Sujet Précédent Sujet Suivant

Virus msn

Résolu/Fermé
arnaudtr Messages postés 1 Date d'inscription mercredi 9 avril 2008 Statut Membre Dernière intervention 9 avril 2008 - 9 avril 2008 à 23:29
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 - 19 avril 2008 à 11:36
Bonjour,
j'envoi des phrases a mes contactes msn en gros il y "tof" dans la phrase du style tu es tres joli sur cette tof. en plus j'ai recu un lien sur lequel j'ai malencontreusement cliqué.
J'ai lu sur dif forum que l'on pouvez le suprimer aves msnfix hors qunad je clis sur msnfix une fenetre dos s'ouvre et se ferme rapidement et malgresune désinstallation et une reinstallation et aussi un scan anti virus j'envoi toujour des phrases
Pouvez vous m'aider merci
je suis sous xp pro avec antivir
A voir également:

16 réponses

Réponse 1 / 16
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
9 avril 2008 à 23:34
Bonsoir

si msnfix ne marche pas on passe à sdfix

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec

------
= Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
-------

= Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
= Appuie sur Y pour commencer le processus de nettoyage.
= Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
= Appuie sur une touche pour redémarrer le PC.
= Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
= Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
= Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
= Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
= Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse

ensuite

Télécharge sur le bureau

ftp://ftp.commentcamarche.com/download/HJTInstall.exe

= Double-clic dessus pour l'installer
= Clic Do a system scan and save the log
=coller le rapport
si problème voir l'aide
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

@+
0
arnaudtr
10 avril 2008 à 16:52
Salut et merci mais ca a pas marché
sdfix se lance en mode sans echec une fenetre s'ouvre je tape y et entrer mais au bout d1 min la fenetre se ferme et rien, j'ai laissé 15min avand de redemarrer manuellement donc pas de fenetre au redemarrage?????
0
Réponse 2 / 16
fredo.salon Messages postés 31 Date d'inscription lundi 7 avril 2008 Statut Membre Dernière intervention 12 avril 2008 1
9 avril 2008 à 23:35
slt tu as choper un virus sur ton pc. si tu a hisjackthis fait un scan et met le raport ici
0
arnaudtr
10 avril 2008 à 16:56
Salut et merci

scan hitjack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:56:43, on 10/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\SAgent4.exe
C:\Program Files\OpiStat\OpiStat\OpiStat.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Eurobarre\eb.exe
C:\Program Files\GIGABYTE\VGA Utility Manager\Utility.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shop.symantecstore.com/servlet/PromoServlet/promoID.2397700
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo RX620 Series sur ALEXIA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P47 "Auto EPSON Stylus Photo RX620 Series sur ALEXIA" /O20 "\\ALEXIA\Imprimante2" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OpiStat] C:\Program Files\OpiStat\OpiStat\OpiStat.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\%%%.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O4 - Startup: GIGABYTE VGA Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5554A026-7282-4C11-A8F1-652D0599CD02} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/fr.nielsennetpanel.com/download/OpiStat_preinstaller_activex_fr_4.60.63.0_MEGAPANEL_EUROPE_SILENT.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8B0C8CF4-17F3-42D5-8D62-95F2E8339C26} (ftc_dm1 Control) - http://symantec.softmall.com.tw/ftcdm/ftcdm.cab
O16 - DPF: {9B14B03A-B482-45C3-BE37-5B7CAA8B0B5D} (QBH Control) - http://hsearch.nayio.com/download/QBH.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
0
Réponse 3 / 16
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
10 avril 2008 à 19:16
Bonjour ton rapport montre bien l'infection

il faut faire sdfix comme indiqué sur ma première réponse au poste 1
@+
0
arnaudtr
11 avril 2008 à 08:01
Salut et merci mais ca n'a pas marché
sdfix se lance en mode sans echec une fenetre s'ouvre je tape y et entrer mais au bout d1 min la fenetre se ferme et rien, j'ai laissé 15min avant de redemarrer manuellement donc pas de fenetre au redemarrage?????
0
Réponse 4 / 16
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
11 avril 2008 à 15:45
Bonjour refais hijack stp
@+
0
arnaudtr
11 avril 2008 à 23:09
salut merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:10:31, on 11/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\OpiStat\OpiStat\OpiStat.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
K:\Azureus\Azureus.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Eurobarre\eb.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shop.symantecstore.com/servlet/PromoServlet/promoID.2397700
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo RX620 Series sur ALEXIA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P47 "Auto EPSON Stylus Photo RX620 Series sur ALEXIA" /O20 "\\ALEXIA\Imprimante2" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OpiStat] C:\Program Files\OpiStat\OpiStat\OpiStat.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\%%%.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O4 - Startup: GIGABYTE VGA Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5554A026-7282-4C11-A8F1-652D0599CD02} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/fr.nielsennetpanel.com/download/OpiStat_preinstaller_activex_fr_4.60.63.0_MEGAPANEL_EUROPE_SILENT.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8B0C8CF4-17F3-42D5-8D62-95F2E8339C26} (ftc_dm1 Control) - http://symantec.softmall.com.tw/ftcdm/ftcdm.cab
O16 - DPF: {9B14B03A-B482-45C3-BE37-5B7CAA8B0B5D} (QBH Control) - http://hsearch.nayio.com/download/QBH.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 16
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
11 avril 2008 à 23:28
on essaye autrement

Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
clic double sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.

C:\WINDOWS\system32\%%%.exe

clique sur MoveIt! pour lancer la suppression.
le résultat apparaîtra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\\\_OTMoveIt\MovedFiles.

il te sera peut-être demandé de redémarrer le pc pour achever la suppression.



0
arnaudtr
12 avril 2008 à 12:11
Résultat

< C:\WINDOWS\system32\%%%.exe >
File move failed. C:\WINDOWS\system32\%%%.exe scheduled to be moved on reboot.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04122008_120304

Files moved on Reboot...
File move failed. C:\WINDOWS\system32\%%%.exe scheduled to be moved on reboot.
0
Réponse 6 / 16
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
12 avril 2008 à 14:09
Refais in nouveau hijack stp,
@+
0
arnaudtr
12 avril 2008 à 22:27
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:28:52, on 12/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\OpiStat\OpiStat\OpiStat.exe
C:\WINDOWS\system32\SAgent4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Eurobarre\eb.exe
C:\Program Files\GIGABYTE\VGA Utility Manager\Utility.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neufportail.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shop.symantecstore.com/servlet/PromoServlet/promoID.2397700
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%%%.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo RX620 Series sur ALEXIA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P47 "Auto EPSON Stylus Photo RX620 Series sur ALEXIA" /O20 "\\ALEXIA\Imprimante2" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [OpiStat] C:\Program Files\OpiStat\OpiStat\OpiStat.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\%%%.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O4 - Startup: GIGABYTE VGA Utility.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {5554A026-7282-4C11-A8F1-652D0599CD02} (NMInstall Control) - http://a14.g.akamai.net/f/14/7141/1d/fr.nielsennetpanel.com/download/OpiStat_preinstaller_activex_fr_4.60.63.0_MEGAPANEL_EUROPE_SILENT.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8B0C8CF4-17F3-42D5-8D62-95F2E8339C26} (ftc_dm1 Control) - http://symantec.softmall.com.tw/ftcdm/ftcdm.cab
O16 - DPF: {9B14B03A-B482-45C3-BE37-5B7CAA8B0B5D} (QBH Control) - http://hsearch.nayio.com/download/QBH.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\SAgent4.exe
0
Réponse 7 / 16
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
12 avril 2008 à 22:50
Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau


Double clique sur le OAD pour le lancer

- nom de fichier à rechercher tape ou fais un copier coller de : %%%.exe

- Type de recherche : sélectionne l'option 6 puis valide [entree]

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.
0
Réponse 8 / 16
arnaudtr
12 avril 2008 à 23:17
une fenetre dos s'ouvre et se ferme rapidement je peut donc rien faire.
0
Réponse 9 / 16
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
12 avril 2008 à 23:37
as tu réssayé de passer sdfix ?
0
Réponse 10 / 16
arnaudtr
13 avril 2008 à 08:32
oui
ca me gonfle je crois que je vais formater.......
0
Réponse 11 / 16
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
13 avril 2008 à 09:59
Salut

essaye d'être patient on va bien finir par y arriver

on va essayer avec MSNfix

Télécharge sur le bureau
http://sosvirus.changelog.fr/MSNFix.zip
= Clic-Droit sur MSNFix.zip
= Extraire ici ( ou extraire sans confirmation ou tout ou unzip)
= Double-Clic sur le dossier MSNfix qui vient de se créer
= Double-Clic MSNfix ==> Symbole roue dentée
= Choisir R
= Choisir ensuite N ( si infection)
= Enregistre le rapport
redémarre le PC et relancer MSN tu sauras ainsi si tout est supprimé

@+
0
arnaudtr
13 avril 2008 à 13:34
Merci de ta patience
msnfix ne fonctionne pas je l'ai expliqué dans mon 1er poste
0
Réponse 12 / 16
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
13 avril 2008 à 14:13
oui c'est vrai

je ne suis pas remonter voir
bon rien ne marche !!

on essaye autrement
quel est ton antivirus ?
j'aimerai que tu installe antivir
https://www.malekal.com/avira-free-security-antivirus-gratuit/

et que tu l'installe une fois l'ancien supprimer
ensuite rend toi en mode sans echec et fait un scan et poste le rapport
@+
0
arnaudtr
13 avril 2008 à 18:26
antivir detecte plusieur fois TR/Crypt.ULPM.gen



AntiVir PersonalEdition Classic
Report file date: dimanche 13 avril 2008 16:08

Scanning for 1198942 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Steph & Nono
Computer name: ARNAUD

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:16:53
ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 13:16:53
ANTIVIR3.VDF : 7.0.3.158 61952 Bytes 11/04/2008 13:16:53
AVEWIN32.DLL : 7.6.0.85 3461632 Bytes 13/04/2008 13:16:53
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 13/04/2008 13:16:53
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: K:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 13 avril 2008 16:08

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!
Boot sector 'G:\'
[NOTE] No virus was found!
Boot sector 'H:\'
[NOTE] No virus was found!
Boot sector 'K:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '46' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Steph & Nono\Local Settings\Temporary Internet Files\Content.IE5\F6UE2JMW\wv[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '485d2845.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Divers>
Begin scan in 'E:\' <Basse>
Begin scan in 'F:\' <Videos>
Begin scan in 'G:\' <Xbox>
Begin scan in 'H:\' <PSP>
Begin scan in 'K:\' <Emule>


End of the scan: dimanche 13 avril 2008 18:12
Used time: 2:03:53 min

The scan has been done completely.

7446 Scanning directories
267525 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
267524 Files not concerned
1342 Archives were scanned
2 Warnings
191 Notes
0
Réponse 13 / 16
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
13 avril 2008 à 19:12
Télécharge DiagHelp.zip sur ton bureau http://www.malekal.com/download/DiagHelp.zip
==> Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
==> Un nouveau dossier chercher va être créé DiagHelp
==> Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
==> Une fenêtre va s'ouvrir, choisis l'option 1
==> L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
==> Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
==> Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
==> A nouveau menu Edition / copier
==> Dans un nouveau message ici, faire un clic droit / coller
@+
0
Réponse 14 / 16
arnaudtr
13 avril 2008 à 23:14
voila la suite lol


DiagHelp version v1.4 - http://www.malekal.com
excute le 13/04/2008 à 23:08:19,90


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-1776D62E.pf -->13/04/2008 23:08:15
C:\WINDOWS\prefetch\CMD.EXE-1DC04744.pf -->13/04/2008 23:07:37
C:\WINDOWS\prefetch\WINRAR.EXE-35987FBC.pf -->13/04/2008 23:07:16
C:\WINDOWS\prefetch\AZUREUS.EXE-2A10F6D2.pf -->13/04/2008 22:59:54
C:\WINDOWS\prefetch\WLLOGINPROXY.EXE-188141C4.pf -->13/04/2008 22:57:58
C:\WINDOWS\prefetch\IEXPLORE.EXE-1A014120.pf -->13/04/2008 22:57:47
C:\WINDOWS\prefetch\VERCLSID.EXE-17B895EC.pf -->13/04/2008 22:57:22
C:\WINDOWS\prefetch\Layout.ini -->13/04/2008 21:33:36
C:\WINDOWS\prefetch\WMIPRVSE.EXE-07690A2C.pf -->13/04/2008 21:18:15
C:\WINDOWS\prefetch\WUAUCLT.EXE-121CB143.pf -->13/04/2008 21:18:13

C:\WINDOWS\System32\drivers\avipbb.sys -->13/04/2008 15:16:53
C:\WINDOWS\System32\drivers\sptd.sys -->06/03/2008 09:39:48
C:\WINDOWS\System32\drivers\imagesrv.sys -->18/02/2008 17:21:08
C:\WINDOWS\System32\drivers\imagedrv.sys -->18/02/2008 17:21:08
C:\WINDOWS\System32\drivers\atksgt.sys -->15/01/2008 15:01:34
C:\WINDOWS\System32\drivers\lirsgt.sys -->15/01/2008 15:01:33
C:\WINDOWS\System32\drivers\PnkBstrK.sys -->13/01/2008 21:36:50

