\\Copie de
ffdx.exe:*:Enabled:æTorrent"
"C:\\Documents and
Settings\\Guillaume\\Bureau\\Silkroad_Full-Client_Downloader.exe"="C:\\
Documents and
Settings\\Guillaume\\Bureau\\Silkroad_Full-Client_Downloader.exe:*:Enab
led:Full-Client Downloader"
"C:\\guillaume\\lime\\LimeWire\\LimeWire.exe"="C:\\guillaume\\lime\\Lim
eWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program
Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\All Users\\Application
Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All
Users\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game
Manager"
"C:\\Nexon\\Combat Arms\\NMService.exe"="C:\\Nexon\\Combat
Arms\\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"="C:\\WINDOWS\\p
chealth\\helpctr\\binaries\\helpctr.exe:*:Enabled:Assistance … distance
- Windows Messenger et voix"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program
Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\para
meters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:en
abled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network
Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program
Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live
Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program
Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live
Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Sat 15 Sep 2007 1,056 A.SH. --- "C:\xdhjaw3o.sys"
Thu 17 Jan 2008 72 A.SH. --- "C:\WINDOWS\S220F34F1.tmp"
Thu 5 Jun 2003 24,576 A..H. --- "C:\Program Files\RamBoost
XP\StopRam.exe"
Thu 14 Aug 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot -
Search & Destroy\SDUpdate.exe"
Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Program Files\Spybot -
Search & Destroy\SpybotSD.exe"
Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Program Files\Spybot -
Search & Destroy\TeaTimer.exe"
Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Program Files\TeaTimer
(Spybot - Search & Destroy)\TeaTimer.exe"
Thu 5 Aug 2004 1,689,088 ...H. ---
"C:\WINDOWS\system32\125354.dll"
Thu 5 Aug 2004 1,689,088 ...H. ---
"C:\WINDOWS\system32\198b710.dll"
Thu 5 Aug 2004 82,944 ...H. ---
"C:\WINDOWS\system32\5960d18.dll"
Thu 5 Aug 2004 82,944 ...H. ---
"C:\WINDOWS\system32\a201b78.dll"
Thu 11 May 2006 56 ..SHR ---
"C:\WINDOWS\system32\D9B58A1B5A.sys"
Thu 11 May 2006 848 A.SH. ---
"C:\WINDOWS\system32\KGyGaAvL.sys"
Sat 5 Nov 2005 4,348 A.SH. --- "C:\Documents and Settings\All
Users\DRM\DRMv1.bak"
Thu 9 Nov 2006 20,480 ...H. --- "C:\Nexon\Combat
Arms\HShield\17265798.dll"
Thu 9 Nov 2006 20,480 ...H. --- "C:\Nexon\Combat
Arms\HShield\99ba002.dll"
Thu 15 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All
Users\DRM\Cache\Indiv02.tmp"
Mon 13 Nov 2006 319,456 A..H. --- "C:\Program Files\Fichiers
communs\Motorola Shared\MotPCSDrivers\difxapi.dll"
Sat 5 Nov 2005 4,348 ...H. --- "C:\Documents and
Settings\Aur‚lie\Mes documents\Ma musique\Sauvegarde de la
licence\drmv1key.bak"
Sun 9 Sep 2007 20 A..H. --- "C:\Documents and
Settings\Aur‚lie\Mes documents\Ma musique\Sauvegarde de la
licence\drmv1lic.bak"
Wed 4 Jul 2007 400 A.SH. --- "C:\Documents and
Settings\Aur‚lie\Mes documents\Ma musique\Sauvegarde de la
licence\drmv2key.bak"
[b]Finished![/b]
___________________________________________________________________________________________
Voici le hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:41, on 2008-09-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Fichiers communs\Skyscape\smARTupdate.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Fichiers communs\Skyscape\smARTupdate.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - C:\Program Files\FlashKeeper\GetFlash.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Guillaume\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_10650.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - https://www.fileplanet.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110911471796
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://www.gamespy.com
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D6586F4F-9F9F-4995-88D5-75E4A651E759} - http://www.wgfed.com/index.html
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
18 sept. 2008 à 23:38
18 sept. 2008 à 23:38
salut,
comment ca va de ton coté ?
tu n´as pas d´anti virus ? je me trompe ou zone alarm a juste un par feu ?
@+
comment ca va de ton coté ?
tu n´as pas d´anti virus ? je me trompe ou zone alarm a juste un par feu ?
