comment supprimer virus pop up ??
Forum Sécurité - Virus : comment supprimer virus pop up ??
Bonsoir alors depuis quelque semaine j'au=i eu un virus .Il m'ouvre 5 à 6 pub toute les mintutes et me fait plainter souvent mon pc alors si quelqun pourré m'aider sa ne sera pa de refus 
. Voila en éspérant avoir de l'aide.Merci
Message édité par Dante 62 le 09-11-2006 à 20:30:21
Bonsoir,
Fais bien TOUT ce qui suit.
- Télécharge Hijackthis de Merjin
- Mets le dans un dossier ou sur ton bureau
-- Clique Droit sur Hijackthis :
-> Choisis " Renommer "
-> Tape Scanner.exe puis valide
- Lance l'application
- Choisis l'option Do a system scan and save a logfile
-- Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
- Colle le rapport ici.
Aide sur Hijackthis
voila le rapport et merci pour ton aide
Logfile of HijackThis v1.99.1
Scan saved at 20:35:09, on 09/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\IA\command.exe
C:\WINDOWS\winlogon.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\smss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Propriétaire\Bureau\Scanner.exe.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qfr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qfr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qfr10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-qfr10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qfr10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
O2 - BHO: ib4.CBrowserHelper - {1E6CE4CD-161B-4847-B8BF-E2EF72299D69} - C:\WINDOWS\System32\ib14.dll
O2 - BHO: (no name) - {73364D99-1240-4dff-B11A-67E448373048} - C:\WINDOWS\System32\ipv6monk.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\WINDOWS\smss.exe
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSN Webcam Recorder] "C:\Program Files\MSN Webcam Recorder\ml20gui.exe" -silent
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O16 - DPF: {00330010-0000-0000-0000-000020160010} - http://207.234.185.217/ABoxInst_int25.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ [...] ontrol.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b47946.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6BE12F3-A5CD-4F2B-9828-618EAAED693C}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: Control Panel - C:\WINDOWS\system32\h6n00g5me6.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Windows Logon Process Service (MSWinLogonProcService) - Unknown owner - C:\WINDOWS\winlogon.exe" -service (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
Infection Look2me entre autres.
Imprime ces instructions, ou colle les dans un fichier texte.
Regarde bien l'indication en bas, avant de commencer la procédure.
Télécharge Look2Me-Destroyer.exe sur ton Bureau.
- Ferme toutes les fenêtres actives.
- Lance l'outil Look2Me-Destroyer.exe.
- Coche Run this program as a task
- Un message s'affichera :
" Look2Me-Destroyer will close and re-open in approximately 1 minute " -> OK
- Il se relancera après la minute, puis appuie sur le bouton Scan for L2M.
- Les icônes de ton Bureau vont disparaître.
- Le scan termine, clique sur Remove L2M
- Un nouveau message Done Scanning apparaîtra, clique sur OK.
- Suivi de Done removing infected files! Look2Me-Destroyer will now shutdown your computer -> OK.
- Ton PC va s’éteindre.
- Démarre ton PC normalement.
- Colle le rapport généré, situé ici : C:\Look2Me-Destroyer.txt ,ainsi qu'un rapport HijackThis.
Si Look2Me-Destroyer ne se relance pas automatiquement après la minute, redémarre et essaie à nouveau.
vous me dites de coller un rapport hijackThis, mais lequel celui de toute a l'heure ou un autre quand je feré cette operation ??
Re,
Tu fais le scan Look2me-Des', puis tu postes un nouveau rapport Hijackthis.
Re
Alors j'ai fait comme vous m'avez dit mais quand je lance l'outil Look2Me-Destroyer.exe. Il ne se relance pas automatiquement après la minute, jai redémarré et réessaiyer à nouveau mais il ne se relance pas toujours pas automatiquement .
Re,
- Télécharge combofix.exe (par sUBs) sur ton Bureau
- Double clique combofix.exe.
- Tape sur la touche Y (Yes) pour démarrer le scan.
- Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
voila le rapport de combofix
Propri‚taire - 06-11-09 21:18:22,73 Service Pack 1
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Propri‚taire\Bureau"
((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))
REGISTRY ENTRIES REMOVED:
[HKEY_CLASSES_ROOT\clsid\{CB6D9DA8-E1F3-4FE7-B708-753ACD343D21}]
@=""
[HKEY_CLASSES_ROOT\clsid\{CB6D9DA8-E1F3-4FE7-B708-753ACD343D21}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\clsid\{CB6D9DA8-E1F3-4FE7-B708-753ACD343D21}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\clsid\{CB6D9DA8-E1F3-4FE7-B708-753ACD343D21}\InprocServer32]
@="C:\\WINDOWS\\system32\\wdv8dmod.dll"
"ThreadingModel"="Apartment"
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
FILES REMOVED:
C:\WINDOWS\system32\rlmps.dll
C:\WINDOWS\system32\wdv8dmod.dll
C:\WINDOWS\system32\guard.tmp
Granting sedebugprivilege to Administrateurs ... successful
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\dfndrff_e36.exe
C:\drsmartload1.exe
C:\deskbar.exe
C:\deskbar_e34.exe
C:\MTE3NDI6ODoxNgnew.exe
C:\RDFX4.exe
C:\WINDOWS\system32\kernels8.exe
C:\WINDOWS\system32\maxd641.exe
C:\Installer4.exe
C:\Program Files\Windows Media Player\vile.html
C:\Program Files\Messenger\sajyzy.html
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\Deskbar
C:\Program Files\network monitor
C:\WINDOWS\IA
((((((((((((((((((((((((((((((( Files Created from 2006-10-09 to 2006-11-09 ))))))))))))))))))))))))))))))))))
2006-11-08 23:21 70,872 --a------ C:\WINDOWS\system32\ipv6monk.dll
2006-11-08 23:21 118,488 --a------ C:\WINDOWS\shukaOS32.exe
2006-11-07 19:54 75,992 --a------ C:\WINDOWS\system32\ipv6monl.dll
2006-11-07 13:13 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2006-11-07 13:13 50,688 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2006-11-07 13:13 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
2006-11-03 22:25 118,488 --a------ C:\autoexes.exe
2006-11-02 12:14 57,344 --------- C:\WINDOWS\dvdrgn.exe
2006-11-01 22:25 8,704 --a------ C:\WINDOWS\system32\SpOrder.dll
2006-11-01 15:43 33 --a------ C:\WINDOWS\regprc32.bat
2006-11-01 15:42 55,808 --a------ C:\WINDOWS\ieredir.exe
2006-11-01 15:42 33,792 --a------ C:\WINDOWS\dsrss.exe
2006-11-01 15:42 31,232 --a------ C:\WINDOWS\preredir.exe
2006-11-01 15:42 23,552 --a------ C:\WINDOWS\ieserver.exe
2006-11-01 10:46 7,105 --a------ C:\WINDOWS\system32\dlh9jkdq7.exe
2006-11-01 10:46 6,593 --a------ C:\WINDOWS\system32\dlh9jkdq6.exe
2006-11-01 10:46 4,547 --a------ C:\WINDOWS\system32\kernels1118.exe
2006-11-01 10:46 4,547 --a------ C:\WINDOWS\system32\dlh9jkdq5.exe
2006-11-01 10:46 2,518 --a------ C:\WINDOWS\system32\dlh9jkdq1.exe
2006-11-01 10:46 18,369 --a------ C:\WINDOWS\system32\dlh9jkdq2.exe
2006-11-01 10:46 17 --a------ C:\WINDOWS\system32\dlh9jkdq8.exe
2006-10-30 12:50 69,632 --a------ C:\WINDOWS\logon.exe
2006-10-28 15:49 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys
2006-10-28 15:42 40,960 --a------ C:\WINDOWS\system32\ov530ext.dll
2006-10-28 15:42 25,177 --------- C:\WINDOWS\system32\drivers\ov530cmd.sys
2006-10-28 15:42 161,792 --------- C:\WINDOWS\system32\drivers\ov530vid.sys
2006-10-28 15:42 16,440 --------- C:\WINDOWS\system32\ov530usd.dll
2006-10-28 15:37 974,848 --a------ C:\WINDOWS\system32\dxdiag.exe
2006-10-28 15:37 83,968 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2006-10-28 15:37 79,360 --a------ C:\WINDOWS\system32\dpwsockx.dll
2006-10-28 15:37 52,096 --a------ C:\WINDOWS\system32\drivers\msdv.sys
2006-10-28 15:37 48,512 --a------ C:\WINDOWS\system32\drivers\stream.sys
2006-10-28 15:37 470,528 --a------ C:\WINDOWS\system32\qdvd.dll
2006-10-28 15:37 47,104 --a------ C:\WINDOWS\system32\wstdecod.dll
2006-10-28 15:37 46,592 --a------ C:\WINDOWS\system32\dxdllreg.exe
2006-10-28 15:37 381,952 --a------ C:\WINDOWS\system32\dsound.dll
2006-10-28 15:37 354,816 --a------ C:\WINDOWS\system32\psisdecd.dll