C:\WINDOWS\System32\FNTCACHE.DAT -->13/04/2008 21:16:42
C:\WINDOWS\System32\wpa.dbl -->13/04/2008 20:42:41
C:\WINDOWS\System32\package.lst -->12/04/2008 21:41:20
C:\WINDOWS\System32\PerfStringBackup.INI -->12/04/2008 03:02:33
C:\WINDOWS\System32\perfh00C.dat -->12/04/2008 03:02:33
C:\WINDOWS\System32\perfh009.dat -->12/04/2008 03:02:33
C:\WINDOWS\System32\perfc00C.dat -->12/04/2008 03:02:33
C:\WINDOWS\System32\perfc009.dat -->12/04/2008 03:02:33
C:\WINDOWS\System32\CONFIG.NT -->08/04/2008 11:15:30
C:\WINDOWS\System32\real.txt -->08/04/2008 10:20:09
C:\WINDOWS\System32\MRT.exe -->06/04/2008 07:56:20
C:\WINDOWS\System32\WgaTray.exe -->30/03/2008 09:06:21
C:\WINDOWS\System32\WgaLogon.dll -->30/03/2008 09:06:03
C:\WINDOWS\System32\LegitCheckControl.dll -->30/03/2008 09:05:45
C:\WINDOWS\System32\legitcheckcontrol.dll.bak -->20/03/2008 18:06:36
C:\WINDOWS\System32\win32k.sys -->20/03/2008 09:56:50
C:\WINDOWS\System32\MsiExec.exe.log -->13/03/2008 17:03:52
C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log -->08/03/2008 08:55:53
C:\WINDOWS\System32\SETF3.tmp -->01/03/2008 18:28:10
C:\WINDOWS\System32\SET5B.tmp -->01/03/2008 18:28:10
C:\WINDOWS\System32\SET40.tmp -->01/03/2008 18:28:10
C:\WINDOWS\System32\SET3C.tmp -->01/03/2008 18:28:10
C:\WINDOWS\System32\SET28.tmp -->01/03/2008 18:28:10
C:\WINDOWS\System32\SET148.tmp -->01/03/2008 18:28:10
C:\WINDOWS\System32\mshtml.dll -->01/03/2008 18:28:10

C:\WINDOWS\WindowsUpdate.log -->13/04/2008 21:18:22
C:\WINDOWS\0.log -->13/04/2008 21:17:22
C:\WINDOWS\wiadebug.log -->13/04/2008 21:17:13
C:\WINDOWS\wiaservc.log -->13/04/2008 21:17:12
C:\WINDOWS\bootstat.dat -->13/04/2008 21:16:46
C:\WINDOWS\SchedLgU.Txt -->13/04/2008 21:15:36
C:\WINDOWS\updspapi.log -->13/04/2008 20:55:51
C:\WINDOWS\KB948590.log -->13/04/2008 20:55:51
C:\WINDOWS\KB947864-IE7.log -->13/04/2008 20:55:44
C:\WINDOWS\KB945553.log -->13/04/2008 20:54:17
C:\WINDOWS\NeroDigital.ini -->13/04/2008 20:39:34
C:\WINDOWS\ntbtlog.txt -->13/04/2008 17:34:06
C:\WINDOWS\setupapi.log -->13/04/2008 16:01:10
C:\WINDOWS\nsreg.dat -->12/04/2008 22:32:24
C:\WINDOWS\wmsetup.log -->12/04/2008 11:04:22

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 256
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x44080000 0xd0000 7.00.6000.16640 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16640 C:\WINDOWS\system32\iertutil.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x44360000 0x5cd000 7.00.6000.16640 C:\WINDOWS\system32\ieframe.dll
0x442b0000 0x3c000 7.00.6000.16640 C:\WINDOWS\system32\webcheck.dll
0x44160000 0x127000 7.00.6000.16640 C:\WINDOWS\system32\urlmon.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x10000000 0xe000 C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x00db0000 0x74000 4.60.0063.0000 C:\WINDOWS\system32\NMTracer.dll
0x00e40000 0x42000 4.60.0063.0000 C:\Program Files\OpiStat\OpiStat\nmobsvr.dll
0x10100000 0x16000 C:\Program Files\Logitech\SetPoint\lgscroll.dll
0x00f40000 0x40000 3.05.0001.0000 C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll
0x782e0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL
0x78130000 0x9b000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll
0x7c420000 0x87000 8.00.50727.1433 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCP80.dll
0x5d360000 0xf000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80FRA.DLL
0x01150000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x00cf0000 0x11000 7.00.0000.0010 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL
0x01990000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll
0x00d20000 0x8000 1.00.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
0x03520000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
0x15110000 0x25a000 11.00.5721.5145 C:\WINDOWS\system32\wmvcore.dll
0x11c70000 0x3a000 11.00.5721.5238 C:\WINDOWS\system32\WMASF.DLL
0x0bef0000 0x37000 11.00.5721.5145 C:\WINDOWS\system32\MFPlat.DLL
0x58640000 0x8a000 1.09.0000.0305 C:\WINDOWS\system32\l3codeca.acm
0x03d80000 0x202000 3.03.0001.0001 C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
0x781d0000 0x10f000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL
0x74da0000 0x6c000 5.30.0023.1228 C:\WINDOWS\system32\RICHED20.dll
0x03a00000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 740
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\SYSTEM32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\SYSTEM32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\SYSTEM32\odbcint.dll
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\SYSTEM32\COMRes.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\SYSTEM32\CLBCATQ.DLL
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll


Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B09A-3FE0

Répertoire de C:\WINDOWS\system32

19/08/2004 16:09 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 53 204 234 240 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B09A-3FE0

Répertoire de C:\WINDOWS\Downloaded Program Files

13/04/2008 16:01 <REP> .
13/04/2008 16:01 <REP> ..
02/07/2007 15:44 941 688 asquared.ocx
27/02/2008 15:59 290 816 auc_lib.dll
07/12/2004 18:07 32 bdcore.dll
25/05/2006 02:21 118 784 bdupd.dll
27/02/2008 15:59 541 ca.pub
27/02/2008 15:59 495 616 daas_s.dll
17/09/2007 00:04 65 desktop.ini
25/07/2002 12:13 24 576 dwusplay.dll
25/07/2002 12:13 196 608 dwusplay.exe
15/06/2006 19:33 1 132 192 EPUWALcontrol.dll
13/06/2006 12:58 782 flashax.inf
27/02/2008 16:00 262 144 fscax.dll
27/02/2008 15:59 614 fscax.inf
04/05/2007 16:20 301 ftcdm.inf
11/05/2007 14:54 405 504 ftc_dm1.ocx
27/02/2008 15:59 588 392 gatelauncher.exe
16/05/2007 08:22 399 gp.inf
16/05/2007 08:22 166 512 gp.ocx
04/03/2008 13:40 1 570 hardwaredetection.inf
12/04/2008 22:53 5 978 install.log
25/05/2006 02:21 53 248 ipsupd.dll
11/08/2005 10:30 417 792 isusweb.dll
12/07/2007 04:22 1 055 jinstall-6u2.inf
08/08/2006 11:45 576 kavwebscan.inf
16/03/2005 13:34 7 407 lang.ini
20/03/2008 15:10 367 LegitCheckControl.inf
07/12/2004 18:07 32 libfn.dll
14/03/2005 15:38 126 live.ini
20/01/2000 15:25 1 162 Microsoft XML Parser for Java.osd
20/08/2004 18:27 135 233 NayioPitchDll.dll
11/01/2006 01:09 370 nminstall.inf
29/10/2007 17:45 1 244 oscan8.inf
25/10/2007 17:54 471 040 oscan8.ocx
24/12/2006 09:51 1 939 qbh.inf
24/12/2006 09:51 532 551 QBH.ocx
14/03/2005 15:58 7 073 scanoptions.tsi
02/04/2007 17:28 185 SETUP.INF
11/06/2007 12:21 5 021 swflash.inf
12/04/2008 22:53 38 428 unagiuninst.exe
30/07/2007 19:24 293 wuweb.inf
40 fichier(s) 6 308 256 octets

