Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

VIRUS ALERT A COTE DE L'HORLOGE

Dernière réponse le 30 jui 2008 à 16:53:19 jey1975, le 22 jui 2008 à 10:14:25

Signaler ce message aux modérateurs

Bonjour,

J''ai fait l'objet d'une attaque hier par un Trojan, je pense avoir reussi a m'en debarraser avec l'aide de spybot, spyware terminator, et nod32.

Quelques problemes persistent pour autant aujourd'hui :

1 - Message de VIRUS ALERT ! pres de l'horloge et a cote de chaque fichier dans mon explorataur windows.
2 - Éléments du bureau qui ont disparu
3 - Lecteur C non accessible depuis "poste de travail"

Pourriez vous me donner un coup de pouce ?

Merci

Configuration: Windows XP
Firefox 3.0.1

Meilleures réponses pour « VIRUS ALERT A COTE DE L'HORLOGE » dans :

Virus Alert à coté de l'horloge (Résolu) Voir

Virus alert dans barre de taches (Résolu) Voir

Virus alert a coté de l'orloge (Résolu) Voir

Virus Alert ! VoirSymptômes de l'infection : Message Virus Alert! à côté de l'horloge. Exemple : Disque C supprimé du Poste de travail Accès impossible au registre Accès au gestionnaire de tâches impossible Préliminaire Première étape :...

Virus Alert! (Spywarequake) (Résolu) Voir

Virus Alert! barre des taches (Résolu) Voir

VIRUS ALERT! suite à un ecran rouge (Résolu) Voir

Posez votre question Répondre

Homerjaysimpson, le 22 jui 2008 à 10:14:59

Poste un log hijackthis

Répondre à Homerjaysimpson

ep44, le 22 jui 2008 à 10:20:42

Bonjour

Télécharge sur le Bureau HijackThis

http://download.hijackthis.eu/HJTInstall.exe

= Double-clique sur dessus pour l'installer
= Clique sur Do a system scan and save the log
= Colle le rapport
si problème voir l'aide
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

ensuite
Télécharge sur le Bureau http://siri.urz.free.fr/Fix/SmitfraudFix.exe
=> Double clic sur SmitfraudFix.zip
=> Extraire tout
=> Double clic sur SmitfraudFix
=> Double Clic sur SmitfraudFix.cmd
=> Choisir Option 1
=> poste le rapport

@+

C’est généralement lorsque le disque dur plante qu’on se rend compte qu’on a oublié de le sauvegarder.

Répondre à ep44

jey1975, le 22 jui 2008 à 10:24:52

Voici le rapport hijacktis !!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:23: VIRUS ALERT!, on 22/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tgbstarter.exe
C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: {47ce32ab-b643-208b-d5d4-70f573682770} - {07728637-5f07-4d5d-b802-346bba23ec74} - C:\WINDOWS\system32\dptrzp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {6A10732F-BDB9-48B3-9DF7-622478AD74FC} - C:\WINDOWS\system32\hgGwXOiF.dll
O2 - BHO: (no name) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {812AE34E-162C-4C94-BAA1-A2C0431AEC84} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O2 - BHO: (no name) - {FBE0EE03-546C-464B-A5EF-006DBC3B9D88} - C:\WINDOWS\system32\xxyywxyx.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [3ca1e099] rundll32.exe "C:\WINDOWS\system32\kxfgjjog.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-435332936-682164382-1556669291-1010\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Severine Lebrun')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-435332936-682164382-1556669291-1010 Startup: prf2F7.tmp (User 'Severine Lebrun')
O4 - S-1-5-21-435332936-682164382-1556669291-1010 Startup: prf30C8.tmp (User 'Severine Lebrun')
O4 - S-1-5-21-435332936-682164382-1556669291-1010 User Startup: prf2F7.tmp (User 'Severine Lebrun')
O4 - S-1-5-21-435332936-682164382-1556669291-1010 User Startup: prf30C8.tmp (User 'Severine Lebrun')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - file:///C:/DRIVERS/snapsys/HDDDiag/bin/npseatools.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF94C322-26CD-4127-B6E4-DD7F982C484B}: NameServer = 212.27.54.252,212.27.53.252
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O20 - Winlogon Notify: hgGwXOiF - C:\WINDOWS\SYSTEM32\hgGwXOiF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TgbIke Starter (TgbIKE Starter) - Sistech - C:\WINDOWS\system32\tgbstarter.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
End of file - 11368 bytes

Répondre à jey1975

jey1975, le 22 jui 2008 à 10:28:46

Lorsque j'installe smitfraud ... je recois tout un tat de message d'alerte de NOD 32 qui supprime ces fichiers car dangereux !!!

Répondre à jey1975

ep44, le 22 jui 2008 à 10:37:03

Ok on passe à autre chose

Télécharge Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

=> /!\déconnecte toi d'internet et ferme toutes tes applications./!\

=>/!\ désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,/!\

=> Double-clic sur combofix,

=> /!\Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi./!\

=> Attends que combofix ait terminé, un rapport sera créé.

=> réactive ton parefeu, ton antivirus, la garde de ton antispyware

=> copie/colle le rapport C:\ComboFix.txt

=> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

C’est généralement lorsque le disque dur plante qu’on se rend compte qu’on a oublié de le sauvegarder.

Répondre à ep44

jey1975, le 22 jui 2008 à 11:05:50

Ca a l'air pas mal du tout !!!

