Virus, trojan ou malware je n'en sais rien ..
Résolu
alban83
Messages postés
31
Statut
Membre
-
jacques.gache Messages postés 34829 Statut Contributeur sécurité -
jacques.gache Messages postés 34829 Statut Contributeur sécurité -
Bonjour,
depuis quelque temps mes pages internet sont plus lentes, quand je clique sur un lien sa me met un autre lien inconnu de temps en temps un message dans ma barre des tache apparait "warning system" ou un truc du style
merci de votre aide :)
analyse Malwarebytes' Anti-Malware : ( examens rapide )
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1412
Windows 5.1.2600 Service Pack 2
20/11/2008 10:48:08
mbam-log-2008-11-20 (10-48-08).txt
Type de recherche: Examen rapide
Eléments examinés: 50757
Temps écoulé: 1 minute(s), 30 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Analyse HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:55, on 20/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Interlogic\MEMOKEYS\memokeys.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {94F39278-5887-481F-B69B-A17169384FDF} - C:\WINDOWS\system32\atmpvcn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ProxyCap] C:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Memokeys.lnk = C:\Program Files\Interlogic\MEMOKEYS\memokeys.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
depuis quelque temps mes pages internet sont plus lentes, quand je clique sur un lien sa me met un autre lien inconnu de temps en temps un message dans ma barre des tache apparait "warning system" ou un truc du style
merci de votre aide :)
analyse Malwarebytes' Anti-Malware : ( examens rapide )
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1412
Windows 5.1.2600 Service Pack 2
20/11/2008 10:48:08
mbam-log-2008-11-20 (10-48-08).txt
Type de recherche: Examen rapide
Eléments examinés: 50757
Temps écoulé: 1 minute(s), 30 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Analyse HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:43:55, on 20/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Interlogic\MEMOKEYS\memokeys.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {94F39278-5887-481F-B69B-A17169384FDF} - C:\WINDOWS\system32\atmpvcn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ProxyCap] C:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Memokeys.lnk = C:\Program Files\Interlogic\MEMOKEYS\memokeys.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
A voir également:
- Virus, trojan ou malware je n'en sais rien ..
- Malwarebytes anti-malware - Télécharger - Antivirus & Antimalwares
- Virus mcafee - Accueil - Piratage
- Virus trojan al11 ✓ - Forum Virus
- Tor jack malware - Forum Virus
- Tokyvideo virus ✓ - Forum TV & Vidéo
53 réponses
ces 4 la se remettent tout le temps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.
ok je comprend mais ce qui me gène c'est que malwarebytes dis avoir supprimer au redémarrage C:\WINDOWS\system32\atmpvcn.dll (Trojan.BHO.H) -> Delete on reboot. et dans hijackthis c'est toujours la O2 - BHO: (no name) - {94F39278-5887-481F-B69B-A17169384FDF} - C:\WINDOWS\system32\atmpvcn.dll à moins que tu ais fais le rapport hijackthis avant de redémarrer peux tu par acquit de consience redémarrer le pc vidé la quarantaine de malwarebytes et me refaire un nouveau hijackthis ,Merci
Tien
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:36:01, on 22/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Interlogic\MEMOKEYS\memokeys.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {94F39278-5887-481F-B69B-A17169384FDF} - C:\WINDOWS\system32\atmpvcn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ProxyCap] C:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Memokeys.lnk = C:\Program Files\Interlogic\MEMOKEYS\memokeys.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:36:01, on 22/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Interlogic\MEMOKEYS\memokeys.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {94F39278-5887-481F-B69B-A17169384FDF} - C:\WINDOWS\system32\atmpvcn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ProxyCap] C:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Memokeys.lnk = C:\Program Files\Interlogic\MEMOKEYS\memokeys.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
bonjour le vundo est toujours la on essais de le virer avec fixvundo tu posteras le rapport suivi d'un nouveau hijackthis
Télécharger l'utilitaire FixVundo (Symantec) : https://www.broadcom.com/support/security-center
Lancer "FixVundo" en double-cliquant sur son icône.
Démarrer l'analyse en Cliquant sur "Start".
A la fin, un rapport d'analyse "FixVundo.log" est disponible dans le dossier de lancement de l'utilitaire.
copier/coller le rapport dans le nouveau message sur le forum
Télécharger l'utilitaire FixVundo (Symantec) : https://www.broadcom.com/support/security-center
Lancer "FixVundo" en double-cliquant sur son icône.
Démarrer l'analyse en Cliquant sur "Start".
A la fin, un rapport d'analyse "FixVundo.log" est disponible dans le dossier de lancement de l'utilitaire.
copier/coller le rapport dans le nouveau message sur le forum
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Rapport vundo :
Symantec Trojan.Vundo Removal Tool 1.5.0
The process "iexplore.exe" might be affected by the threat. It has been suspended.
The process "iexplore.exe" might be affected by the threat. It has been suspended.
The process "iexplore.exe" might be affected by the threat. It has been suspended.
The process "iexplore.exe" might be affected by the threat. It has been terminated.
The process "iexplore.exe" might be affected by the threat. It has been terminated.
The process "iexplore.exe" might be affected by the threat. It has been terminated.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\lordtony@hotmail.fr\DFSR\Staging\CS{C93B9FAF-F8E3-F4CD-05A7-BBF011A1F7BF}\01\278-{C93B9FAF-F8E3-F4CD-05A7-BBF011A1F7BF}-v1-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v278-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\lordtony@hotmail.fr\DFSR\Staging\CS{C93B9FAF-F8E3-F4CD-05A7-BBF011A1F7BF}\33\333-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v333-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v333-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\lordtony@hotmail.fr\DFSR\Staging\CS{C93B9FAF-F8E3-F4CD-05A7-BBF011A1F7BF}\39\291-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v339-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v291-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\lordtony@hotmail.fr\DFSR\Staging\CS{C93B9FAF-F8E3-F4CD-05A7-BBF011A1F7BF}\41\341-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v341-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v341-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\lordtony@hotmail.fr\DFSR\Staging\CS{C93B9FAF-F8E3-F4CD-05A7-BBF011A1F7BF}\42\342-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v342-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v342-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\lordtony@hotmail.fr\DFSR\Staging\CS{C93B9FAF-F8E3-F4CD-05A7-BBF011A1F7BF}\43\343-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v343-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v343-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\lordtony@hotmail.fr\DFSR\Staging\CS{C93B9FAF-F8E3-F4CD-05A7-BBF011A1F7BF}\44\284-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v344-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v284-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\lordtony@hotmail.fr\DFSR\Staging\CS{C93B9FAF-F8E3-F4CD-05A7-BBF011A1F7BF}\45\345-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v345-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v345-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\lordtony@hotmail.fr\DFSR\Staging\CS{C93B9FAF-F8E3-F4CD-05A7-BBF011A1F7BF}\46\346-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v346-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v346-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\lordtony@hotmail.fr\DFSR\Staging\CS{C93B9FAF-F8E3-F4CD-05A7-BBF011A1F7BF}\47\347-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v347-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v347-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\lordtony@hotmail.fr\DFSR\Staging\CS{C93B9FAF-F8E3-F4CD-05A7-BBF011A1F7BF}\48\294-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v348-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v294-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\ptitloup67@hotmail.com\DFSR\Staging\CS{E6A41780-AA10-65CB-E75E-4AEF79C57723}\01\116-{E6A41780-AA10-65CB-E75E-4AEF79C57723}-v1-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v116-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\23\267-{752A0519-F178-4B39-8D2C-6CD418847598}-v123-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v267-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\28\270-{752A0519-F178-4B39-8D2C-6CD418847598}-v128-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v270-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\30\263-{752A0519-F178-4B39-8D2C-6CD418847598}-v130-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v263-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\37\266-{752A0519-F178-4B39-8D2C-6CD418847598}-v137-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v266-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\42\268-{752A0519-F178-4B39-8D2C-6CD418847598}-v142-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v268-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\45\269-{752A0519-F178-4B39-8D2C-6CD418847598}-v145-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v269-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\54\271-{752A0519-F178-4B39-8D2C-6CD418847598}-v154-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v271-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\58\272-{752A0519-F178-4B39-8D2C-6CD418847598}-v158-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v272-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\61\273-{752A0519-F178-4B39-8D2C-6CD418847598}-v161-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v273-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\65\274-{752A0519-F178-4B39-8D2C-6CD418847598}-v165-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v274-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\72\275-{752A0519-F178-4B39-8D2C-6CD418847598}-v172-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v275-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\75\197-{752A0519-F178-4B39-8D2C-6CD418847598}-v175-{752A0519-F178-4B39-8D2C-6CD418847598}-v197-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\78\198-{752A0519-F178-4B39-8D2C-6CD418847598}-v178-{752A0519-F178-4B39-8D2C-6CD418847598}-v198-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\80\182-{752A0519-F178-4B39-8D2C-6CD418847598}-v180-{752A0519-F178-4B39-8D2C-6CD418847598}-v182-Partial.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\enmodebest@hotmail.fr\SharingMetadata\charlotte.voillet@hotmail.fr\DFSR\Staging\CS{2D1518BA-D29D-2256-C902-59BD010947AA}\01\10-{2D1518BA-D29D-2256-C902-59BD010947AA}-v1-{4EAFFCA1-9E2C-48AE-8844-6987F84D084C}-v10-Downloaded.frx (WARNING: not scanned, path to long)
C:\System Volume Information: (not scanned)
E:\System Volume Information: (not scanned)
Trojan.Vundo has been successfully removed from your computer!
Here is the report:
The total number of the scanned files: 124958
The number of deleted files: 0
The number of viral processes terminated: 3
The number of viral processes suspended: 3
The number of viral threads terminated: 0
The number of registry entries fixed: 0
rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:50, on 22/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
C:\Program Files\Interlogic\MEMOKEYS\memokeys.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {94F39278-5887-481F-B69B-A17169384FDF} - C:\WINDOWS\system32\atmpvcn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ProxyCap] C:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Memokeys.lnk = C:\Program Files\Interlogic\MEMOKEYS\memokeys.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Symantec Trojan.Vundo Removal Tool 1.5.0
The process "iexplore.exe" might be affected by the threat. It has been suspended.
The process "iexplore.exe" might be affected by the threat. It has been suspended.
The process "iexplore.exe" might be affected by the threat. It has been suspended.
The process "iexplore.exe" might be affected by the threat. It has been terminated.
The process "iexplore.exe" might be affected by the threat. It has been terminated.
The process "iexplore.exe" might be affected by the threat. It has been terminated.
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\lordtony@hotmail.fr\DFSR\Staging\CS{C93B9FAF-F8E3-F4CD-05A7-BBF011A1F7BF}\01\278-{C93B9FAF-F8E3-F4CD-05A7-BBF011A1F7BF}-v1-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v278-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\lordtony@hotmail.fr\DFSR\Staging\CS{C93B9FAF-F8E3-F4CD-05A7-BBF011A1F7BF}\33\333-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v333-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v333-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\lordtony@hotmail.fr\DFSR\Staging\CS{C93B9FAF-F8E3-F4CD-05A7-BBF011A1F7BF}\39\291-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v339-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v291-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\lordtony@hotmail.fr\DFSR\Staging\CS{C93B9FAF-F8E3-F4CD-05A7-BBF011A1F7BF}\41\341-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v341-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v341-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\lordtony@hotmail.fr\DFSR\Staging\CS{C93B9FAF-F8E3-F4CD-05A7-BBF011A1F7BF}\42\342-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v342-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v342-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\lordtony@hotmail.fr\DFSR\Staging\CS{C93B9FAF-F8E3-F4CD-05A7-BBF011A1F7BF}\43\343-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v343-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v343-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\lordtony@hotmail.fr\DFSR\Staging\CS{C93B9FAF-F8E3-F4CD-05A7-BBF011A1F7BF}\44\284-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v344-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v284-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\lordtony@hotmail.fr\DFSR\Staging\CS{C93B9FAF-F8E3-F4CD-05A7-BBF011A1F7BF}\45\345-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v345-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v345-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\lordtony@hotmail.fr\DFSR\Staging\CS{C93B9FAF-F8E3-F4CD-05A7-BBF011A1F7BF}\46\346-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v346-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v346-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\lordtony@hotmail.fr\DFSR\Staging\CS{C93B9FAF-F8E3-F4CD-05A7-BBF011A1F7BF}\47\347-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v347-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v347-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\lordtony@hotmail.fr\DFSR\Staging\CS{C93B9FAF-F8E3-F4CD-05A7-BBF011A1F7BF}\48\294-{83D133BA-EA4D-4BC2-9C00-4A917B5EFF64}-v348-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v294-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\ptitloup67@hotmail.com\DFSR\Staging\CS{E6A41780-AA10-65CB-E75E-4AEF79C57723}\01\116-{E6A41780-AA10-65CB-E75E-4AEF79C57723}-v1-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v116-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\23\267-{752A0519-F178-4B39-8D2C-6CD418847598}-v123-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v267-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\28\270-{752A0519-F178-4B39-8D2C-6CD418847598}-v128-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v270-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\30\263-{752A0519-F178-4B39-8D2C-6CD418847598}-v130-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v263-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\37\266-{752A0519-F178-4B39-8D2C-6CD418847598}-v137-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v266-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\42\268-{752A0519-F178-4B39-8D2C-6CD418847598}-v142-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v268-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\45\269-{752A0519-F178-4B39-8D2C-6CD418847598}-v145-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v269-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\54\271-{752A0519-F178-4B39-8D2C-6CD418847598}-v154-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v271-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\58\272-{752A0519-F178-4B39-8D2C-6CD418847598}-v158-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v272-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\61\273-{752A0519-F178-4B39-8D2C-6CD418847598}-v161-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v273-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\65\274-{752A0519-F178-4B39-8D2C-6CD418847598}-v165-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v274-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\72\275-{752A0519-F178-4B39-8D2C-6CD418847598}-v172-{1022014D-72E5-4CF5-9557-1B99DE10A5A0}-v275-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\75\197-{752A0519-F178-4B39-8D2C-6CD418847598}-v175-{752A0519-F178-4B39-8D2C-6CD418847598}-v197-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\78\198-{752A0519-F178-4B39-8D2C-6CD418847598}-v178-{752A0519-F178-4B39-8D2C-6CD418847598}-v198-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\SharingMetadata\roverelyoko@hotmail.fr\DFSR\Staging\CS{A8D91AB4-F749-E60A-D191-A4C8595E3259}\80\182-{752A0519-F178-4B39-8D2C-6CD418847598}-v180-{752A0519-F178-4B39-8D2C-6CD418847598}-v182-Partial.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\enmodebest@hotmail.fr\SharingMetadata\charlotte.voillet@hotmail.fr\DFSR\Staging\CS{2D1518BA-D29D-2256-C902-59BD010947AA}\01\10-{2D1518BA-D29D-2256-C902-59BD010947AA}-v1-{4EAFFCA1-9E2C-48AE-8844-6987F84D084C}-v10-Downloaded.frx (WARNING: not scanned, path to long)
C:\System Volume Information: (not scanned)
E:\System Volume Information: (not scanned)
Trojan.Vundo has been successfully removed from your computer!
Here is the report:
The total number of the scanned files: 124958
The number of deleted files: 0
The number of viral processes terminated: 3
The number of viral processes suspended: 3
The number of viral threads terminated: 0
The number of registry entries fixed: 0
rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:50, on 22/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
C:\Program Files\Interlogic\MEMOKEYS\memokeys.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {94F39278-5887-481F-B69B-A17169384FDF} - C:\WINDOWS\system32\atmpvcn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ProxyCap] C:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Memokeys.lnk = C:\Program Files\Interlogic\MEMOKEYS\memokeys.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
ok tu vériffis si toujours sur le pc en faisant ce qui suis et puis tu poste le rapport et tu passes lopS&D, Merci
Télécharge OTMoveIt3 de OldTimer sur ton Bureau en cliquant sur ce lien :
http://oldtimer.geekstogo.com/OTMoveIt3.exe
Double-clique sur OTMoveIt3.exe pour le lancer.
Vérifie que la case devant "Unregister Dll's and Ocx's est bien cochée.
Copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt : "Paste instructions for item to be moved".
:files
c:\windows\system32\atmpvcn.dll
Clique sur "MoveIt!" pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur "Exit" pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles sous le nom xxxxxx_xxxxxxxxxx.log .
Il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
*******************************************************************************************
Télécharge Lop S&D (de Angeldark et Eric71) sur le Bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
.Double-cliques sur Lop S&D.exe pour lancer l'installation,
.Puis double-cliques sur le raccourci Lop S&D présent sur le Bureau.
.Séléctionnes la langue souhaitée , puis choisis l'Option 1 (Recherche)
Le scan prend moins d'une minute.
.A l'issue du scan, le bloc-notes va s'ouvrir avec le résultat de la recherche.
.Enregistres le rapport LopR.txt sur le Bureau pour le retrouver facilement, sinon il sauvegardé à la racine de la partition système : C:\LopR.txt
TUTO: http://bibou0007.com/outils-specifiques-f78/tutorial-lop-sd-t956.htm#11431
Télécharge OTMoveIt3 de OldTimer sur ton Bureau en cliquant sur ce lien :
http://oldtimer.geekstogo.com/OTMoveIt3.exe
Double-clique sur OTMoveIt3.exe pour le lancer.
Vérifie que la case devant "Unregister Dll's and Ocx's est bien cochée.
Copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt : "Paste instructions for item to be moved".
:files
c:\windows\system32\atmpvcn.dll
Clique sur "MoveIt!" pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur "Exit" pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles sous le nom xxxxxx_xxxxxxxxxx.log .
Il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
*******************************************************************************************
Télécharge Lop S&D (de Angeldark et Eric71) sur le Bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
.Double-cliques sur Lop S&D.exe pour lancer l'installation,
.Puis double-cliques sur le raccourci Lop S&D présent sur le Bureau.
.Séléctionnes la langue souhaitée , puis choisis l'Option 1 (Recherche)
Le scan prend moins d'une minute.
.A l'issue du scan, le bloc-notes va s'ouvrir avec le résultat de la recherche.
.Enregistres le rapport LopR.txt sur le Bureau pour le retrouver facilement, sinon il sauvegardé à la racine de la partition système : C:\LopR.txt
TUTO: http://bibou0007.com/outils-specifiques-f78/tutorial-lop-sd-t956.htm#11431
Rapport de OTmoveIT :
========== FILES ==========
LoadLibrary failed for c:\windows\system32\atmpvcn.dll
c:\windows\system32\atmpvcn.dll NOT unregistered.
File move failed. c:\windows\system32\atmpvcn.dll scheduled to be moved on reboot.
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11232008_144603
Files moved on Reboot...
LoadLibrary failed for c:\windows\system32\atmpvcn.dll
c:\windows\system32\atmpvcn.dll NOT unregistered.
File move failed. c:\windows\system32\atmpvcn.dll scheduled to be moved on reboot.
je fais Lop S&D
========== FILES ==========
LoadLibrary failed for c:\windows\system32\atmpvcn.dll
c:\windows\system32\atmpvcn.dll NOT unregistered.
File move failed. c:\windows\system32\atmpvcn.dll scheduled to be moved on reboot.
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11232008_144603
Files moved on Reboot...
LoadLibrary failed for c:\windows\system32\atmpvcn.dll
c:\windows\system32\atmpvcn.dll NOT unregistered.