Total des fichiers listés :
40 fichier(s) 6 308 256 octets
2 Rép(s) 53 204 234 240 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"="C:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio"
"C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"="C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program"
"C:\\Program Files\\Jeux\\Atari\\Neverwinter Nights 2\\nwn2main.exe"="C:\\Program Files\\Jeux\\Atari\\Neverwinter Nights 2\\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\\Program Files\\Jeux\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"="C:\\Program Files\\Jeux\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\\Program Files\\Jeux\\Atari\\Neverwinter Nights 2\\nwupdate.exe"="C:\\Program Files\\Jeux\\Atari\\Neverwinter Nights 2\\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\\Program Files\\Jeux\\Atari\\Neverwinter Nights 2\\nwn2server.exe"="C:\\Program Files\\Jeux\\Atari\\Neverwinter Nights 2\\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"C:\\Program Files\\Xfire\\Xfire.exe"="C:\\Program Files\\Xfire\\Xfire.exe:*:Enabled:Xfire"
"E:\\eMule\\emule.exe"="E:\\eMule\\emule.exe:*:Enabled:eMule"
"E:\\Azureus\\Azureus.exe"="E:\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"K:\\eMule\\emule.exe"="K:\\eMule\\emule.exe:*:Enabled:eMule"
"K:\\Azureus\\Azureus.exe"="K:\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\Jeux\\Codemasters\\DiRT\\DiRT.exe"="C:\\Program Files\\Jeux\\Codemasters\\DiRT\\DiRT.exe:*:Enabled:DiRT Executable"
"C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe"="C:\\Program Files\\Fichiers communs\\Ahead\\Nero Web\\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"="C:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe:*:Enabled:CyberLink PowerDirector"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Jeux\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"="C:\\Program Files\\Jeux\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
"C:\\Program Files\\BT Softphone 2\\BTSoftphone2.exe"="C:\\Program Files\\BT Softphone 2\\BTSoftphone2.exe:*:Enabled:BTSoftphone2"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Enabled:RealPlayer"
"C:\\WINDOWS\\system32\\%%%.exe"="C:\\WINDOWS\\system32\\%%%.exe:*:Enabled:Flash Media"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"



exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-13 23:08:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:2a,6f,1d,96,af,be,1c,c0,c8,d2,3c,a8,19,32,d6,6f,fd,8f,9c,99,3d,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:28,96,34,ba,01,e3,2f,c3,0e,1d,e6,ee,b1,f9,1b,9f,04,2e,8e,40,c9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7d,2f,2a,f4,9a,48,c9,2d,45,77,9c,c4,2b,0b,21,d3,83,..
"khjeh"=hex:50,9d,41,97,f9,13,9c,c7,97,9b,76,5f,08,90,14,99,fe,fa,d9,2d,fb,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:34,0b,f6,c6,ef,78,b9,e7,52,92,91,33,7c,2e,0b,64,50,62,a5,b5,32,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000000
"ujdew"=hex:2a,6f,1d,96,af,be,1c,c0,c8,d2,3c,a8,19,32,d6,6f,fd,8f,9c,99,3d,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000001
"khjeh"=hex:28,96,34,ba,01,e3,2f,c3,0e,1d,e6,ee,b1,f9,1b,9f,04,2e,8e,40,c9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,7d,2f,2a,f4,9a,48,c9,2d,45,77,9c,c4,2b,0b,21,d3,83,..
"khjeh"=hex:50,9d,41,97,f9,13,9c,c7,97,9b,76,5f,08,90,14,99,fe,fa,d9,2d,fb,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:34,0b,f6,c6,ef,78,b9,e7,52,92,91,33,7c,2e,0b,64,50,62,a5,b5,32,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
256 - explorer.exe
496 - sched.exe
520 - avgnt.exe
716 - csrss.exe
740 - winlogon.exe
760 - ctfmon.exe
784 - services.exe
796 - lsass.exe
952 - svchost.exe
1024 - msnmsgr.exe
1040 - svchost.exe
1152 - svchost.exe
1216 - daemon.exe
1224 - AiNap.exe
1248 - svchost.exe
1320 - nvsvc32.exe
1484 - RichVideo.exe
1548 - spoolsv.exe
1604 - avguard.exe
1668 - SAgent4.exe
1752 - svchost.exe
1912 - OpiStat.exe
1924 - RTHDCPL.exe
2124 - LogitechDesktop
2156 - eb.exe
2196 - alg.exe
2268 - Utility.exe
2376 - iexplore.exe
3060 - usnsvc.exe
3740 - cmd.exe