Ci-joint le rapport demandé :

ComboFix 08-07-21.2 - Jérémy 2008-07-22 10:44:36.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1375 [GMT 2:00]
Endroit: C:\Documents and Settings\Jérémy\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jérémy\Local Settings\Application Data\tqgrroc.dat
C:\Documents and Settings\Jérémy\Local Settings\Application Data\tqgrroc.exe
C:\Documents and Settings\Jérémy\Local Settings\Application Data\tqgrroc_nav.dat
C:\Documents and Settings\Jérémy\Local Settings\Application Data\tqgrroc_navps.dat
C:\Documents and Settings\Jérémy\Local Settings\Temporary Internet Files\PMH872.tmp
C:\WINDOWS\system32\awtrQKaW.dll
C:\WINDOWS\system32\dptrzp.dll
C:\WINDOWS\system32\gojjgfxk.ini
C:\WINDOWS\system32\hgGwXOiF.dll
C:\WINDOWS\system32\iifFwvWn.dll
C:\WINDOWS\system32\kxfgjjog.dll
C:\WINDOWS\system32\lqerhrem.ini
C:\WINDOWS\system32\lrnrdgbl.dll
C:\WINDOWS\system32\merhreql.dll
C:\WINDOWS\system32\ncvigiuf.dll
C:\WINDOWS\system32\nWvwFfii.ini
C:\WINDOWS\system32\nWvwFfii.ini2
C:\WINDOWS\system32\pjmsaqdt.ini
C:\WINDOWS\system32\rnxwuxos.dll
C:\WINDOWS\system32\tdqasmjp.dll
C:\WINDOWS\system32\xxyywxyx.dll
C:\WINDOWS\system32\xyxwyyxx.ini
C:\WINDOWS\system32\xyxwyyxx.ini2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-22 to 2008-07-22 ))))))))))))))))))))))))))))))))))))
.

2008-07-22 10:23 . 2008-07-22 10:23 <REP> d----c--- C:\Program Files\Trend Micro
2008-07-22 02:34 . 2008-07-22 02:34 <REP> d----c--- C:\Program Files\Seagate
2008-07-21 21:26 . 2008-07-21 21:28 <REP> d----c--- C:\Fast Food Tycoon
2008-07-21 11:41 . 2008-07-21 11:41 <REP> d----c--- C:\Documents and Settings\Severine Lebrun\Application Data\Panasonic
2008-07-20 19:58 . 2008-07-20 19:58 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn
2008-07-20 19:58 . 2008-07-20 19:58 1,409 --a--c--- C:\WINDOWS\QTFont.for
2008-07-16 22:29 . 2008-07-16 22:29 0 --a--c--- C:\WINDOWS\PhEdit.INI
2008-07-16 22:26 . 2008-07-16 22:31 <REP> d----c--- C:\Program Files\Panasonic
2008-07-12 09:46 . 2008-07-12 09:46 <REP> d----c--- C:\spoolerlogs
2008-07-11 23:28 . 2008-07-12 09:39 <REP> d----c--- C:\Program Files\MatroskaProp
2008-07-11 23:13 . 2008-07-22 01:28 86 --a--c--- C:\WINDOWS\wininit.ini
2008-07-11 23:05 . 2008-07-11 23:38 <REP> d----c--- C:\Program Files\EoRezo
2008-07-11 17:14 . 2008-07-11 17:14 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Azureus
2008-07-01 18:09 . 2008-07-01 18:11 <REP> d----c--- C:\Documents and Settings\Severine Lebrun\Application Data\EPSON
2008-06-27 23:10 . 2008-07-11 23:53 <REP> d----c--- C:\Program Files\Vuze

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-22 05:48 --------- dc----w C:\Program Files\Spyware Terminator
2008-07-22 05:48 --------- dc----w C:\Documents and Settings\Severine Lebrun\Application Data\Spyware Terminator
2008-07-22 00:46 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-07-18 18:27 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-16 20:31 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-07-11 21:15 --------- dc----w C:\Program Files\SLD Codec Pack
2008-07-04 20:27 --------- dc----w C:\Program Files\Azureus
2008-06-20 17:41 247,808 -c--a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 -c--a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 -c--a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 -c--a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 -c----w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-24 08:53 --------- dc----w C:\Program Files\Lavasoft
2008-05-24 08:53 --------- dc----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-24 08:50 --------- dc----w C:\Program Files\1503 AD
2008-05-24 08:42 --------- dc----w C:\Program Files\PartyGaming
2008-05-24 08:39 --------- dc----w C:\Program Files\HomePlayer
2008-05-17 23:19 102,400 ----a-w C:\WINDOWS\DUMP7ea5.tmp
2008-05-07 05:15 1,293,824 -c--a-w C:\WINDOWS\system32\quartz.dll
2008-04-27 15:00 1,049,527 -c--a-w C:\WINDOWS\Prison Tycoon 3 Uninstaller.exe
2008-04-23 04:16 826,368 -c--a-w C:\WINDOWS\system32\wininet.dll
2004-08-05 13:00 65,024 -csha-w C:\WINDOWS\system32\asycfilt.dll
2006-08-25 15:51 617,472 --sha-w C:\WINDOWS\system32\comctl32.dll
2004-08-05 13:00 1,028,096 --sha-w C:\WINDOWS\system32\mfc42.dll
2004-08-05 13:00 57,344 --sha-w C:\WINDOWS\system32\mfc42loc.dll
2004-08-05 13:00 413,696 --sha-w C:\WINDOWS\system32\msvcp60.dll
2004-08-05 13:00 343,040 --sha-w C:\WINDOWS\system32\msvcrt.dll
2004-08-05 13:00 253,952 -csha-w C:\WINDOWS\system32\msvcrt20.dll
2007-12-04 18:41 550,912 -csha-w C:\WINDOWS\system32\oleaut32.dll
2004-08-05 13:00 83,456 --sha-w C:\WINDOWS\system32\olepro32.dll
2004-08-05 13:00 30,749 -csha-w C:\WINDOWS\system32\vbajet32.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"VisualTaskTips"="C:\Program Files\VisualTaskTips\VisualTaskTips.exe" [2006-07-31 13:33 36864]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-02-29 15:24 196864]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 15:08 136136]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-05-17 08:43 1817600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Documents and Settings\\All Users\\Application Data\\TuneUp Software\\TuneUp Utilities\\WinStyler\\tu_logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^Jérémy^Menu Démarrer^Programmes^Démarrage^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Jérémy\Menu Démarrer\Programmes\Démarrage\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jérémy^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
path=C:\Documents and Settings\Jérémy\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jérémy^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
path=C:\Documents and Settings\Jérémy\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jérémy^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
path=C:\Documents and Settings\Jérémy\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jérémy^Menu Démarrer^Programmes^Démarrage^Y'z Toolbar.lnk]
path=C:\Documents and Settings\Jérémy\Menu Démarrer\Programmes\Démarrage\Y'z Toolbar.lnk
backup=C:\WINDOWS\pss\Y'z Toolbar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\microsoft office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\microsoft office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\microsoft office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\microsoft office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\HomePlayer1.5.2\\HomePlayer.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"C:\\Program Files\\HomePlayer1.5.5\\HomePlayer.exe"=
"C:\\Program Files\\HomePlayer\\HomePlayer.exe"=
"C:\\Program Files\\Vuze\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"60013:TCP"= 60013:TCP:*:Disabled:emule
"56455:UDP"= 56455:UDP:*:Disabled:emule
"20000:UDP"= 20000:UDP:azureus
"20000:TCP"= 20000:TCP:azureus