File move failed. c:\windows\system32\atmpvcn.dll scheduled to be moved on reboot.
je fais Lop S&D
voila ;)
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081122-0] 4.8.1229 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:28 Go)
D:\ (CD or DVD) - UDF - Total:0 Go (Free:0 Go)
E:\ (Local Disk) - NTFS - Total:78 Go (Free:25 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (CD or DVD)
I:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 23/11/2008|14:53 )
--------------------\\ Listing des dossiers dans APPLIC~1
[04/10/2008|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[16/05/2008|15:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[16/05/2008|15:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[16/05/2008|14:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[16/05/2008|14:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[26/06/2008|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[02/07/2008|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[14/06/2008|15:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[19/06/2008|13:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[04/10/2008|10:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[18/05/2008|16:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
[18/05/2008|16:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[02/07/2008|13:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogMeIn
[10/11/2008|12:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
[20/11/2008|11:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
[16/11/2008|15:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[22/10/2008|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[23/07/2008|17:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[16/05/2008|15:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[28/10/2008|13:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NexonEU
[13/10/2008|16:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NexonUS
[20/08/2008|10:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[14/06/2008|15:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[17/11/2008|21:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[20/11/2008|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
[16/05/2008|11:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[20/11/2008|13:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[05/07/2008|13:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TrackMania
[16/05/2008|14:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
[17/05/2008|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[31/05/2008|15:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[31/12/2005|23:41] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[31/12/2005|23:41] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[02/07/2008|13:42] C:\DOCUME~1\LOGMEI~1\APPLIC~1\Microsoft
[31/12/2005|23:41] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[05/10/2008|18:17] C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
[22/08/2008|11:08] C:\DOCUME~1\PROPRI~1\APPLIC~1\AccurateRip
[17/05/2008|18:12] C:\DOCUME~1\PROPRI~1\APPLIC~1\Adobe
[26/05/2008|20:18] C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeUM
[16/05/2008|15:17] C:\DOCUME~1\PROPRI~1\APPLIC~1\Ahead
[04/10/2008|11:18] C:\DOCUME~1\PROPRI~1\APPLIC~1\Apple Computer
[20/11/2008|11:34] C:\DOCUME~1\PROPRI~1\APPLIC~1\Azureus
[19/06/2008|13:21] C:\DOCUME~1\PROPRI~1\APPLIC~1\CyberLink
[04/07/2008|20:54] C:\DOCUME~1\PROPRI~1\APPLIC~1\dvdcss
[19/05/2008|17:28] C:\DOCUME~1\PROPRI~1\APPLIC~1\Google
[31/12/2005|23:46] C:\DOCUME~1\PROPRI~1\APPLIC~1\Identities
[31/10/2008|18:50] C:\DOCUME~1\PROPRI~1\APPLIC~1\InstallShield
[21/11/2008|17:14] C:\DOCUME~1\PROPRI~1\APPLIC~1\LimeWire
[18/05/2008|16:19] C:\DOCUME~1\PROPRI~1\APPLIC~1\Logitech
[17/05/2008|18:12] C:\DOCUME~1\PROPRI~1\APPLIC~1\Macromedia
[16/11/2008|15:04] C:\DOCUME~1\PROPRI~1\APPLIC~1\Malwarebytes
[05/11/2008|19:20] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft
[10/10/2008|20:41] C:\DOCUME~1\PROPRI~1\APPLIC~1\ProxyCap
[18/05/2008|09:53] C:\DOCUME~1\PROPRI~1\APPLIC~1\SecuROM
[20/11/2008|09:31] C:\DOCUME~1\PROPRI~1\APPLIC~1\Spyware Terminator
[17/05/2008|17:54] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sun
[16/05/2008|11:53] C:\DOCUME~1\PROPRI~1\APPLIC~1\Symantec
[22/11/2008|19:51] C:\DOCUME~1\PROPRI~1\APPLIC~1\teamspeak2
[26/08/2008|14:41] C:\DOCUME~1\PROPRI~1\APPLIC~1\TeamViewer
[16/05/2008|14:51] C:\DOCUME~1\PROPRI~1\APPLIC~1\TuneUp Software
[16/05/2008|11:38] C:\DOCUME~1\PROPRI~1\APPLIC~1\URSoft
[05/10/2008|18:23] C:\DOCUME~1\PROPRI~1\APPLIC~1\Xfire
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[22/11/2008 19:45][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{B8B52C93-2160-4762-A556-87F5F038AB6C}.job
[23/11/2008 14:36][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[13/11/2008 18:39][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[22/11/2008 20:17][--a------] C:\WINDOWS\tasks\Maintenance en 1 clic.job
[23/11/2008 14:48][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/03/2006 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[18/05/2008|16:26] C:\Program Files\Activision
[16/05/2008|15:41] C:\Program Files\Adobe
[16/05/2008|15:22] C:\Program Files\Alcohol Soft
[16/05/2008|11:02] C:\Program Files\Alwil Software
[14/09/2008|14:47] C:\Program Files\Apple Software Update
[05/10/2008|12:45] C:\Program Files\Application PC MTV 3.3
[15/07/2008|10:59] C:\Program Files\Avanquest update
[22/08/2008|11:22] C:\Program Files\AviSynth 2.5
[01/11/2008|12:54] C:\Program Files\Azureus
[13/09/2008|13:03] C:\Program Files\Bonjour
[18/05/2008|15:05] C:\Program Files\CCleaner
[31/12/2005|23:39] C:\Program Files\ComPlus Applications
[11/10/2008|15:46] C:\Program Files\CyberLink
[08/10/2008|15:06] C:\Program Files\DAEMON Tools
[19/05/2008|07:00] C:\Program Files\DaemonTools_WhenUSave_Installer
[17/05/2008|20:09] C:\Program Files\Electronic Arts
[20/11/2008|13:16] C:\Program Files\Enigma Software Group
[16/05/2008|14:59] C:\Program Files\Everest
[21/11/2008|17:25] C:\Program Files\Fichiers communs
[01/01/2006|00:01] C:\Program Files\FOX ONE
[25/06/2008|09:26] C:\Program Files\GOA
[29/10/2008|09:45] C:\Program Files\Google
[01/11/2008|12:09] C:\Program Files\InstallShield Installation Information
[31/12/2005|23:56] C:\Program Files\Intel
[17/05/2008|18:25] C:\Program Files\Interlogic
[04/10/2008|10:26] C:\Program Files\Internet Explorer
[04/10/2008|10:37] C:\Program Files\iPod
[04/10/2008|10:37] C:\Program Files\iTunes
[15/08/2008|09:49] C:\Program Files\Java
[10/11/2008|13:51] C:\Program Files\LimeWire
[01/01/2006|00:02] C:\Program Files\LiveUpdate
[18/05/2008|16:18] C:\Program Files\Logitech
[10/11/2008|12:33] C:\Program Files\ma-config.com
[20/11/2008|09:50] C:\Program Files\Malwarebytes' Anti-Malware
[01/01/2006|00:01] C:\Program Files\Marvell
[19/11/2008|08:11] C:\Program Files\Messenger
[01/09/2008|08:59] C:\Program Files\Messenger Plus! Live
[31/12/2005|23:42] C:\Program Files\microsoft frontpage
[16/05/2008|15:37] C:\Program Files\Microsoft Office
[31/12/2005|23:39] C:\Program Files\Movie Maker
[31/12/2005|23:38] C:\Program Files\MSN
[31/12/2005|23:38] C:\Program Files\MSN Gaming Zone
[18/05/2008|09:43] C:\Program Files\MSXML 4.0
[16/05/2008|15:15] C:\Program Files\Nero
[16/05/2008|11:43] C:\Program Files\NETGEAR
[31/12/2005|23:40] C:\Program Files\NetMeeting
[31/12/2005|23:38] C:\Program Files\Online Services
[16/05/2008|14:54] C:\Program Files\OO Software
[18/05/2008|09:46] C:\Program Files\Outlook Express
[16/05/2008|14:53] C:\Program Files\PhotoFiltre
[18/05/2008|16:07] C:\Program Files\Picasa2
[09/10/2008|16:35] C:\Program Files\Proxy Labs
[13/09/2008|13:02] C:\Program Files\QuickTime
[30/07/2008|21:08] C:\Program Files\Radio Fr Solo
[23/11/2008|14:49] C:\Program Files\RamBoost XP
[31/12/2005|23:59] C:\Program Files\Realtek
[03/07/2008|07:30] C:\Program Files\Red Kawa
[04/10/2008|10:32] C:\Program Files\Safari
[31/12/2005|23:40] C:\Program Files\Services en ligne
[14/06/2008|15:43] C:\Program Files\Sony Ericsson
[17/11/2008|21:30] C:\Program Files\Spybot - Search & Destroy
[20/11/2008|09:31] C:\Program Files\Spyware Terminator
[16/11/2008|15:43] C:\Program Files\Steam
[15/08/2008|09:50] C:\Program Files\Sun
[16/05/2008|11:21] C:\Program Files\SuperCopier2
[16/05/2008|11:53] C:\Program Files\Symantec
[27/05/2008|21:23] C:\Program Files\TeamSpeak 3
[02/07/2008|13:57] C:\Program Files\TmNationsForever
[20/11/2008|09:59] C:\Program Files\Trend Micro
[26/05/2008|19:15] C:\Program Files\TuneUp Utilities 2007
[04/07/2008|12:47] C:\Program Files\Ubisoft
[31/12/2005|23:46] C:\Program Files\Uninstall Information
[20/11/2008|13:54] C:\Program Files\Unlocker
[11/10/2008|15:47] C:\Program Files\VideoLAN
[22/11/2008|20:34] C:\Program Files\WarRock
[19/05/2008|07:15] C:\Program Files\Windows Live
[31/05/2008|15:59] C:\Program Files\Windows Live Favorites
[09/10/2008|16:32] C:\Program Files\Windows Live Safety Center
[31/05/2008|15:59] C:\Program Files\Windows Live Toolbar
[02/07/2008|13:15] C:\Program Files\Windows Media Connect 2
[02/07/2008|13:15] C:\Program Files\Windows Media Player
[31/12/2005|23:38] C:\Program Files\Windows NT
[31/12/2005|23:40] C:\Program Files\WindowsUpdate
[16/05/2008|11:01] C:\Program Files\WinRAR
[31/12/2005|23:42] C:\Program Files\xerox
[05/10/2008|18:18] C:\Program Files\Xfire
[19/11/2008|08:21] C:\Program Files\Your Freedom
[16/05/2008|11:39] C:\Program Files\Your Uninstaller 2008
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[16/05/2008|15:42] C:\Program Files\Fichiers communs\Adobe
[16/05/2008|15:16] C:\Program Files\Fichiers communs\Ahead
[13/09/2008|13:02] C:\Program Files\Fichiers communs\Apple
[16/05/2008|15:37] C:\Program Files\Fichiers communs\DESIGNER
[11/10/2008|15:46] C:\Program Files\Fichiers communs\InstallShield
[17/05/2008|17:53] C:\Program Files\Fichiers communs\Java
[18/05/2008|16:18] C:\Program Files\Fichiers communs\Logishrd
[21/11/2008|22:54] C:\Program Files\Fichiers communs\Microsoft Shared
[31/12/2005|23:40] C:\Program Files\Fichiers communs\MSSoap
[01/01/2006|00:30] C:\Program Files\Fichiers communs\ODBC
[31/12/2005|23:40] C:\Program Files\Fichiers communs\Services
[01/01/2006|00:30] C:\Program Files\Fichiers communs\SpeechEngines
[16/05/2008|11:53] C:\Program Files\Fichiers communs\Symantec Shared
[18/05/2008|09:46] C:\Program Files\Fichiers communs\System
[31/05/2008|15:58] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[16/05/2008|14:51] C:\Program Files\Fichiers communs\Wise Installation Wizard
--------------------\\ Process
( 51 Processes )
iexplore.exe ~ [PID:3948]
iexplore.exe ~ [PID:1796]
iexplore.exe ~ [PID:3904]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@advertstream[1].txt
C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@adopt.euroclick[1].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 14:54:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 41
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:38][D:3]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
[F:93][D:0]-> C:\DOCUME~1\PROPRI~1\Cookies
[F:6677][D:8]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 23/11/2008|14:55 - Option : [1]
--------------------\\ Fin du rapport a 14:55:55
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081122-0] 4.8.1229 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:28 Go)
D:\ (CD or DVD) - UDF - Total:0 Go (Free:0 Go)
E:\ (Local Disk) - NTFS - Total:78 Go (Free:25 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (CD or DVD)
I:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 23/11/2008|14:53 )
--------------------\\ Listing des dossiers dans APPLIC~1
[04/10/2008|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[16/05/2008|15:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[16/05/2008|15:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[16/05/2008|14:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[16/05/2008|14:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[26/06/2008|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[02/07/2008|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[14/06/2008|15:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[19/06/2008|13:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[04/10/2008|10:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[18/05/2008|16:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
[18/05/2008|16:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[02/07/2008|13:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogMeIn
[10/11/2008|12:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
[20/11/2008|11:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
[16/11/2008|15:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[22/10/2008|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[23/07/2008|17:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[16/05/2008|15:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[28/10/2008|13:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NexonEU
[13/10/2008|16:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NexonUS
[20/08/2008|10:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[14/06/2008|15:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[17/11/2008|21:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[20/11/2008|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
[16/05/2008|11:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[20/11/2008|13:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[05/07/2008|13:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TrackMania
[16/05/2008|14:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
[17/05/2008|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[31/05/2008|15:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[31/12/2005|23:41] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[31/12/2005|23:41] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[02/07/2008|13:42] C:\DOCUME~1\LOGMEI~1\APPLIC~1\Microsoft
[31/12/2005|23:41] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[05/10/2008|18:17] C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
[22/08/2008|11:08] C:\DOCUME~1\PROPRI~1\APPLIC~1\AccurateRip
[17/05/2008|18:12] C:\DOCUME~1\PROPRI~1\APPLIC~1\Adobe
[26/05/2008|20:18] C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeUM
[16/05/2008|15:17] C:\DOCUME~1\PROPRI~1\APPLIC~1\Ahead
[04/10/2008|11:18] C:\DOCUME~1\PROPRI~1\APPLIC~1\Apple Computer
[20/11/2008|11:34] C:\DOCUME~1\PROPRI~1\APPLIC~1\Azureus
[19/06/2008|13:21] C:\DOCUME~1\PROPRI~1\APPLIC~1\CyberLink
[04/07/2008|20:54] C:\DOCUME~1\PROPRI~1\APPLIC~1\dvdcss
[19/05/2008|17:28] C:\DOCUME~1\PROPRI~1\APPLIC~1\Google
[31/12/2005|23:46] C:\DOCUME~1\PROPRI~1\APPLIC~1\Identities
[31/10/2008|18:50] C:\DOCUME~1\PROPRI~1\APPLIC~1\InstallShield
[21/11/2008|17:14] C:\DOCUME~1\PROPRI~1\APPLIC~1\LimeWire
[18/05/2008|16:19] C:\DOCUME~1\PROPRI~1\APPLIC~1\Logitech
[17/05/2008|18:12] C:\DOCUME~1\PROPRI~1\APPLIC~1\Macromedia
[16/11/2008|15:04] C:\DOCUME~1\PROPRI~1\APPLIC~1\Malwarebytes
[05/11/2008|19:20] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft
[10/10/2008|20:41] C:\DOCUME~1\PROPRI~1\APPLIC~1\ProxyCap
[18/05/2008|09:53] C:\DOCUME~1\PROPRI~1\APPLIC~1\SecuROM
[20/11/2008|09:31] C:\DOCUME~1\PROPRI~1\APPLIC~1\Spyware Terminator
[17/05/2008|17:54] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sun
[16/05/2008|11:53] C:\DOCUME~1\PROPRI~1\APPLIC~1\Symantec
[22/11/2008|19:51] C:\DOCUME~1\PROPRI~1\APPLIC~1\teamspeak2
[26/08/2008|14:41] C:\DOCUME~1\PROPRI~1\APPLIC~1\TeamViewer
[16/05/2008|14:51] C:\DOCUME~1\PROPRI~1\APPLIC~1\TuneUp Software
[16/05/2008|11:38] C:\DOCUME~1\PROPRI~1\APPLIC~1\URSoft
[05/10/2008|18:23] C:\DOCUME~1\PROPRI~1\APPLIC~1\Xfire
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[22/11/2008 19:45][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{B8B52C93-2160-4762-A556-87F5F038AB6C}.job
[23/11/2008 14:36][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[13/11/2008 18:39][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[22/11/2008 20:17][--a------] C:\WINDOWS\tasks\Maintenance en 1 clic.job
[23/11/2008 14:48][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/03/2006 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[18/05/2008|16:26] C:\Program Files\Activision
[16/05/2008|15:41] C:\Program Files\Adobe
[16/05/2008|15:22] C:\Program Files\Alcohol Soft
[16/05/2008|11:02] C:\Program Files\Alwil Software
[14/09/2008|14:47] C:\Program Files\Apple Software Update
[05/10/2008|12:45] C:\Program Files\Application PC MTV 3.3
[15/07/2008|10:59] C:\Program Files\Avanquest update
[22/08/2008|11:22] C:\Program Files\AviSynth 2.5
[01/11/2008|12:54] C:\Program Files\Azureus
[13/09/2008|13:03] C:\Program Files\Bonjour
[18/05/2008|15:05] C:\Program Files\CCleaner
[31/12/2005|23:39] C:\Program Files\ComPlus Applications
[11/10/2008|15:46] C:\Program Files\CyberLink
[08/10/2008|15:06] C:\Program Files\DAEMON Tools
[19/05/2008|07:00] C:\Program Files\DaemonTools_WhenUSave_Installer
[17/05/2008|20:09] C:\Program Files\Electronic Arts
[20/11/2008|13:16] C:\Program Files\Enigma Software Group
[16/05/2008|14:59] C:\Program Files\Everest
[21/11/2008|17:25] C:\Program Files\Fichiers communs
[01/01/2006|00:01] C:\Program Files\FOX ONE
[25/06/2008|09:26] C:\Program Files\GOA
[29/10/2008|09:45] C:\Program Files\Google
[01/11/2008|12:09] C:\Program Files\InstallShield Installation Information
[31/12/2005|23:56] C:\Program Files\Intel
[17/05/2008|18:25] C:\Program Files\Interlogic
[04/10/2008|10:26] C:\Program Files\Internet Explorer
[04/10/2008|10:37] C:\Program Files\iPod
[04/10/2008|10:37] C:\Program Files\iTunes
[15/08/2008|09:49] C:\Program Files\Java
[10/11/2008|13:51] C:\Program Files\LimeWire
[01/01/2006|00:02] C:\Program Files\LiveUpdate
[18/05/2008|16:18] C:\Program Files\Logitech
[10/11/2008|12:33] C:\Program Files\ma-config.com
[20/11/2008|09:50] C:\Program Files\Malwarebytes' Anti-Malware
[01/01/2006|00:01] C:\Program Files\Marvell
[19/11/2008|08:11] C:\Program Files\Messenger
[01/09/2008|08:59] C:\Program Files\Messenger Plus! Live
[31/12/2005|23:42] C:\Program Files\microsoft frontpage
[16/05/2008|15:37] C:\Program Files\Microsoft Office
[31/12/2005|23:39] C:\Program Files\Movie Maker
[31/12/2005|23:38] C:\Program Files\MSN
[31/12/2005|23:38] C:\Program Files\MSN Gaming Zone
[18/05/2008|09:43] C:\Program Files\MSXML 4.0
[16/05/2008|15:15] C:\Program Files\Nero
[16/05/2008|11:43] C:\Program Files\NETGEAR
[31/12/2005|23:40] C:\Program Files\NetMeeting
[31/12/2005|23:38] C:\Program Files\Online Services
[16/05/2008|14:54] C:\Program Files\OO Software
[18/05/2008|09:46] C:\Program Files\Outlook Express
[16/05/2008|14:53] C:\Program Files\PhotoFiltre
[18/05/2008|16:07] C:\Program Files\Picasa2
[09/10/2008|16:35] C:\Program Files\Proxy Labs
[13/09/2008|13:02] C:\Program Files\QuickTime
[30/07/2008|21:08] C:\Program Files\Radio Fr Solo
[23/11/2008|14:49] C:\Program Files\RamBoost XP
[31/12/2005|23:59] C:\Program Files\Realtek
[03/07/2008|07:30] C:\Program Files\Red Kawa
[04/10/2008|10:32] C:\Program Files\Safari
[31/12/2005|23:40] C:\Program Files\Services en ligne
[14/06/2008|15:43] C:\Program Files\Sony Ericsson
[17/11/2008|21:30] C:\Program Files\Spybot - Search & Destroy
[20/11/2008|09:31] C:\Program Files\Spyware Terminator
[16/11/2008|15:43] C:\Program Files\Steam
[15/08/2008|09:50] C:\Program Files\Sun
[16/05/2008|11:21] C:\Program Files\SuperCopier2
[16/05/2008|11:53] C:\Program Files\Symantec
[27/05/2008|21:23] C:\Program Files\TeamSpeak 3
[02/07/2008|13:57] C:\Program Files\TmNationsForever
[20/11/2008|09:59] C:\Program Files\Trend Micro
[26/05/2008|19:15] C:\Program Files\TuneUp Utilities 2007
[04/07/2008|12:47] C:\Program Files\Ubisoft
[31/12/2005|23:46] C:\Program Files\Uninstall Information
[20/11/2008|13:54] C:\Program Files\Unlocker
[11/10/2008|15:47] C:\Program Files\VideoLAN
[22/11/2008|20:34] C:\Program Files\WarRock
[19/05/2008|07:15] C:\Program Files\Windows Live
[31/05/2008|15:59] C:\Program Files\Windows Live Favorites
[09/10/2008|16:32] C:\Program Files\Windows Live Safety Center
[31/05/2008|15:59] C:\Program Files\Windows Live Toolbar
[02/07/2008|13:15] C:\Program Files\Windows Media Connect 2
[02/07/2008|13:15] C:\Program Files\Windows Media Player
[31/12/2005|23:38] C:\Program Files\Windows NT
[31/12/2005|23:40] C:\Program Files\WindowsUpdate
[16/05/2008|11:01] C:\Program Files\WinRAR
[31/12/2005|23:42] C:\Program Files\xerox
[05/10/2008|18:18] C:\Program Files\Xfire
[19/11/2008|08:21] C:\Program Files\Your Freedom
[16/05/2008|11:39] C:\Program Files\Your Uninstaller 2008
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[16/05/2008|15:42] C:\Program Files\Fichiers communs\Adobe
[16/05/2008|15:16] C:\Program Files\Fichiers communs\Ahead
[13/09/2008|13:02] C:\Program Files\Fichiers communs\Apple
[16/05/2008|15:37] C:\Program Files\Fichiers communs\DESIGNER
[11/10/2008|15:46] C:\Program Files\Fichiers communs\InstallShield
[17/05/2008|17:53] C:\Program Files\Fichiers communs\Java
[18/05/2008|16:18] C:\Program Files\Fichiers communs\Logishrd
[21/11/2008|22:54] C:\Program Files\Fichiers communs\Microsoft Shared
[31/12/2005|23:40] C:\Program Files\Fichiers communs\MSSoap
[01/01/2006|00:30] C:\Program Files\Fichiers communs\ODBC
[31/12/2005|23:40] C:\Program Files\Fichiers communs\Services
[01/01/2006|00:30] C:\Program Files\Fichiers communs\SpeechEngines
[16/05/2008|11:53] C:\Program Files\Fichiers communs\Symantec Shared
[18/05/2008|09:46] C:\Program Files\Fichiers communs\System
[31/05/2008|15:58] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[16/05/2008|14:51] C:\Program Files\Fichiers communs\Wise Installation Wizard
--------------------\\ Process
( 51 Processes )
iexplore.exe ~ [PID:3948]
iexplore.exe ~ [PID:1796]
iexplore.exe ~ [PID:3904]
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@advertstream[1].txt
C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@adopt.euroclick[1].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 14:54:45
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 41
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:38][D:3]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
[F:93][D:0]-> C:\DOCUME~1\PROPRI~1\Cookies
[F:6677][D:8]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 23/11/2008|14:55 - Option : [1]
--------------------\\ Fin du rapport a 14:55:55
ok tu relance lop et option 2 tu postes le rapport suivi d'un nouveau hijackthis ,Merci
Relances Lop S&D
· Choisis cette fois ci l'Option 2 ( Suppression )
· Ne ferme pas la fenêtre lors de la suppression !
