Pour demander de l'aide, vous devez vous créer un compte et vous connecter. Utilisez les boutons sociaux ci-dessous depuis ce lien : S'inscrire sur le forum
Plus d'informations : Comment demander de l’aide sur le forum

pages publicitaires intempestives

Aide à la désinfection pour supprimer les virus, adwares, ransomwares, trojans.

Modérateurs : Mods Windows, Helper

daniel45

pages publicitaires intempestives

Message par daniel45 »

Bonsoir

des fenetres de pub apparaissent je pense que c'est venu de msn mais msnfix ne donne rien je joint ici le rapport hijackthis
merci d'avance de ce que vous pourriez faire
Daniel

Malekal_morte
Site Admin
Site Admin
Messages : 102010
Inscription : 10 sept. 2005 13:57
Contact :

Re: pages publicitaires intempestives

Message par Malekal_morte »

Bonjour,

- Télécharge HiJackThis de Merijn sur ton bureau.
- Double-clic sur HijackThis
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note
- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller
Aide : N'hésite pas à consulter l'aide HiJackThis -

ET :


Merci de bien lire et suivre attentivement ce qui est écrit car tu dois appuyer sur une touche lors du scan.. si tu ne le fais pas le rapport ne sera pas entier et tu devras recommencer donc :

- Télécharge sur ton bureau DiagHelp.zip sur ton bureau - Tuto : https://www.malekal.com/DiagHelp/DiagHelp.php
- !!! Ne double-clic pas dessus !!! Fais un clic droit sur le fichier et extraire tout
- Un nouveau dossier chercher va être créé DiagHelp
- Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
- Si une fenêtre de licences SigCheck s'ouvre... accepte, si tu as un parefeu qui demande si SigCheck tente de se connecter à internet, accepte.
- Une fenêtre va s'ouvrir, choisis l'option 1
- L'analyse va commencer, ceci peut durer quelques minutes.
- Lorsque l'analyse sera terminé... Il peut t'être demandé d'envoyer un fichier contenant des fichiers infectieux.
Envoie le fichier (si ça ne fonctionne pas.. continue la procédure) puis retourne sur la fenêtre noire, suis les instructions en appuyant sur une touche pour obtenir le rapport dans le bloc-note

- Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
-- Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
-- A nouveau menu Edition / copier
-- Dans un nouveau message ici, faire un clic droit / coller
Image

Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus

Les tutoriels Windows 10 du moment : Comment demander de l'aide sur le forum
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.

Florian671
newbie expert
newbie expert
Messages : 90
Inscription : 28 nov. 2007 17:03

Re: pages publicitaires intempestives

Message par Florian671 »

Je pense que c'est ça son rapport Hijackthis ( Il est sur le post que tu a locké ) :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:18:33, on 09/01/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Christine\Application Data\WinTouch\WinTouch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\CamTrack\camtrack.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\freecell.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Christine\Mes documents\Programmes\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Christine\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [Urha] "C:\WINDOWS\WNSXS~1\chkntfs.exe" -vt yazb
O4 - HKCU\..\Run: [Sei] C:\WINDOWS\system32\?ystem\m?dtc.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Christine\Application Data\Microsoft\Windows\sdpyut.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: CamTrack.lnk = C:\Documents and Settings\Christine\Mes documents\Programmes\CamTrack\camtrack.exe (User 'Default user')
O4 - Startup: CamTrack.lnk = C:\Documents and Settings\Christine\Mes documents\Programmes\CamTrack\camtrack.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZNfox000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files/in ... all_fr.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.0.15.cab
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} - http://es6-scripts.dlv4.com/binaries/eg ... _em_XP.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} - http://es6-scripts.dlv4.com/binaries/eg ... _em_XP.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by107fd.bay107.hotmail.msn.com/a ... Atchmt.ocx
O18 - Protocol: bw+0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Christine\Mes documents\Programmes\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

daniel45

Re: pages publicitaires intempestives

Message par daniel45 »

FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
http://www.foundstone.com

Pid Process Port Proto Path
324 -> 3001 TCP
1212 -> 5000 TCP
1596 Explorer -> 3008 TCP C:\WINDOWS\Explorer.EXE
4 System -> 1027 TCP
4 System -> 139 TCP
0 System -> 3208 TCP
0 System -> 3209 TCP
0 System -> 3210 TCP
0 System -> 3211 TCP
4 System -> 445 TCP
1416 firefox -> 3123 TCP C:\Program Files\Mozilla Firefox\firefox.exe
1416 firefox -> 3124 TCP C:\Program Files\Mozilla Firefox\firefox.exe
1416 firefox -> 3125 TCP C:\Program Files\Mozilla Firefox\firefox.exe
1416 firefox -> 3126 TCP C:\Program Files\Mozilla Firefox\firefox.exe
2112 livecall -> 12104 TCP C:\Program Files\MSN Messenger\livecall.exe
1524 msnmsgr -> 3017 TCP C:\Program Files\MSN Messenger\msnmsgr.exe
1524 msnmsgr -> 3101 TCP C:\Program Files\MSN Messenger\msnmsgr.exe
1524 msnmsgr -> 3102 TCP C:\Program Files\MSN Messenger\msnmsgr.exe
1524 msnmsgr -> 3203 TCP C:\Program Files\MSN Messenger\msnmsgr.exe
1524 msnmsgr -> 3212 TCP C:\Program Files\MSN Messenger\msnmsgr.exe
1524 msnmsgr -> 3213 TCP C:\Program Files\MSN Messenger\msnmsgr.exe
1524 msnmsgr -> 3214 TCP C:\Program Files\MSN Messenger\msnmsgr.exe
1524 msnmsgr -> 3215 TCP C:\Program Files\MSN Messenger\msnmsgr.exe
992 svchost -> 1025 TCP C:\WINDOWS\System32\svchost.exe
892 svchost -> 135 TCP C:\WINDOWS\system32\svchost.exe
992 svchost -> 3002 TCP C:\WINDOWS\System32\svchost.exe
992 svchost -> 3003 TCP C:\WINDOWS\System32\svchost.exe