Total number of processes = 31
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806E2000 - \WINDOWS\system32\hal.dll
BADA8000 - \WINDOWS\system32\KDCOM.DLL
BACB8000 - \WINDOWS\system32\BOOTVID.dll
BA6AA000 - spmf.sys
BADAA000 - \WINDOWS\System32\Drivers\WMILIB.SYS
BA692000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
BA663000 - ACPI.sys
BA652000 - pci.sys
BA8A8000 - isapnp.sys
BAE70000 - pciide.sys
BAB28000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
BA8B8000 - MountMgr.sys
BA633000 - ftdisk.sys
BADAC000 - dmload.sys
BA60D000 - dmio.sys
BAB30000 - PartMgr.sys
BA8C8000 - VolSnap.sys
BA5F5000 - atapi.sys
BA5C2000 - mv61xx.sys
BA8D8000 - disk.sys
BA8E8000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
BA5A2000 - fltMgr.sys
BA590000 - sr.sys
BA8F8000 - PxHelp20.sys
BA579000 - KSecDD.sys
BA4EC000 - Ntfs.sys
BA4BF000 - NDIS.sys
BA4A4000 - Mup.sys
BA958000 - \SystemRoot\system32\DRIVERS\intelppm.sys
B9DDE000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys
B9DCA000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
BABA8000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
B9DA7000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
BABB0000 - \SystemRoot\system32\DRIVERS\usbehci.sys
B9D82000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys
BA968000 - \SystemRoot\system32\DRIVERS\atl01_xp.sys
BA978000 - \SystemRoot\system32\drivers\wf2kvcap.sys
BA988000 - \SystemRoot\system32\drivers\STREAM.SYS
B9D5F000 - \SystemRoot\system32\drivers\ks.sys
BADB8000 - \SystemRoot\system32\DRIVERS\ASACPI.sys
B9D4E000 - \SystemRoot\system32\DRIVERS\serial.sys
BAD5C000 - \SystemRoot\system32\DRIVERS\serenum.sys
BA998000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
BAD64000 - \SystemRoot\system32\DRIVERS\L8042Kbd.sys
BABC8000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
BA9A8000 - \SystemRoot\system32\DRIVERS\imapi.sys
BA9B8000 - \SystemRoot\system32\DRIVERS\cdrom.sys
BA9C8000 - \SystemRoot\system32\DRIVERS\redbook.sys
B9CE9000 - \SystemRoot\System32\Drivers\a00nmqzp.SYS
BAF85000 - \SystemRoot\system32\DRIVERS\audstub.sys
BA9D8000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
BA47C000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
B9CD2000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
BA9E8000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
BA9F8000 - \SystemRoot\system32\DRIVERS\raspptp.sys
BAC40000 - \SystemRoot\system32\DRIVERS\TDI.SYS
B9BF9000 - \SystemRoot\system32\DRIVERS\psched.sys
BAA08000 - \SystemRoot\system32\DRIVERS\msgpc.sys
BAC50000 - \SystemRoot\system32\DRIVERS\ptilink.sys
BAC60000 - \SystemRoot\system32\DRIVERS\raspti.sys
B9BC8000 - \SystemRoot\system32\DRIVERS\rdpdr.sys
BAA18000 - \SystemRoot\system32\DRIVERS\termdd.sys
BAC70000 - \SystemRoot\system32\DRIVERS\mouclass.sys
BADC8000 - \SystemRoot\system32\DRIVERS\swenum.sys
B9B6F000 - \SystemRoot\system32\DRIVERS\update.sys
BAD44000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
BAD50000 - \SystemRoot\system32\drivers\WmBEnum.sys
BAA28000 - \SystemRoot\system32\drivers\WmXlCore.sys
BAA38000 - \SystemRoot\System32\Drivers\NDProxy.SYS
BAA58000 - \SystemRoot\system32\DRIVERS\usbhub.sys
BADD2000 - \SystemRoot\system32\DRIVERS\USBD.SYS
B65F3000 - \SystemRoot\system32\drivers\RtkHDAud.sys
B65D1000 - \SystemRoot\system32\drivers\portcls.sys
BAA68000 - \SystemRoot\system32\drivers\drmk.sys
BAC98000 - \SystemRoot\system32\drivers\wf2ktunr.sys
B9CAA000 - \SystemRoot\system32\drivers\wf2kxbar.sys
BADDE000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
BAFF7000 - \SystemRoot\System32\Drivers\Null.SYS
BADE2000 - \SystemRoot\System32\Drivers\Beep.SYS
BAB40000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
BAB48000 - \SystemRoot\System32\drivers\vga.sys
BADE8000 - \SystemRoot\System32\Drivers\mnmdd.SYS
BADEC000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
BAB88000 - \SystemRoot\System32\Drivers\Msfs.SYS
BAB98000 - \SystemRoot\System32\Drivers\Npfs.SYS
B9B67000 - \SystemRoot\system32\DRIVERS\rasacd.sys
B650E000 - \SystemRoot\system32\DRIVERS\ipsec.sys
B64B5000 - \SystemRoot\system32\DRIVERS\tcpip.sys
B6465000 - \SystemRoot\system32\DRIVERS\netbt.sys
B6444000 - \SystemRoot\system32\DRIVERS\ipnat.sys
B9B4F000 - \SystemRoot\System32\Drivers\nmconpid.SYS
B6422000 - \SystemRoot\System32\drivers\afd.sys
BAA78000 - \SystemRoot\system32\DRIVERS\netbios.sys
BABB8000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys
B63F7000 - \SystemRoot\system32\DRIVERS\rdbss.sys
BAEA5000 - \SystemRoot\System32\Drivers\PQNTDrv.SYS
B6388000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
BAA88000 - \SystemRoot\System32\Drivers\Fips.SYS
BAA98000 - \SystemRoot\system32\DRIVERS\avipbb.sys
BADF2000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
BADF4000 - \SystemRoot\system32\drivers\AsIO.sys
BAAB8000 - \SystemRoot\System32\Drivers\LHidUsbK.Sys
BAAC8000 - \SystemRoot\System32\Drivers\HIDCLASS.SYS
B618F000 - \SystemRoot\system32\DRIVERS\P1120Vid.sys
BABE8000 - \SystemRoot\system32\DRIVERS\LHidKE.Sys
B6555000 - \SystemRoot\system32\DRIVERS\mouhid.sys
BAAD8000 - \SystemRoot\system32\DRIVERS\LMouKE.Sys
BAAE8000 - \SystemRoot\system32\DRIVERS\wanarp.sys
BAAF8000 - \SystemRoot\System32\Drivers\Cdfs.SYS
B6177000 - \SystemRoot\System32\Drivers\dump_atapi.sys
BAE1C000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
BA45C000 - \SystemRoot\System32\drivers\Dxapi.sys
BAC10000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
BAE8D000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\nv4_disp.dll
B5E63000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
B5B52000 - \SystemRoot\system32\drivers\wdmaud.sys
B5CAF000 - \SystemRoot\system32\drivers\sysaudio.sys
B58FA000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
B58BF000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
B582C000 - \SystemRoot\system32\DRIVERS\atksgt.sys
BABA0000 - \SystemRoot\system32\DRIVERS\lirsgt.sys
B57B2000 - \SystemRoot\system32\DRIVERS\srv.sys
B3784000 - \SystemRoot\system32\drivers\kmixer.sys
BAFFA000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 129

Liste des programmes installes

Adobe Flash Player ActiveX
Adobe Reader 8.1.2 - Français
AGEIA PhysX v7.07.09
AI Suite
Archiveur WinRAR
Assistant de connexion Windows Live
ASUSUpdate
Attansic Ethernet Utility
Attansic L1 Gigabit Ethernet Driver
AutoUpdate
Avira AntiVir PersonalEdition Classic
Azureus Vuze
Clean Virus MSN
Correctif pour Windows Internet Explorer 7 (KB947864)
Correctif pour Windows XP (KB928388)
Creative PC-CAM Center
Creative WebCam Monitor
Creative WebCam NX Ultra Driver (1.01.03.0112)
CSO-DAX Compressor V0.38
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
eMule
EPSON CardMonitor
EPSON Copy Utility 3
EPSON Logiciel imprimante
EPSON PhotoQuicker3.5
EPSON PhotoStarter3.1
EPSON PRINT Image Framer Tool2.1
EPSON Scan
EPSON Smart Panel
EPSON Web-To-Page
ESPRX620 Guide des logiciels
Eurobarre
Everest Casino (Remove Only)
getPlus(R)_ocx
GoldWave v5.22
Guitar Pro 5.2
HijackThis 2.0.2
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
K-Lite Codec Pack 3.3.5 Full
K!TV
Kaspersky On-line Scanner
Kaspersky Online Scanner
Lecteur Windows Media 11
Logitech Desktop Messenger
Logitech Gaming Software
Logitech SetPoint
Ma-Config.com plugin
Malwarebytes' Anti-Malware
Manuel d'utilisation de Creative WebCam NX Ultra (Français)
marvell 61xx
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 French Language Pack
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Album photo 10
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Office Excel Viewer 2003
Microsoft Photo Pro 10
Microsoft Photo Pro Suite 10
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
Mise à jour de sécurité pour Windows XP (KB920213)
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Need for Speed™ ProStreet
Nero 8
neroxml
Neuf - Kit de connexion
NVIDIA Drivers
OpiStat
Package de base Microsoft de service de chiffrement pour cartes à puce
PartitionMagic
PC Probe II
PhotoImpression 5
PhotoNow! 1.0
PIF DESIGNER2.1
Power Tab Editor 1.7
PowerCinema NE for Everio
PowerDirector
PowerDirector
PowerProducer
PowerQuest PartitionMagic 8.0
Pro Evolution Soccer 2008
QuickTime
QuickTime
RamBoost XP 4.0.6
ratDVD 0.78.1444
RealPlayer
Realtek High Definition Audio Driver
ScanToWeb
Skype™ 3.6
SmartSound Quicktracks Plugin
SmartSound Quicktracks Plugin
Suppress plus 1.8
VGA Utility
Viewpoint Media Player
WebFldrs XP
Winamp
Windows Communication Foundation Language Pack - FRA
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (FRA)
Windows Workflow Foundation FR Language Pack
WordBiz version 1.8
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0



Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B09A-3FE0

Répertoire de C:\Program Files

13/04/2008 15:15 <REP> .
13/04/2008 15:15 <REP> ..
09/04/2008 10:52 <REP> Adobe
20/09/2007 22:40 <REP> AGEIA Technologies
19/09/2007 18:16 <REP> Alwil Software
19/09/2007 09:46 <REP> ArcSoft
19/09/2007 00:01 <REP> ASUS
18/09/2007 23:54 <REP> Attansic
08/04/2008 11:23 <REP> Avira
12/04/2008 23:23 <REP> AxBx
08/03/2008 08:57 <REP> BT Softphone 2
17/09/2007 00:03 <REP> ComPlus Applications
19/09/2007 00:41 <REP> Creative
30/09/2007 18:57 <REP> CSO-DAX Compressor
26/09/2007 10:57 <REP> CyberLink
06/03/2008 09:59 <REP> DAEMON Tools Lite
21/09/2007 13:43 <REP> Datel
10/01/2008 15:17 <REP> DivX
07/11/2007 16:13 <REP> epson
07/11/2007 16:20 <REP> Eurobarre
21/01/2008 16:00 <REP> Everest Casino
12/04/2008 22:34 <REP> Fichiers communs
14/10/2007 14:51 <REP> FXpansion
19/09/2007 00:24 <REP> GIGABYTE
30/01/2008 17:42 <REP> GoldWave
24/09/2007 10:16 <REP> Guitar Pro 5
18/09/2007 23:30 <REP> Intel
10/04/2008 03:02 <REP> Internet Explorer
08/03/2008 08:55 <REP> Java
08/04/2008 23:14 <REP> Jeux
24/09/2007 02:11 <REP> K!TV
19/09/2007 21:22 <REP> K-Lite Codec Pack
13/12/2007 17:48 <REP> Landesoft
12/10/2007 10:59 <REP> Logitech
17/03/2008 21:40 <REP> ma-config.com
10/04/2008 17:12 <REP> Malwarebytes' Anti-Malware
18/09/2007 23:54 <REP> Marvell
17/09/2007 00:02 <REP> Messenger
19/09/2007 23:38 <REP> MessengerPlus! 3
16/01/2008 10:19 <REP> Microsoft Digital Image 10
17/09/2007 00:05 <REP> microsoft frontpage
23/11/2007 18:02 <REP> Microsoft Office
08/04/2008 08:21 <REP> Microsoft SQL Server Compact Edition
20/09/2007 11:52 <REP> Microsoft Works
25/09/2007 10:07 <REP> MMTVConfig
17/09/2007 00:03 <REP> Movie Maker
19/09/2007 21:42 <REP> MSBuild
17/09/2007 00:02 <REP> MSN
17/09/2007 00:02 <REP> MSN Gaming Zone
08/04/2008 09:39 <REP> MSNFix
19/09/2007 20:54 <REP> MSXML 4.0
19/09/2007 21:43 <REP> MSXML 6.0
13/03/2008 14:59 <REP> Nero
13/03/2008 15:03 <REP> NeroInstall.bak
17/09/2007 00:04 <REP> NetMeeting
19/09/2007 00:12 <REP> Neuf
29/11/2007 00:06 <REP> OpiStat
19/09/2007 20:53 <REP> Outlook Express
08/12/2007 16:54 <REP> Power Tab Software
19/09/2007 21:53 <REP> PowerQuest
04/10/2007 20:32 <REP> PSP Max Media Manager Pro
26/09/2007 10:24 <REP> QuickTime
02/03/2008 18:12 <REP> RamBoost XP
12/03/2008 10:10 <REP> ratDVD
03/11/2007 15:30 <REP> Real
25/09/2007 09:55 <REP> Realtek
19/09/2007 21:39 <REP> Reference Assemblies
17/09/2007 00:04 <REP> Services en ligne
25/03/2008 12:43 <REP> Skype
07/11/2007 16:10 <REP> Smart Panel
26/09/2007 10:55 <REP> SmartSound Software
13/11/2007 17:44 <REP> splus
10/04/2008 16:55 <REP> Trend Micro
30/01/2008 17:45 <REP> VideoLAN
12/04/2008 22:35 <REP> Viewpoint
04/02/2008 12:09 <REP> Winamp
09/04/2008 18:20 <REP> Windows Live
19/09/2007 21:20 <REP> Windows Media Connect 2
25/09/2007 10:07 <REP> Windows Media Player
16/11/2007 16:14 <REP> Windows NT
02/12/2007 11:55 <REP> WinRAR
24/10/2007 22:11 <REP> WordBiz
17/09/2007 00:05 <REP> xerox
0 fichier(s) 0 octets
83 Rép(s) 53 190 991 872 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B09A-3FE0

Répertoire de C:\Program Files\fichiers communs

12/04/2008 22:34 <REP> .
12/04/2008 22:34 <REP> ..
09/04/2008 10:53 <REP> Adobe
12/04/2008 23:22 <REP> AOL
19/09/2007 21:53 <REP> InstallShield
20/09/2007 13:30 <REP> Java
12/10/2007 10:59 <REP> Logitech
08/04/2008 08:20 <REP> Microsoft Shared
17/09/2007 00:04 <REP> MSSoap
13/03/2008 15:01 <REP> Nero
17/09/2007 01:59 <REP> ODBC
03/11/2007 15:30 <REP> Real
17/09/2007 00:04 <REP> Services
25/03/2008 12:43 <REP> Skype
17/09/2007 01:59 <REP> SpeechEngines
19/09/2007 20:53 <REP> System
20/09/2007 22:40 <REP> Wise Installation Wizard
03/11/2007 15:30 <REP> xing shared
0 fichier(s) 0 octets
18 Rép(s) 53 190 991 872 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est B09A-3FE0

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

04/12/2007 23:38 <REP> .
04/12/2007 23:38 <REP> ..
18/05/2001 15:57 561 209 MSONSEXT.DLL
03/06/1999 12:09 122 937 MSOWS409.DLL
07/03/2001 07:00 127 033 MSOWS40c.DLL
3 fichier(s) 811 179 octets
2 Rép(s) 53 190 991 872 octets libres