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-05-17 08:43]
R1 TgbVPN;GTA Mobile VPN Client;C:\WINDOWS\system32\Drivers\tgbvpn.sys [2007-10-05 16:31]
R2 acedrv11;acedrv11;C:\WINDOWS\system32\drivers\acedrv11.sys [2008-01-23 10:19]
R2 TgbIKE Starter;TgbIke Starter;C:\WINDOWS\system32\tgbstarter.exe [2007-10-31 11:22]
R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 15:00]
R3 Cap713x;Cap713x Video Capture;C:\WINDOWS\system32\DRIVERS\Cap713x.sys [2005-01-28 22:19]
R3 P1120VID;Creative WebCam NX Ultra;C:\WINDOWS\system32\DRIVERS\P1120Vid.sys [2004-01-12 16:51]
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 15:00]
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 15:00]
S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-05 15:00]
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2004-08-05 15:00]
S3 SaiH5F0D;SaiH5F0D;C:\WINDOWS\system32\DRIVERS\SaiH5F0D.sys [2005-11-14 08:19]
S3 SaiU5F0D;SaiU5F0D;C:\WINDOWS\system32\DRIVERS\SaiU5F0D.sys [2005-11-14 08:19]
S3 SMCWPCIG;SMCWPCI-G 54Mbps Wireless PCI adapter Service;C:\WINDOWS\system32\DRIVERS\SMCWPCIG.sys [2005-04-21 04:09]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-03 13:25]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edde51ce-daec-11db-bd99-000feac077ed}]
\Shell\AutoRun\command - L:\autorun.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-22 09:00:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-07-22 08:56:46 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-03-25 11:42:20 C:\WINDOWS\Tasks\Rappel d'enregistrement 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-07-21 23:25:41 C:\WINDOWS\Tasks\User_Feed_Synchronization-{55E8B1D8-6DC7-432D-A3AA-DCD1C876B624}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{07728637-5f07-4d5d-b802-346bba23ec74} - (no file)
BHO-{6A10732F-BDB9-48B3-9DF7-622478AD74FC} - (no file)
BHO-{812AE34E-162C-4C94-BAA1-A2C0431AEC84} - (no file)
BHO-{FBE0EE03-546C-464B-A5EF-006DBC3B9D88} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{4E7BD74F-2B8D-469E-A0E8-ED6AB685FA7D} - (no file)
HKLM-Run-3ca1e099 - C:\WINDOWS\system32\merhreql.dll
HKLM-Run-EoEngine - (no file)
HKU-Default-Run-Picasa Media Detector - C:\Program Files\Picasa2\PicasaMediaDetector.exe
Notify-hgGwXOiF - (no file)
Notify-WgaLogon - (no file)
MSConfigStartUp-ares - C:\Program Files\Ares\Ares.exe
MSConfigStartUp-LanceurEasyBox - C:\Program Files\EasyBox\EasyBox.exe
MSConfigStartUp-WindowsSystem32 - C:\Program Files\Fichiers communs\System\msnmssgr.exe

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R1 -: HKCU-Internet Settings,ProxyServer = 127.0.0.1:4001
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 -: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O17 -: HKLM\CCS\Interface\{AF94C322-26CD-4127-B6E4-DD7F982C484B}: NameServer = 212.27.54.252,212.27.53.252

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 10:54:50
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\VisualTaskTips\VttHooks.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSvc.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\APPS\HIDSERVICE\HidService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\searchindexer.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\WINDOWS\system32\searchfilterhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-22 11:02:17 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-22 09:02:13

Pre-Run: 41,670,094,848 octets libres
Post-Run: 42,226,401,280 octets libres

253 --- E O F --- 2008-07-14 18:31:08

Répondre à jey1975

ep44, le 22 jui 2008 à 11:15:39

Trés bien

on continu la recherche

Télécharge DiagHelp.zip sur ton bureau http://www.malekal.com/download/DiagHelp.zip
==> Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
==> Un nouveau dossier chercher va être créé DiagHelp
==> Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
==> Une fenêtre va s'ouvrir, choisis l'option 1
==> L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
==> Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
==> Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
==> A nouveau menu Edition / copier
==> Dans un nouveau message ici, faire un clic droit / coller
@+ C’est généralement lorsque le disque dur plante qu’on se rend compte qu’on a oublié de le sauvegarder.