2006-10-28 15:37 316,928 --a------ C:\WINDOWS\system32\qdv.dll
2006-10-28 15:37 292,864 --a------ C:\WINDOWS\system32\ddraw.dll
2006-10-28 15:37 230,400 --a------ C:\WINDOWS\system32\dplayx.dll
2006-10-28 15:37 181,248 --a------ C:\WINDOWS\system32\dmime.dll
2006-10-28 15:37 18,688 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2006-10-28 15:37 16,896 --a------ C:\WINDOWS\system32\msyuv.dll
2006-10-28 15:37 16,384 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2006-10-28 15:37 15,104 --a------ C:\WINDOWS\system32\drivers\mpe.sys
2006-10-28 15:37 14,976 --a------ C:\WINDOWS\system32\drivers\streamip.sys
2006-10-28 15:37 122,880 --a------ C:\WINDOWS\system32\dmusic.dll
2006-10-28 15:37 11,392 --a------ C:\WINDOWS\system32\drivers\bdasup.sys
2006-10-28 15:37 10,880 --a------ C:\WINDOWS\system32\drivers\slip.sys
2006-10-28 15:37 10,112 --a------ C:\WINDOWS\system32\drivers\ndisip.sys
2006-10-28 15:37 1,769,472 --a------ C:\WINDOWS\system32\dxdiagn.dll
2006-10-28 15:37 1,703,936 --a------ C:\WINDOWS\system32\d3d9.dll
2006-10-28 15:37 1,230,336 --a------ C:\WINDOWS\system32\msvidctl.dll
2006-10-28 15:37 1,201,152 --a------ C:\WINDOWS\system32\d3d8.dll
2006-10-26 13:59 34,304 --a------ C:\WINDOWS\ieuninst.exe
2006-10-25 21:16 4,960 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-25 21:16 3,968 --a------ C:\WINDOWS\system32\drivers\avgclean.sys
2006-10-25 21:16 18,240 --a------ C:\WINDOWS\system32\drivers\avgmfx86.sys
2006-10-25 21:16 110,592 --a------ C:\WINDOWS\system32\avgfwafu.dll
2006-10-25 21:15 816,288 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-10-25 21:15 4,224 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-10-25 21:15 28,416 --a------ C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-10-25 11:16 234,328 -r--s---- C:\WINDOWS\system32\h6n00g5me6.dll
2006-10-25 06:20 1,259 --a------ C:\WINDOWS\system32\wdw51844.sys
2006-10-25 06:19 32,768 --a------ C:\DXC9.exe
2006-10-25 06:19 25,600 --a------ C:\WINDOWS\v1201.exe
2006-10-24 10:17 48,424 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-10-19 06:15 38,951 --------- C:\WINDOWS\system32\drivers\NETMDUSB.sys
2006-10-19 06:15 36,679 --------- C:\WINDOWS\system32\drivers\NETMD052.sys
2006-10-19 06:15 36,232 --------- C:\WINDOWS\system32\drivers\NETMD033.sys
2006-10-19 06:15 35,319 --------- C:\WINDOWS\system32\drivers\NETMD031.sys
2006-10-19 06:14 98,304 --a------ C:\WINDOWS\system32\CddbLangFRSony.dll
2006-10-19 06:14 770,048 --a------ C:\WINDOWS\system32\CDDBUISony.dll
2006-10-19 06:14 73,728 --a------ C:\WINDOWS\system32\CddbLinkSony.dll
2006-10-19 06:14 643,072 --a------ C:\WINDOWS\system32\CDDBControlSony.dll
2006-10-19 06:14 585,728 --a------ C:\WINDOWS\system32\CddbMusicIDSony.dll
2006-10-19 06:14 520,192 --a------ C:\WINDOWS\system32\CddbPlaylist2Sony.dll
2006-10-19 06:14 109,568 --------- C:\WINDOWS\system32\pxinsi64.exe
2006-10-19 06:14 108,544 --------- C:\WINDOWS\system32\pxcpyi64.exe
2006-10-09 19:35 53,760 --a------ C:\WINDOWS\system32\Squeeze.dll
2006-10-09 08:00 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2006-10-09 08:00 14,208 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-09 21:21 -------- d-------- C:\Program Files\Windows Media Player
2006-11-09 21:21 -------- d-------- C:\Program Files\Messenger
2006-11-09 21:06 -------- d-------- C:\Program Files\Mozilla Firefox
2006-11-08 13:33 -------- d-------- C:\Program Files\eMule
2006-11-05 21:22 -------- d-------- C:\Program Files\CCleaner
2006-11-05 20:19 -------- d-------- C:\Program Files\NokiaFREE Unlock Codes Calculator
2006-11-04 02:38 -------- d-------- C:\Documents and Settings\Propri‚taire\Application Data\MSN6
2006-11-03 12:25 -------- d-------- C:\Program Files\Internet Explorer
2006-11-03 12:00 92360 --a------ C:\Documents and Settings\Propri‚taire\Application Data\errorsafefrenchnewreleaseinstall[1].exe
2006-11-02 21:23 -------- d-------- C:\Documents and Settings\Propri‚taire\Application Data\DivX