c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.32.1\AIMinst.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.32.1\AIMLang.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.32.1\aimlang_fr.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.32.1\alsetup.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.32.1\aoldlmgr.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.32.1\migrator.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.32.1\ocpinst.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.32.1\postproc.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.32.1\setup.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.32.1\tbsetup.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.32.1\unagi3.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.32.1\Vwpt.exe
c:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 7.0.1.325\French\setup.exe
c:\Documents and Settings\Steph & Nono\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe
c:\Documents and Settings\Steph & Nono\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\Documents and Settings\Steph & Nono\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_16496df1.exe
c:\Documents and Settings\Steph & Nono\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_18be6784.exe
c:\Documents and Settings\Steph & Nono\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_294823.exe
c:\Documents and Settings\Steph & Nono\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_2cd672ae.exe
c:\Documents and Settings\Steph & Nono\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_4ae13d6c.exe
c:\Documents and Settings\Steph & Nono\Application Data\Microsoft\Installer\{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}\_69525f90.exe
c:\Documents and Settings\Steph & Nono\Application Data\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\ARPPRODUCTICON.exe
c:\Documents and Settings\Steph & Nono\Application Data\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
c:\Documents and Settings\Steph & Nono\Application Data\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\UNINST_Uninstall_VGA_D27BDB5D3B4C44F0A648BD00B0E79B39.exe
c:\Documents and Settings\Steph & Nono\Application Data\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe_D27BDB5D3B4C44F0A648BD00B0E79B39.exe
c:\Documents and Settings\Steph & Nono\Application Data\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe1_D27BDB5D3B4C44F0A648BD00B0E79B39.exe
c:\Documents and Settings\Steph & Nono\Application Data\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe
c:\Documents and Settings\Steph & Nono\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\Steph & Nono\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\Steph & Nono\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\Steph & Nono\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Steph & Nono\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\Steph & Nono\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\Steph & Nono\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\Steph & Nono\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\Steph & Nono\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Steph & Nono\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\Steph & Nono\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Steph & Nono\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\Steph & Nono\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\Steph & Nono\Bureau\DiagHelp\sigcheck.exe
c:\Documents and Settings\Steph & Nono\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\Steph & Nono\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\Steph & Nono\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\Steph & Nono\Local Settings\Temp\A~NSISu_.exe
c:\Documents and Settings\Steph & Nono\Local Settings\Temp\B~NSISu_.exe
c:\Documents and Settings\Steph & Nono\Local Settings\Temp\~nsu.tmp\Au_.exe
c:\Documents and Settings\Steph & Nono\Local Settings\Temporary Internet Files\Content.IE5\GNME87S0\aolsetup.exe
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.32.1\AOLFirewallMgr.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.32.1\gui.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.32.1\imappver.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.32.1\instSup.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.32.1\ocpchk.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.32.1\ProgUpd.dll
c:\Documents and Settings\All Users\Application Data\AOL Downloads\triton_fr\6.1.32.1\tbinst.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\3\3cardpoker.8e73a522a397f174eb628d05f72f1f40.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\a\advancedmhblackjack1.083be9c67a155a097b96aea9ddb29706.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\a\advancedmhblackjack1xxx.2ee620ed3209d6b2b80e783d95ac27ee.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\a\advancedslots1.0a55799429d83e0cb0c51c4f8800bb5c.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\a\advancedslots1.4451de26f608adab8e3687a398679489.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\a\advancedslots1_temp.37e91badb56f49775900493796886528.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\a\advancedslots1_temp.56257dd6162711fd045b980df60e3e25.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx.515b62c381b162125cd165ff444a9767.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx.cc88afa6ea12c324795f6c6cbc382ba4.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_temp.31b4026f06bf6a58dac069b91ce9f87e.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\a\atlanticcityblackjack.9baef784fe666fb9d90dc331d0239eed.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bigkahuna.769fd4a48b95c8614a738f1cad88bcd5.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjghighstreakautoplayplugin.daa7cf372053cea211edcbea65d22b12.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjghighstreakplugin.3e93030461895e6c47198d045c8d1cf9.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjghighstreakstatsplugin.145ee00ec8a028833dd329dab350af61.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjghighstreakstrategylogic1.191efcf9140c2fe6e0f5d9a976a4dc62.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjghighstreakstrategyui1.57392ae0d395ad2b922b909eeea4d57f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjghighstreakxxx.b4ec12e8f6a82be74843d2bd8895d089.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjgoldautoplayplugin.9eecf610ea29425ecba27ee4d82e5058.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjgoldplugin.77868ad6c41073f45be5eb8a5441c690.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjgoldstatsplugin.6518eac98880e1c269feffe4b0025ca1.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjgoldxxx.49c3810d214dd99c8c9a10ec7d79ed46.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjstrategylogic1.0ce35352c4c4658d12c59ec38c70398a.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bjstrategyui1.f6bf7f52301739c715fb0c01374c3b3a.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\blplugin.43df87da33698c32bca7a2698484452d.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bonus_threereel_types_1_2.19c24a05687d90864e9a9de516d92124.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bonusblackjack.dab6343a296b066bd5fe18d7c7d9940f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bonusmhblackjack.84d4657d317de829d176ac2f1af5d8c4.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\b\bonusmhblackjackxxx.c3b991b53ad6a9558a283150df84299e.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\cashanovafreerangebonus.97a0a752bada9ee1d3cdf3fb9fc392e5.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\cashanovafreerangebonus.e076c032e655189a3a36f4df53998202.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\cashanovafreerangebonus_temp.598336f9707e832cab943342026367f4.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\cashanovagetlucky.0b76a8d26c574693effc6642880e2100.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\cashanovagetlucky.13f2f5feeb8550a1d4b61518022055df.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\cashanovagetlucky_temp.b71b6ce6d93f57e6e8d79f64bfda39ca.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\casinowar.e981fb96518533a1e37361e9d8163b74.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\casinowarxxx.07a6656e153859c2f09a4efde26ba0d5.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\chiefsfortunebonus.c2bec570aab63ef04a9e9131551006f6.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\choosebonus.89baaad849cba57b79e036cdfe0b3923.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\choosebonus.f45804d6e8abc6918fbf1eaa8e3e92b4.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\classicblackjack.cd8f07669d8ad1880944c3c957f8a558.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\complexpickxofybonus.66b3f9d4fdc35de0eccd0a654636efc4.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\complexpickxofybonus.d1bfb60b3ff2f4b47b96df4144258313.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\c\complexpickxofybonus_temp.08605981adfd307c6b4a171bff0fc06e.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\d\diamonddealbonus.2870129824bd4ab03fe258a72414c9fe.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\d\doubleexposureblackjack.00416c68a65da9cd4e538e162751f284.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\e\euroblackjack.6c6f541acc24f3244c0a64fa851edca8.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\e\euroblackjackstrategy.9c188ef9cd6c03e5b4bd398d23041cd2.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\e\europeanblackjack.cb403a5bad6b43e2910d2e09c35c47ed.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\e\euroroulette.fa2b524975a5d8bbc30203d094e2b084.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\f\frenchroulette.181434980597f8ff07c31ab5432ab080.