@+
jedetestelesvirus
Messages postés
90
Date d'inscription
mercredi 31 octobre 2007
Statut
Membre
Dernière intervention
7 octobre 2010
3
19 sept. 2008 à 00:08
19 sept. 2008 à 00:08
Non jai zone alarm security suite Qu'est ce que dit mon hijackthis?
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
19 sept. 2008 à 00:16
19 sept. 2008 à 00:16
Le hijack this il a l´air propre a part des programmes qui ne sont pas a jour et des entrées superflues
Ok pour la suite zone alarm...
coche et fix :
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - https://www.fileplanet.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://www.gamespy.com
O16 - DPF: {D6586F4F-9F9F-4995-88D5-75E4A651E759} - http://www.wgfed.com/index.html
comment fixer :
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
puis
ta version de acrobat reader n´est pas a jour, tu veux la derniere verion en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme
et instale la derniere :
https://get2.adobe.com/reader/otherversions/
ou oublie completement acrobat reader et instales foxit plus léger a la place:
https://www.clubic.com/telecharger-fiche13808-foxit-reader.html
et
regarde ce tutorial pour mettre ta console java a jour :
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/
ps : ne te trompes pas; sur la même page il y a aussi le tutoriel de flash...
puis
Ccleaner:
-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):
http://www.commentcamarche.net/telecharger/telechargement 168 ccleaner
-> L´installer.
-> Une fois installé et lancé :
Dans la colonne de gauche, click sur :
->"registre" :
Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.
ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.
->"nettoyeur"
quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.
-> Tutoriel en image :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
-> Pour ceux qui voudraient aller plus loin en compagnie de jesses (fonctions avancés) :
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
et
telecharge et instal regcleaner:
http://www.01net.com/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/4894.html
tutorial :
https://forums.cnetfrance.fr
http://www.softastuces.com/tuto/maint/regcleaner/
dis moi quoi
@+
Ok pour la suite zone alarm...
coche et fix :
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - https://www.fileplanet.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/windowsupdate/v6/default.aspx
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} - http://www.gamespy.com
O16 - DPF: {D6586F4F-9F9F-4995-88D5-75E4A651E759} - http://www.wgfed.com/index.html
comment fixer :
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
puis
ta version de acrobat reader n´est pas a jour, tu veux la derniere verion en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme
et instale la derniere :
https://get2.adobe.com/reader/otherversions/
ou oublie completement acrobat reader et instales foxit plus léger a la place:
https://www.clubic.com/telecharger-fiche13808-foxit-reader.html
et
regarde ce tutorial pour mettre ta console java a jour :
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/
ps : ne te trompes pas; sur la même page il y a aussi le tutoriel de flash...
puis
Ccleaner:
-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):
http://www.commentcamarche.net/telecharger/telechargement 168 ccleaner
-> L´installer.
-> Une fois installé et lancé :
Dans la colonne de gauche, click sur :
->"registre" :
Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.
ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.
->"nettoyeur"
quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.
-> Tutoriel en image :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
-> Pour ceux qui voudraient aller plus loin en compagnie de jesses (fonctions avancés) :
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
et
telecharge et instal regcleaner:
http://www.01net.com/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/4894.html
tutorial :
https://forums.cnetfrance.fr
http://www.softastuces.com/tuto/maint/regcleaner/
dis moi quoi
@+
jedetestelesvirus
Messages postés
90
Date d'inscription
mercredi 31 octobre 2007
Statut
Membre
Dernière intervention
7 octobre 2010
3
19 sept. 2008 à 01:39
19 sept. 2008 à 01:39
Aucune amélioration!
g!rly
Messages postés
18209
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
406
19 sept. 2008 à 18:34
19 sept. 2008 à 18:34
Salut
desinstalle correctement norton :
Desinstalleur Norton:
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
puis effectue ce scan en ligne stp
Fais un scan en ligne Kaspersky avec Internet Explorer :
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
-> Click sur Démarrer Online-Scanner
-> Click maintenant sur J'accepte.
-> Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
-> Patiente pendant l'installation des Mises à jour.
-> Choisis par la suite l'analyse du Poste de travail.
-> Sauvegarde puis colle le rapport généré en fin d'analyse.