2006-11-02 21:01 -------- d-------- C:\Program Files\DivX
2006-11-02 20:59 -------- d-------- C:\Program Files\WinPcap
2006-11-02 20:04 -------- d-------- C:\Program Files\Real
2006-11-02 18:03 -------- d-------- C:\Program Files\MSN Messenger
2006-11-02 12:12 -------- d-------- C:\Program Files\Ulead Systems
2006-11-02 12:12 -------- d-------- C:\Program Files\Fichiers communs\Ulead Systems
2006-11-02 12:11 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-02 12:11 -------- d-------- C:\Program Files\Fichiers communs
2006-11-02 00:27 -------- d-------- C:\Program Files\CamStudio
2006-11-01 23:19 -------- d-------- C:\Documents and Settings\Propri‚taire\Application Data\WinAntiVirus Pro 2006
2006-11-01 22:38 706 --a------ C:\Documents and Settings\Propri‚taire\Application Data\update.log
2006-11-01 22:38 -------- d-------- C:\Program Files\Common Files
2006-11-01 22:25 -------- d-------- C:\Program Files\Fichiers communs\WinAntiVirus Pro 2006
2006-11-01 22:24 92880 --a------ C:\Documents and Settings\Propri‚taire\Application Data\winantiviruspro2006freeinstall_fr[1].exe
2006-10-31 00:07 -------- d-------- C:\Program Files\WinZip
2006-10-27 19:47 -------- d-------- C:\Documents and Settings\Propri‚taire\Application Data\ZangoToolbar
2006-10-27 11:18 -------- d-------- C:\Program Files\Labcenter Electronics
2006-10-26 13:59 -------- d--h----- C:\Program Files\Uninstall Information
2006-10-26 13:59 -------- d-------- C:\Program Files\Outlook Express
2006-10-26 13:59 -------- d-------- C:\Program Files\Fichiers communs\Microsoft Shared
2006-10-25 22:39 -------- d-------- C:\Program Files\Shareaza
2006-10-25 22:39 -------- d-------- C:\Program Files\QuickTime
2006-10-25 22:39 -------- d-------- C:\Program Files\iTunes
2006-10-25 22:39 -------- d-------- C:\Documents and Settings\Propri‚taire\Application Data\AVG7
2006-10-25 16:21 25600 --a------ C:\WINDOWS\system32\RavMon.exe
2006-10-25 16:21 25600 --a------ C:\WINDOWS\system32\ps2.exe
2006-10-25 16:21 25600 --a------ C:\WINDOWS\system32\hphmon05.exe
2006-10-25 16:21 25600 --a------ C:\WINDOWS\system32\hkcmd.exe
2006-10-25 16:21 -------- d-------- C:\Program Files\Wanadoo
2006-10-25 06:19 -------- d-------- C:\Program Files\MSN
2006-10-20 19:16 -------- d-------- C:\Documents and Settings\Propri‚taire\Application Data\Apple Computer
2006-10-20 19:15 -------- d-------- C:\Program Files\iPod
2006-10-12 22:05 -------- d-------- C:\Program Files\Java
2006-10-11 22:01 -------- d-------- C:\Program Files\Sunbelt Software
2006-10-05 05:40 -------- d-------- C:\Documents and Settings\Propri‚taire\Application Data\Skype
2006-10-04 06:07 -------- d-------- C:\Program Files\Fichiers communs\xing shared
2006-10-04 06:07 -------- d-------- C:\Program Files\Fichiers communs\Real
2006-10-04 06:07 -------- d-------- C:\Documents and Settings\Propri‚taire\Application Data\Real
2006-10-02 20:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 20:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 20:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 20:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
2006-10-02 19:09 0 --a------ C:\WINDOWS\system32\rnaph.dll
2006-10-02 17:34 -------- d-------- C:\Program Files\WinRAR
2006-10-02 16:57 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-02 15:47 -------- d-------- C:\Program Files\Messenger Plus! Live
2006-10-02 15:19 -------- d-------- C:\Program Files\InterVideo
2006-10-02 15:16 -------- d-------- C:\Program Files\Easy Internet signup
2006-10-01 10:42 -------- d-------- C:\Program Files\HQInter
2006-09-22 16:29 724992 --a------ C:\WINDOWS\iun6002.exe
2006-09-22 14:49 -------- d-------- C:\Documents and Settings\Propri‚taire\Application Data\dvdcss
2006-09-21 00:17 -------- d-------- C:\Program Files\Windows NT
2006-09-21 00:17 -------- d-------- C:\Program Files\NetMeeting
2006-09-21 00:17 -------- d-------- C:\Program Files\Movie Maker