· Poste le rapport généré ( C:\lopR.txt )
( Si le Bureau ne réapparît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
Relances Lop S&D
· Choisis cette fois ci l'Option 2 ( Suppression )
· Ne ferme pas la fenêtre lors de la suppression !
· Poste le rapport généré ( C:\lopR.txt )
( Si le Bureau ne réapparît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide )
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081122-0] 4.8.1229 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:28 Go)
D:\ (CD or DVD) - UDF - Total:0 Go (Free:0 Go)
E:\ (Local Disk) - NTFS - Total:78 Go (Free:25 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (CD or DVD)
I:\ (CD or DVD)
J:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 23/11/2008|17:12 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@advertstream[1].txt
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[04/10/2008|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[16/05/2008|15:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[16/05/2008|15:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[16/05/2008|14:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[16/05/2008|14:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[26/06/2008|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[02/07/2008|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[14/06/2008|15:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[19/06/2008|13:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[04/10/2008|10:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[18/05/2008|16:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
[18/05/2008|16:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[02/07/2008|13:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogMeIn
[10/11/2008|12:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
[20/11/2008|11:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
[16/11/2008|15:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[22/10/2008|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[23/07/2008|17:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[16/05/2008|15:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[28/10/2008|13:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NexonEU
[13/10/2008|16:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NexonUS
[20/08/2008|10:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[14/06/2008|15:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[17/11/2008|21:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[20/11/2008|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
[16/05/2008|11:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[20/11/2008|13:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[05/07/2008|13:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TrackMania
[16/05/2008|14:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
[17/05/2008|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[31/05/2008|15:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[31/12/2005|23:41] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[31/12/2005|23:41] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[02/07/2008|13:42] C:\DOCUME~1\LOGMEI~1\APPLIC~1\Microsoft
[31/12/2005|23:41] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[05/10/2008|18:17] C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
[22/08/2008|11:08] C:\DOCUME~1\PROPRI~1\APPLIC~1\AccurateRip
[17/05/2008|18:12] C:\DOCUME~1\PROPRI~1\APPLIC~1\Adobe
[26/05/2008|20:18] C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeUM
[16/05/2008|15:17] C:\DOCUME~1\PROPRI~1\APPLIC~1\Ahead
[04/10/2008|11:18] C:\DOCUME~1\PROPRI~1\APPLIC~1\Apple Computer
[20/11/2008|11:34] C:\DOCUME~1\PROPRI~1\APPLIC~1\Azureus
[19/06/2008|13:21] C:\DOCUME~1\PROPRI~1\APPLIC~1\CyberLink
[04/07/2008|20:54] C:\DOCUME~1\PROPRI~1\APPLIC~1\dvdcss
[19/05/2008|17:28] C:\DOCUME~1\PROPRI~1\APPLIC~1\Google
[31/12/2005|23:46] C:\DOCUME~1\PROPRI~1\APPLIC~1\Identities
[31/10/2008|18:50] C:\DOCUME~1\PROPRI~1\APPLIC~1\InstallShield
[21/11/2008|17:14] C:\DOCUME~1\PROPRI~1\APPLIC~1\LimeWire
[18/05/2008|16:19] C:\DOCUME~1\PROPRI~1\APPLIC~1\Logitech
[17/05/2008|18:12] C:\DOCUME~1\PROPRI~1\APPLIC~1\Macromedia
[16/11/2008|15:04] C:\DOCUME~1\PROPRI~1\APPLIC~1\Malwarebytes
[05/11/2008|19:20] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft
[10/10/2008|20:41] C:\DOCUME~1\PROPRI~1\APPLIC~1\ProxyCap
[18/05/2008|09:53] C:\DOCUME~1\PROPRI~1\APPLIC~1\SecuROM
[20/11/2008|09:31] C:\DOCUME~1\PROPRI~1\APPLIC~1\Spyware Terminator
[17/05/2008|17:54] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sun
[16/05/2008|11:53] C:\DOCUME~1\PROPRI~1\APPLIC~1\Symantec
[22/11/2008|19:51] C:\DOCUME~1\PROPRI~1\APPLIC~1\teamspeak2
[26/08/2008|14:41] C:\DOCUME~1\PROPRI~1\APPLIC~1\TeamViewer
[16/05/2008|14:51] C:\DOCUME~1\PROPRI~1\APPLIC~1\TuneUp Software
[16/05/2008|11:38] C:\DOCUME~1\PROPRI~1\APPLIC~1\URSoft
[05/10/2008|18:23] C:\DOCUME~1\PROPRI~1\APPLIC~1\Xfire
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[22/11/2008 19:45][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{B8B52C93-2160-4762-A556-87F5F038AB6C}.job
[23/11/2008 16:36][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[13/11/2008 18:39][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[22/11/2008 20:17][--a------] C:\WINDOWS\tasks\Maintenance en 1 clic.job
[23/11/2008 14:48][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/03/2006 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[18/05/2008|16:26] C:\Program Files\Activision
[16/05/2008|15:41] C:\Program Files\Adobe
[16/05/2008|15:22] C:\Program Files\Alcohol Soft
[16/05/2008|11:02] C:\Program Files\Alwil Software
[14/09/2008|14:47] C:\Program Files\Apple Software Update
[05/10/2008|12:45] C:\Program Files\Application PC MTV 3.3
[15/07/2008|10:59] C:\Program Files\Avanquest update
[22/08/2008|11:22] C:\Program Files\AviSynth 2.5
[01/11/2008|12:54] C:\Program Files\Azureus
[13/09/2008|13:03] C:\Program Files\Bonjour
[18/05/2008|15:05] C:\Program Files\CCleaner
[31/12/2005|23:39] C:\Program Files\ComPlus Applications
[11/10/2008|15:46] C:\Program Files\CyberLink
[08/10/2008|15:06] C:\Program Files\DAEMON Tools
[19/05/2008|07:00] C:\Program Files\DaemonTools_WhenUSave_Installer
[17/05/2008|20:09] C:\Program Files\Electronic Arts
[20/11/2008|13:16] C:\Program Files\Enigma Software Group
[16/05/2008|14:59] C:\Program Files\Everest
[21/11/2008|17:25] C:\Program Files\Fichiers communs
[01/01/2006|00:01] C:\Program Files\FOX ONE
[25/06/2008|09:26] C:\Program Files\GOA
[29/10/2008|09:45] C:\Program Files\Google
[01/11/2008|12:09] C:\Program Files\InstallShield Installation Information
[31/12/2005|23:56] C:\Program Files\Intel
[17/05/2008|18:25] C:\Program Files\Interlogic
[04/10/2008|10:26] C:\Program Files\Internet Explorer
[04/10/2008|10:37] C:\Program Files\iPod
[04/10/2008|10:37] C:\Program Files\iTunes
[15/08/2008|09:49] C:\Program Files\Java
[10/11/2008|13:51] C:\Program Files\LimeWire
[01/01/2006|00:02] C:\Program Files\LiveUpdate
[18/05/2008|16:18] C:\Program Files\Logitech
[10/11/2008|12:33] C:\Program Files\ma-config.com
[20/11/2008|09:50] C:\Program Files\Malwarebytes' Anti-Malware
[01/01/2006|00:01] C:\Program Files\Marvell
[19/11/2008|08:11] C:\Program Files\Messenger
[01/09/2008|08:59] C:\Program Files\Messenger Plus! Live
[31/12/2005|23:42] C:\Program Files\microsoft frontpage
[16/05/2008|15:37] C:\Program Files\Microsoft Office
[31/12/2005|23:39] C:\Program Files\Movie Maker
[31/12/2005|23:38] C:\Program Files\MSN
[31/12/2005|23:38] C:\Program Files\MSN Gaming Zone
[18/05/2008|09:43] C:\Program Files\MSXML 4.0
[16/05/2008|15:15] C:\Program Files\Nero
[16/05/2008|11:43] C:\Program Files\NETGEAR
[31/12/2005|23:40] C:\Program Files\NetMeeting
[31/12/2005|23:38] C:\Program Files\Online Services
[16/05/2008|14:54] C:\Program Files\OO Software
[18/05/2008|09:46] C:\Program Files\Outlook Express
[16/05/2008|14:53] C:\Program Files\PhotoFiltre
[18/05/2008|16:07] C:\Program Files\Picasa2
[09/10/2008|16:35] C:\Program Files\Proxy Labs
[13/09/2008|13:02] C:\Program Files\QuickTime
[30/07/2008|21:08] C:\Program Files\Radio Fr Solo
[23/11/2008|14:49] C:\Program Files\RamBoost XP
[31/12/2005|23:59] C:\Program Files\Realtek
[03/07/2008|07:30] C:\Program Files\Red Kawa
[04/10/2008|10:32] C:\Program Files\Safari
[31/12/2005|23:40] C:\Program Files\Services en ligne
[14/06/2008|15:43] C:\Program Files\Sony Ericsson
[17/11/2008|21:30] C:\Program Files\Spybot - Search & Destroy
[20/11/2008|09:31] C:\Program Files\Spyware Terminator
[16/11/2008|15:43] C:\Program Files\Steam
[15/08/2008|09:50] C:\Program Files\Sun
[16/05/2008|11:21] C:\Program Files\SuperCopier2
[16/05/2008|11:53] C:\Program Files\Symantec
[27/05/2008|21:23] C:\Program Files\TeamSpeak 3
[02/07/2008|13:57] C:\Program Files\TmNationsForever
[20/11/2008|09:59] C:\Program Files\Trend Micro
[26/05/2008|19:15] C:\Program Files\TuneUp Utilities 2007
[04/07/2008|12:47] C:\Program Files\Ubisoft
[31/12/2005|23:46] C:\Program Files\Uninstall Information
[20/11/2008|13:54] C:\Program Files\Unlocker
[11/10/2008|15:47] C:\Program Files\VideoLAN
[23/11/2008|15:53] C:\Program Files\WarRock
[19/05/2008|07:15] C:\Program Files\Windows Live
[31/05/2008|15:59] C:\Program Files\Windows Live Favorites
[09/10/2008|16:32] C:\Program Files\Windows Live Safety Center
[31/05/2008|15:59] C:\Program Files\Windows Live Toolbar
[02/07/2008|13:15] C:\Program Files\Windows Media Connect 2
[02/07/2008|13:15] C:\Program Files\Windows Media Player
[31/12/2005|23:38] C:\Program Files\Windows NT
[31/12/2005|23:40] C:\Program Files\WindowsUpdate
[16/05/2008|11:01] C:\Program Files\WinRAR
[31/12/2005|23:42] C:\Program Files\xerox
[05/10/2008|18:18] C:\Program Files\Xfire
[19/11/2008|08:21] C:\Program Files\Your Freedom
[16/05/2008|11:39] C:\Program Files\Your Uninstaller 2008
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[16/05/2008|15:42] C:\Program Files\Fichiers communs\Adobe
[16/05/2008|15:16] C:\Program Files\Fichiers communs\Ahead
[13/09/2008|13:02] C:\Program Files\Fichiers communs\Apple
[16/05/2008|15:37] C:\Program Files\Fichiers communs\DESIGNER
[11/10/2008|15:46] C:\Program Files\Fichiers communs\InstallShield
[17/05/2008|17:53] C:\Program Files\Fichiers communs\Java
[18/05/2008|16:18] C:\Program Files\Fichiers communs\Logishrd
[21/11/2008|22:54] C:\Program Files\Fichiers communs\Microsoft Shared
[31/12/2005|23:40] C:\Program Files\Fichiers communs\MSSoap
[01/01/2006|00:30] C:\Program Files\Fichiers communs\ODBC
[31/12/2005|23:40] C:\Program Files\Fichiers communs\Services
[01/01/2006|00:30] C:\Program Files\Fichiers communs\SpeechEngines
[16/05/2008|11:53] C:\Program Files\Fichiers communs\Symantec Shared
[18/05/2008|09:46] C:\Program Files\Fichiers communs\System
[31/05/2008|15:58] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[16/05/2008|14:51] C:\Program Files\Fichiers communs\Wise Installation Wizard
--------------------\\ Process
( 47 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@adopt.euroclick[2].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 17:13:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 41
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:35][D:3]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
[F:98][D:0]-> C:\DOCUME~1\PROPRI~1\Cookies
[F:7176][D:8]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 23/11/2008|14:55 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 23/11/2008|17:14 - Option : [2]
--------------------\\ Fin du rapport a 17:14:07
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6400 @ 2.13GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Propriétaire ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081122-0] 4.8.1229 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:111 Go (Free:28 Go)
D:\ (CD or DVD) - UDF - Total:0 Go (Free:0 Go)
E:\ (Local Disk) - NTFS - Total:78 Go (Free:25 Go)
F:\ (CD or DVD)
G:\ (CD or DVD)
H:\ (CD or DVD)
I:\ (CD or DVD)
J:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 23/11/2008|17:12 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@advertstream[1].txt
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[04/10/2008|10:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[16/05/2008|15:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[16/05/2008|15:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[16/05/2008|14:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[16/05/2008|14:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[26/06/2008|20:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[02/07/2008|13:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[14/06/2008|15:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
[19/06/2008|13:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[04/10/2008|10:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[18/05/2008|16:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogiShrd
[18/05/2008|16:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
[02/07/2008|13:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LogMeIn
[10/11/2008|12:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
[20/11/2008|11:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
[16/11/2008|15:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[22/10/2008|18:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[23/07/2008|17:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[16/05/2008|15:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[28/10/2008|13:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NexonEU
[13/10/2008|16:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NexonUS
[20/08/2008|10:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[14/06/2008|15:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
[17/11/2008|21:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[20/11/2008|09:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
[16/05/2008|11:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[20/11/2008|13:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[05/07/2008|13:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TrackMania
[16/05/2008|14:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TuneUp Software
[17/05/2008|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[31/05/2008|15:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[31/12/2005|23:41] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[31/12/2005|23:41] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[02/07/2008|13:42] C:\DOCUME~1\LOGMEI~1\APPLIC~1\Microsoft
[31/12/2005|23:41] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[05/10/2008|18:17] C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
[22/08/2008|11:08] C:\DOCUME~1\PROPRI~1\APPLIC~1\AccurateRip
[17/05/2008|18:12] C:\DOCUME~1\PROPRI~1\APPLIC~1\Adobe
[26/05/2008|20:18] C:\DOCUME~1\PROPRI~1\APPLIC~1\AdobeUM
[16/05/2008|15:17] C:\DOCUME~1\PROPRI~1\APPLIC~1\Ahead
[04/10/2008|11:18] C:\DOCUME~1\PROPRI~1\APPLIC~1\Apple Computer
[20/11/2008|11:34] C:\DOCUME~1\PROPRI~1\APPLIC~1\Azureus
[19/06/2008|13:21] C:\DOCUME~1\PROPRI~1\APPLIC~1\CyberLink
[04/07/2008|20:54] C:\DOCUME~1\PROPRI~1\APPLIC~1\dvdcss
[19/05/2008|17:28] C:\DOCUME~1\PROPRI~1\APPLIC~1\Google
[31/12/2005|23:46] C:\DOCUME~1\PROPRI~1\APPLIC~1\Identities
[31/10/2008|18:50] C:\DOCUME~1\PROPRI~1\APPLIC~1\InstallShield
[21/11/2008|17:14] C:\DOCUME~1\PROPRI~1\APPLIC~1\LimeWire
[18/05/2008|16:19] C:\DOCUME~1\PROPRI~1\APPLIC~1\Logitech
[17/05/2008|18:12] C:\DOCUME~1\PROPRI~1\APPLIC~1\Macromedia
[16/11/2008|15:04] C:\DOCUME~1\PROPRI~1\APPLIC~1\Malwarebytes
[05/11/2008|19:20] C:\DOCUME~1\PROPRI~1\APPLIC~1\Microsoft
[10/10/2008|20:41] C:\DOCUME~1\PROPRI~1\APPLIC~1\ProxyCap
[18/05/2008|09:53] C:\DOCUME~1\PROPRI~1\APPLIC~1\SecuROM
[20/11/2008|09:31] C:\DOCUME~1\PROPRI~1\APPLIC~1\Spyware Terminator
[17/05/2008|17:54] C:\DOCUME~1\PROPRI~1\APPLIC~1\Sun
[16/05/2008|11:53] C:\DOCUME~1\PROPRI~1\APPLIC~1\Symantec
[22/11/2008|19:51] C:\DOCUME~1\PROPRI~1\APPLIC~1\teamspeak2
[26/08/2008|14:41] C:\DOCUME~1\PROPRI~1\APPLIC~1\TeamViewer
[16/05/2008|14:51] C:\DOCUME~1\PROPRI~1\APPLIC~1\TuneUp Software
[16/05/2008|11:38] C:\DOCUME~1\PROPRI~1\APPLIC~1\URSoft
[05/10/2008|18:23] C:\DOCUME~1\PROPRI~1\APPLIC~1\Xfire
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[22/11/2008 19:45][--ah-----] C:\WINDOWS\tasks\User_Feed_Synchronization-{B8B52C93-2160-4762-A556-87F5F038AB6C}.job
[23/11/2008 16:36][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