Répondre à ep44

jey1975, le 22 jui 2008 à 11:29:23

Ci -joint le rapport catchme.log

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 11:23:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:ad4849aa
"s2"=dword:b4905981
"h0"=dword:00000003

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:33,30,08,5a,3b,76,d5,72,38,0e,80,a8,34,92,c1,7e,10,8c,c5,cd,85,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000002
"hdf12"=hex:4a,f4,3a,be,3b,2a,7b,7c,b9,4d,87,02,7c,9f,58,95,d2,f2,c4,d7,bf,..
"p0"="C:\Program Files\DAEMON Tools Pro\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,99,b8,bf,40,4c,d6,29,ff,f9,a3,cf,da,e7,3b,81,46,af,..
"hdf12"=hex:5a,ca,9c,34,a9,d3,0b,df,91,9e,7f,54,bc,27,2a,70,1a,a6,6a,2f,6a,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:6e,02,69,49,48,91,29,85,20,3d,fb,22,2b,cc,52,f7,9d,ae,0e,c8,fe,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,94,4d,bd,40,d5,3c,e7,ee,f4,a3,17,18,69,c1,9b,99,79,..
"hdf12"=hex:05,f7,87,33,92,81,ac,d5,64,b7,fb,88,64,6b,3f,ed,f7,a5,88,0d,c7,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:3d,f7,6a,db,42,03,91,e0,95,c8,9f,44,48,c9,e5,80,8c,1c,89,5f,f7,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1]
"hdf12"=hex:c7,d7,73,e1,20,29,fa,68,6d,3d,d4,57,01,dc,63,02,82,44,09,a9,1f,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ec,a8,c3,09,04,bc,04,c8,b0,78,7b,08,d4,17,9c,8a,df,94,0b,7a,0f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:33,30,08,5a,3b,76,d5,72,38,0e,80,a8,34,92,c1,7e,10,8c,c5,cd,85,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
"h0"=dword:00000002
"hdf12"=hex:4a,f4,3a,be,3b,2a,7b,7c,b9,4d,87,02,7c,9f,58,95,d2,f2,c4,d7,bf,..
"p0"="C:\Program Files\DAEMON Tools Pro\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
"a0"=hex:20,01,00,00,99,b8,bf,40,4c,d6,29,ff,f9,a3,cf,da,e7,3b,81,46,af,..
"hdf12"=hex:5a,ca,9c,34,a9,d3,0b,df,91,9e,7f,54,bc,27,2a,70,1a,a6,6a,2f,6a,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
"hdf12"=hex:6e,02,69,49,48,91,29,85,20,3d,fb,22,2b,cc,52,f7,9d,ae,0e,c8,fe,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002]
"a0"=hex:20,01,00,00,94,4d,bd,40,d5,3c,e7,ee,f4,a3,17,18,69,c1,9b,99,79,..
"hdf12"=hex:05,f7,87,33,92,81,ac,d5,64,b7,fb,88,64,6b,3f,ed,f7,a5,88,0d,c7,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0]
"hdf12"=hex:3d,f7,6a,db,42,03,91,e0,95,c8,9f,44,48,c9,e5,80,8c,1c,89,5f,f7,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1]
"hdf12"=hex:c7,d7,73,e1,20,29,fa,68,6d,3d,d4,57,01,dc,63,02,82,44,09,a9,1f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:ec,a8,c3,09,04,bc,04,c8,b0,78,7b,08,d4,17,9c,8a,df,94,0b,7a,0f,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows Live Mail]
"SqmSrvSuccessCount HTTPMail"=dword:00002572
"SqmSrvSuccessCount IMAP"=dword:00006ba1

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0

Répondre à jey1975

ep44, le 22 jui 2008 à 11:44:23

Non ce n'est pas ça

refais stp C’est généralement lorsque le disque dur plante qu’on se rend compte qu’on a oublié de le sauvegarder.

Répondre à ep44

jey1975, le 22 jui 2008 à 11:57:00

Aucun bloc note s'ouvre !!

Par contre le systeme m'envoie sur un site ou je doit envoyer un fichier zip !!

Ce que j'ai essaye de faire mais apparement ca ne fonctionne pas.

Est ce normal ?

Répondre à jey1975

ep44, le 22 jui 2008 à 11:59:52

Bon on passe sur autre chose ;)

Télécharge sur ton bureau DSS (ex Comboscan) de Deckard:

(choisis enregistrer, puis Bureau comme emplacement)

http://deckard.geekstogo.com/dss.exe

Ferme toutes les applications en cours.

Double-clic sur comboscan.exe pour lancer l'outil.

Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK.

A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK.

Le rapport Comboscan.txt va s'afficher, copie le dans ta prochaine réponse.
Si un rapport complémentaire a été créé, poste le aussi dans ta réponse. C’est généralement lorsque le disque dur plante qu’on se rend compte qu’on a oublié de le sauvegarder.

Répondre à ep44

jey1975, le 22 jui 2008 à 12:08:00

Et voila !!