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\gamble.212eaf21a4805f8521d0d0c57b6a933b.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\gamble2.04f884d96aad7f5c7b941fdd39ed766d.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\gamble2.4905604260e5c94d31d4bbd19e784341.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\gamble2_temp.26f9c8c015d827f52f79be90c9c65d15.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\gambleplugin.c4d8c6f5542066f894b7f2e575038afb.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldengoosecardbonus.6de2b7ea12685557fe06b8ffabda8dd6.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldengoosecardbonus.ad7c2639e837decbb6b1767d636aa20c.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldengoosecreditsbonus.1bee21962a1e5bd558c2298b640bc2d1.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldengoosecreditsbonus.ed013e6963723ca58f87d60eda148853.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldengoosemoneybonus.931d2cffabd7746875b654c43954652a.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldengoosemoneybonus.a09cfe1fa30479ec8ae1db2c264f8c1c.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldengoosexofybonus.087a76a1cf6ce0a198ea3f00dec98c5d.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldengoosexofybonus.50f0a525cf3c793fb5038ad1f3466247.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldseries_euroroulette.c04add4a4ccdfa99acf5bc9050a74d69.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldseriesmh3cardpokerplugin.5a185095e975ba0cdfe6e7400fcb7d4e.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\g\goldseriesmh3cardpokerxxx.f90691784645d2d0d637d253e6b6f397.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\h\hitmancontractbonus.3be3b6b90a0dcdcd0c8198179f334a1f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\h\hitmancontractbonus.b18a71e9d8f9c8985034ed43e4b481fe.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\h\hlbaccarat.039d4b87185594a6514fa72926a5dbbd.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\k\kingbonus.29815f3def8857ae422a1a05c307153f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\k\kingbonus.95e047f6ace9a0e6119a9c8630a91b47.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\k\kingcashalot.da5002763205d34a8b2c0e18774e93d3.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\k\kingcashalotxxx.c39a8168a9332a44195dceea7cc4b4a3.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\l\levelbonus.d7e868201e3d0b1281f816eeca49f967.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\l\lua51host.6ba80b168786bfc0b782260843fdde79.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\l\luckycharmerbonus.daf5f53b45ca201c513cbb5bf382c914.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\megaspinsuite1.2def01b8e52d92e08cc8f9a917ea6e80.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mermaidsbonus.f520937c2ec436ae80b67d9c967dd3f6.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mermaidsmillions.9379e4aac1e4731bf7922c8c2544bd7a.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mermaidsmillionsxxx.85e8ee4057b7c3d431514729821caee1.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mh3cardpokerplugin.66fb6927c2425fa0482becdc7c24f0ef.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mh3cardpokerxxx.74afec728d946d3f7f15d0772542ef3f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mhbjgoldplugin.ade63f3fb6abb840a17307ccbd0accf4.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mhbjgoldxxx.9f90371deb21a4c89c6bc14d9c0e3224.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mhbjstrategyui1.0be4ad11dcfc60954bb7dba32e842885.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mptadvancedslots.039a84427e76ab4e1715f80765a76305.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mptadvancedslots.dad3e798b84695090d062c8c8b26aca2.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mpvslotxxx.276f1f991ac5dec544df1ecad38bbc9a.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\m\mpvslotxxx.e5675e7198cee47ae84db3a4020d9441.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\p\pokerpursuit.99406aaa92216ca4bca884748c50551a.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\p\pokerride.0e46f0612786991e4a026d6c70ac2e93.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\p\powerpokersuite1_nl.cebfe8812d984716506c6d9d096a5f48.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\p\progressive.438680b03871c60991f1514597a244d3.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\p\progressive.72d3e89828080ef5d5673891edde8781.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\p\progressive_temp.6ebf7ea2dc11bd7ab20476f37a97da6f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\p\progvideopokersuite1.ce769cc09824fe1c736c64a0ed38ed89.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\r\reelstrikebonus.352846d26cf4c594dafc9b9ea0b478be.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\r\reelstrikeslot.263bf62c0114cead1f4829bc52d84b9f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\r\reelstrikexxx.f6ecb9684e1be3d30a84d6ce47725e8a.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\r\rouletteroyale.78fbb4e6860f34eb015928fa5c78c605.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\secretadmirer.8a58ed349e595e616819333c365b431d.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\secretadmirerxxx.b82b0093b453bf095401cf169803f6f6.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\sicbo.947b265d4f68e9c480664c57d59ab47c.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\simplepickuntilbonus.571a904af34f5f3b18cf4feaec07913f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\simplepickuntilbonus.5cbdec68e7679a9b8ed22efdad6546bb.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\simplepickuntilbonus_temp.b6b7e588aedb05fa062fb8447406bca9.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus.77ec5d16586fda8904964bee8459116a.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus.bb69121ba26b8b09500f7448266e3542.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_temp.72ea7bbc511b024cb0eafd21daabe862.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\simplepickxofychoicebonus.9167e61332ddecec88b6ba8808c2cf26.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\simplepickxofychoicebonus.9b647169e0132ca08fb780a241796c80.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\simplepickxofyskillbonus.b9a655da20fcb3f97c7ebd0781f98c56.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\sizzlingscorpionsbonus.b810fd9a6f22045661d97e29b7b598bb.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\s\spanishblackjack.8c2ac90e8c4bbda7817e074b224d622e.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\thunderstruck.0cc1be68d215832fa06fc779c0b3e069.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\tikimaskbonusgame.0dc1c149f619ef0a72aacd3abdeb0dfb.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition.11abae2d8790a65ff5805bcb9230762f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition.bfd5ace968d7a18dabaceeca686064d0.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\transition_temp.b1ca11d4e648e5135eea6ec5f3d901f9.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\triplesevens.d70875659f6c2719fb3835e497bb09a9.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\type_3reelnormal1_2.6d58a1bcaf1d9165fa0b77fa9598b623.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\type_3reelprogressive1_2.a0c5e56438d504531121ead802e24dcf.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\type_5reelnormal3_4_5.07db0a5618a0565d7bde7a2766c54711.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\t\type_5reelprogressive3_4_5.c65d2830787ed7999b948455e324121b.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\v\vegasdowntownblackjack.e7dba3d00f62f28aeb42af2519700caa.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\v\vegasstripblackjack.59f244d12616734754d6150b8b007a01.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\v\videopokersuite1.03dd648f567bef124a1d270ad208752a.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\v\volcanobonusgame.1f5cd5f4b800bd1a6e740e08a3119e10.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\w\wheelofwealthbonus.273ed6671a16c67a5d50ecde6a66097a.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\x\xmlparserplugin.57e9fd94cbd592ad475a3ca59462730f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\_\_crt_baccarat.a090413d6195a12421945ded5707d93f.dll
c:\Documents and Settings\All Users\Application Data\MGS\cache\_\_crt_cyberstud.1b8f431ce9dfe38861b98045dc7bc82c.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_ARNAUD.tar.gz a l'adresse http://upload.malekal.com
0
Réponse 15 / 16
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
14 avril 2008 à 00:19
Télécharge Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
=> déconnecte toi d'internet et ferme toutes tes applications.
=> désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
=> Double-clic sur combofix,
=> Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
=> Attends que combofix ait terminé, un rapport sera créé.
=> réactive ton parefeu, ton antivirus, la garde de ton antispyware
=> copie/colle le rapport C:\ComboFix.txt
0
arnaudtr
16 avril 2008 à 23:39
salut merci mais je croix que j'ai suprimé le virus avec kaspersky
A+ et encore merci
0
Réponse 16 / 16
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
19 avril 2008 à 11:36
--
C’est généralement lorsque le disque dur plante qu’on se rend compte qu’on a oublié de le sauvegarder.
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
symboles et écritures pour nick msn
Pando -
roro -

20 réponses
Peut on retrouver des conversations MSN?
Moi51 -
benzar -

36 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
impossible de me connecter a msn hotmail
Regis -
marino_u -

4 réponses