1212 -> 123 UDP
324 -> 137 UDP
1596 Explorer -> 3007 UDP C:\WINDOWS\Explorer.EXE
4 System -> 1026 UDP
4 System -> 445 UDP
1416 firefox -> 123 UDP C:\Program Files\Mozilla Firefox\firefox.exe
1416 firefox -> 12951 UDP C:\Program Files\Mozilla Firefox\firefox.exe
1416 firefox -> 14668 UDP C:\Program Files\Mozilla Firefox\firefox.exe
1416 firefox -> 1900 UDP C:\Program Files\Mozilla Firefox\firefox.exe
1416 firefox -> 3011 UDP C:\Program Files\Mozilla Firefox\firefox.exe
1416 firefox -> 3025 UDP C:\Program Files\Mozilla Firefox\firefox.exe
1524 msnmsgr -> 2234 UDP C:\Program Files\MSN Messenger\msnmsgr.exe
1524 msnmsgr -> 3010 UDP C:\Program Files\MSN Messenger\msnmsgr.exe
1524 msnmsgr -> 3014 UDP C:\Program Files\MSN Messenger\msnmsgr.exe
1524 msnmsgr -> 3019 UDP C:\Program Files\MSN Messenger\msnmsgr.exe
1524 msnmsgr -> 3024 UDP C:\Program Files\MSN Messenger\msnmsgr.exe
1524 msnmsgr -> 3027 UDP C:\Program Files\MSN Messenger\msnmsgr.exe
1524 msnmsgr -> 3147 UDP C:\Program Files\MSN Messenger\msnmsgr.exe
1524 msnmsgr -> 9 UDP C:\Program Files\MSN Messenger\msnmsgr.exe
892 svchost -> 135 UDP C:\WINDOWS\system32\svchost.exe
992 svchost -> 138 UDP C:\WINDOWS\System32\svchost.exe
992 svchost -> 1900 UDP C:\WINDOWS\System32\svchost.exe
992 svchost -> 500 UDP C:\WINDOWS\System32\svchost.exe



PsList 1.26 - Process Information Lister
Copyright (C) 1999-2004 Mark Russinovich
Sysinternals - http://www.sysinternals.com

Process information for CHRISTINE:

Name Pid Pri Thd Hnd VM WS Priv
Idle 0 0 1 0 0 20 0
System 4 8 52 298 1956 20 0
smss 560 11 3 21 3876 32 248
csrss 608 13 13 602 27244 1712 1792
winlogon 636 13 21 453 47932 716 5980
services 684 9 25 366 23064 1020 1760
mdm 112 8 4 73 29716 500 932
CTSVCCDA 280 8 2 29 17420 36 560
alg 324 8 5 123 32000 72 1596
sched 380 8 3 46 23200 40 1588
guard 448 8 10 170 79100 12424 34192
ati2evxx 856 8 4 58 19000 48 588
svchost 892 8 10 347 33844 1356 2136
livecall 2112 8 27 469 224120 1060 11940
svchost 972 8 8 133 20484 636 1252
svchost 992 8 74 1520 114524 5948 16224
svchost 1160 8 6 92 29208 512 1608
svchost 1212 8 14 157 31276 352 1816
spoolsv 1336 8 10 148 39996 96 3364
avguard 1380 8 27 125 103976 7024 42004
wdfmgr 1456 8 4 59 14244 36 512
MsPMSPSv 1656 8 2 43 13556 36 436
usnsvc 3164 8 5 93 15324 636 764
lsass 696 9 20 383 38540 860 4036
ati2evxx 1508 8 5 79 22092 52 728
hpqgalry 1048 8 6 185 182308 488 13444
firefox 1416 8 11 204 96740 2692 30468
explorer 1596 8 25 783 168692 17572 34688
freecell 1092 8 1 28 25860 56 700
msnmsgr 1524 8 48 860 366128 12424 43392
LVComS 1792 8 3 106 32068 56 1040
LogiTray 1808 8 2 104 39412 544 2028
hpcmpmgr 1816 8 6 182 48152 2776 2060
hpwuSchd2 1832 8 1 26 26084 52 640
CTHELPER 1848 8 3 76 23728 64 848
jusched 1904 8 1 26 26784 36 700
avgnt 1928 8 4 51 34524 712 2524
avgas 1948 8 18 161 115232 808 41188
aitquneqhr 1968 8 13 300 106264 6320 17428
hpqtra08 2008 8 6 136 45836 984 2772
cmd 3104 8 1 22 13492 1428 1404
pslist 3768 13 2 82 17408 1472 680
ctfmon 3544 8 1 99 16652 1660 604