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Édition familiale (build 2600) SP 2.0
Architecture: X86; Language: French

CPU 0: Intel(R) Pentium(R) 4 CPU 3.20GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.20GHz
Percentage of Memory in Use: 28%
Physical Memory (total/avail): 2047.48 MiB / 1472.08 MiB
Pagefile Memory (total/avail): 3943.67 MiB / 3543.45 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1920.48 MiB

C: is Fixed (NTFS) - 226.88 GiB total, 39.21 GiB free.
D: is CDROM (CDFS)
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is CDROM (No Media)
K: is CDROM (No Media)
L: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - ST3250823AS - 232.88 GiB - 2 partitions
\PARTITION0 - Unknown - 6 GiB
\PARTITION1 (bootable) - Système de fichiers installable - 226.88 GiB - C:

\\.\PHYSICALDRIVE2 - GENERIC USB Storage-CFC USB Device

\\.\PHYSICALDRIVE3 - GENERIC USB Storage-MMC USB Device

\\.\PHYSICALDRIVE4 - GENERIC USB Storage-MSC USB Device

\\.\PHYSICALDRIVE1 - GENERIC USB Storage-SMC USB Device

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: Norton Internet Security v2004 (Symantec Corporation)
AV: Norton AntiVirus v2004 (Symantec Corporation)
AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\microsoft office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\microsoft office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\microsoft office\\Office12\\GROOVE.EXE"="C:\\Program Files\\microsoft office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\microsoft office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\microsoft office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\HomePlayer1.5.2\\HomePlayer.exe"="C:\\Program Files\\HomePlayer1.5.2\\HomePlayer.exe:*:Enabled:HomePlayer"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"C:\\APPS\\Inventime\\my.exe"="C:\\APPS\\Inventime\\my.exe:*:Disabled:INVENTIME"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"="C:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe:*:Enabled:Rise of Nations"
"C:\\Program Files\\HomePlayer1.5.5\\HomePlayer.exe"="C:\\Program Files\\HomePlayer1.5.5\\HomePlayer.exe:*:Enabled:HomePlayer"
"C:\\Program Files\\HomePlayer\\HomePlayer.exe"="C:\\Program Files\\HomePlayer\\HomePlayer.exe:*:Enabled:HomePlayer"
"C:\\Program Files\\Vuze\\Azureus.exe"="C:\\Program Files\\Vuze\\Azureus.exe:*:Enabled:Azureus"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\J‚r‚my\Application Data
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=044344220457
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\J‚r‚my
LOGONSERVER=\\044344220457
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\ATI Technologies\ATI Control Panel;C:\PROGRA~1\FICHIE~1\SONICS~1;C:\Program Files\Samsung\Samsung PC Studio 3
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0401
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\JRMY~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\JRMY~1\LOCALS~1\Temp
USERDOMAIN=044344220457
USERNAME=J‚r‚my
USERPROFILE=C:\Documents and Settings\J‚r‚my
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Jérémy [I](admin)/I
Séverine [I](admin)/I
Severine Lebrun [I](admin)/I