[13/11/2008 18:39][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[22/11/2008 20:17][--a------] C:\WINDOWS\tasks\Maintenance en 1 clic.job
[23/11/2008 14:48][--ah-----] C:\WINDOWS\tasks\SA.DAT
[02/03/2006 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[18/05/2008|16:26] C:\Program Files\Activision
[16/05/2008|15:41] C:\Program Files\Adobe
[16/05/2008|15:22] C:\Program Files\Alcohol Soft
[16/05/2008|11:02] C:\Program Files\Alwil Software
[14/09/2008|14:47] C:\Program Files\Apple Software Update
[05/10/2008|12:45] C:\Program Files\Application PC MTV 3.3
[15/07/2008|10:59] C:\Program Files\Avanquest update
[22/08/2008|11:22] C:\Program Files\AviSynth 2.5
[01/11/2008|12:54] C:\Program Files\Azureus
[13/09/2008|13:03] C:\Program Files\Bonjour
[18/05/2008|15:05] C:\Program Files\CCleaner
[31/12/2005|23:39] C:\Program Files\ComPlus Applications
[11/10/2008|15:46] C:\Program Files\CyberLink
[08/10/2008|15:06] C:\Program Files\DAEMON Tools
[19/05/2008|07:00] C:\Program Files\DaemonTools_WhenUSave_Installer
[17/05/2008|20:09] C:\Program Files\Electronic Arts
[20/11/2008|13:16] C:\Program Files\Enigma Software Group
[16/05/2008|14:59] C:\Program Files\Everest
[21/11/2008|17:25] C:\Program Files\Fichiers communs
[01/01/2006|00:01] C:\Program Files\FOX ONE
[25/06/2008|09:26] C:\Program Files\GOA
[29/10/2008|09:45] C:\Program Files\Google
[01/11/2008|12:09] C:\Program Files\InstallShield Installation Information
[31/12/2005|23:56] C:\Program Files\Intel
[17/05/2008|18:25] C:\Program Files\Interlogic
[04/10/2008|10:26] C:\Program Files\Internet Explorer
[04/10/2008|10:37] C:\Program Files\iPod
[04/10/2008|10:37] C:\Program Files\iTunes
[15/08/2008|09:49] C:\Program Files\Java
[10/11/2008|13:51] C:\Program Files\LimeWire
[01/01/2006|00:02] C:\Program Files\LiveUpdate
[18/05/2008|16:18] C:\Program Files\Logitech
[10/11/2008|12:33] C:\Program Files\ma-config.com
[20/11/2008|09:50] C:\Program Files\Malwarebytes' Anti-Malware
[01/01/2006|00:01] C:\Program Files\Marvell
[19/11/2008|08:11] C:\Program Files\Messenger
[01/09/2008|08:59] C:\Program Files\Messenger Plus! Live
[31/12/2005|23:42] C:\Program Files\microsoft frontpage
[16/05/2008|15:37] C:\Program Files\Microsoft Office
[31/12/2005|23:39] C:\Program Files\Movie Maker
[31/12/2005|23:38] C:\Program Files\MSN
[31/12/2005|23:38] C:\Program Files\MSN Gaming Zone
[18/05/2008|09:43] C:\Program Files\MSXML 4.0
[16/05/2008|15:15] C:\Program Files\Nero
[16/05/2008|11:43] C:\Program Files\NETGEAR
[31/12/2005|23:40] C:\Program Files\NetMeeting
[31/12/2005|23:38] C:\Program Files\Online Services
[16/05/2008|14:54] C:\Program Files\OO Software
[18/05/2008|09:46] C:\Program Files\Outlook Express
[16/05/2008|14:53] C:\Program Files\PhotoFiltre
[18/05/2008|16:07] C:\Program Files\Picasa2
[09/10/2008|16:35] C:\Program Files\Proxy Labs
[13/09/2008|13:02] C:\Program Files\QuickTime
[30/07/2008|21:08] C:\Program Files\Radio Fr Solo
[23/11/2008|14:49] C:\Program Files\RamBoost XP
[31/12/2005|23:59] C:\Program Files\Realtek
[03/07/2008|07:30] C:\Program Files\Red Kawa
[04/10/2008|10:32] C:\Program Files\Safari
[31/12/2005|23:40] C:\Program Files\Services en ligne
[14/06/2008|15:43] C:\Program Files\Sony Ericsson
[17/11/2008|21:30] C:\Program Files\Spybot - Search & Destroy
[20/11/2008|09:31] C:\Program Files\Spyware Terminator
[16/11/2008|15:43] C:\Program Files\Steam
[15/08/2008|09:50] C:\Program Files\Sun
[16/05/2008|11:21] C:\Program Files\SuperCopier2
[16/05/2008|11:53] C:\Program Files\Symantec
[27/05/2008|21:23] C:\Program Files\TeamSpeak 3
[02/07/2008|13:57] C:\Program Files\TmNationsForever
[20/11/2008|09:59] C:\Program Files\Trend Micro
[26/05/2008|19:15] C:\Program Files\TuneUp Utilities 2007
[04/07/2008|12:47] C:\Program Files\Ubisoft
[31/12/2005|23:46] C:\Program Files\Uninstall Information
[20/11/2008|13:54] C:\Program Files\Unlocker
[11/10/2008|15:47] C:\Program Files\VideoLAN
[23/11/2008|15:53] C:\Program Files\WarRock
[19/05/2008|07:15] C:\Program Files\Windows Live
[31/05/2008|15:59] C:\Program Files\Windows Live Favorites
[09/10/2008|16:32] C:\Program Files\Windows Live Safety Center
[31/05/2008|15:59] C:\Program Files\Windows Live Toolbar
[02/07/2008|13:15] C:\Program Files\Windows Media Connect 2
[02/07/2008|13:15] C:\Program Files\Windows Media Player
[31/12/2005|23:38] C:\Program Files\Windows NT
[31/12/2005|23:40] C:\Program Files\WindowsUpdate
[16/05/2008|11:01] C:\Program Files\WinRAR
[31/12/2005|23:42] C:\Program Files\xerox
[05/10/2008|18:18] C:\Program Files\Xfire
[19/11/2008|08:21] C:\Program Files\Your Freedom
[16/05/2008|11:39] C:\Program Files\Your Uninstaller 2008
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[16/05/2008|15:42] C:\Program Files\Fichiers communs\Adobe
[16/05/2008|15:16] C:\Program Files\Fichiers communs\Ahead
[13/09/2008|13:02] C:\Program Files\Fichiers communs\Apple
[16/05/2008|15:37] C:\Program Files\Fichiers communs\DESIGNER
[11/10/2008|15:46] C:\Program Files\Fichiers communs\InstallShield
[17/05/2008|17:53] C:\Program Files\Fichiers communs\Java
[18/05/2008|16:18] C:\Program Files\Fichiers communs\Logishrd
[21/11/2008|22:54] C:\Program Files\Fichiers communs\Microsoft Shared
[31/12/2005|23:40] C:\Program Files\Fichiers communs\MSSoap
[01/01/2006|00:30] C:\Program Files\Fichiers communs\ODBC
[31/12/2005|23:40] C:\Program Files\Fichiers communs\Services
[01/01/2006|00:30] C:\Program Files\Fichiers communs\SpeechEngines
[16/05/2008|11:53] C:\Program Files\Fichiers communs\Symantec Shared
[18/05/2008|09:46] C:\Program Files\Fichiers communs\System
[31/05/2008|15:58] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[16/05/2008|14:51] C:\Program Files\Fichiers communs\Wise Installation Wizard
--------------------\\ Process
( 47 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\PROPRI~1\Cookies\propriétaire@adopt.euroclick[2].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-23 17:13:24
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 41
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:35][D:3]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp
[F:98][D:0]-> C:\DOCUME~1\PROPRI~1\Cookies
[F:7176][D:8]-> C:\DOCUME~1\PROPRI~1\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 23/11/2008|14:55 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 23/11/2008|17:14 - Option : [2]
--------------------\\ Fin du rapport a 17:14:07
tien en meme temps :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:15:33, on 23/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Interlogic\MEMOKEYS\memokeys.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {94F39278-5887-481F-B69B-A17169384FDF} - C:\WINDOWS\system32\atmpvcn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ProxyCap] C:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Memokeys.lnk = C:\Program Files\Interlogic\MEMOKEYS\memokeys.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:15:33, on 23/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Interlogic\MEMOKEYS\memokeys.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {94F39278-5887-481F-B69B-A17169384FDF} - C:\WINDOWS\system32\atmpvcn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ProxyCap] C:\PROGRA~1\PROXYL~1\ProxyCap\ProxyCap.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Memokeys.lnk = C:\Program Files\Interlogic\MEMOKEYS\memokeys.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O10 - Unknown file in Winsock LSP: w2pxdrv.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Tu relances hijackthis comme expliqué pour Fixer les lignes
.Tu fermes tout les programmes ouverts y compris le navigateur. sauf ton anti-virus et pare-feux
.Lances HijackThis
.Cliques sur "Do a system scan only"
.Tu coches les lignes suivantes :
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {94F39278-5887-481F-B69B-A17169384FDF} - C:\WINDOWS\system32\atmpvcn.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
.Tu cliques sur "Fix Checked"
.Tu fermes HijackThis
des expliquations en images : http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
******************************************************************************************
Tu désinstalles les outils utilisés avec Toolscleaner2 lui tu le supprimeras de sur le bureau manuellement ainsi que le rapport généré qui est dans ton disque dur système sous le nom de " TCleaner "
Télécharge toolscleaner sur ton Bureau : http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
. Double-cliques sur ToolsCleaner2 "l'as de carreau" et laisse le travailler
. Cliques sur Recherche et laisse le scan se terminer. attention ça peut parraitre long
. Cliques sur Suppression pour finaliser.
. Tu peux, si tu le souhaites, te servir des Options facultatives.
. Clique sur Quitter, pour que le rapport puisse se créer.
. Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse
*******************************************************************************************
Redémarres le PC et passes Ccleaner avec ces réglages LA
télécharge Ccleaner à partir de cette adresses
.enregistres le sur le bureau
.double-cliques sur le fichier pour lancer l'installation
.sur la fenêtre de l'installation langage bien choisir français et OK
.cliques sur suivant
.lis la licence et j'accepte
.cliques sur suivant
.la tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner
.cliques sur intaller
.cliques sur fermer
.double-cliques sur l'icône de Ccleaner pour l'ouvrir
.une fois ouvert tu cliques sur option et puis avancé
.tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures
.cliques sur nettoyeur
.cliques sur windows et dans la colonne avancé
.cochesla première case vieilles données du perfetch que celle-la ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la
.cliques sur analyse une fois l'analyse terminé
.cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vériffis en appuiant de nouveau sur analyse pour être sur qu'il n'y est plus rien
.cliques maintenant sur registre et puis sur rechercher les erreurs
.laisses tout cochées et cliques sur réparrer les erreurs sélectionnées
.il te demande de sauvegarder OUI
.tu lui donnes un nom pour pouvoir la retrouver et enregistre
.cliques sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
.il supprime et fermer tu vériffis en relancant rechercher les erreurs
.tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
.tu peux fermer Ccleaner
pour aider si besion tutoriel: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
.Tu fermes tout les programmes ouverts y compris le navigateur. sauf ton anti-virus et pare-feux
.Lances HijackThis
.Cliques sur "Do a system scan only"
.Tu coches les lignes suivantes :
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {94F39278-5887-481F-B69B-A17169384FDF} - C:\WINDOWS\system32\atmpvcn.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe (file missing)
.Tu cliques sur "Fix Checked"
.Tu fermes HijackThis
des expliquations en images : http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
******************************************************************************************
Tu désinstalles les outils utilisés avec Toolscleaner2 lui tu le supprimeras de sur le bureau manuellement ainsi que le rapport généré qui est dans ton disque dur système sous le nom de " TCleaner "
Télécharge toolscleaner sur ton Bureau : http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
. Double-cliques sur ToolsCleaner2 "l'as de carreau" et laisse le travailler
. Cliques sur Recherche et laisse le scan se terminer. attention ça peut parraitre long
. Cliques sur Suppression pour finaliser.
. Tu peux, si tu le souhaites, te servir des Options facultatives.
. Clique sur Quitter, pour que le rapport puisse se créer.
. Le rapport (TCleaner.txt) se trouve à la racine de votre disque dur (C:\)...colle le dans ta réponse
*******************************************************************************************
Redémarres le PC et passes Ccleaner avec ces réglages LA
télécharge Ccleaner à partir de cette adresses
.enregistres le sur le bureau
.double-cliques sur le fichier pour lancer l'installation
.sur la fenêtre de l'installation langage bien choisir français et OK
.cliques sur suivant
.lis la licence et j'accepte
.cliques sur suivant
.la tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner
.cliques sur intaller
.cliques sur fermer
.double-cliques sur l'icône de Ccleaner pour l'ouvrir
.une fois ouvert tu cliques sur option et puis avancé
.tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures
.cliques sur nettoyeur
.cliques sur windows et dans la colonne avancé
.cochesla première case vieilles données du perfetch que celle-la ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la
.cliques sur analyse une fois l'analyse terminé
.cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vériffis en appuiant de nouveau sur analyse pour être sur qu'il n'y est plus rien
.cliques maintenant sur registre et puis sur rechercher les erreurs
.laisses tout cochées et cliques sur réparrer les erreurs sélectionnées
.il te demande de sauvegarder OUI
.tu lui donnes un nom pour pouvoir la retrouver et enregistre
.cliques sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
.il supprime et fermer tu vériffis en relancant rechercher les erreurs
.tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
.tu peux fermer Ccleaner
pour aider si besion tutoriel: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
[ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]
-->- Recherche:
C:\lopR.txt: trouvé !
C:\Combofix: trouvé !
C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
Fichiers temporaires nettoyés !
Corbeille vidée!
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\lopR.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Combofix: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
je fais ccleaner la
-->- Recherche:
C:\lopR.txt: trouvé !
C:\Combofix: trouvé !
C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
Fichiers temporaires nettoyés !
Corbeille vidée!
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\lopR.txt: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Combofix: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
je fais ccleaner la
ok c'est bien normalement ton pc doit mieux aller tu feras la mise à jour pour adobe désinstalles adobe reader car pas à jour et telecharges et installes cette version : http://www.commentcamarche.net/telecharger/telechargement 27 acrobat reader
fais une analyse de vulnérabilité pour voir si tu n'aurais pas d'autre mises à jour à faire que nous n'avons pas vu sur hijackthis : https://www.malekal.com/tester-la-vulnerabilite-de-son-systeme-2/
et si plus de problème tu met ton sujet en résolu et puis tu purge la restauration système
Supprimer les anciens points de restauration pour supprimer ce qui peut être dedans C:\System Volume Information\_restore
(1) Désactiver la Restauration du système
cliques sur Démarrer
Cliques droit sur Poste de travail
cliques sur Propriétés
Cliques sur l'onglet Restauration du système
Coches Désactiver la Restauration du système sur tous les lecteurs
Cliques sur Appliquer, Lorsque le message de confirmation apparaît,
cliques sur Oui.
Cliques sur OK.
(2) Activer la Restauration du système
cliques sur Démarrer
Cliques droit sur Poste de travail
cliques sur Propriétés
Cliques sur l'onglet Restauration du système
Décoches Désactiver la Restauration du système sur tous les lecteurs
Cliques sur Appliquer, Lorsque le message de confirmation apparaît,
cliques sur Oui.
Cliques sur OK.
fais une analyse de vulnérabilité pour voir si tu n'aurais pas d'autre mises à jour à faire que nous n'avons pas vu sur hijackthis : https://www.malekal.com/tester-la-vulnerabilite-de-son-systeme-2/
et si plus de problème tu met ton sujet en résolu et puis tu purge la restauration système
Supprimer les anciens points de restauration pour supprimer ce qui peut être dedans C:\System Volume Information\_restore
(1) Désactiver la Restauration du système
cliques sur Démarrer
Cliques droit sur Poste de travail
cliques sur Propriétés
Cliques sur l'onglet Restauration du système
Coches Désactiver la Restauration du système sur tous les lecteurs
Cliques sur Appliquer, Lorsque le message de confirmation apparaît,
cliques sur Oui.
Cliques sur OK.
(2) Activer la Restauration du système
cliques sur Démarrer
Cliques droit sur Poste de travail
cliques sur Propriétés
Cliques sur l'onglet Restauration du système
Décoches Désactiver la Restauration du système sur tous les lecteurs
Cliques sur Appliquer, Lorsque le message de confirmation apparaît,
cliques sur Oui.