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - http://www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 1596
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version
0x01000000 0xf8000 6.00.2600.0000 C:\WINDOWS\Explorer.EXE
0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
0x77290000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll
0x77390000 0x802000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll
0x770e0000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll
0x75f10000 0xfc000 6.00.2600.0000 C:\WINDOWS\System32\BROWSEUI.dll
0x76960000 0x149000 6.00.2600.0000 C:\WINDOWS\System32\SHDOCVW.dll
0x5b090000 0x34000 6.00.2600.0000 C:\WINDOWS\System32\UxTheme.dll
0x71950000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
0x77300000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x78000 2001.12.4414.0042 C:\WINDOWS\System32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\System32\COMRes.dll
0x5b950000 0x71000 6.00.2600.0000 C:\WINDOWS\System32\themeui.dll
0x76ac0000 0x15000 3.00.9238.0000 C:\WINDOWS\System32\ATL.DLL
0x74aa0000 0x43000 6.00.2600.0000 C:\WINDOWS\System32\webcheck.dll
0x74a60000 0x9000 6.00.2600.0000 C:\WINDOWS\System32\BatMeter.dll
0x74a40000 0x7000 6.00.2600.0000 C:\WINDOWS\System32\POWRPROF.dll
0x76250000 0x8c000 5.131.2600.0000 C:\WINDOWS\system32\CRYPT32.dll
0x10000000 0x10000 1.00.0000.0003 C:\WINDOWS\System32\ctagent.dll
0x76390000 0x1fb000 2.00.2600.0000 C:\WINDOWS\System32\msi.dll
0x76190000 0x98000 6.00.2600.0000 C:\WINDOWS\system32\wininet.dll
0x76080000 0x78000 6.00.2600.0000 C:\WINDOWS\system32\urlmon.dll
0x723a0000 0x13000 6.00.2600.0000 C:\WINDOWS\System32\browselc.dll
0x00ec0000 0x8000 1.00.0000.0001 C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
0x746e0000 0x8f000 6.00.2600.0000 C:\WINDOWS\System32\MLANG.dll
0x32520000 0x12000 10.00.2609.0000 C:\Program Files\Microsoft Office\Office10\msohev.dll
0x02a50000 0x11000 7.00.0000.0010 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL
0x02dc0000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll
0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\System32\MFC71FRA.DLL
0x02a80000 0x2a000 7.05.0001.0036 C:\Documents and Settings\Christine\Mes documents\Programmes\AVG Anti-Spyware 7.5\context.dll
0x5ce30000 0x69000 6.00.2600.0000 C:\WINDOWS\System32\shimgvw.dll
0x71e40000 0x1a3000 5.01.3092.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13\gdiplus.dll
0x72380000 0x19000 6.00.2600.0000 C:\WINDOWS\System32\mydocs.dll
0x76100000 0x8e000 6.00.2600.0000 C:\WINDOWS\System32\shdoclc.dll
0x71ca0000 0x1b000 6.00.2600.0000 C:\WINDOWS\System32\actxprxy.dll
0x03270000 0x13000 7.05.0001.0036 C:\Documents and Settings\Christine\Mes documents\Programmes\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x1f7a0000 0x36000 3.525.1022.0000 C:\WINDOWS\System32\ODBC32.dll
0x76340000 0x46000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll
0x1f840000 0x17000 3.525.1022.0000 C:\WINDOWS\System32\odbcint.dll
0x73d20000 0xf2000 6.00.8665.0000 C:\WINDOWS\System32\MFC42.DLL
0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\System32\MFC42LOC.DLL
0x03740000 0x55000 7.03.0000.1113 C:\Program Files\Logitech\ImageStudio\AlbumUI.dll
0x04020000 0x60000 7.03.0000.1113 C:\Program Files\Logitech\ImageStudio\QCUI.dll
0x04080000 0xd6000 12.01.0000.0011 C:\Program Files\Logitech\ImageStudio\LTWVC12n.dll
0x1ffc0000 0x24000 12.01.0000.0011 C:\Program Files\Logitech\ImageStudio\LTFIL12n.DLL
0x1fff0000 0x69000 12.01.0000.0011 C:\Program Files\Logitech\ImageStudio\LTKRN12n.dll
0x03230000 0x9000 7.03.0000.1113 C:\Program Files\Logitech\ImageStudio\LQCUI.dll
0x04d60000 0x31000 7.03.0000.1113 C:\Program Files\Logitech\ImageStudio\LAlbumUI.dll
0x1ff70000 0x4a000 12.01.0000.0011 C:\WINDOWS\System32\LTDIS12N.DLL
0x051a0000 0x2c000 12.01.0000.0011 C:\WINDOWS\System32\LTIMG12N.DLL
0x1fc40000 0x3c000 12.01.0000.0011 C:\WINDOWS\System32\LTEFX12N.DLL
0x5d0f0000 0x10000 6.00.2600.0000 C:\WINDOWS\System32\sendmail.dll
0x732d0000 0x51000 6.00.2600.0000 C:\WINDOWS\System32\zipfldr.dll
0x05a30000 0x4b000 1.00.0000.0010 C:\WINDOWS\System32\ShellExt\GMailFS.dll
0x02bd0000 0xe000 7.03.0000.1113 C:\Program Files\Logitech\ImageStudio\NameSpc.dll
0x5a500000 0x4e000 8.01.0178.0000 C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll
0x73cc0000 0x12000 6.00.2600.0000 C:\WINDOWS\System32\shgina.dll
0x096c0000 0x7b000 5.02.3802.3802 C:\WINDOWS\System32\Audiodev.dll
0x086d0000 0x246000 10.00.0000.3802 C:\WINDOWS\System32\WMVCore.DLL
0x070d0000 0x3a000 10.00.0000.3802 C:\WINDOWS\System32\WMASF.DLL
0x5c3b0000 0xc3000 1.00.0000.2008 c:\windows\srchasst\srchui.dll
0x74bf0000 0x2c000 4.02.5406.0000 C:\WINDOWS\System32\OLEACC.dll
0x76010000 0x61000 6.00.8972.0000 C:\WINDOWS\System32\MSVCP60.dll
0x5c480000 0x1b000 1.00.0000.2008 c:\windows\srchasst\srchctls.dll
0x711f0000 0xc000 2.00.0000.3422 C:\WINDOWS\msagent\agentdp2.dll
0x69b10000 0x117000 8.40.9419.0000 C:\WINDOWS\System32\msxml3.dll
0x75be0000 0x91000 5.06.0000.6626 C:\WINDOWS\System32\jscript.dll
0x79170000 0x26000 1.01.4322.0573 C:\WINDOWS\System32\mscoree.dll
0x796e0000 0x3e000 1.01.4322.0573 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Shfusion.dll
0x73520000 0x41000 4.71.2600.0001 C:\WINDOWS\System32\mstask.dll
0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\System32\WINTRUST.dll
0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll
0x70ee0000 0x7000 1.01.0000.3917 C:\WINDOWS\System32\asfsipc.dll
0x60990000 0xd000 2.00.2600.0000 C:\WINDOWS\System32\MSISIP.DLL
0x74e10000 0x10000 5.06.0000.6626 C:\WINDOWS\System32\wshext.dll
0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\System32\wshFR.DLL
0x365a0000 0x15000 10.00.2625.0000 C:\PROGRA~1\MICROS~2\Office10\MCPS.DLL

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - http://www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 636
Command line: winlogon.exe

Base Size Version
0x01000000 0x6f000 \??\C:\WINDOWS\system32\winlogon.exe
0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
0x76250000 0x8c000 5.131.2600.0000 C:\WINDOWS\system32\CRYPT32.dll
0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\system32\WINTRUST.dll
0x77390000 0x802000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll
0x77290000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll
0x77300000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\COMCTL32.dll
0x1f7a0000 0x36000 3.525.1022.0000 C:\WINDOWS\system32\ODBC32.dll
0x76340000 0x46000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll
0x008f0000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
0x1f840000 0x17000 3.525.1022.0000 C:\WINDOWS\system32\odbcint.dll
0x76b70000 0x1f000 6.00.2600.0000 C:\WINDOWS\system32\SHSVCS.dll
0x5b090000 0x34000 6.00.2600.0000 C:\WINDOWS\system32\uxtheme.dll
0x10000000 0x11000 6.14.0010.4124 C:\WINDOWS\system32\Ati2evxx.dll
0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll
0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\system32\COMRes.dll
0x770e0000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll
0x76f80000 0x78000 2001.12.4414.0042 C:\WINDOWS\system32\CLBCATQ.DLL

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - http://www.sysinternals.com

No matching processes were found.