@+
desinstalle correctement norton :
Desinstalleur Norton:
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
puis effectue ce scan en ligne stp
Fais un scan en ligne Kaspersky avec Internet Explorer :
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
-> Click sur Démarrer Online-Scanner
-> Click maintenant sur J'accepte.
-> Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
-> Patiente pendant l'installation des Mises à jour.
-> Choisis par la suite l'analyse du Poste de travail.
-> Sauvegarde puis colle le rapport généré en fin d'analyse.
@+
lounes11
Messages postés
601
Date d'inscription
lundi 14 juillet 2008
Statut
Membre
Dernière intervention
22 juillet 2013
11
19 sept. 2008 à 19:25
19 sept. 2008 à 19:25
bonjour,
je te recommande le logiciel suivant, tu as juste à l'installer et tu le lances, il va te détecter le trojan et le supprimer, simple d'utilisation et éfficace.
voici le lien de téléchargement:
http://telecharger.01net.com/windows/Utilitaire/antivirus/fiches/26618.html
bonne journée et à bientôt,
lounes.
je te recommande le logiciel suivant, tu as juste à l'installer et tu le lances, il va te détecter le trojan et le supprimer, simple d'utilisation et éfficace.
voici le lien de téléchargement:
http://telecharger.01net.com/windows/Utilitaire/antivirus/fiches/26618.html
bonne journée et à bientôt,
lounes.
jedetestelesvirus
Messages postés
90
Date d'inscription
mercredi 31 octobre 2007
Statut
Membre
Dernière intervention
7 octobre 2010
3
21 sept. 2008 à 17:11
21 sept. 2008 à 17:11
Salut, désolé davoir été aussi long
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, September 20, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, September 19, 2008 21:50:45
Records in database: 1249926
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
Scan statistics
Files scanned 235437
Threat name 4
Infected objects 7
Suspicious objects 1
Duration of the scan 03:23:19
File name Threat name Threats count
C:\Documents and Settings\Administrateur\Bureau\fgf\SmitfraudFix\IEDFix.C.exe Infected: Hoax.Win32.Renos.vbea 1
C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\IEDFix.C.exe Infected: Hoax.Win32.Renos.vbea 1
C:\Documents and Settings\Guillaume\Bureau\SmitfraudFix\IEDFix.C.exe Infected: Hoax.Win32.Renos.vbea 1
C:\Documents and Settings\Guillaume\Local Settings\Temp\.ttA9.tmp Infected: not-a-virus:FraudTool.Win32.XPAntivirus.sk 1
C:\Documents and Settings\Guillaume\Local Settings\Temp\.ttA9.tmp.exe Infected: not-a-virus:FraudTool.Win32.XPAntivirus.sk 1
C:\Documents and Settings\Guillaume\Local Settings\Temp\mirc632.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.632 1
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Outlook\archive.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\WINDOWS\system32\IEDFix.C.exe Infected: Hoax.Win32.Renos.vbea 1
The selected area was scanned.
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, September 20, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, September 19, 2008 21:50:45
Records in database: 1249926
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
Scan statistics
Files scanned 235437
Threat name 4
Infected objects 7
Suspicious objects 1
Duration of the scan 03:23:19
File name Threat name Threats count
C:\Documents and Settings\Administrateur\Bureau\fgf\SmitfraudFix\IEDFix.C.exe Infected: Hoax.Win32.Renos.vbea 1
C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\IEDFix.C.exe Infected: Hoax.Win32.Renos.vbea 1
C:\Documents and Settings\Guillaume\Bureau\SmitfraudFix\IEDFix.C.exe Infected: Hoax.Win32.Renos.vbea 1
C:\Documents and Settings\Guillaume\Local Settings\Temp\.ttA9.tmp Infected: not-a-virus:FraudTool.Win32.XPAntivirus.sk 1
C:\Documents and Settings\Guillaume\Local Settings\Temp\.ttA9.tmp.exe Infected: not-a-virus:FraudTool.Win32.XPAntivirus.sk 1
C:\Documents and Settings\Guillaume\Local Settings\Temp\mirc632.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.632 1
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Outlook\archive.pst Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\WINDOWS\system32\IEDFix.C.exe Infected: Hoax.Win32.Renos.vbea 1
The selected area was scanned.
^^Marie^^
Messages postés
113901
Date d'inscription
mardi 6 septembre 2005
Statut
Membre
Dernière intervention
28 août 2020
3 275
22 sept. 2008 à 18:21
22 sept. 2008 à 18:21