Cliques sur OK.
regarde avec malwarebyte je trouve ceci :
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1412
Windows 5.1.2600 Service Pack 2
24/11/2008 07:20:55
mbam-log-2008-11-24 (07-20-55).txt
Type de recherche: Examen rapide
Eléments examinés: 50269
Temps écoulé: 3 minute(s), 4 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94f39278-5887-481f-b69b-a17169384fdf} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{94f39278-5887-481f-b69b-a17169384fdf} (Trojan.BHO.H) -> Delete on reboot.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\atmpvcn.dll (Trojan.BHO.H) -> Delete on reboot.
Ces 4 la je les trouve toujours :
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1412
Windows 5.1.2600 Service Pack 2
24/11/2008 07:20:55
mbam-log-2008-11-24 (07-20-55).txt
Type de recherche: Examen rapide
Eléments examinés: 50269
Temps écoulé: 3 minute(s), 4 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94f39278-5887-481f-b69b-a17169384fdf} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{94f39278-5887-481f-b69b-a17169384fdf} (Trojan.BHO.H) -> Delete on reboot.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\atmpvcn.dll (Trojan.BHO.H) -> Delete on reboot.
Ces 4 la je les trouve toujours :
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.
bonjour, oui j'ais vu C:\WINDOWS\system32\atmpvcn.dll (Trojan.BHO.H) -> Delete on reboot.
il l'avais enlevé dans dans le dernier rapport et puis on la vireé avec otmoveit3 et il est en core la perso je séche je vais voir si je trouve de l'aide chez plus compétant
il l'avais enlevé dans dans le dernier rapport et puis on la vireé avec otmoveit3 et il est en core la perso je séche je vais voir si je trouve de l'aide chez plus compétant
re j'ai demandé à lyonnais92 de regarder le problème mais si tu pouvais me mettre un rapport Diagelp pour voir si il n'y aurais pas un truc de lié avec , Merci
- Télécharge DiagHelp.zip sur ton bureau - Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php
- Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier chercher va être créé DiagHelp
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
- Une fenêtre va s'ouvrir, choisis l'option 1
- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.
ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !
- A la fin de l'analyse, il peut-être (pas obligatoire) demandé de redemanderl'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
-- A nouveau menu Edition / copier
-- Dans un nouveau message ici, faire un clic droit / coller
- Télécharge DiagHelp.zip sur ton bureau - Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php
- Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier chercher va être créé DiagHelp
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
- Une fenêtre va s'ouvrir, choisis l'option 1
- L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.
ATTENTION : pendant l'analyse, après le rapport catchme, il te sera demandé d'appuyer sur une touche afin de poursuivre le scan, suis bien les instructions à l'écran !
- A la fin de l'analyse, il peut-être (pas obligatoire) demandé de redemanderl'ordinateur... Une fois l'ordinateur redémarré le rapport va apparaître sur le bloc-note.. Ce dernier se trouve sur C:\resultat.txt
- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
-- A nouveau menu Edition / copier
-- Dans un nouveau message ici, faire un clic droit / coller
Voila ;)
DiagHelp version v1.4 - http://www.malekal.com
excute le 24/11/2008 à 20:22:56,29
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->24/11/2008 20:22:52
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->24/11/2008 20:22:33
C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->24/11/2008 20:22:05
C:\WINDOWS\prefetch\QTTASK.EXE-342507FB.pf -->24/11/2008 20:21:13
C:\WINDOWS\prefetch\WLLOGINPROXY.EXE-2D4B6027.pf -->24/11/2008 20:20:35
C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->24/11/2008 20:20:30
C:\WINDOWS\prefetch\REGISTRYCLEANER.EXE-0BAC2A6C.pf -->24/11/2008 20:15:13
C:\WINDOWS\prefetch\SYSTEMOPTIMIZER.EXE-393C20C0.pf -->24/11/2008 20:15:10
C:\WINDOWS\prefetch\GOOGLEUPDATERSERVICE.EXE-3AB369BE.pf -->24/11/2008 20:06:56
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->24/11/2008 20:03:10
C:\WINDOWS\System32\drivers\mrxsmb.sys -->24/10/2008 12:10:42
C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->22/10/2008 16:10:38
C:\WINDOWS\System32\drivers\mbam.sys -->22/10/2008 16:10:22
C:\WINDOWS\System32\drivers\PnkBstrK.sys -->22/10/2008 12:23:20
C:\WINDOWS\System32\drivers\sp_rsdrv2.sys -->08/10/2008 14:40:47
C:\WINDOWS\System32\drivers\usbaapl.sys -->01/10/2008 12:01:28
C:\WINDOWS\System32\drivers\srv.sys -->28/08/2008 11:04:17
C:\WINDOWS\System32\nvapps.xml -->24/11/2008 07:24:15
C:\WINDOWS\System32\oodbs.lor -->24/11/2008 07:23:48
C:\WINDOWS\System32\FNTCACHE.DAT -->24/11/2008 07:02:58
C:\WINDOWS\System32\CF24431.exe -->23/11/2008 18:17:27
C:\WINDOWS\System32\zllictbl.dat -->20/11/2008 11:38:29
C:\WINDOWS\System32\wpa.dbl -->19/11/2008 16:12:29
C:\WINDOWS\System32\tmp.txt -->19/11/2008 15:44:08
C:\WINDOWS\System32\tmp.reg -->19/11/2008 15:44:08
C:\WINDOWS\System32\TZLog.log -->19/11/2008 08:09:35
C:\WINDOWS\System32\MRT.exe -->03/11/2008 16:10:26
C:\WINDOWS\System32\PerfStringBackup.INI -->26/10/2008 07:29:01
C:\WINDOWS\System32\perfh00C.dat -->26/10/2008 07:29:01
C:\WINDOWS\System32\perfh009.dat -->26/10/2008 07:29:01
C:\WINDOWS\System32\perfc00C.dat -->26/10/2008 07:29:01
C:\WINDOWS\System32\perfc009.dat -->26/10/2008 07:29:01
C:\WINDOWS\System32\PnkBstrB.exe -->22/10/2008 12:23:13
C:\WINDOWS\System32\wuweb.dll -->16/10/2008 14:13:40
C:\WINDOWS\System32\wuaueng.dll -->16/10/2008 14:13:40
C:\WINDOWS\System32\wucltui.dll -->16/10/2008 14:12:22
C:\WINDOWS\System32\wuaucpl.cpl -->16/10/2008 14:12:20
C:\WINDOWS\System32\wuapi.dll -->16/10/2008 14:12:20
C:\WINDOWS\System32\wups2.dll -->16/10/2008 14:09:44
C:\WINDOWS\System32\wucltui.dll.mui -->16/10/2008 14:09:44
C:\WINDOWS\System32\wuauclt.exe -->16/10/2008 14:09:44
C:\WINDOWS\System32\cdm.dll -->16/10/2008 14:09:44
C:\WINDOWS\WindowsUpdate.log -->24/11/2008 20:03:02
C:\WINDOWS\0.log -->24/11/2008 07:23:59
C:\WINDOWS\bootstat.dat -->24/11/2008 07:23:57
C:\WINDOWS\SchedLgU.Txt -->24/11/2008 07:22:45
C:\WINDOWS\system.ini -->21/11/2008 17:27:49
C:\WINDOWS\NeroDigital.ini -->20/11/2008 12:34:26
C:\WINDOWS\PhotoSnapViewer.INI -->26/08/2008 14:29:35
C:\WINDOWS\win.ini -->28/07/2008 20:48:05
C:\WINDOWS\Radio_Fr.ini -->11/06/2008 20:56:10
C:\WINDOWS\game.ini -->18/05/2008 19:27:25
C:\WINDOWS\bwUnin-8.1.1.87-8876480SL.exe -->18/05/2008 16:12:07
C:\WINDOWS\ODBC.INI -->16/05/2008 15:38:07
C:\WINDOWS\WMSysPr9.prx -->16/05/2008 15:15:34
C:\WINDOWS\oodcnt.INI -->16/05/2008 14:55:08
C:\WINDOWS\KHALMNPR.Exe -->29/02/2008 02:12:38
winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
explorer.exe pid: 1892
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x63000000 0xdc000 8.00.6001.18241 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x1a400000 0x12b000 8.00.6001.18241 C:\WINDOWS\system32\urlmon.dll
0x5dca0000 0x1b5000 8.00.6001.18241 C:\WINDOWS\system32\iertutil.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x10000000 0x21000 8.00.0001.0011 C:\Program Files\iTunes\iTunesMiniPlayer.dll
0x01100000 0xe000 8.00.0001.0002 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
0x01130000 0x23000 8.00.0001.0011 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
0x13420000 0x1a000 11.00.5721.5145 C:\PROGRA~1\WINDOW~2\wmpband.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x017d0000 0xb72000 8.00.6001.18241 C:\WINDOWS\system32\ieframe.dll
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x026b0000 0x3d000 8.00.6001.18241 C:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x01700000 0x19000 2.00.0000.0016 C:\Program Files\SuperCopier2\SC2Hook.dll
0x10100000 0xe000 4.60.0122.0000 C:\Program Files\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
0x10d00000 0xf000 4.60.0122.0000 C:\Program Files\Logitech\SetPoint\GameHook.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x00d40000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x00c60000 0xf000 C:\Program Files\Interlogic\MEMOKEYS\ITCKBD.DLL
0x03c70000 0x188000 1.06.0002.0014 C:\PROGRA~1\SPYBOT~1\SDHelper.dll
0x016a0000 0xa000 8.00.6001.18241 C:\WINDOWS\system32\jsproxy.dll
0x03230000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x00e20000 0x9000 2.00.0000.0004 C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll
0x05090000 0x1e2000 2.10.0001.0001 C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero CoverDesigner\MFC71.DLL
0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Nero\Nero 7\Nero CoverDesigner\MSVCR71.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero CoverDesigner\MSVCP71.dll
0x4eb80000 0x1a6000 5.01.3102.3352 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\gdiplus.dll
0x74da0000 0x6c000 5.30.0023.1228 C:\WINDOWS\system32\RICHED20.dll
0x03410000 0x19000 2.10.0003.0002 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
0x042c0000 0x102000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL
0x012a0000 0x6000 C:\Program Files\Unlocker\UnlockerCOM.dll
0x036d0000 0x2e000 1.01.0000.0015 C:\Program Files\Spyware Terminator\sptcontmenu.dll
0x03aa0000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x64f00000 0x12000 4.08.1227.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
0x055f0000 0x1b9000 2.00.0000.0008 C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll
0x05380000 0x5b000 9.00.0000.0332 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
0x05930000 0x4c000 9.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
winlogon.exe pid: 784
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x10000000 0x12000 4.60.0122.0000 c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
0x011c0000 0x24000 4.60.0122.0000 c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C05-D6F6
Répertoire de C:\WINDOWS\system
17/12/2003 14:30 4 672 WOWPOST.EXE
1 fichier(s) 4 672 octets
0 Rép(s) 29 885 550 592 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C05-D6F6
Répertoire de C:\WINDOWS\system32
02/03/2006 13:00 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 29 885 550 592 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C05-D6F6
Répertoire de C:\WINDOWS\Downloaded Program Files
20/11/2008 16:42 <REP> .
20/11/2008 16:42 <REP> ..
07/12/2004 17:07 32 bdcore.dll
25/05/2006 01:21 118 784 bdupd.dll
31/12/2005 23:40 65 desktop.ini
24/03/2008 18:33 1 527 056 FP_AX_CAB_INSTALLER.exe
28/09/2007 04:41 381 960 GAME_UNO1.dll
17/01/2007 15:44 316 GAME_UNO1.INF
14/05/2008 13:58 1 570 hardwaredetection.inf
25/05/2006 01:21 53 248 ipsupd.dll
02/04/2008 14:18 1 060 jinstall-6u5.inf
16/03/2005 12:34 7 407 lang.ini
07/12/2004 17:07 32 libfn.dll
13/02/2008 17:55 130 live.ini
22/02/2007 23:41 304 544 MessengerStatsPAClient.dll
29/10/2007 16:45 1 244 oscan8.inf
25/10/2007 16:54 471 040 oscan8.ocx
14/03/2005 14:58 7 073 scanoptions.tsi
24/03/2008 18:18 247 swflash.inf
17 fichier(s) 2 875 808 octets
Total des fichiers listés :
17 fichier(s) 2 875 808 octets
2 Rép(s) 29 885 550 592 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\WarRock\\System\\WarRock.exe"="C:\\Program Files\\WarRock\\System\\WarRock.exe:*:Enabled:WarRock"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\TmNationsForever\\TmForever.exe"="C:\\Program Files\\TmNationsForever\\TmForever.exe:*:Enabled:TmForever"
"C:\\Documents and Settings\\Propriétaire\\temp\\TeamViewer3\\TeamViewer.exe"="C:\\Documents and Settings\\Propriétaire\\temp\\TeamViewer3\\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\\Nexon\\Combat Arms\\CombatArms.exe"="C:\\Nexon\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\\Nexon\\Combat Arms\\Engine.exe"="C:\\Nexon\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Nexon\\Combat Arms\\NMService.exe"="C:\\Nexon\\Combat Arms\\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\\Nexon\\Combat Arms EU\\CombatArms.exe"="C:\\Nexon\\Combat Arms EU\\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\\Nexon\\Combat Arms EU\\Engine.exe"="C:\\Nexon\\Combat Arms EU\\Engine.exe:*Enabled:Engine.exe"
"C:\\Nexon\\Combat Arms EU\\NMService.exe"="C:\\Nexon\\Combat Arms EU\\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Nexon\\Combat Arms\\CombatArms.exe"="C:\\Nexon\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\\Nexon\\Combat Arms\\Engine.exe"="C:\\Nexon\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"
"C:\\Nexon\\Combat Arms EU\\CombatArms.exe"="C:\\Nexon\\Combat Arms EU\\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\\Nexon\\Combat Arms EU\\Engine.exe"="C:\\Nexon\\Combat Arms EU\\Engine.exe:*Enabled:Engine.exe"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableRegistryTools"=dword:00000000
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"HideStartupScripts"=dword:00000000
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 20:24:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ed,4c,7b,5f,a6,1e,64,c6,33,7f,6b,6f,a1,25,63,34,38,40,07,6b,d7,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d2,00,83,77,eb,45,5a,d9,66,dd,f6,6d,12,84,a8,49,64,..
"khjeh"=hex:af,8c,c7,64,0d,31,8f,04,19,ea,69,a5,31,a3,51,41,e9,cb,23,c2,8c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a6,6c,7b,35,f1,a0,77,6b,a2,ba,72,c4,9a,45,5f,b0,83,51,a6,22,7e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:18,68,a1,92,b7,23,f4,af,ce,ff,fa,3d,3a,3f,09,d5,5a,4c,10,08,e4,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:79,9f,24,78,7c,20,c2,94,8d,90,f5,22,53,f4,18,30,19,7d,e9,35,6b,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:ae,43,92,3c,9e,67,d3,83,8f,b9,3b,9f,25,be,b1,7e,04,71,36,4c,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ed,4c,7b,5f,a6,1e,64,c6,33,7f,6b,6f,a1,25,63,34,38,40,07,6b,d7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d2,00,83,77,eb,45,5a,d9,66,dd,f6,6d,12,84,a8,49,64,..