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - http://www.sysinternals.com

------------------------------------------------------------------------------
services.exe pid: 684
Command line: C:\WINDOWS\system32\services.exe

Base Size Version
0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
0x770e0000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 84A1-4619

Répertoire de C:\Program Files

09/01/2008 20:24 <REP> .
09/01/2008 20:24 <REP> ..
03/01/2008 18:39 10 .autoreg
07/12/2006 18:34 <REP> Adobe
05/01/2008 00:06 <REP> Avira
05/01/2008 00:06 <REP> AVPersonal
10/12/2005 05:36 <REP> C-Media 3D Audio
10/12/2005 05:22 <REP> ComPlus Applications
07/12/2006 18:37 <REP> Creative
27/11/2007 19:58 <REP> CyberLink
04/01/2008 23:57 <REP> Fichiers communs
29/11/2006 20:05 <REP> FunWebProducts
06/10/2006 19:05 <REP> Hewlett-Packard
07/10/2006 19:39 <REP> HP
15/09/2006 22:31 <REP> Hyper-ScripT V5 R2
08/01/2008 19:59 <REP> Hyper-Script V5-R3
04/01/2008 23:59 <REP> Internet Explorer
19/07/2007 12:14 <REP> Java
08/01/2008 19:18 <REP> kernel
22/12/2005 17:17 <REP> Logitech
10/12/2005 21:24 <REP> Messenger
03/01/2008 20:23 <REP> Messenger Plus! Live
15/04/2006 20:03 <REP> MessengerPlus! 3
30/07/2007 20:12 <REP> MessengerSkinner
19/12/2005 14:03 <REP> microsoft frontpage
12/08/2006 16:52 <REP> Microsoft Office
12/08/2006 16:52 <REP> Microsoft Visual Studio
18/02/2006 23:57 <REP> mircfr
10/12/2005 05:24 <REP> Movie Maker
09/01/2008 21:57 <REP> Mozilla Firefox
10/12/2005 05:22 <REP> MSN
10/12/2005 05:22 <REP> MSN Gaming Zone
05/01/2008 19:55 <REP> MSN Messenger
05/01/2008 00:10 <REP> MyWebSearch
10/12/2005 05:24 <REP> NetMeeting
09/01/2008 21:56 <REP> Outerinfo
10/12/2005 05:24 <REP> Outlook Express
07/10/2006 19:40 <REP> Overland
29/04/2006 15:33 <REP> QuickTime
15/08/2007 20:42 <REP> RawFlow
21/01/2006 18:33 <REP> Red Orb
10/02/2007 11:09 <REP> SAGEM
10/02/2007 11:07 <REP> Securitoo
12/12/2007 23:39 <REP> Services en ligne
08/01/2008 22:07 <REP> Temporary
03/08/2007 20:02 <REP> VirusGarde
17/11/2007 00:58 <REP> Wanadoo
16/06/2007 21:18 <REP> Windows Live
22/12/2005 17:17 <REP> Windows Media Components
27/11/2007 19:58 <REP> Windows Media Player
10/12/2005 05:22 <REP> Windows NT
10/12/2005 05:27 <REP> xerox
07/12/2006 21:46 <REP> Yahoo!
1 fichier(s) 10 octets
52 Rép(s) 59 002 634 240 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 84A1-4619