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Fichiers communs\AOL\Screensaver\uninst_ygpss.exe
--> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
--> C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
--> C:\WINDOWS\Modio\SLAMR2KO\Setup.exe /Remove
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
--> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21B6F79B-2286-4BB0-B1E3-BA6B9498D110}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x40c
--> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x40c
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Acrobat Connect Add-in --> C:\Documents and Settings\J?my\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\connectaddin6x5\connectaddin6x5.exe -uninstall
Adobe AIR --> C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR --> MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player --> C:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.amp 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Adobe Media Player --> MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Reader 8.1.2 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Azureus --> "C:\Program Files\Azureus\Uninstall.exe"
bwin Poker (remove only) --> "C:\Program Files\bwin\uninstall.exe"
Caesar IV --> C:\Program Files\InstallShield Installation Information\{B7666229-351B-47D9-AA6F-DF777CF04BBF}\setup.exe -runfromtemp -l0x0009 -removeonly
Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
City Life 2008 --> C:\Program Files\Monte Cristo\City Life\uninst.exe
Creative WebCam NX Ultra Driver (1.01.03.0112) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script Pd1120.uns -unsext NT -plugin P1120Pin.dll -pluginres P1120Pin.crl
Del Mp3 Karaoke 4.7.4703 --> MsiExec.exe /I{2A348348-47FF-49CB-94AB-9DCC52536B7C}
EPSON Copy Utility --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x40c ADDREMOVEDLG
EPSON Logiciel imprimante --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
EPSON Photo Print --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C24FE0B8-0A25-42E6-8532-A4ABAA1FA400}\setup.exe" -l0x40c MyUninstall
EPSON Smart Panel --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\setup.exe" -l0x40c Uninstall
EPSON TWAIN 5 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\setup.exe" -l0x40c UNINSTALL
Galerie de photos Windows Live --> MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
Google Earth Pro --> MsiExec.exe /X{9578C0CD-8108-4379-9026-4601F59859A0}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
GTA Mobile VPN Client --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{389B10EB-C21E-4B3D-8052-F44DA38CDE4C}\Setup.exe" -l0x40c vpnuninst
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HomePlayer 1.5.6a --> C:\Program Files\HomePlayer\uninst.exe
Hospital Tycoon --> C:\Program Files\Codemasters\Hospital Tycoon\uninstall.exe
Imperium Romanum 1.01 --> C:\Program Files\Kalypso\Imperium Romanum\uninst.exe
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 12 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150120}
Java 2 Runtime Environment, SE v1.4.2_05 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LUMIX Simple Viewer --> C:\Program Files\InstallShield Installation Information\{2CDCCE7E-55D5-40CC-AEA0-ABA54713501F}\setup.exe -runfromtemp -l0x040c -removeonly
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007 --> MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007 --> "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007 --> MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007 --> MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007 --> MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007 --> MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007 --> MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007 --> MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007 --> MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007 --> MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007 --> MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007 --> MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007 --> MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007 --> MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007 --> MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007 --> MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Windows XP (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760) --> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762) --> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2) --> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376) --> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698) --> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748) --> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB932823-v3) --> "C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Mozilla Firefox (3.0.1) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML4 Parser --> MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
MySQL Connector/ODBC 3.51 --> MsiExec.exe /I{0CB3C535-1171-4A20-B549-E2CB5DEB9723}
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v2.1 --> "C:\Program Files\Eset\unins000.exe"
Panda ActiveScan 2.0 --> C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PartyPoker --> "C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
PDFCreator --> "C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_2718.exe" -hu _?=C:\Program Files\PDFCreator Toolbar
PDFCreator Toolbar --> "C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_2718.exe" _?=C:\Program Files\PDFCreator Toolbar
PHOTOfunSTUDIO -viewer- --> C:\Program Files\InstallShield Installation Information\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}\Setup.exe -runfromtemp -l0x040cPackage -removeonly
PKR --> "C:\Program Files\PKR\uninstall-pkr.exe"
Prison Tycoon 3 --> C:\WINDOWS\Prison Tycoon 3 Uninstaller.exe
ProtectDisc Driver, Version 11 --> C:\Program Files\ProtectDisc Driver Installer\uninstall_v11.exe
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" REMOVE
Rise of Nations --> "C:\Program Files\Microsoft Games\Rise of Nations\Uninstal.exe" /runtemp /uninstall
Rome - Total War(TM) --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}
SAMSUNG CDMA Modem Driver Set --> C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software --> C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly
Samsung PC Studio 3 USB Driver Installer --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly
Samsung Samples Installer --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -l0x40c -removeonly
ScanToWeb --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Seagate SeaTools English Online --> RunDll32.exe C:\WINDOWS\DOWNLO~1\NPSEAT~1.DLL,DllUninstallServer
Security Update for Excel 2007 (KB946974) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {85E83E2E-AF9B-439B-B4F9-EB9B7EF6A00E}
Security Update for Microsoft Office Publisher 2007 (KB950114) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office Word 2007 (KB950113) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Office 2007 (KB934062) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for Office 2007 (KB947801) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {02B5A17B-01BE-4BA6-95F1-1CBB46EBC76E}
Security Update for Outlook 2007 (KB946983) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Security Update for Visio 2007 (KB947590) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
SimCity 4 --> C:\Program Files\Maxis\SimCity 4\EAUninstall.exe
SimCity™ Societies --> MsiExec.exe /X{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}
SLD Codec Pack --> C:\Program Files\SLD Codec Pack\uninstall.exe
SnagIt 8 --> MsiExec.exe /I{DA0BF7AB-88EB-4675-8FA1-531EAD938821}
Sonic MyDVD --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Terminator --> "C:\Program Files\Spyware Terminator\unins000.exe"
THE SETTLERS - Bâtisseurs d'Empire --> "C:\Program Files\InstallShield Installation Information\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}\setup.exe" -runfromtemp -l0x040c -removeonly
TuneUp Utilities 2008 --> MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
uninstall Fast Food Tycoon --> C:\Fast Food Tycoon\AUTORUN.EXE
Update for Office 2007 (KB932080) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB934391) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB946691) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb953463) --> msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1B78D541-9FF1-4330-ADD8-CED14F0C1E8E}
Visual Task Tips 2.1 --> C:\Program Files\VisualTaskTips\uninst.exe
Votre Budget 2006 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{76246D41-471B-46DF-8904-AF3EA8954BA9}\Setup.exe" -l0x40c
Vuze --> C:\Program Files\Vuze\uninstall.exe
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail --> MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type28316 / Warning
Event Submitted/Written: 07/22/2008 10:53:47 AM
Event ID/Source: 32068 / Microsoft Fax
Event Description:
La règle de routage de trafic sortant n'est pas valide car elle ne peut pas trouver de périphérique valide. Les télécopies sortantes qui utilisent cette règle ne peuvent pas être acheminées. Vérifiez que le ou les périphériques concernés (en cas de routage vers un groupe de périphériques) sont connectés et installés correctement et allumés. En cas de routage vers un groupe, vérifiez que le groupe est configuré correctement.
Code de pays/région : '*'
Indicatif régional : '*'

Event Record #/Type28315 / Warning
Event Submitted/Written: 07/22/2008 10:53:47 AM
Event ID/Source: 32026 / Microsoft Fax
Event Description:
Le service de télécopie n'a pas pu initialiser de périphériques de télécopies attribués (virtuel ou TAPI).
Aucune télécopie ne peut être envoyée ou reçue tant qu'un périphérique de télécopies n'a pas été installé.

Event Record #/Type28311 / Warning
Event Submitted/Written: 07/22/2008 10:52:15 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows ne peut pas décharger vos classes fichier de Registre - il est en cours d'utilisation par d'autres applications ou services. Le fichier sera déchargé quand il ne sera plus utilisé.

Event Record #/Type28309 / Warning
Event Submitted/Written: 07/22/2008 10:51:56 AM
Event ID/Source: 1524 / Userenv
Event Description:
Windows ne peut pas décharger vos classes fichier de Registre - il est en cours d'utilisation par d'autres applications ou services. Le fichier sera déchargé quand il ne sera plus utilisé.

Event Record #/Type28306 / Error
Event Submitted/Written: 07/22/2008 10:41:50 AM
Event ID/Source: 1000 / Application Error
Event Description:
Application défaillante teatimer.exe, version 1.5.2.16, module défaillant teatimer.exe, version 1.5.2.16, adresse de défaillance 0x000042b2.
Traitement de l'événement propre au support pour [teatimer.exe!ws!]

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type26874 / Error
Event Submitted/Written: 07/22/2008 11:01:58 AM
Event ID/Source: 7016 / Service Control Manager
Event Description:
Le service SmartLinkService a signalé un état actuel 0 non valide.