2006-09-21 00:17 -------- d-------- C:\Program Files\Fichiers communs\System
2006-09-21 00:17 -------- d-------- C:\Program Files\Fichiers communs\Services
2006-09-20 19:41 0 --a------ C:\WINDOWS\system32\iAlmcoin.dll
2006-09-20 19:41 -------- d-------- C:\Program Files\Fichiers communs\InterVideo
2006-09-13 17:36 -------- d-------- C:\Documents and Settings\Propri‚taire\Application Data\Ulead Systems
2006-08-31 18:40 2423 --a------ C:\WINDOWS\NewRecorder.reg
2006-08-31 18:40 1816779 --a------ C:\WINDOWS\Recorder.reg
2006-08-11 00:03 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2006-08-11 00:03 196608 --a------ C:\WINDOWS\system32\dtu100.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"MSN Webcam Recorder"="\"C:\\Program Files\\MSN Webcam Recorder\\ml20gui.exe\" -silent"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Microsoft Windows Session Manager Subsystem"="C:\\WINDOWS\\smss.exe"
"Microsoft Windows Logon Process"="C:\\WINDOWS\\winlogon.exe"
"uwa6pcw"="\"C:\\Program Files\\WinAntiVirus Pro 2006\\uwa6pcw.exe\" -c"
"WinLogon"="C:\\WINDOWS\\logon.exe"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\Windows Media Player\\vile.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Messenger\\sajyzy.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=""
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgw.exe /RUNONCE"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"^SetupICWDesktop"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:95,00,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\HP Digital Imaging Monitor.lnk"
"backup"="C:\\WINDOWS\\pss\\HP Digital Imaging Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HP\\DIGITA~1\\bin\\hpqtra08.exe "
"item"="HP Digital Imaging Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\Microsoft Office\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
"path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\WinZip Quick Pick.lnk"
"backup"="C:\\WINDOWS\\pss\\WinZip Quick Pick.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\WinZip\\WZQKPICK.EXE "
"item"="WinZip Quick Pick"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^Mass Downloader.lnk]
"path"="C:\\Documents and Settings\\Propriétaire\\Menu Démarrer\\Programmes\\Démarrage\\Mass Downloader.lnk"
"backup"="C:\\WINDOWS\\pss\\Mass Downloader.lnkStartup"
"location"="Startup"
"command"="C:\\Program Files\\Mass Downloader\\massdown.exe "
"item"="Mass Downloader"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTX1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="v1201"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\v1201.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCXMNTR"
"hkey"="HKLM"
"command"="ALCXMNTR.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="avgcc"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CamMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpqcmon"
"hkey"="HKLM"
"command"="c:\\Program Files\\HP\\Digital Imaging\\Unload\\hpqcmon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\hkcmd.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hphmon05"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\hphmon05.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD05]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hphupd05"
"hkey"="HKLM"
"command"="c:\\Program Files\\HP\\{45B6180B-DCAB-4093-8EE8-6164457517F0}\\hphupd05.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpsysdrv"
"hkey"="HKLM"
"command"="c:\\windows\\system\\hpsysdrv.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IE Redir]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ieredir"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ieredir.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KBD"
"hkey"="HKLM"