Répertoire de C:\

22/03/2000 10:27 188 416 dict.exe

Répertoire de C:\

22/03/2000 10:27 188 416 dict.exe
2 fichier(s) 376 832 octets
0 Rép(s) 59 002 634 240 octets libres
C:\Documents and Settings\Christine\Application Data\LimeWire\.NetworkShare\LimeWireWin4.12.11.exe
C:\Documents and Settings\Christine\Application Data\LimeWire\.NetworkShare\Incomplete\T-3098056-LimeWireWin4.12.11.exe
C:\Documents and Settings\Christine\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
C:\Documents and Settings\Christine\Application Data\Microsoft\Installer\{15EE79F4-4ED1-4267-9B0F-351009325D7D}\HPSUShortcut2_936C42D08CEE4BDFB8CEC4BDC93C6CF8_1.exe
C:\Documents and Settings\Christine\Application Data\U3\temp\cleanup.exe
C:\Documents and Settings\Christine\Application Data\U3\temp\Launchpad Removal.exe
C:\Documents and Settings\Christine\Bureau\aawsepersonal.exe
C:\Documents and Settings\Christine\Bureau\gc_w01_FRA.exe
C:\Documents and Settings\Christine\Bureau\install_flash_player.exe
C:\Documents and Settings\Christine\Bureau\Install_Messenger.exe
C:\Documents and Settings\Christine\Bureau\mp10setup(2).exe
C:\Documents and Settings\Christine\Bureau\mp10setup.exe
C:\Documents and Settings\Christine\Bureau\nppgwrap.exe
C:\Documents and Settings\Christine\Bureau\picasa2-current.exe
C:\Documents and Settings\Christine\Bureau\SPNG2.2.397.exe
C:\Documents and Settings\Christine\Bureau\StubInstaller.exe
C:\Documents and Settings\Christine\Bureau\winamp524_full.exe
C:\Documents and Settings\Christine\Bureau\wmplus2.exe
C:\Documents and Settings\Christine\Bureau\zlsSetup_61_744_001_fr(2).exe
C:\Documents and Settings\Christine\Bureau\zlsSetup_61_744_001_fr.exe
C:\Documents and Settings\Christine\Bureau\Nouveau dossier\sounds\gmailfs110\Setup.exe
C:\Documents and Settings\Christine\Local Settings\Temp\~ga6psetup.exe
C:\Documents and Settings\Christine\Local Settings\Temp\ErrorSafeScannerSetup.exe
C:\Documents and Settings\Christine\Local Settings\Temp\Install_Messenger.exe
C:\Documents and Settings\Christine\Local Settings\Temp\MsgPlus - Auto Update.exe
C:\Documents and Settings\Christine\Local Settings\Temp\Setup.exe
C:\Documents and Settings\Christine\Local Settings\Temp\uninstall.exe
C:\Documents and Settings\Christine\Local Settings\Temp\7zSC.tmp\setup.exe
C:\Documents and Settings\Christine\Local Settings\Temp\7zSC.tmp\nonlocalized\firefox.exe
C:\Documents and Settings\Christine\Local Settings\Temp\7zSC.tmp\nonlocalized\updater.exe
C:\Documents and Settings\Christine\Local Settings\Temp\7zSC.tmp\nonlocalized\xpicleanup.exe
C:\Documents and Settings\Christine\Local Settings\Temp\7zSC.tmp\optional\extensions\[email protected]\components\talkback.exe
C:\Documents and Settings\Christine\Local Settings\Temp\hps4\HPSUSelfUpdate.exe
C:\Documents and Settings\Christine\Local Settings\Temp\ICD1.tmp\jinstall.exe
C:\Documents and Settings\Christine\Local Settings\Temp\NI.UERSV_0001_N91S2108\setup.exe
C:\Documents and Settings\Christine\Local Settings\Temp\NI.UGA6PV_0001_N108M0207\setup.exe
C:\Documents and Settings\Christine\Local Settings\Temp\RarSFX0\mcoinstall.exe
C:\Documents and Settings\Christine\Local Settings\Temp\RarSFX1\mcoinstall.exe
C:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\avadmin.exe
C:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\avcenter.exe
C:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\avconfig.exe
C:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\avgnt.exe
C:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\avguard.exe
C:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\avnotify.exe
C:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\avscan.exe
C:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\guardgui.exe
C:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\imp64b.exe
C:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\licmgr.exe
C:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\preupd.exe
C:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\sched.exe
C:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\setup.exe
C:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\update.exe
C:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\wsctool.exe
C:\Documents and Settings\Christine\Local Settings\Temp\Répertoire temporaire 1 pour bmripper127.zip\bmripper127.exe
C:\Documents and Settings\Christine\Local Settings\Temp\SkypeSetup\SkypeSetup.exe
C:\Documents and Settings\Christine\Local Settings\Temp\temp.fr6A14\WinTouch.exe
C:\Documents and Settings\Christine\Local Settings\Temp\temp.fr6A14\WTUninstaller.exe
C:\Documents and Settings\Christine\Local Settings\Temp\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\LBConfig\Setup.exe
C:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\6D4FYPQ5\zlsSetup_70_362_000_fr[1].exe
C:\Documents and Settings\Christine\Mes documents\Christine\DETOUT PPS\50 clins d'oeils pour MSN 7.exe
C:\Documents and Settings\Christine\Mes documents\Christine\DETOUT PPS\Coca-Cola_Gift.exe
C:\Documents and Settings\Christine\Mes documents\Christine\smiley\50 clins d'oeils pour MSN 7.exe
C:\Documents and Settings\Christine\Mes documents\Christine\smiley\emoticones.exe
C:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\antivir_workstation_win7u_en_h.exe
C:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\avgas-setup-7.5.1.43.exe
C:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\messengerskinner.exe
C:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\mschat2a.exe
C:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\MsgPlusLive-401(2).exe
C:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\MsgPlusLive-401(3).exe
C:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\MsgPlusLive-401.exe
C:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\MsgPlusLive-410(2).exe
C:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\MsgPlusLive-410.exe
C:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\MsgPlusLive-411.exe
C:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\setup_camtrack_2_3_0.exe
C:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\SkypeSetup.exe
C:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\SmileyCentralPFSetup2.1.60.1.ZNfox000.exe
C:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\windows-live-messenger_windows_live_messenger_8.1.0106.00_beta_francais_19367.exe
C:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\zaSetup_fr(2).exe
C:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\zaSetup_fr.exe
C:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\MSNFix\MSNFix\incl\MD5File.exe
C:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\MSNFix\MSNFix\incl\msnchk.exe
C:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\MSNFix\MSNFix\incl\Process.exe
C:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\MSNFix\MSNFix\incl\swreg.exe
C:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\MSNFix\MSNFix\incl\zip.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\antivir_workstation_win7u_en_h.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\avgas-setup-7.5.1.43.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\dictionnaire_setup.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\dj553fr.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Firefox Setup 1.5.0.1.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\HijackThis.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\hpzglu10.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Install_MSN_Messenger.EXE
C:\Documents and Settings\Christine\Mes documents\Programmes\live-tf1.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Media Player 10.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\MsgPlusLive-450.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\picasaweb-current-setup.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Quick Cam.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\SkypeSetup.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\V5-U3.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\zaSetup_fr.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\zlsSetup_65_737_000_fr.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\zlssetup_70_337_000_fr.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\.limewire\.NetworkShare\LimeWireWin4.10.5.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\.limewire\.NetworkShare\LimeWireWinInstaller.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\.limewire\.NetworkShare\Incomplete\LimeWireWinInstaller.partial.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Ad-Aware SE Personal\unregaaw.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Ad-Aware SE Personal\UNWISE.EXE
C:\Documents and Settings\Christine\Mes documents\Programmes\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\AVG Anti-Spyware 7.5\guard.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\AVG Anti-Spyware 7.5\Uninstall.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\cartagogo\setup.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\common\drivers\win9x_me\hpzglu10.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\catchme.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\diff.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\dumphive.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\FilesInfoCmd.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\find2.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\Fport.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\grep.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\gzip.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\KProcCheck.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\LFiles.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\LISTDLLS.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\md5sums.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\pslist.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\sigcheck.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\streams.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\swreg.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\tar.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\DJ695\DISK1\SETUP.EXE
C:\Documents and Settings\Christine\Mes documents\Programmes\DJ695\DISK1\31\HPFLDR.EXE
C:\Documents and Settings\Christine\Mes documents\Programmes\DJ695\DISK1\31\HPFSPLSH.EXE
C:\Documents and Settings\Christine\Mes documents\Programmes\DJ695\DISK1\9X\HPFLDR.EXE
C:\Documents and Settings\Christine\Mes documents\Programmes\DJ695\DISK1\9X\HPFSPLSH.EXE
C:\Documents and Settings\Christine\Mes documents\Programmes\Drivers\dot4\wrapper\_ISDel.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Drivers\dot4\wrapper\Setup.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Drivers\dot4\wrapper\Wrapper.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Messenger Plus! Live\Log Viewer.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Messenger Plus! Live\MPTools.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Messenger Plus! Live\Uninstall.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\MSNFix\MSNFix\incl\MD5File.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\MSNFix\MSNFix\incl\msnchk.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\MSNFix\MSNFix\incl\Process.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\MSNFix\MSNFix\incl\swreg.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\MSNFix\MSNFix\incl\zip.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\hpoapd01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\Hpodircu.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\hponac01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\hponicifs01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\hponiscan01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\hponiscp01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\hporfd01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\hpowfs01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZarp01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZcdl01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZchk01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZddv01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZdui01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZdxs01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZgat01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZmsi01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZnet01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZnfx01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZnop01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZopt01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZpnp01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZprl01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZpsc01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZpsl01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZrcv01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZrein01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZsaf01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZscr01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZshl01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZsui01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZtim01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZwis01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZwrp01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\mdfix01.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\usbready.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\Setup\CCC\HpRegSecChkFix_v1_1_10.sig.exe

Malekal_morte
Site Admin
Site Admin
Messages : 102010
Inscription : 10 sept. 2005 13:57
Contact :

Re: pages publicitaires intempestives

Message par Malekal_morte »

Tu as fait l'option 2 et pas l'option 1.
Merci de suivre la procédure.
Image

Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus

Les tutoriels Windows 10 du moment : Comment demander de l'aide sur le forum
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.

daniel45

Re: pages publicitaires intempestives

Message par daniel45 »

DiagHelp version v1.4 - https://www.malekal.com
excute le 09/01/2008 à 23:26:42,54


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->09/01/2008 23:25:28
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->09/01/2008 23:22:49
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->09/01/2008 23:22:43
C:\WINDOWS\prefetch\IMAPI.EXE-0BF740A4.pf -->09/01/2008 23:22:38
C:\WINDOWS\prefetch\HPZIPM12.EXE-145E7369.pf -->09/01/2008 23:22:34
C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf -->09/01/2008 23:22:29
C:\WINDOWS\prefetch\HPTSKMGR.EXE-32EF71D7.pf -->09/01/2008 23:22:29
C:\WINDOWS\prefetch\HPQGALRY.EXE-07140C25.pf -->09/01/2008 23:22:29
C:\WINDOWS\prefetch\FREECELL.EXE-0CC25C3B.pf -->09/01/2008 23:16:47
C:\WINDOWS\prefetch\MSPMSPSV.EXE-159858D5.pf -->09/01/2008 23:13:51