Event Record #/Type26846 / Error
Event Submitted/Written: 07/22/2008 10:45:22 AM
Event ID/Source: 7016 / Service Control Manager
Event Description:
Le service SmartLinkService a signalé un état actuel 0 non valide.

Event Record #/Type26807 / Warning
Event Submitted/Written: 07/22/2008 01:22:59 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%04434422045727 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %04434422045727 can't undo changes that you allow.

For more information please see the following:
%044344220457275

Scan ID: {8AF81896-F904-42F6-BE35-5DF6D5C1D40B}

User: 044344220457\Jérémy

Name: %044344220457271

ID: %044344220457272

Severity: 1.1.1593.05

Category: 1.1.1593.06

Path Found: %044344220457276

Alert Type: %044344220457278

Detection Type: 1.1.1593.02

Event Record #/Type26806 / Error
Event Submitted/Written: 07/22/2008 01:20:55 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM a reçu l'erreur "%%1058" lors de la mise en route du service wuauserv avec les arguments ""
pour démarrer le serveur :
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type26779 / Warning
Event Submitted/Written: 07/21/2008 06:19:29 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.

-- End of Deckard's System Scanner: finished at 2008-07-22 12:05:57 ------------

Répondre à jey1975

ep44, le 22 jui 2008 à 12:28:45

Te sert tu de Viewpoint ? C’est généralement lorsque le disque dur plante qu’on se rend compte qu’on a oublié de le sauvegarder.

Répondre à ep44

jey1975, le 22 jui 2008 à 12:31:17

NON,

C'est quoi ?

Répondre à jey1975

ep44, le 22 jui 2008 à 12:42:46

Viewpoint est un shoot them up en 3D isométrique de Sammy, sorti en 1992 sur borne d'arcade, Neo-Geo, Megadrive et Playstation.

shoot them up =>Un shoot them up (aussi écrit shoot'em up ou contracté shmup, littéralement « descendez-les tous »[1]) est un type de jeu vidéo dérivé du jeu d'action dans lequel le joueur incarne un véhicule ou un personnage devant détruire un large nombre d'ennemis à l'aide d'armes de plus en plus puissantes au fur et à mesure des niveaux, tout en esquivant leurs projectiles pour rester en vie.
http://fr.wikipedia.org/wiki/Shoot_them_up

tu vas dans ajout et suppression de programmes et Programmes files et tu le supprime C’est généralement lorsque le disque dur plante qu’on se rend compte qu’on a oublié de le sauvegarder.

Répondre à ep44

jey1975, le 22 jui 2008 à 12:46:50

Ok c'est fait !!!

Répondre à jey1975

ep44, le 22 jui 2008 à 14:32:16

Très bien refais un rapport DSS et dit moi si tu as encore des soucis C’est généralement lorsque le disque dur plante qu’on se rend compte qu’on a oublié de le sauvegarder.

Répondre à ep44

jey1975, le 22 jui 2008 à 16:53:46

Ok j'ai refais le DSS et voici le rapport :

Deckard's System Scanner v20071014.68
Run by Jérémy on 2008-07-22 16:52:14
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Jérémy.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:52, on 22/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tgbstarter.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\calc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Jérémy\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\JRMY~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60076
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} (Seagate SeaTools English Online) - file:///C:/DRIVERS/snapsys/HDDDiag/bin/npseatools.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF94C322-26CD-4127-B6E4-DD7F982C484B}: NameServer = 212.27.54.252,212.27.53.252
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TgbIke Starter (TgbIKE Starter) - Sistech - C:\WINDOWS\system32\tgbstarter.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
End of file - 9243 bytes