"command"="C:\\HP\\KBD\\KBD.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Logon Process]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winlogon"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\winlogon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Session Manager Subsystem]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="smss"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\smss.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCpl"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="rundll32"
"hkey"="HKCU"
"command"="rundll32.exe nview.dll,nViewLoadHook"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /installquiet /keeploaded /nodetect"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ps2"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\ps2.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RavMont]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RavMon"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\RavMon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RECGUARD"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RecordNow!]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKCU"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Shareaza"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Shareaza\\Shareaza.exe\" -tray"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SsAAD"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kernels1118"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\kernels1118.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sgtray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Fichiers communs\\Sonic\\Update Manager\\sgtray.exe\" /r"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VTTimer"
"hkey"="HKLM"
"command"="VTTimer.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wdw51844]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE wdcff2a3.dll,n 0065183e0000000adcff2a3"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinLogon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="logon"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\logon.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSysModule]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dsrss"
"hkey"="HKLM"
"command"="dsrss.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GestMaj"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\Wanadoo\\GestMaj.exe EspaceWanadoo.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="zango"
"hkey"="HKLM"
"command"="\"c:\\program files\\zango\\zango.exe\""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At2.job
Completion time: 06-11-09 21:24:10.67
C:\ComboFix.txt ... 06-11-09 21:24
Re,
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.
Redémarre en mode sans échec
- Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
- Appuie sur Y pour commencer le processus de nettoyage.
- Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
- Appuie sur une touche pour redémarrer le PC.
- Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
- Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
- Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
- Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
- Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.
voila le rapport de SDFix
SDFix: Version 1.36
-------------------
Scan run on:
09/11/2006
Time:
21:56
Microsoft Windows XP [version 5.1.2600]
Running from: C:\Documents and Settings\Propri‚taire\Bureau\SDFix
Stage One...
Checking Services...
Name:
-----
Path:
----
Repairing Registry...
Restoring Default Hosts File...
Stage One Complete
Rebooting...
Stage Two...
Checking For Malware:
--------------------
C:\WINDOWS\dsrss.exe
C:\WINDOWS\ieredir.exe
C:\WINDOWS\ieserver.exe
C:\WINDOWS\preredir.exe
C:\WINDOWS\smss.exe
C:\WINDOWS\system32\ib14.dll
C:\WINDOWS\system32\ipv6monl.dll
C:\WINDOWS\winlogon.exe
Backing Up and Removing any Files Found...
Final Check:
Services:
---------
Files:
------
C:\WINDOWS\winlogon.exe
Any files removed are saved to the SDFix\backups Folder
FINISHED
bsr, alors aprés sa, est ce que je doit encore faire quelque choses ?