C:\WINDOWS\System32\drivers\avipbb.sys -->07/01/2008 21:27:44
C:\WINDOWS\System32\drivers\avgntdd.sys -->09/08/2007 13:04:11
C:\WINDOWS\System32\drivers\avgntmgr.sys -->18/07/2007 14:22:19
C:\WINDOWS\System32\drivers\AvgAsCln.sys -->30/05/2007 13:10:42
C:\WINDOWS\System32\drivers\ssmdrv.sys -->01/03/2007 10:34:36
C:\WINDOWS\System32\drivers\dptrackerd.sys -->24/08/2006 11:47:56
C:\WINDOWS\System32\drivers\cdralw2k.sys -->19/05/2006 22:16:24

C:\WINDOWS\System32\aitquneqhr.dat -->09/01/2008 23:25:48
C:\WINDOWS\System32\settingsbkup.sfm -->09/01/2008 23:19:44
C:\WINDOWS\System32\settings.sfm -->09/01/2008 23:19:44
C:\WINDOWS\System32\DVCStateBkp-{00000000-00000000-0000000D-00001102-00000002-80651102}.dat -->09/01/2008 23:19:44
C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000D-00001102-00000002-80651102}.dat -->09/01/2008 23:19:44
C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000D-00001102-00000002-80651102}.rfx -->09/01/2008 23:19:44
C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000D-00001102-00000002-80651102}.rfx -->09/01/2008 23:19:44
C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000D-00001102-00000002-80651102}.rfx -->09/01/2008 23:19:44
C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000D-00001102-00000002-80651102}.rfx -->09/01/2008 23:19:44
C:\WINDOWS\System32\aitquneqhr.exe -->09/01/2008 19:40:51
C:\WINDOWS\System32\vsconfig.xml -->08/01/2008 19:07:09
C:\WINDOWS\System32\zllictbl.dat -->05/01/2008 11:32:55
C:\WINDOWS\System32\tftp.exe -->04/01/2008 13:20:38
C:\WINDOWS\System32\ftp.exe -->04/01/2008 13:20:38
C:\WINDOWS\System32\QuickTime.qtp -->03/01/2008 22:31:39
C:\WINDOWS\System32\wpa.dbl -->01/01/2008 17:19:35
C:\WINDOWS\System32\sfc_os.dll -->27/12/2007 19:00:55
C:\WINDOWS\System32\aitquneqhr_nav.dat -->15/12/2007 20:31:14
C:\WINDOWS\System32\amcompat.tlb -->27/11/2007 19:58:43
C:\WINDOWS\System32\nscompat.tlb -->27/11/2007 19:58:42
C:\WINDOWS\System32\w95inf16.dll -->27/11/2007 19:58:28
C:\WINDOWS\System32\w95inf32.dll -->27/11/2007 19:58:27
C:\WINDOWS\System32\lvcoinst.log -->27/11/2007 19:01:05
C:\WINDOWS\System32\aitquneqhr_navps.dat -->08/11/2007 22:50:46
C:\WINDOWS\System32\perfh00C.dat -->28/10/2007 12:50:25

C:\WINDOWS\WindowsUpdate.log -->09/01/2008 23:24:11
C:\WINDOWS\0.log -->09/01/2008 23:22:31
C:\WINDOWS\wiadebug.log -->09/01/2008 23:21:29
C:\WINDOWS\wiaservc.log -->09/01/2008 23:21:25
C:\WINDOWS\{00000000-00000000-0000000D-00001102-00000002-80651102}.CDF -->09/01/2008 23:21:09
C:\WINDOWS\{00000000-00000000-0000000D-00001102-00000002-80651102}.BAK -->09/01/2008 23:21:09
C:\WINDOWS\bootstat.dat -->09/01/2008 23:20:33
C:\WINDOWS\SchedLgU.Txt -->09/01/2008 23:19:40
C:\WINDOWS\ntbtlog.txt -->09/01/2008 19:33:52
C:\WINDOWS\setupapi.log -->07/01/2008 20:46:22
C:\WINDOWS\DPINST.LOG -->05/01/2008 13:26:39
C:\WINDOWS\wmsetup.log -->27/12/2007 11:45:36
C:\WINDOWS\ntdtcsetup.log -->13/12/2007 21:42:49
C:\WINDOWS\iis6.log -->13/12/2007 21:42:49
C:\WINDOWS\comsetup.log -->13/12/2007 21:42:49

winlogon.exe

svchost.exe

ws2_32.dll

user32.dll

tcpip.sys

ndis.sys

null.sys



ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - http://www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 1600
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version
0x01000000 0xf8000 6.00.2600.0000 C:\WINDOWS\Explorer.EXE
0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
0x77290000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll
0x77390000 0x802000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll
0x770e0000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll
0x75f10000 0xfc000 6.00.2600.0000 C:\WINDOWS\System32\BROWSEUI.dll
0x76960000 0x149000 6.00.2600.0000 C:\WINDOWS\System32\SHDOCVW.dll
0x5b090000 0x34000 6.00.2600.0000 C:\WINDOWS\System32\UxTheme.dll
0x71950000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
0x77300000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x78000 2001.12.4414.0042 C:\WINDOWS\System32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\System32\COMRes.dll
0x5b950000 0x71000 6.00.2600.0000 C:\WINDOWS\System32\themeui.dll
0x71ca0000 0x1b000 6.00.2600.0000 C:\WINDOWS\System32\actxprxy.dll
0x76ac0000 0x15000 3.00.9238.0000 C:\WINDOWS\System32\ATL.DLL
0x74aa0000 0x43000 6.00.2600.0000 C:\WINDOWS\System32\webcheck.dll
0x74a60000 0x9000 6.00.2600.0000 C:\WINDOWS\System32\BatMeter.dll
0x74a40000 0x7000 6.00.2600.0000 C:\WINDOWS\System32\POWRPROF.dll
0x76250000 0x8c000 5.131.2600.0000 C:\WINDOWS\system32\CRYPT32.dll
0x76390000 0x1fb000 2.00.2600.0000 C:\WINDOWS\System32\msi.dll
0x00f10000 0x10000 1.00.0000.0003 C:\WINDOWS\System32\ctagent.dll
0x723a0000 0x13000 6.00.2600.0000 C:\WINDOWS\System32\browselc.dll
0x76190000 0x98000 6.00.2600.0000 C:\WINDOWS\system32\WININET.dll
0x01270000 0x8000 1.00.0000.0001 C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
0x76080000 0x78000 6.00.2600.0000 C:\WINDOWS\system32\urlmon.dll
0x746e0000 0x8f000 6.00.2600.0000 C:\WINDOWS\System32\MLANG.dll
0x32520000 0x12000 10.00.2609.0000 C:\Program Files\Microsoft Office\Office10\msohev.dll
0x01870000 0x13000 7.05.0001.0036 C:\Documents and Settings\Christine\Mes documents\Programmes\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x02b00000 0x11000 7.00.0000.0010 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL
0x02ef0000 0x56000 7.10.3052.0004 C:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll
0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\System32\MFC71FRA.DLL
0x03050000 0x2a000 7.05.0001.0036 C:\Documents and Settings\Christine\Mes documents\Programmes\AVG Anti-Spyware 7.5\context.dll
0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\System32\WINTRUST.dll
0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll
0x70ee0000 0x7000 1.01.0000.3917 C:\WINDOWS\System32\asfsipc.dll
0x60990000 0xd000 2.00.2600.0000 C:\WINDOWS\System32\MSISIP.DLL
0x74e10000 0x10000 5.06.0000.6626 C:\WINDOWS\System32\wshext.dll
0x76340000 0x46000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll
0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\System32\wshFR.DLL
0x365a0000 0x15000 10.00.2625.0000 C:\PROGRA~1\MICROS~2\Office10\MCPS.DLL
0x76010000 0x61000 6.00.8972.0000 C:\WINDOWS\System32\MSVCP60.DLL