-- Files created between 2008-06-22 and 2008-07-22 -----------------------------

2008-07-22 10:43:18 68096 --a----c- C:\WINDOWS\zip.exe
2008-07-22 10:43:18 49152 --a----c- C:\WINDOWS\VFind.exe
2008-07-22 10:43:18 161792 --a----c- C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-22 10:43:18 98816 --a----c- C:\WINDOWS\sed.exe
2008-07-22 10:43:18 80412 --a----c- C:\WINDOWS\grep.exe
2008-07-22 10:43:18 89504 --a----c- C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-22 10:43:17 212480 --a----c- C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-22 10:43:17 136704 --a----c- C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-22 10:23:21 0 d------c- C:\Program Files\Trend Micro
2008-07-22 02:34:26 0 d------c- C:\Program Files\Seagate
2008-07-21 21:26:05 0 d------c- C:\Fast Food Tycoon
2008-07-21 11:41:00 0 d------c- C:\Documents and Settings\Severine Lebrun\Application Data\Panasonic
2008-07-16 22:27:20 0 d------c- C:\Documents and Settings\Jérémy\Application Data\Panasonic
2008-07-16 22:26:37 495616 --a----c- C:\WINDOWS\system32\PICSDK2.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-07-16 22:26:37 73728 --a----c- C:\WINDOWS\system32\PICSDK.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-07-16 22:26:37 77824 --a----c- C:\WINDOWS\system32\PICEntry.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-07-16 22:26:37 114688 --a----c- C:\WINDOWS\system32\EpPicPrt.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-07-16 22:26:37 111932 --a----c- C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-07-16 22:26:37 1139 --a----c- C:\WINDOWS\system32\EPPICPresetData_PT.dat
2008-07-16 22:26:37 1120 --a----c- C:\WINDOWS\system32\EPPICPresetData_IT.dat
2008-07-16 22:26:37 1107 --a----c- C:\WINDOWS\system32\EPPICPresetData_GE.dat
2008-07-16 22:26:37 1129 --a----c- C:\WINDOWS\system32\EPPICPresetData_FR.dat
2008-07-16 22:26:37 1136 --a----c- C:\WINDOWS\system32\EPPICPresetData_ES.dat
2008-07-16 22:26:37 1104 --a----c- C:\WINDOWS\system32\EPPICPresetData_EN.dat
2008-07-16 22:26:37 1146 --a----c- C:\WINDOWS\system32\EPPICPresetData_DU.dat
2008-07-16 22:26:37 1129 --a----c- C:\WINDOWS\system32\EPPICPresetData_CF.dat
2008-07-16 22:26:37 1139 --a----c- C:\WINDOWS\system32\EPPICPresetData_BP.dat
2008-07-16 22:26:37 4943 --a----c- C:\WINDOWS\system32\EPPICPattern6.dat
2008-07-16 22:26:37 21390 --a----c- C:\WINDOWS\system32\EPPICPattern5.dat
2008-07-16 22:26:37 11811 --a----c- C:\WINDOWS\system32\EPPICPattern4.dat
2008-07-16 22:26:37 24903 --a----c- C:\WINDOWS\system32\EPPICPattern3.dat
2008-07-16 22:26:37 20148 --a----c- C:\WINDOWS\system32\EPPICPattern2.dat
2008-07-16 22:26:37 31053 --a----c- C:\WINDOWS\system32\EPPICPattern131.dat
2008-07-16 22:26:37 27417 --a----c- C:\WINDOWS\system32\EPPICPattern121.dat
2008-07-16 22:26:37 26154 --a----c- C:\WINDOWS\system32\EPPICPattern1.dat
2008-07-16 22:26:37 65536 --a----c- C:\WINDOWS\system32\EPPicMgr.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON PIC SDK>
2008-07-16 22:26:16 45056 --a----c- C:\WINDOWS\system32\PhDi2.sys <Not Verified; Matsushita Electric Industrial Co., Ltd.; PHOTOfunSTUDIO version 0.99J>
2008-07-16 22:26:12 0 d------c- C:\Program Files\Panasonic
2008-07-12 09:46:32 0 d------c- C:\spoolerlogs
2008-07-11 23:28:37 0 d------c- C:\Program Files\MatroskaProp
2008-07-11 23:16:42 0 d------c- C:\Documents and Settings\Jérémy\Application Data\ItsLabel
2008-07-11 23:05:26 0 d------c- C:\Documents and Settings\Jérémy\Application Data\EoRezo
2008-07-11 23:05:18 0 d------c- C:\Program Files\EoRezo
2008-07-11 17:14:20 0 d------c- C:\Documents and Settings\All Users\Application Data\Azureus
2008-07-01 18:09:39 0 d------c- C:\Documents and Settings\Severine Lebrun\Application Data\EPSON
2008-06-27 23:10:40 0 d------c- C:\Program Files\Vuze

-- Find3M Report ---------------------------------------------------------------

2008-07-22 11:03:09 0 d------c- C:\Documents and Settings\Jérémy\Application Data\Spyware Terminator
2008-07-22 07:48:50 0 d------c- C:\Program Files\Spyware Terminator
2008-07-21 21:25:01 0 d------c- C:\Documents and Settings\Jérémy\Application Data\Azureus
2008-07-16 22:31:52 0 d--h---c- C:\Program Files\InstallShield Installation Information
2008-07-11 23:15:46 0 d------c- C:\Program Files\SLD Codec Pack
2008-07-04 22:27:00 0 d------c- C:\Program Files\Azureus
2008-06-27 23:03:45 0 d------c- C:\Documents and Settings\Jérémy\Application Data\Mozilla
2008-05-24 10:53:14 0 d------c- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-24 10:53:11 0 d------c- C:\Program Files\Lavasoft
2008-05-24 10:50:46 0 d------c- C:\Program Files\1503 AD
2008-05-24 10:42:39 0 d------c- C:\Program Files\PartyGaming
2008-05-24 10:39:51 0 d------c- C:\Program Files\HomePlayer
2008-04-27 17:00:35 1049527 --a----c- C:\WINDOWS\Prison Tycoon 3 Uninstaller.exe
2008-04-25 23:28:24 1847 --a----c- C:\WINDOWS\mozver.dat

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [17/05/2008 08:43]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 12:34]
"VisualTaskTips"="C:\Program Files\VisualTaskTips\VisualTaskTips.exe" [31/07/2006 13:33]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [05/08/2004 15:00]
"TuneUp MemOptimizer"="C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" [29/02/2008 15:24]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [06/09/2007 15:08]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [05/02/2007 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jérémy^Menu Démarrer^Programmes^Démarrage^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Jérémy\Menu Démarrer\Programmes\Démarrage\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jérémy^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
path=C:\Documents and Settings\Jérémy\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
backup=C:\WINDOWS\pss\RocketDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jérémy^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
path=C:\Documents and Settings\Jérémy\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jérémy^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
path=C:\Documents and Settings\Jérémy\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jérémy^Menu Démarrer^Programmes^Démarrage^Y'z Toolbar.lnk]
path=C:\Documents and Settings\Jérémy\Menu Démarrer\Programmes\Démarrage\Y'z Toolbar.lnk
backup=C:\WINDOWS\pss\Y'z Toolbar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{edde51ce-daec-11db-bd99-000feac077ed}]
AutoRun\command- L:\autorun.exe

*Newly Created Service* - KPROCCHECK

-- End of Deckard's System Scanner: finished at 2008-07-22 16:52:46 ------------

Répondre à jey1975

ep44, le 22 jui 2008 à 17:38:23

Ok ça semble bon

as tu encore des soucis ? C’est généralement lorsque le disque dur plante qu’on se rend compte qu’on a oublié de le sauvegarder.

Répondre à ep44

26 réponses 12 Suivant

Posez votre question Répondre