Re,
Télécharge Smitfraudfix
Dézippe-le sur le Bureau.
Ouvre le dossier SmitfraudFix et lance SmitfraudFix(.cmd)
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.
NOTE :
process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Re,
voila le rapport de SmitfraudFix pour l 'option 1
SmitFraudFix v2.120
Rapport fait à 14:43:24,48, 11/11/2006
Executé à partir de C:\Documents and Settings\Propri‚taire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\dlh9jkdq?.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Propri‚taire\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PROPRI~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="C:\\Program Files\\Windows Media Player\\vile.html"
"SubscribedURL"=""
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="C:\\Program Files\\Messenger\\sajyzy.html"
"SubscribedURL"=""
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Re,
Tu vas perdre ton fond d'écran, si tu veux le garder mais le de côté.
Redémarre en mode sans échec
Relance SmitfraudFix et choisis cette fois l’Option 2 et réponds oui à la ou les questions
Sauvegarde puis poste le rapport.
Re, voile le rapport pour la 2éme option :
SmitFraudFix v2.120
Rapport fait à 19:48:57,50, 12/11/2006
Executé à partir de C:\Documents and Settings\Propri‚taire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
C:\WINDOWS\system32\dlh9jkdq?.exe supprimé
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Re,
Possèdes-tu ce dossier :
C:\Program Files\MSN Messenger\bak
Reposte un rapport Hijackthis.
Re, alors je possede bien ce dossier mais apparament il est vide.
Voila le nouveau rapport hijackthis :
alorsLogfile of HijackThis v1.99.1
Scan saved at 18:57:13, on 13/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\logon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\winlogon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
c:\program files\softwin\bitdefender10\bdmcon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Documents and Settings\Propriétaire\Bureau\Scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [uwa6pcw] "C:\Program Files\WinAntiVirus Pro 2006\uwa6pcw.exe" -c
O4 - HKLM\..\Run: [WinLogon] C:\WINDOWS\logon.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\RunOnce: [AntiRK] "C:\Program Files\Softwin\BitDefender10\TaskSys.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSN Webcam Recorder] "C:\Program Files\MSN Webcam Recorder\ml20gui.exe" -silent
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\avgfwafu.dll
O16 - DPF: {00330010-0000-0000-0000-000020160010} - http://207.234.185.217/ABoxInst_int25.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ [...] ontrol.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b47946.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D6BE12F3-A5CD-4F2B-9828-618EAAED693C}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Windows Logon Process Service (MSWinLogonProcService) - Unknown owner - C:\WINDOWS\winlogon.exe" -service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Fais ce qu'il y a écrit ici :
http://www.malekal.com/Trojan_Lowzones_SV.php
salut à tous je déterre un vieux sujet mais j'ai le même problème à savoir pop up intempestif, task manager et regedit bloqué malgré les manips gpedit.msc
donc mon rapport hijack this, d'avance merci.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:53:57, on 26/06/2009
Platform: Windows XP SP3, v.5657 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20935)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Taskix\Taskix32.exe
C:\Program Files\VistaDriveIcon\DrvIcon.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\WINDOWS\system32\mswgm.exe
C:\Program Files\WinRoll\winroll.exe
C:\Program Files\SFR\Media Center\MediaCenter.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\Program Files\SFR\Media Center\httpd\httpd.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Taskix] C:\Program Files\Taskix\Taskix32.exe start
O4 - HKLM\..\Run: [DrvIcon] C:\Program Files\VistaDriveIcon\DrvIcon.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WindowsServicesStartup] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\svchost.exe 1
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [Manage Process] C:\WINDOWS\system32\mswgm.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [WinRoll] C:\Program Files\WinRoll\winroll.exe
O4 - HKCU\..\Run: [Neuf Media Center] "C:\Program Files\SFR\Media Center\MediaCenter.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/Driv [...] ab_nvd.cab
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} (F-Secure Health Check 1.1) - http://support.f-secure.com/enu/ho [...] /fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
--
End of file - 6978 bytes
Il y a 1771 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