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - http://www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 636
Command line: winlogon.exe

Base Size Version
0x01000000 0x6f000 \??\C:\WINDOWS\system32\winlogon.exe
0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
0x76250000 0x8c000 5.131.2600.0000 C:\WINDOWS\system32\CRYPT32.dll
0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\system32\WINTRUST.dll
0x77390000 0x802000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll
0x77290000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll
0x77300000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\COMCTL32.dll
0x1f7a0000 0x36000 3.525.1022.0000 C:\WINDOWS\system32\ODBC32.dll
0x76340000 0x46000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll
0x008f0000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
0x1f840000 0x17000 3.525.1022.0000 C:\WINDOWS\system32\odbcint.dll
0x76b70000 0x1f000 6.00.2600.0000 C:\WINDOWS\system32\SHSVCS.dll
0x5b090000 0x34000 6.00.2600.0000 C:\WINDOWS\system32\uxtheme.dll
0x10000000 0x11000 6.14.0010.4124 C:\WINDOWS\system32\Ati2evxx.dll
0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll
0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\system32\COMRes.dll
0x770e0000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll
0x76f80000 0x78000 2001.12.4414.0042 C:\WINDOWS\system32\CLBCATQ.DLL

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 84A1-4619

Répertoire de C:\WINDOWS\temp

24/10/2006 20:51 641 511 install_msgskinner.exe
1 fichier(s) 641 511 octets
0 Rép(s) 59 010 293 760 octets libres

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 84A1-4619

Répertoire de C:\WINDOWS\system

17/02/2004 03:51 1 458 176 SmWizard.exe
23/12/1997 02:23 4 672 wowpost.exe
2 fichier(s) 1 462 848 octets
0 Rép(s) 59 010 293 760 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 84A1-4619

Répertoire de C:\WINDOWS\system32

28/08/2001 13:00 4 096 csrss.exe
1 fichier(s) 4 096 octets
0 Rép(s) 59 010 293 760 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 84A1-4619

Répertoire de C:\WINDOWS\Downloaded Program Files

24/08/2007 12:02 <REP> .
24/08/2007 12:02 <REP> ..
10/12/2005 05:25 65 desktop.ini
07/06/2006 10:09 1 249 erma.inf
14/07/2005 16:28 365 f3initialsetup1.0.0.15.inf
18/12/2005 13:12 113 408 HMAtchmt.ocx
18/07/2006 16:45 248 IaLdr32.inf
16/11/2005 10:52 490 Medialogic.INF
08/10/2004 15:01 372 736 MsnPUpld.dll
08/10/2004 15:13 587 MSNPupld.inf
19/06/2002 13:11 117 088 PURen-us.dll
31/05/2002 08:20 117 328 PURfr-fr.dll
09/07/2007 11:27 2 377 088 Rawflow.ocx
09/11/2006 14:36 5 019 swflash.inf
31/07/2006 11:33 230 USDR6V_0001_D18M3107NetInstaller.inf
11/08/2004 02:22 3 036 wmv9dmo.inf
02/11/2005 18:01 1 777 xscan.inf
02/11/2005 18:07 435 712 xscan53.ocx
16 fichier(s) 3 546 426 octets

Total des fichiers listés :
16 fichier(s) 3 546 426 octets
2 Rép(s) 59 010 293 760 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2

C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
{438755C2-A8BA-11D1-B96B-00A0C90312E1}="Pré-chargeur Browseui"
{8C7461EF-2B13-11d2-BE35-3078302C2030}="Démon de cache des catégories de composant"



exports des policies
REGEDIT4

[system]
dontdisplaylastusername=dword:00000000
legalnoticecaption=""
legalnoticetext=""
shutdownwithoutlogon=dword:00000001
undockwithoutlogon=dword:00000001



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-09 23:27:45
Windows 5.1.2600 NTFS

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
aitquneqhr="c:\windows\system32\aitquneqhr.exe aitquneqhr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
TracesProcessed=dword:00000155

scanning hidden files ...

C:\WINDOWS\system32\aitquneqhr.dat 6489 bytes
C:\WINDOWS\system32\aitquneqhr.exe 306176 bytes executable
C:\WINDOWS\system32\aitquneqhr_nav.dat 362173 bytes
C:\WINDOWS\system32\aitquneqhr_navps.dat 1052 bytes

scan completed successfully
hidden services: 0
hidden files: 4


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (http://www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
164 - aitquneqhr.exe
168 - avgas.exe
196 - alg.exe
248 - guard.exe
280 - svchost.exe
384 - hpqtra08.exe
452 - mdm.exe
608 - csrss.exe
636 - winlogon.exe
684 - services.exe
696 - lsass.exe
856 - ati2evxx.exe
892 - svchost.exe
992 - svchost.exe
1160 - svchost.exe
1328 - spoolsv.exe
1368 - avguard.exe
1500 - ati2evxx.exe
1600 - explorer.exe
1812 - LVComS.exe
1828 - LogiTray.exe
1840 - hpcmpmgr.exe
1848 - hpwuSchd2.exe
1860 - CTHELPER.EXE
1976 - avgnt.exe
2092 - hpqgalry.exe
2584 - wuauclt.exe
2860 - cmd.exe