"khjeh"=hex:af,8c,c7,64,0d,31,8f,04,19,ea,69,a5,31,a3,51,41,e9,cb,23,c2,8c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a6,6c,7b,35,f1,a0,77,6b,a2,ba,72,c4,9a,45,5f,b0,83,51,a6,22,7e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:18,68,a1,92,b7,23,f4,af,ce,ff,fa,3d,3a,3f,09,d5,5a,4c,10,08,e4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:79,9f,24,78,7c,20,c2,94,8d,90,f5,22,53,f4,18,30,19,7d,e9,35,6b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:ae,43,92,3c,9e,67,d3,83,8f,b9,3b,9f,25,be,b1,7e,04,71,36,4c,06,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG10.00.00.01WORKSTATION"="0F342C93244A920900611BF6A58E87FD4823D1895039F31DAD4BE6D23C11DE45C218CB97CA4997C458573D81453816C6BF311053BD1E25CA566BBD26CFF9DFB0EAD1CCBD2172FCD26B1A05EDC0CAECB1676FF28A4AEA452C6073BB69E2F2FDCBE4664375FB64FC208BD02253F359F324A9C4650FF5440A41E7AAA766B753DC51249F729004C748BE9F65F3AB8A7986AC80DD862791531CB01F9E7D4AE8719020AE8B524735C47FE7248412D70845F5F8FCA8A87945419742CB9E6DA7DF2CA3B89E798F3162083C75A7A1C41B415D85DE435751938BBF8EE247BE5A725EE215C022FE0BCDADC487FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CA2D97226D213B555A6171C11EC38DE3D7E37A77E59667152929EF143A329FD011C9A38397AACA03166D4D0DD66F0196E6DF7E2D2428A2FB62750FB0CCCF1DE08DE3B46BF4F9489391EEA45A94BC0BBA9A8F19F223F6188BA05298402FCFE6D221B5A1457029EC87E5A47E3E774E8DF4AF3F5890820A0F515AACE37BD89EB73112914EEB693ED9AEF6A9D3F0BAB2E528D3A6810D21454F36FB9FB858A2FA8BD8D8196E7C6E776BD7242AEA73A9EADDFA48544E907315C04E6797FA5E98AFB1D40C4A656A54483F2DB795535CE5BD3DFB388958CDC71EDA98E51BB90101E7D6A4AB51AD425D632037ACC7CC3585863A75519FDB4BE318E6D6C50268366511B7B3EBADCBF492CF4378E1D247299EBF49215ADB2E3CC329B5D7A284A7E076E14B0225F6DBBCDBA10DECA6B62A30854F20174657C5DDA1A4489A530444745A27DEAF152E0AB9ED79FCCD661DDFECE311B57E800BAA8EE738C0652DFC7E6A480408E9CE4DC3DDC3E0F56CFCB53EECB0780FBDAE1DB134529CBEB54D79BABDD7F9A0785111D5C5F8F21D7C51893A3923D8ADBA795E6ABCE0E2FD8765719A55CF91BC0036FF03BAF4E6BAE3CDC82906A22F3E4A0C6F4472D58346BF6462E29412DA72FDFBF3C520A61D8BD2BD0176BCA65C98C09C6337D381F30C808ADDED1623DF8455CE4F558E194A5EC7E4E602FE49AF1C91D8A62ABFC624B1BCEBABF7A462E1CFE29E4284D5B1765A517587C9C1ABAA097862AD871B901FE0E66C07B452AECF159F0EB7373CF7C7B564990203681A36175E8E37E32E1C29ED15C355117FE46ADD5CA480BD14D3DA372DABF13C265929268D797D1169D50CA1CB1329219696CD9F8C86C36309532E9F00A51B34E442E68F7DC4B620AC6367C24DD7425B9427752CE6C71509D1E9CB24B06556FA651FEE8AEF4A6583E70E60028CA5F04A71460C8E2AC0F486D8FA031007300CC60F0EF6E1D11766AA75AB6F468D5F7BED9A10641C8F5A52035C843EF14E82963524052A756172DE77BFDDFCD29D1E7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Process list by traversal of KiWaitListHead
380 - SpywareTerminat
528 - PnkBstrA.exe
724 - sp_rsser.exe
760 - csrss.exe
784 - winlogon.exe
828 - services.exe
840 - lsass.exe
1008 - svchost.exe
1028 - AppleMobileDevi
1080 - svchost.exe
1128 - mDNSResponder.e
1176 - svchost.exe
1216 - svchost.exe
1320 - svchost.exe
1428 - nvsvc32.exe
1692 - ashServ.exe
1752 - oodag.exe
1800 - TeamSpeak 3.exe
1836 - RTHDCPL.exe
1844 - oodtray.exe
1888 - ctfmon.exe
1892 - explorer.exe
2060 - SEPCSuite.exe
2072 - GoogleToolbarNo
2276 - rambxpfr.exe
2324 - ashMaiSv.exe
2380 - ashWebSv.exe
2768 - alg.exe
2892 - LogitechDesktop
3104 - memokeys.exe
3632 - cmd.exe
3708 - iexplore.exe
3880 - iexplore.exe
Total number of processes = 33
NOTE: Under WinXP, this will not show all processes.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Driver/Module list by traversal of PsLoadedModuleList
804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806E2000 - \WINDOWS\system32\hal.dll
BADA8000 - \WINDOWS\system32\KDCOM.DLL
BACB8000 - \WINDOWS\system32\BOOTVID.dll
BA8A8000 - ooolwvnt.sys
BA6BF000 - sptd.sys
BADAA000 - \WINDOWS\System32\Drivers\WMILIB.SYS
BA6A7000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
BA67F000 - a347bus.sys
BA650000 - ACPI.sys
BA63F000 - pci.sys
BA8B8000 - ohci1394.sys
BA8C8000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS
BA8D8000 - isapnp.sys
BAB28000 - jyziijib.sys
BAE70000 - pciide.sys
BAB30000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
BA8E8000 - MountMgr.sys
BA620000 - ftdisk.sys
BAB38000 - PartMgr.sys
BA8F8000 - VolSnap.sys
BA608000 -
BA908000 - disk.sys
BA918000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
BA5E8000 - fltMgr.sys
BA5D6000 - sr.sys
BA928000 - PxHelp20.sys
BA5BF000 - KSecDD.sys
BA5AC000 - WudfPf.sys
BA51F000 - Ntfs.sys
BA4F2000 - NDIS.sys
BA4D7000 - Mup.sys
BA9B8000 - \SystemRoot\system32\DRIVERS\intelppm.sys
B9D7F000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys
B9D6B000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
BABA8000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
B9D48000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
BABB0000 - \SystemRoot\system32\DRIVERS\usbehci.sys
B9D23000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys
BA9C8000 - \SystemRoot\system32\DRIVERS\imapi.sys
BA9D8000 - \SystemRoot\system32\DRIVERS\cdrom.sys
BA9E8000 - \SystemRoot\system32\DRIVERS\redbook.sys
B9D00000 - \SystemRoot\system32\DRIVERS\ks.sys
BAD90000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys
B9CC4000 - \SystemRoot\system32\DRIVERS\yk51x86.sys
BABB8000 - \SystemRoot\system32\DRIVERS\fdc.sys
B9CB3000 - \SystemRoot\system32\DRIVERS\serial.sys
BAD98000 - \SystemRoot\system32\DRIVERS\serenum.sys
BABC0000 - \SystemRoot\system32\DRIVERS\irsir.sys
BAD9C000 - \SystemRoot\system32\DRIVERS\irenum.sys
B9C9F000 - \SystemRoot\system32\DRIVERS\parport.sys
BA9F8000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
BADA4000 - \SystemRoot\system32\DRIVERS\L8042Kbd.sys
BABD0000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
B9C39000 - \SystemRoot\System32\Drivers\acju2181.SYS
BAF1C000 - \SystemRoot\system32\DRIVERS\audstub.sys
BAC30000 - \SystemRoot\system32\DRIVERS\rasirda.sys
BAC38000 - \SystemRoot\system32\DRIVERS\TDI.SYS
BAA08000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
BA47F000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
B9C22000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
BAA18000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
BAA28000 - \SystemRoot\system32\DRIVERS\raspptp.sys
B9C11000 - \SystemRoot\system32\DRIVERS\psched.sys
BAA38000 - \SystemRoot\system32\DRIVERS\msgpc.sys
BAC40000 - \SystemRoot\system32\DRIVERS\ptilink.sys
BAC48000 - \SystemRoot\system32\DRIVERS\raspti.sys
BAA48000 - \SystemRoot\system32\DRIVERS\termdd.sys
BAC50000 - \SystemRoot\system32\DRIVERS\mouclass.sys
BADBE000 - \SystemRoot\system32\DRIVERS\swenum.sys
B9B18000 - \SystemRoot\system32\DRIVERS\update.sys
BA477000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
BAA58000 - \SystemRoot\System32\Drivers\NDProxy.SYS
BAA78000 - \SystemRoot\system32\DRIVERS\usbhub.sys
BADC0000 - \SystemRoot\system32\DRIVERS\USBD.SYS
B7592000 - \SystemRoot\system32\drivers\RtkHDAud.sys
B7570000 - \SystemRoot\system32\drivers\portcls.sys
BAA88000 - \SystemRoot\system32\drivers\drmk.sys
BAC68000 - \SystemRoot\system32\DRIVERS\flpydisk.sys
BADC4000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
BAF69000 - \SystemRoot\System32\Drivers\Null.SYS
BADC6000 - \SystemRoot\System32\Drivers\Beep.SYS
BAC78000 - \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
BAC80000 - \SystemRoot\System32\drivers\vga.sys
BADC8000 - \SystemRoot\System32\Drivers\mnmdd.SYS
BADCA000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
BAC88000 - \SystemRoot\System32\Drivers\Msfs.SYS
BAC90000 - \SystemRoot\System32\Drivers\Npfs.SYS
BA49B000 - \SystemRoot\system32\DRIVERS\rasacd.sys
B7515000 - \SystemRoot\system32\DRIVERS\ipsec.sys
B74BD000 - \SystemRoot\system32\DRIVERS\tcpip.sys
BAAA8000 - \SystemRoot\System32\Drivers\aswTdi.SYS
B749C000 - \SystemRoot\system32\DRIVERS\ipnat.sys
B7474000 - \SystemRoot\system32\DRIVERS\netbt.sys
BAAB8000 - \SystemRoot\system32\DRIVERS\wanarp.sys
B9B0C000 - \SystemRoot\System32\drivers\ws2ifsl.sys
B742A000 - \SystemRoot\System32\drivers\afd.sys
BAAC8000 - \SystemRoot\system32\DRIVERS\netbios.sys
B7407000 - \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
B73DC000 - \SystemRoot\system32\DRIVERS\rdbss.sys
BAF85000 - \SystemRoot\System32\Drivers\PQNTDrv.SYS
B736D000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
BAAD8000 - \SystemRoot\System32\Drivers\Fips.SYS
B7356000 - \SystemRoot\System32\Drivers\aswSP.SYS
BACA0000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
BACB0000 - \SystemRoot\system32\DRIVERS\usbccgp.sys
B9AF4000 - \SystemRoot\system32\DRIVERS\hidusb.sys
BAAF8000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
BAB48000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
BAB88000 - \SystemRoot\system32\DRIVERS\LHidFilt.Sys
BAB08000 - \SystemRoot\system32\DRIVERS\WDFLDR.SYS
B71EB000 - \SystemRoot\system32\DRIVERS\Wdf01000.sys
B9AF0000 - \SystemRoot\system32\DRIVERS\mouhid.sys
BAB98000 - \SystemRoot\system32\DRIVERS\LMouFilt.Sys
B71DA000 - \SystemRoot\System32\Drivers\Udfs.SYS
B71C2000 - \SystemRoot\System32\Drivers\dump_atapi.sys
BADD6000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
B79D4000 - \SystemRoot\System32\drivers\Dxapi.sys
BABC8000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
BAFA7000 - \SystemRoot\System32\drivers\dxgthk.sys
BABF0000 - \SystemRoot\system32\DRIVERS\aswFsBlk.sys
B6DF4000 - \SystemRoot\system32\DRIVERS\irda.sys
B6E9A000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
B6C26000 - \SystemRoot\System32\Drivers\aswMon2.SYS
B6A59000 - \SystemRoot\system32\drivers\wdmaud.sys
B6D4C000 - \SystemRoot\system32\drivers\sysaudio.sys
B6825000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
BAE62000 - \SystemRoot\System32\Drivers\ParVdm.SYS
B6BA6000 - \SystemRoot\System32\Drivers\Aspi32.SYS
B66BB000 - \SystemRoot\system32\DRIVERS\srv.sys
B66AB000 - \SystemRoot\System32\Drivers\Cdfs.SYS
BAF88000 - \??\C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\mc21.tmp
B6413000 - \SystemRoot\System32\Drivers\aswRdr.SYS
BF9D5000 - \SystemRoot\System32\nv4_disp.dll
B164A000 - \SystemRoot\system32\drivers\kmixer.sys
BAE28000 - \SystemRoot\system32\drivers\splitter.sys
BAF86000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys
Total number of drivers = 139
Liste des programmes installes
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 9 - Français
Apple Mobile Device Support
Apple Software Update
Application PC MTV 3.3 V1.8.24
Archiveur WinRAR
Assistant de connexion Windows Live
Avanquest update
avast! Antivirus
Bonjour
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM)
CCleaner (remove only)
CDDRV_Installer
Combat Arms
Combat Arms EU
Commande ECHO désactivée.
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows Internet Explorer 7 (KB947864)
Crysis(R)
Extension de Windows Live Toolbar (Windows Live Toolbar)
Far Cry (Patch 1.3)
Far Cry (Patch 1.31)
Far Cry (Patch 1.32)
Far Cry (Patch 1.33)
FOX ONE
Fraps (remove only)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Insurgency: Modern Infantry Combat
iTunes
Java(TM) 6 Update 5
Java(TM) 6 Update 7
KhalInstallWrapper
Lecteur Windows Media 11
LimeWire 4.18.8
LiveReg (Symantec Corporation)
LiveUpdate
LiveUpdate 1.80 (Symantec Corporation)
Logitech Desktop Messenger
Logitech SetPoint
Ma-Config.com
Malwarebytes' Anti-Malware
Marvell Miniport Driver
MEMOKEYS 1.9
Menus intelligents (Windows Live Toolbar)
Messenger Plus! Live
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour pour Windows XP (KB911164)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero 7 Ultra Edition
neroxml
Norton Ghost
Norton PartitionMagic
Norton PartitionMagic 8.0
NVIDIA Drivers
O&O Defrag Professional Edition
OpenOffice.org Installer 1.0
PhotoFiltre
Picasa 2
ProxyCap
QuickTime
Radio Fr Solo 1.8
RamBoost XP 4.0.6
Realtek High Definition Audio Driver
Safari
Sony Ericsson PC Suite 3.209.00
Spybot - Search & Destroy
Spyware Terminator
Steam
SuperCopier2
Surligneur (Windows Live Toolbar)
TeamSpeak 3
TmNationsForever
TuneUp Utilities 2007
Unlocker 1.8.7
Videora iPod Converter 3.07
Vuze
WarRock
WebFldrs XP
Windows Internet Explorer 8 Beta 2
Windows Live Favorites pour Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Toolbar
Windows Live Toolbar
Windows Media Format 11 runtime
Xfire (remove only)
Your Freedom
Your Uninstaller! 2008 Version 6.0
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C05-D6F6
Répertoire de C:\Program Files
24/11/2008 07:11 <REP> .
24/11/2008 07:11 <REP> ..
18/05/2008 16:26 <REP> Activision
24/11/2008 07:11 <REP> Adobe
16/05/2008 15:22 <REP> Alcohol Soft
16/05/2008 11:02 <REP> Alwil Software
14/09/2008 14:47 <REP> Apple Software Update
05/10/2008 12:45 <REP> Application PC MTV 3.3
15/07/2008 10:59 <REP> Avanquest update
22/08/2008 11:22 <REP> AviSynth 2.5
01/11/2008 12:54 <REP> Azureus
13/09/2008 13:03 <REP> Bonjour
18/05/2008 15:05 <REP> CCleaner
31/12/2005 23:39 <REP> ComPlus Applications
11/10/2008 15:46 <REP> CyberLink
08/10/2008 15:06 <REP> DAEMON Tools
19/05/2008 07:00 <REP> DaemonTools_WhenUSave_Installer
17/05/2008 20:09 <REP> Electronic Arts
20/11/2008 13:16 <REP> Enigma Software Group
16/05/2008 14:59 <REP> Everest
24/11/2008 07:11 <REP> Fichiers communs
01/01/2006 00:01 <REP> FOX ONE
25/06/2008 09:26 <REP> GOA
29/10/2008 09:45 <REP> Google
31/12/2005 23:56 <REP> Intel
17/05/2008 18:25 <REP> Interlogic
04/10/2008 10:26 <REP> Internet Explorer
04/10/2008 10:37 <REP> iPod
04/10/2008 10:37 <REP> iTunes
15/08/2008 09:49 <REP> Java
10/11/2008 13:51 <REP> LimeWire
01/01/2006 00:02 <REP> LiveUpdate
18/05/2008 16:18 <REP> Logitech
10/11/2008 12:33 <REP> ma-config.com
20/11/2008 09:50 <REP> Malwarebytes' Anti-Malware
01/01/2006 00:01 <REP> Marvell
19/11/2008 08:11 <REP> Messenger
01/09/2008 08:59 <REP> Messenger Plus! Live
31/12/2005 23:42 <REP> microsoft frontpage
16/05/2008 15:37 <REP> Microsoft Office
31/12/2005 23:39 <REP> Movie Maker
31/12/2005 23:38 <REP> MSN
31/12/2005 23:38 <REP> MSN Gaming Zone
18/05/2008 09:43 <REP> MSXML 4.0
16/05/2008 15:15 <REP> Nero
16/05/2008 11:43 <REP> NETGEAR
31/12/2005 23:40 <REP> NetMeeting
31/12/2005 23:38 <REP> Online Services
16/05/2008 14:54 <REP> OO Software
18/05/2008 09:46 <REP> Outlook Express
16/05/2008 14:53 <REP> PhotoFiltre
18/05/2008 16:07 <REP> Picasa2
09/10/2008 16:35 <REP> Proxy Labs
13/09/2008 13:02 <REP> QuickTime
30/07/2008 21:08 <REP> Radio Fr Solo
24/11/2008 07:24 <REP> RamBoost XP
31/12/2005 23:59 <REP> Realtek
03/07/2008 07:30 <REP> Red Kawa
04/10/2008 10:32 <REP> Safari
31/12/2005 23:40 <REP> Services en ligne
14/06/2008 15:43 <REP> Sony Ericsson
17/11/2008 21:30 <REP> Spybot - Search & Destroy
20/11/2008 09:31 <REP> Spyware Terminator
16/11/2008 15:43 <REP> Steam
15/08/2008 09:50 <REP> Sun
16/05/2008 11:21 <REP> SuperCopier2
16/05/2008 11:53 <REP> Symantec
27/05/2008 21:23 <REP> TeamSpeak 3
02/07/2008 13:57 <REP> TmNationsForever
23/11/2008 18:27 <REP> Trend Micro
26/05/2008 19:15 <REP> TuneUp Utilities 2007
04/07/2008 12:47 <REP> Ubisoft
20/11/2008 13:54 <REP> Unlocker
11/10/2008 15:47 <REP> VideoLAN
23/11/2008 15:53 <REP> WarRock
19/05/2008 07:15 <REP> Windows Live
31/05/2008 15:59 <REP> Windows Live Favorites
09/10/2008 16:32 <REP> Windows Live Safety Center
31/05/2008 15:59 <REP> Windows Live Toolbar
02/07/2008 13:15 <REP> Windows Media Connect 2
02/07/2008 13:15 <REP> Windows Media Player
31/12/2005 23:38 <REP> Windows NT
16/05/2008 11:01 <REP> WinRAR
31/12/2005 23:42 <REP> xerox
05/10/2008 18:18 <REP> Xfire
19/11/2008 08:21 <REP> Your Freedom
16/05/2008 11:39 <REP> Your Uninstaller 2008
0 fichier(s) 0 octets
87 Rép(s) 29 885 288 448 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C05-D6F6
Répertoire de C:\Program Files\fichiers communs
24/11/2008 07:11 <REP> .
24/11/2008 07:11 <REP> ..
24/11/2008 07:11 <REP> Adobe
16/05/2008 15:16 <REP> Ahead
13/09/2008 13:02 <REP> Apple
16/05/2008 15:37 <REP> DESIGNER
11/10/2008 15:46 <REP> InstallShield
17/05/2008 17:53 <REP> Java
18/05/2008 16:18 <REP> Logishrd
21/11/2008 22:54 <REP> Microsoft Shared
31/12/2005 23:40 <REP> MSSoap
01/01/2006 00:30 <REP> ODBC
31/12/2005 23:40 <REP> Services
01/01/2006 00:30 <REP> SpeechEngines
16/05/2008 11:53 <REP> Symantec Shared
18/05/2008 09:46 <REP> System
16/05/2008 14:51 <REP> Wise Installation Wizard
0 fichier(s) 0 octets
17 Rép(s) 29 885 288 448 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C05-D6F6
Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders
21/11/2008 22:55 <REP> .
21/11/2008 22:55 <REP> ..
16/05/2008 15:37 <REP> 1033
21/11/2008 22:55 <REP> 1036
20/09/2005 12:33 1 293 008 MSONSEXT.DLL
22/03/2007 19:29 39 256 MSOSV.DLL
03/06/1999 12:09 122 937 MSOWS409.DLL
07/03/2001 07:00 127 033 MSOWS40c.DLL
11/07/2003 01:25 80 448 PKMWS.DLL
5 fichier(s) 1 662 682 octets
4 Rép(s) 29 885 288 448 octets libres
c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.0.1.11\SetupAdmin.exe
c:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe
c:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe
c:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\aspiinst.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe
c:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe
c:\Documents and Settings\Propriétaire\Application Data\Azureus\plugins\azump\mplayer.exe
c:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
c:\Documents and Settings\Propriétaire\Bureau\Aequitas\aequitas.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\sigcheck.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\Propriétaire\Bureau\Mes documents\TeamSpeak_3_Setup.exe
c:\Documents and Settings\Propriétaire\Bureau\Mes documents\Downloads\GameZone\CoD4MW-1.3-PatchSetup.exe
c:\Documents and Settings\Propriétaire\Bureau\Mes documents\Mes images\French Squad ™\SweetImSetup.exe
c:\Documents and Settings\Propriétaire\Bureau\Mes documents\Punkbuster\pbsetup.exe
c:\Documents and Settings\Propriétaire\Bureau\Punkbuster\pbsetup.exe
c:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\1LFDW0N4\AdbeRdr90_fr_FR[1].exe
c:\Documents and Settings\Propriétaire\Mes documents\Mes fichiers reçus\TeamViewer_Setup(1).exe
c:\Documents and Settings\Propriétaire\Mes documents\Mes images\French Squad ™\SweetImSetup.exe
c:\Documents and Settings\Propriétaire\temp\TeamViewer3\install.exe
c:\Documents and Settings\Propriétaire\temp\TeamViewer3\install64.exe
c:\Documents and Settings\Propriétaire\temp\TeamViewer3\SAS.exe
c:\Documents and Settings\Propriétaire\temp\TeamViewer3\TeamViewer.exe
c:\Documents and Settings\Propriétaire\temp\TeamViewer3\TeamViewer_.exe
c:\Documents and Settings\Propriétaire\temp\TeamViewer3\TeamViewer_Host.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll
c:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGMDll.dll
c:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGMResource.dll
c:\Documents and Settings\All Users\Application Data\NexonEU\NGM\nxgameeu.dll
c:\Documents and Settings\All Users\Application Data\NexonEU\NGM\unicows.dll
c:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
c:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
c:\Documents and Settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
c:\Documents and Settings\All Users\Application Data\NexonUS\NGM\unicows.dll
c:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DIFxAPI.dll
c:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspi.dll
c:\Documents and Settings\Propriétaire\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
c:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\Sharing Folders\lordtony@hotmail.fr\eqv1.2.6\DelZip179.dll
c:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\Sharing Folders\lordtony@hotmail.fr\eqv1.2.6\eqsys.dll
****** Fin du rapport DiagHelp
DiagHelp version v1.4 - http://www.malekal.com
excute le 24/11/2008 à 20:22:56,29
Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->24/11/2008 20:22:52
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->24/11/2008 20:22:33
C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->24/11/2008 20:22:05
C:\WINDOWS\prefetch\QTTASK.EXE-342507FB.pf -->24/11/2008 20:21:13
C:\WINDOWS\prefetch\WLLOGINPROXY.EXE-2D4B6027.pf -->24/11/2008 20:20:35
C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->24/11/2008 20:20:30
C:\WINDOWS\prefetch\REGISTRYCLEANER.EXE-0BAC2A6C.pf -->24/11/2008 20:15:13
C:\WINDOWS\prefetch\SYSTEMOPTIMIZER.EXE-393C20C0.pf -->24/11/2008 20:15:10
C:\WINDOWS\prefetch\GOOGLEUPDATERSERVICE.EXE-3AB369BE.pf -->24/11/2008 20:06:56
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->24/11/2008 20:03:10
C:\WINDOWS\System32\drivers\mrxsmb.sys -->24/10/2008 12:10:42
C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->22/10/2008 16:10:38
C:\WINDOWS\System32\drivers\mbam.sys -->22/10/2008 16:10:22
C:\WINDOWS\System32\drivers\PnkBstrK.sys -->22/10/2008 12:23:20
C:\WINDOWS\System32\drivers\sp_rsdrv2.sys -->08/10/2008 14:40:47
C:\WINDOWS\System32\drivers\usbaapl.sys -->01/10/2008 12:01:28
C:\WINDOWS\System32\drivers\srv.sys -->28/08/2008 11:04:17
C:\WINDOWS\System32\nvapps.xml -->24/11/2008 07:24:15
C:\WINDOWS\System32\oodbs.lor -->24/11/2008 07:23:48
C:\WINDOWS\System32\FNTCACHE.DAT -->24/11/2008 07:02:58
C:\WINDOWS\System32\CF24431.exe -->23/11/2008 18:17:27
C:\WINDOWS\System32\zllictbl.dat -->20/11/2008 11:38:29
C:\WINDOWS\System32\wpa.dbl -->19/11/2008 16:12:29
C:\WINDOWS\System32\tmp.txt -->19/11/2008 15:44:08
C:\WINDOWS\System32\tmp.reg -->19/11/2008 15:44:08
C:\WINDOWS\System32\TZLog.log -->19/11/2008 08:09:35
C:\WINDOWS\System32\MRT.exe -->03/11/2008 16:10:26
C:\WINDOWS\System32\PerfStringBackup.INI -->26/10/2008 07:29:01
C:\WINDOWS\System32\perfh00C.dat -->26/10/2008 07:29:01
C:\WINDOWS\System32\perfh009.dat -->26/10/2008 07:29:01
C:\WINDOWS\System32\perfc00C.dat -->26/10/2008 07:29:01
C:\WINDOWS\System32\perfc009.dat -->26/10/2008 07:29:01
C:\WINDOWS\System32\PnkBstrB.exe -->22/10/2008 12:23:13
C:\WINDOWS\System32\wuweb.dll -->16/10/2008 14:13:40
C:\WINDOWS\System32\wuaueng.dll -->16/10/2008 14:13:40
C:\WINDOWS\System32\wucltui.dll -->16/10/2008 14:12:22
C:\WINDOWS\System32\wuaucpl.cpl -->16/10/2008 14:12:20
C:\WINDOWS\System32\wuapi.dll -->16/10/2008 14:12:20
C:\WINDOWS\System32\wups2.dll -->16/10/2008 14:09:44
C:\WINDOWS\System32\wucltui.dll.mui -->16/10/2008 14:09:44
C:\WINDOWS\System32\wuauclt.exe -->16/10/2008 14:09:44
C:\WINDOWS\System32\cdm.dll -->16/10/2008 14:09:44
C:\WINDOWS\WindowsUpdate.log -->24/11/2008 20:03:02
C:\WINDOWS\0.log -->24/11/2008 07:23:59
C:\WINDOWS\bootstat.dat -->24/11/2008 07:23:57
C:\WINDOWS\SchedLgU.Txt -->24/11/2008 07:22:45
C:\WINDOWS\system.ini -->21/11/2008 17:27:49
C:\WINDOWS\NeroDigital.ini -->20/11/2008 12:34:26
C:\WINDOWS\PhotoSnapViewer.INI -->26/08/2008 14:29:35
C:\WINDOWS\win.ini -->28/07/2008 20:48:05
C:\WINDOWS\Radio_Fr.ini -->11/06/2008 20:56:10
C:\WINDOWS\game.ini -->18/05/2008 19:27:25
C:\WINDOWS\bwUnin-8.1.1.87-8876480SL.exe -->18/05/2008 16:12:07
C:\WINDOWS\ODBC.INI -->16/05/2008 15:38:07
C:\WINDOWS\WMSysPr9.prx -->16/05/2008 15:15:34
C:\WINDOWS\oodcnt.INI -->16/05/2008 14:55:08
C:\WINDOWS\KHALMNPR.Exe -->29/02/2008 02:12:38
winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
explorer.exe pid: 1892
Command line: C:\WINDOWS\Explorer.EXE
Base Size Version Path
0x63000000 0xdc000 8.00.6001.18241 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x1a400000 0x12b000 8.00.6001.18241 C:\WINDOWS\system32\urlmon.dll
0x5dca0000 0x1b5000 8.00.6001.18241 C:\WINDOWS\system32\iertutil.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x10000000 0x21000 8.00.0001.0011 C:\Program Files\iTunes\iTunesMiniPlayer.dll
0x01100000 0xe000 8.00.0001.0002 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
0x01130000 0x23000 8.00.0001.0011 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
0x13420000 0x1a000 11.00.5721.5145 C:\PROGRA~1\WINDOW~2\wmpband.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x017d0000 0xb72000 8.00.6001.18241 C:\WINDOWS\system32\ieframe.dll
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x026b0000 0x3d000 8.00.6001.18241 C:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x01700000 0x19000 2.00.0000.0016 C:\Program Files\SuperCopier2\SC2Hook.dll
0x10100000 0xe000 4.60.0122.0000 C:\Program Files\Logitech\SetPoint\lgscroll.dll
0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
0x10d00000 0xf000 4.60.0122.0000 C:\Program Files\Logitech\SetPoint\GameHook.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x00d40000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x00c60000 0xf000 C:\Program Files\Interlogic\MEMOKEYS\ITCKBD.DLL
0x03c70000 0x188000 1.06.0002.0014 C:\PROGRA~1\SPYBOT~1\SDHelper.dll
0x016a0000 0xa000 8.00.6001.18241 C:\WINDOWS\system32\jsproxy.dll
0x03230000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x00e20000 0x9000 2.00.0000.0004 C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll
0x05090000 0x1e2000 2.10.0001.0001 C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll
0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero CoverDesigner\MFC71.DLL
0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\Nero\Nero 7\Nero CoverDesigner\MSVCR71.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero CoverDesigner\MSVCP71.dll
0x4eb80000 0x1a6000 5.01.3102.3352 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.3352_x-ww_81af8e88\gdiplus.dll
0x74da0000 0x6c000 5.30.0023.1228 C:\WINDOWS\system32\RICHED20.dll
0x03410000 0x19000 2.10.0003.0002 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
0x042c0000 0x102000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL
0x012a0000 0x6000 C:\Program Files\Unlocker\UnlockerCOM.dll
0x036d0000 0x2e000 1.01.0000.0015 C:\Program Files\Spyware Terminator\sptcontmenu.dll
0x03aa0000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x64f00000 0x12000 4.08.1227.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
0x055f0000 0x1b9000 2.00.0000.0008 C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll
0x05380000 0x5b000 9.00.0000.0332 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
0x05930000 0x4c000 9.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
------------------------------------------------------------------------------
winlogon.exe pid: 784
Command line: winlogon.exe
Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x10000000 0x12000 4.60.0122.0000 c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
0x011c0000 0x24000 4.60.0122.0000 c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C05-D6F6
Répertoire de C:\WINDOWS\system
17/12/2003 14:30 4 672 WOWPOST.EXE
1 fichier(s) 4 672 octets
0 Rép(s) 29 885 550 592 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C05-D6F6
Répertoire de C:\WINDOWS\system32
02/03/2006 13:00 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 29 885 550 592 octets libres
Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C05-D6F6
Répertoire de C:\WINDOWS\Downloaded Program Files
20/11/2008 16:42 <REP> .
20/11/2008 16:42 <REP> ..
07/12/2004 17:07 32 bdcore.dll
25/05/2006 01:21 118 784 bdupd.dll
31/12/2005 23:40 65 desktop.ini
24/03/2008 18:33 1 527 056 FP_AX_CAB_INSTALLER.exe
28/09/2007 04:41 381 960 GAME_UNO1.dll
17/01/2007 15:44 316 GAME_UNO1.INF
14/05/2008 13:58 1 570 hardwaredetection.inf
25/05/2006 01:21 53 248 ipsupd.dll
02/04/2008 14:18 1 060 jinstall-6u5.inf
16/03/2005 12:34 7 407 lang.ini
07/12/2004 17:07 32 libfn.dll
13/02/2008 17:55 130 live.ini
22/02/2007 23:41 304 544 MessengerStatsPAClient.dll
29/10/2007 16:45 1 244 oscan8.inf
25/10/2007 16:54 471 040 oscan8.ocx
14/03/2005 14:58 7 073 scanoptions.tsi
24/03/2008 18:18 247 swflash.inf
17 fichier(s) 2 875 808 octets
Total des fichiers listés :
17 fichier(s) 2 875 808 octets
2 Rép(s) 29 885 550 592 octets libres
Recherche de rootkit! (Merci S!Ri)
Recherche d'infections connues
Export des clefs sensibles..
Liste des fichiers en exception sur le pare-feu XP SP2
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\WarRock\\System\\WarRock.exe"="C:\\Program Files\\WarRock\\System\\WarRock.exe:*:Enabled:WarRock"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"="C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\TmNationsForever\\TmForever.exe"="C:\\Program Files\\TmNationsForever\\TmForever.exe:*:Enabled:TmForever"
"C:\\Documents and Settings\\Propriétaire\\temp\\TeamViewer3\\TeamViewer.exe"="C:\\Documents and Settings\\Propriétaire\\temp\\TeamViewer3\\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\\Nexon\\Combat Arms\\CombatArms.exe"="C:\\Nexon\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\\Nexon\\Combat Arms\\Engine.exe"="C:\\Nexon\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Nexon\\Combat Arms\\NMService.exe"="C:\\Nexon\\Combat Arms\\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"="C:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe:*:Enabled:Nexon Game Manager"
"C:\\Nexon\\Combat Arms EU\\CombatArms.exe"="C:\\Nexon\\Combat Arms EU\\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\\Nexon\\Combat Arms EU\\Engine.exe"="C:\\Nexon\\Combat Arms EU\\Engine.exe:*Enabled:Engine.exe"
"C:\\Nexon\\Combat Arms EU\\NMService.exe"="C:\\Nexon\\Combat Arms EU\\NMService.exe:*:Enabled:Nexon Messenger Core"
"C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Nexon\\Combat Arms\\CombatArms.exe"="C:\\Nexon\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\\Nexon\\Combat Arms\\Engine.exe"="C:\\Nexon\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"
"C:\\Nexon\\Combat Arms EU\\CombatArms.exe"="C:\\Nexon\\Combat Arms EU\\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\\Nexon\\Combat Arms EU\\Engine.exe"="C:\\Nexon\\Combat Arms EU\\Engine.exe:*Enabled:Engine.exe"
Export de la clef SharedTaskScheduler
[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
exports des policies
REGEDIT4
[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"DisableRegistryTools"=dword:00000000
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000000
"HideStartupScripts"=dword:00000000
Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-24 20:24:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ed,4c,7b,5f,a6,1e,64,c6,33,7f,6b,6f,a1,25,63,34,38,40,07,6b,d7,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d2,00,83,77,eb,45,5a,d9,66,dd,f6,6d,12,84,a8,49,64,..
"khjeh"=hex:af,8c,c7,64,0d,31,8f,04,19,ea,69,a5,31,a3,51,41,e9,cb,23,c2,8c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a6,6c,7b,35,f1,a0,77,6b,a2,ba,72,c4,9a,45,5f,b0,83,51,a6,22,7e,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:18,68,a1,92,b7,23,f4,af,ce,ff,fa,3d,3a,3f,09,d5,5a,4c,10,08,e4,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:79,9f,24,78,7c,20,c2,94,8d,90,f5,22,53,f4,18,30,19,7d,e9,35,6b,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:ae,43,92,3c,9e,67,d3,83,8f,b9,3b,9f,25,be,b1,7e,04,71,36,4c,06,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ed,4c,7b,5f,a6,1e,64,c6,33,7f,6b,6f,a1,25,63,34,38,40,07,6b,d7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,d2,00,83,77,eb,45,5a,d9,66,dd,f6,6d,12,84,a8,49,64,..
"khjeh"=hex:af,8c,c7,64,0d,31,8f,04,19,ea,69,a5,31,a3,51,41,e9,cb,23,c2,8c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:a6,6c,7b,35,f1,a0,77,6b,a2,ba,72,c4,9a,45,5f,b0,83,51,a6,22,7e,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:18,68,a1,92,b7,23,f4,af,ce,ff,fa,3d,3a,3f,09,d5,5a,4c,10,08,e4,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:79,9f,24,78,7c,20,c2,94,8d,90,f5,22,53,f4,18,30,19,7d,e9,35,6b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:ae,43,92,3c,9e,67,d3,83,8f,b9,3b,9f,25,be,b1,7e,04,71,36,4c,06,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System]
"OODEFRAG10.00.00.01WORKSTATION"="0F342C93244A920900611BF6A58E87FD4823D1895039F31DAD4BE6D23C11DE45C218CB97CA4997C458573D81453816C6BF311053BD1E25CA566BBD26CFF9DFB0EAD1CCBD2172FCD26B1A05EDC0CAECB1676FF28A4AEA452C6073BB69E2F2FDCBE4664375FB64FC208BD02253F359F324A9C4650FF5440A41E7AAA766B753DC51249F729004C748BE9F65F3AB8A7986AC80DD862791531CB01F9E7D4AE8719020AE8B524735C47FE7248412D70845F5F8FCA8A87945419742CB9E6DA7DF2CA3B89E798F3162083C75A7A1C41B415D85DE435751938BBF8EE247BE5A725EE215C022FE0BCDADC487FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CA2D97226D213B555A6171C11EC38DE3D7E37A77E59667152929EF143A329FD011C9A38397AACA03166D4D0DD66F0196E6DF7E2D2428A2FB62750FB0CCCF1DE08DE3B46BF4F9489391EEA45A94BC0BBA9A8F19F223F6188BA05298402FCFE6D221B5A1457029EC87E5A47E3E774E8DF4AF3F5890820A0F515AACE37BD89EB73112914EEB693ED9AEF6A9D3F0BAB2E528D3A6810D21454F36FB9FB858A2FA8BD8D8196E7C6E776BD7242AEA73A9EADDFA48544E907315C04E6797FA5E98AFB1D40C4A656A54483F2DB795535CE5BD3DFB388958CDC71EDA98E51BB90101E7D6A4AB51AD425D632037ACC7CC3585863A75519FDB4BE318E6D6C50268366511B7B3EBADCBF492CF4378E1D247299EBF49215ADB2E3CC329B5D7A284A7E076E14B0225F6DBBCDBA10DECA6B62A30854F20174657C5DDA1A4489A530444745A27DEAF152E0AB9ED79FCCD661DDFECE311B57E800BAA8EE738C0652DFC7E6A480408E9CE4DC3DDC3E0F56CFCB53EECB0780FBDAE1DB134529CBEB54D79BABDD7F9A0785111D5C5F8F21D7C51893A3923D8ADBA795E6ABCE0E2FD8765719A55CF91BC0036FF03BAF4E6BAE3CDC82906A22F3E4A0C6F4472D58346BF6462E29412DA72FDFBF3C520A61D8BD2BD0176BCA65C98C09C6337D381F30C808ADDED1623DF8455CE4F558E194A5EC7E4E602FE49AF1C91D8A62ABFC624B1BCEBABF7A462E1CFE29E4284D5B1765A517587C9C1ABAA097862AD871B901FE0E66C07B452AECF159F0EB7373CF7C7B564990203681A36175E8E37E32E1C29ED15C355117FE46ADD5CA480BD14D3DA372DABF13C265929268D797D1169D50CA1CB1329219696CD9F8C86C36309532E9F00A51B34E442E68F7DC4B620AC6367C24DD7425B9427752CE6C71509D1E9CB24B06556FA651FEE8AEF4A6583E70E60028CA5F04A71460C8E2AC0F486D8FA031007300CC60F0EF6E1D11766AA75AB6F468D5F7BED9A10641C8F5A52035C843EF14E82963524052A756172DE77BFDDFCD29D1E7"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"DeviceNotSelectedTimeout"="15"
"GDIProcessHandleQuota"=dword:00002710
"Spooler"="yes"
"swapdisk"=""
"TransmissionRetryTimeout"="90"
"USERProcessHandleQuota"=dword:00002710
scanning hidden files ...
scan completed successfully
hidden services: 0
hidden files: 0
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Process list by traversal of KiWaitListHead
380 - SpywareTerminat
528 - PnkBstrA.exe
724 - sp_rsser.exe
760 - csrss.exe
784 - winlogon.exe
828 - services.exe
840 - lsass.exe
1008 - svchost.exe
1028 - AppleMobileDevi
1080 - svchost.exe
1128 - mDNSResponder.e
1176 - svchost.exe
1216 - svchost.exe
1320 - svchost.exe
1428 - nvsvc32.exe
1692 - ashServ.exe
1752 - oodag.exe
1800 - TeamSpeak 3.exe
1836 - RTHDCPL.exe
1844 - oodtray.exe
1888 - ctfmon.exe
1892 - explorer.exe
2060 - SEPCSuite.exe
2072 - GoogleToolbarNo
2276 - rambxpfr.exe
2324 - ashMaiSv.exe
2380 - ashWebSv.exe
2768 - alg.exe
2892 - LogitechDesktop
3104 - memokeys.exe
3632 - cmd.exe
3708 - iexplore.exe
3880 - iexplore.exe
Total number of processes = 33
NOTE: Under WinXP, this will not show all processes.
KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)
Driver/Module list by traversal of PsLoadedModuleList
804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806E2000 - \WINDOWS\system32\hal.dll
BADA8000 - \WINDOWS\system32\KDCOM.DLL
BACB8000 - \WINDOWS\system32\BOOTVID.dll
BA8A8000 - ooolwvnt.sys
BA6BF000 - sptd.sys
BADAA000 - \WINDOWS\System32\Drivers\WMILIB.SYS
BA6A7000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
BA67F000 - a347bus.sys
BA650000 - ACPI.sys
BA63F000 - pci.sys
BA8B8000 - ohci1394.sys
BA8C8000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS
BA8D8000 - isapnp.sys
BAB28000 - jyziijib.sys
BAE70000 - pciide.sys
BAB30000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
BA8E8000 - MountMgr.sys
BA620000 - ftdisk.sys
BAB38000 - PartMgr.sys
BA8F8000 - VolSnap.sys
BA608000 -
BA908000 - disk.sys
BA918000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
BA5E8000 - fltMgr.sys
BA5D6000 - sr.sys
BA928000 - PxHelp20.sys
BA5BF000 - KSecDD.sys
BA5AC000 - WudfPf.sys
BA51F000 - Ntfs.sys
BA4F2000 - NDIS.sys
BA4D7000 - Mup.sys
BA9B8000 - \SystemRoot\system32\DRIVERS\intelppm.sys
B9D7F000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys
B9D6B000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
BABA8000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
B9D48000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
BABB0000 - \SystemRoot\system32\DRIVERS\usbehci.sys
B9D23000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys
BA9C8000 - \SystemRoot\system32\DRIVERS\imapi.sys
BA9D8000 - \SystemRoot\system32\DRIVERS\cdrom.sys
BA9E8000 - \SystemRoot\system32\DRIVERS\redbook.sys
B9D00000 - \SystemRoot\system32\DRIVERS\ks.sys
BAD90000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys
B9CC4000 - \SystemRoot\system32\DRIVERS\yk51x86.sys
BABB8000 - \SystemRoot\system32\DRIVERS\fdc.sys
B9CB3000 - \SystemRoot\system32\DRIVERS\serial.sys
BAD98000 - \SystemRoot\system32\DRIVERS\serenum.sys
BABC0000 - \SystemRoot\system32\DRIVERS\irsir.sys
BAD9C000 - \SystemRoot\system32\DRIVERS\irenum.sys
B9C9F000 - \SystemRoot\system32\DRIVERS\parport.sys
BA9F8000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
BADA4000 - \SystemRoot\system32\DRIVERS\L8042Kbd.sys
BABD0000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
B9C39000 - \SystemRoot\System32\Drivers\acju2181.SYS
BAF1C000 - \SystemRoot\system32\DRIVERS\audstub.sys
BAC30000 - \SystemRoot\system32\DRIVERS\rasirda.sys
BAC38000 - \SystemRoot\system32\DRIVERS\TDI.SYS
BAA08000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
BA47F000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
B9C22000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
BAA18000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
BAA28000 - \SystemRoot\system32\DRIVERS\raspptp.sys
B9C11000 - \SystemRoot\system32\DRIVERS\psched.sys
BAA38000 - \SystemRoot\system32\DRIVERS\msgpc.sys
BAC40000 - \SystemRoot\system32\DRIVERS\ptilink.sys
BAC48000 - \SystemRoot\system32\DRIVERS\raspti.sys
BAA48000 - \SystemRoot\system32\DRIVERS\termdd.sys
BAC50000 - \SystemRoot\system32\DRIVERS\mouclass.sys
BADBE000 - \SystemRoot\system32\DRIVERS\swenum.sys
B9B18000 - \SystemRoot\system32\DRIVERS\update.sys
BA477000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
BAA58000 - \SystemRoot\System32\Drivers\NDProxy.SYS
BAA78000 - \SystemRoot\system32\DRIVERS\usbhub.sys
BADC0000 - \SystemRoot\system32\DRIVERS\USBD.SYS
B7592000 - \SystemRoot\system32\drivers\RtkHDAud.sys
B7570000 - \SystemRoot\system32\drivers\portcls.sys
BAA88000 - \SystemRoot\system32\drivers\drmk.sys
BAC68000 - \SystemRoot\system32\DRIVERS\flpydisk.sys
BADC4000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
BAF69000 - \SystemRoot\System32\Drivers\Null.SYS
BADC6000 - \SystemRoot\System32\Drivers\Beep.SYS
BAC78000 - \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
BAC80000 - \SystemRoot\System32\drivers\vga.sys
BADC8000 - \SystemRoot\System32\Drivers\mnmdd.SYS
BADCA000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
BAC88000 - \SystemRoot\System32\Drivers\Msfs.SYS
BAC90000 - \SystemRoot\System32\Drivers\Npfs.SYS
BA49B000 - \SystemRoot\system32\DRIVERS\rasacd.sys
B7515000 - \SystemRoot\system32\DRIVERS\ipsec.sys
B74BD000 - \SystemRoot\system32\DRIVERS\tcpip.sys
BAAA8000 - \SystemRoot\System32\Drivers\aswTdi.SYS
B749C000 - \SystemRoot\system32\DRIVERS\ipnat.sys
B7474000 - \SystemRoot\system32\DRIVERS\netbt.sys
BAAB8000 - \SystemRoot\system32\DRIVERS\wanarp.sys
B9B0C000 - \SystemRoot\System32\drivers\ws2ifsl.sys
B742A000 - \SystemRoot\System32\drivers\afd.sys
BAAC8000 - \SystemRoot\system32\DRIVERS\netbios.sys
B7407000 - \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
B73DC000 - \SystemRoot\system32\DRIVERS\rdbss.sys
BAF85000 - \SystemRoot\System32\Drivers\PQNTDrv.SYS
B736D000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
BAAD8000 - \SystemRoot\System32\Drivers\Fips.SYS
B7356000 - \SystemRoot\System32\Drivers\aswSP.SYS
BACA0000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
BACB0000 - \SystemRoot\system32\DRIVERS\usbccgp.sys
B9AF4000 - \SystemRoot\system32\DRIVERS\hidusb.sys
BAAF8000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
BAB48000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
BAB88000 - \SystemRoot\system32\DRIVERS\LHidFilt.Sys
BAB08000 - \SystemRoot\system32\DRIVERS\WDFLDR.SYS
B71EB000 - \SystemRoot\system32\DRIVERS\Wdf01000.sys
B9AF0000 - \SystemRoot\system32\DRIVERS\mouhid.sys
BAB98000 - \SystemRoot\system32\DRIVERS\LMouFilt.Sys
B71DA000 - \SystemRoot\System32\Drivers\Udfs.SYS
B71C2000 - \SystemRoot\System32\Drivers\dump_atapi.sys
BADD6000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
B79D4000 - \SystemRoot\System32\drivers\Dxapi.sys
BABC8000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
BAFA7000 - \SystemRoot\System32\drivers\dxgthk.sys
BABF0000 - \SystemRoot\system32\DRIVERS\aswFsBlk.sys
B6DF4000 - \SystemRoot\system32\DRIVERS\irda.sys
B6E9A000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
B6C26000 - \SystemRoot\System32\Drivers\aswMon2.SYS
B6A59000 - \SystemRoot\system32\drivers\wdmaud.sys
B6D4C000 - \SystemRoot\system32\drivers\sysaudio.sys
B6825000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
BAE62000 - \SystemRoot\System32\Drivers\ParVdm.SYS
B6BA6000 - \SystemRoot\System32\Drivers\Aspi32.SYS
B66BB000 - \SystemRoot\system32\DRIVERS\srv.sys
B66AB000 - \SystemRoot\System32\Drivers\Cdfs.SYS
BAF88000 - \??\C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\mc21.tmp
B6413000 - \SystemRoot\System32\Drivers\aswRdr.SYS
BF9D5000 - \SystemRoot\System32\nv4_disp.dll
B164A000 - \SystemRoot\system32\drivers\kmixer.sys
BAE28000 - \SystemRoot\system32\drivers\splitter.sys
BAF86000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys
Total number of drivers = 139
Liste des programmes installes
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 9 - Français
Apple Mobile Device Support
Apple Software Update
Application PC MTV 3.3 V1.8.24
Archiveur WinRAR
Assistant de connexion Windows Live
Avanquest update
avast! Antivirus
Bonjour
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM)
CCleaner (remove only)
CDDRV_Installer
Combat Arms
Combat Arms EU
Commande ECHO désactivée.
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows Internet Explorer 7 (KB947864)
Crysis(R)
Extension de Windows Live Toolbar (Windows Live Toolbar)
Far Cry (Patch 1.3)
Far Cry (Patch 1.31)
Far Cry (Patch 1.32)
Far Cry (Patch 1.33)
FOX ONE
Fraps (remove only)
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Insurgency: Modern Infantry Combat
iTunes
Java(TM) 6 Update 5
Java(TM) 6 Update 7
KhalInstallWrapper
Lecteur Windows Media 11
LimeWire 4.18.8
LiveReg (Symantec Corporation)
LiveUpdate
LiveUpdate 1.80 (Symantec Corporation)
Logitech Desktop Messenger
Logitech SetPoint
Ma-Config.com
Malwarebytes' Anti-Malware
Marvell Miniport Driver
MEMOKEYS 1.9
Menus intelligents (Windows Live Toolbar)
Messenger Plus! Live
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour pour Windows XP (KB911164)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero 7 Ultra Edition
neroxml
Norton Ghost
Norton PartitionMagic
Norton PartitionMagic 8.0
NVIDIA Drivers
O&O Defrag Professional Edition
OpenOffice.org Installer 1.0
PhotoFiltre
Picasa 2
ProxyCap
QuickTime
Radio Fr Solo 1.8
RamBoost XP 4.0.6
Realtek High Definition Audio Driver
Safari
Sony Ericsson PC Suite 3.209.00
Spybot - Search & Destroy
Spyware Terminator
Steam
SuperCopier2
Surligneur (Windows Live Toolbar)
TeamSpeak 3
TmNationsForever
TuneUp Utilities 2007
Unlocker 1.8.7
Videora iPod Converter 3.07
Vuze
WarRock
WebFldrs XP
Windows Internet Explorer 8 Beta 2
Windows Live Favorites pour Windows Live Toolbar
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Toolbar
Windows Live Toolbar
Windows Media Format 11 runtime
Xfire (remove only)
Your Freedom
Your Uninstaller! 2008 Version 6.0
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C05-D6F6
Répertoire de C:\Program Files
24/11/2008 07:11 <REP> .
24/11/2008 07:11 <REP> ..
18/05/2008 16:26 <REP> Activision
24/11/2008 07:11 <REP> Adobe
16/05/2008 15:22 <REP> Alcohol Soft
16/05/2008 11:02 <REP> Alwil Software
14/09/2008 14:47 <REP> Apple Software Update
05/10/2008 12:45 <REP> Application PC MTV 3.3
15/07/2008 10:59 <REP> Avanquest update
22/08/2008 11:22 <REP> AviSynth 2.5
01/11/2008 12:54 <REP> Azureus
13/09/2008 13:03 <REP> Bonjour
18/05/2008 15:05 <REP> CCleaner
31/12/2005 23:39 <REP> ComPlus Applications
11/10/2008 15:46 <REP> CyberLink
08/10/2008 15:06 <REP> DAEMON Tools
19/05/2008 07:00 <REP> DaemonTools_WhenUSave_Installer
17/05/2008 20:09 <REP> Electronic Arts
20/11/2008 13:16 <REP> Enigma Software Group
16/05/2008 14:59 <REP> Everest
24/11/2008 07:11 <REP> Fichiers communs
01/01/2006 00:01 <REP> FOX ONE
25/06/2008 09:26 <REP> GOA
29/10/2008 09:45 <REP> Google
31/12/2005 23:56 <REP> Intel
17/05/2008 18:25 <REP> Interlogic
04/10/2008 10:26 <REP> Internet Explorer
04/10/2008 10:37 <REP> iPod
04/10/2008 10:37 <REP> iTunes
15/08/2008 09:49 <REP> Java
10/11/2008 13:51 <REP> LimeWire
01/01/2006 00:02 <REP> LiveUpdate
18/05/2008 16:18 <REP> Logitech
10/11/2008 12:33 <REP> ma-config.com
20/11/2008 09:50 <REP> Malwarebytes' Anti-Malware
01/01/2006 00:01 <REP> Marvell
19/11/2008 08:11 <REP> Messenger
01/09/2008 08:59 <REP> Messenger Plus! Live
31/12/2005 23:42 <REP> microsoft frontpage
16/05/2008 15:37 <REP> Microsoft Office
31/12/2005 23:39 <REP> Movie Maker
31/12/2005 23:38 <REP> MSN
31/12/2005 23:38 <REP> MSN Gaming Zone
18/05/2008 09:43 <REP> MSXML 4.0
16/05/2008 15:15 <REP> Nero
16/05/2008 11:43 <REP> NETGEAR
31/12/2005 23:40 <REP> NetMeeting
31/12/2005 23:38 <REP> Online Services
16/05/2008 14:54 <REP> OO Software
18/05/2008 09:46 <REP> Outlook Express
16/05/2008 14:53 <REP> PhotoFiltre
18/05/2008 16:07 <REP> Picasa2
09/10/2008 16:35 <REP> Proxy Labs
13/09/2008 13:02 <REP> QuickTime
30/07/2008 21:08 <REP> Radio Fr Solo
24/11/2008 07:24 <REP> RamBoost XP
31/12/2005 23:59 <REP> Realtek
03/07/2008 07:30 <REP> Red Kawa
04/10/2008 10:32 <REP> Safari
31/12/2005 23:40 <REP> Services en ligne
14/06/2008 15:43 <REP> Sony Ericsson
17/11/2008 21:30 <REP> Spybot - Search & Destroy
20/11/2008 09:31 <REP> Spyware Terminator
16/11/2008 15:43 <REP> Steam
15/08/2008 09:50 <REP> Sun
16/05/2008 11:21 <REP> SuperCopier2
16/05/2008 11:53 <REP> Symantec
27/05/2008 21:23 <REP> TeamSpeak 3
02/07/2008 13:57 <REP> TmNationsForever
23/11/2008 18:27 <REP> Trend Micro
26/05/2008 19:15 <REP> TuneUp Utilities 2007
04/07/2008 12:47 <REP> Ubisoft
20/11/2008 13:54 <REP> Unlocker
11/10/2008 15:47 <REP> VideoLAN
23/11/2008 15:53 <REP> WarRock
19/05/2008 07:15 <REP> Windows Live
31/05/2008 15:59 <REP> Windows Live Favorites
09/10/2008 16:32 <REP> Windows Live Safety Center
31/05/2008 15:59 <REP> Windows Live Toolbar
02/07/2008 13:15 <REP> Windows Media Connect 2
02/07/2008 13:15 <REP> Windows Media Player
31/12/2005 23:38 <REP> Windows NT
16/05/2008 11:01 <REP> WinRAR
31/12/2005 23:42 <REP> xerox
05/10/2008 18:18 <REP> Xfire
19/11/2008 08:21 <REP> Your Freedom
16/05/2008 11:39 <REP> Your Uninstaller 2008
0 fichier(s) 0 octets
87 Rép(s) 29 885 288 448 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C05-D6F6
Répertoire de C:\Program Files\fichiers communs
24/11/2008 07:11 <REP> .
24/11/2008 07:11 <REP> ..
24/11/2008 07:11 <REP> Adobe
16/05/2008 15:16 <REP> Ahead
13/09/2008 13:02 <REP> Apple
16/05/2008 15:37 <REP> DESIGNER
11/10/2008 15:46 <REP> InstallShield
17/05/2008 17:53 <REP> Java
18/05/2008 16:18 <REP> Logishrd
21/11/2008 22:54 <REP> Microsoft Shared
31/12/2005 23:40 <REP> MSSoap
01/01/2006 00:30 <REP> ODBC
31/12/2005 23:40 <REP> Services
01/01/2006 00:30 <REP> SpeechEngines
16/05/2008 11:53 <REP> Symantec Shared
18/05/2008 09:46 <REP> System
16/05/2008 14:51 <REP> Wise Installation Wizard
0 fichier(s) 0 octets
17 Rép(s) 29 885 288 448 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 1C05-D6F6
Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders
21/11/2008 22:55 <REP> .
21/11/2008 22:55 <REP> ..
16/05/2008 15:37 <REP> 1033
21/11/2008 22:55 <REP> 1036
20/09/2005 12:33 1 293 008 MSONSEXT.DLL
22/03/2007 19:29 39 256 MSOSV.DLL
03/06/1999 12:09 122 937 MSOWS409.DLL
07/03/2001 07:00 127 033 MSOWS40c.DLL
11/07/2003 01:25 80 448 PKMWS.DLL
5 fichier(s) 1 662 682 octets
4 Rép(s) 29 885 288 448 octets libres
c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.0.1.11\SetupAdmin.exe
c:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGM.exe
c:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe
c:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\aspiinst.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe
c:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DifXInstall32.exe
c:\Documents and Settings\Propriétaire\Application Data\Azureus\plugins\azump\mplayer.exe
c:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe
c:\Documents and Settings\Propriétaire\Bureau\Aequitas\aequitas.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\sigcheck.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\Propriétaire\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\Propriétaire\Bureau\Mes documents\TeamSpeak_3_Setup.exe
c:\Documents and Settings\Propriétaire\Bureau\Mes documents\Downloads\GameZone\CoD4MW-1.3-PatchSetup.exe
c:\Documents and Settings\Propriétaire\Bureau\Mes documents\Mes images\French Squad ™\SweetImSetup.exe
c:\Documents and Settings\Propriétaire\Bureau\Mes documents\Punkbuster\pbsetup.exe
c:\Documents and Settings\Propriétaire\Bureau\Punkbuster\pbsetup.exe
c:\Documents and Settings\Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\1LFDW0N4\AdbeRdr90_fr_FR[1].exe
c:\Documents and Settings\Propriétaire\Mes documents\Mes fichiers reçus\TeamViewer_Setup(1).exe
c:\Documents and Settings\Propriétaire\Mes documents\Mes images\French Squad ™\SweetImSetup.exe
c:\Documents and Settings\Propriétaire\temp\TeamViewer3\install.exe
c:\Documents and Settings\Propriétaire\temp\TeamViewer3\install64.exe
c:\Documents and Settings\Propriétaire\temp\TeamViewer3\SAS.exe
c:\Documents and Settings\Propriétaire\temp\TeamViewer3\TeamViewer.exe
c:\Documents and Settings\Propriétaire\temp\TeamViewer3\TeamViewer_.exe
c:\Documents and Settings\Propriétaire\temp\TeamViewer3\TeamViewer_Host.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll
c:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGMDll.dll
c:\Documents and Settings\All Users\Application Data\NexonEU\NGM\NGMResource.dll
c:\Documents and Settings\All Users\Application Data\NexonEU\NGM\nxgameeu.dll
c:\Documents and Settings\All Users\Application Data\NexonEU\NGM\unicows.dll
c:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
c:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
c:\Documents and Settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
c:\Documents and Settings\All Users\Application Data\NexonUS\NGM\unicows.dll
c:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\DIFxAPI.dll
c:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86\GEARAspi.dll
c:\Documents and Settings\Propriétaire\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
c:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\Sharing Folders\lordtony@hotmail.fr\eqv1.2.6\DelZip179.dll
c:\Documents and Settings\Propriétaire\Local Settings\Application Data\Microsoft\Messenger\albancasella@hotmail.fr\Sharing Folders\lordtony@hotmail.fr\eqv1.2.6\eqsys.dll
****** Fin du rapport DiagHelp