Total number of processes = 29
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (http://www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D0000 - \WINDOWS\system32\ntoskrnl.exe
806B5000 - \WINDOWS\system32\hal.dll
F9F32000 - \WINDOWS\system32\KDCOM.DLL
F9E42000 - \WINDOWS\system32\BOOTVID.dll
F99E5000 - ACPI.sys
F9F34000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS
F9A32000 - pci.sys
F9A42000 - isapnp.sys
F9F36000 - viaidexp.sys
F9CB2000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
F9A52000 - MountMgr.sys
F99C6000 - ftdisk.sys
F9F38000 - dmload.sys
F99A2000 - dmio.sys
F9CBA000 - PartMgr.sys
F9A62000 - VolSnap.sys
F998C000 - atapi.sys
F9A72000 - disk.sys
F9A82000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
F997A000 - sr.sys
F9A92000 - avgntmgr.sys
F9AA2000 - PxHelp20.sys
F9966000 - KSecDD.sys
F98E3000 - Ntfs.sys
F98BB000 - NDIS.sys
F9CC2000 - viaagp1.sys
F98A1000 - Mup.sys
F9B92000 - \SystemRoot\System32\DRIVERS\processr.sys
F96F3000 - \SystemRoot\System32\DRIVERS\ati2mtag.sys
F9BA2000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
F96E1000 - \SystemRoot\System32\DRIVERS\Rtlnicxp.sys
F9669000 - \SystemRoot\system32\drivers\ctaud2k.sys
F95C3000 - \SystemRoot\system32\drivers\portcls.sys
F9BB2000 - \SystemRoot\system32\drivers\drmk.sys
F95A2000 - \SystemRoot\system32\drivers\ks.sys
F9589000 - \SystemRoot\system32\drivers\ctoss2k.sys
F9F56000 - \SystemRoot\System32\drivers\ctprxy2k.sys
F9EEE000 - \SystemRoot\System32\DRIVERS\gameenum.sys
F9D32000 - \SystemRoot\System32\DRIVERS\usbuhci.sys
F956A000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
F9BC2000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
F9D3A000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
F9BD2000 - \SystemRoot\System32\DRIVERS\cdrom.sys
F9BE2000 - \SystemRoot\System32\DRIVERS\redbook.sys
F9BF2000 - \SystemRoot\System32\Drivers\Imapi.SYS
F9D42000 - \SystemRoot\System32\DRIVERS\fdc.sys
F9C02000 - \SystemRoot\System32\DRIVERS\serial.sys
F9EFA000 - \SystemRoot\System32\DRIVERS\serenum.sys
F9557000 - \SystemRoot\System32\DRIVERS\parport.sys
FA118000 - \SystemRoot\System32\DRIVERS\audstub.sys
F9C12000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
F9EFE000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
F9541000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
F9C22000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
F9C32000 - \SystemRoot\System32\DRIVERS\raspptp.sys
F9F02000 - \SystemRoot\System32\DRIVERS\TDI.SYS
F9490000 - \SystemRoot\System32\DRIVERS\psched.sys
F9C42000 - \SystemRoot\System32\DRIVERS\msgpc.sys
F9D4A000 - \SystemRoot\System32\DRIVERS\ptilink.sys
F9D52000 - \SystemRoot\System32\DRIVERS\raspti.sys
F9463000 - \SystemRoot\System32\DRIVERS\rdpdr.sys
F9C52000 - \SystemRoot\System32\DRIVERS\termdd.sys
F9D5A000 - \SystemRoot\System32\DRIVERS\mouclass.sys
FA119000 - \SystemRoot\System32\DRIVERS\swenum.sys
F9419000 - \SystemRoot\System32\DRIVERS\update.sys
F9C92000 - \SystemRoot\System32\Drivers\NDProxy.SYS
BAF5A000 - \SystemRoot\system32\drivers\ha10kx2k.sys
BAF45000 - \SystemRoot\System32\drivers\ctac32k.sys
BAF2C000 - \SystemRoot\System32\drivers\emupia2k.sys
BAF0D000 - \SystemRoot\System32\drivers\ctsfm2k.sys
F9AD2000 - \SystemRoot\System32\DRIVERS\usbhub.sys
F9F5A000 - \SystemRoot\System32\DRIVERS\USBD.SYS
F9D72000 - \SystemRoot\System32\DRIVERS\usbccgp.sys
F9861000 - \SystemRoot\System32\DRIVERS\hidusb.sys
F9B12000 - \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
F9D7A000 - \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
BAD49000 - \SystemRoot\System32\DRIVERS\LV551AV.sys
F9B22000 - \SystemRoot\System32\DRIVERS\STREAM.SYS
F9EBE000 - \SystemRoot\System32\DRIVERS\LVBulk.sys
F9EC2000 - \SystemRoot\System32\DRIVERS\mouhid.sys
F9B42000 - \SystemRoot\SYSTEM32\DRIVERS\avgntdd.sys
F9F62000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
FA087000 - \SystemRoot\System32\Drivers\Null.SYS
F9F64000 - \SystemRoot\System32\Drivers\Beep.SYS
FA088000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys
F9D92000 - \SystemRoot\System32\drivers\vga.sys
F9F66000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F9F68000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F9D9A000 - \SystemRoot\System32\Drivers\Msfs.SYS
F9DA2000 - \SystemRoot\System32\Drivers\Npfs.SYS
F9EDA000 - \SystemRoot\System32\DRIVERS\rasacd.sys
F9B52000 - \SystemRoot\System32\DRIVERS\ipsec.sys
BACB1000 - \SystemRoot\System32\DRIVERS\tcpip.sys
BAC8C000 - \SystemRoot\System32\DRIVERS\netbt.sys
F9B62000 - \SystemRoot\System32\DRIVERS\netbios.sys
F9DAA000 - \SystemRoot\System32\DRIVERS\ssmdrv.sys
BAC64000 - \SystemRoot\System32\DRIVERS\rdbss.sys
BAC00000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
F9B72000 - \SystemRoot\System32\Drivers\Fips.SYS
F9B82000 - \SystemRoot\System32\DRIVERS\wanarp.sys
F9521000 - \SystemRoot\System32\DRIVERS\avipbb.sys
FA0EB000 - \??\C:\Documents and Settings\Christine\Mes documents\Programmes\AVG Anti-Spyware 7.5\guard.sys
F94F1000 - \SystemRoot\System32\Drivers\Cdfs.SYS
BAB31000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F9F6C000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \??\C:\WINDOWS\system32\win32k.sys
F9879000 - \??\C:\WINDOWS\system32\watchdog.sys
BFF80000 - \SystemRoot\System32\drivers\dxg.sys
FA016000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9B8000 - \SystemRoot\System32\ati2dvag.dll
BF9FA000 - \SystemRoot\System32\ati2cqag.dll
BFA34000 - \SystemRoot\System32\atikvmag.dll
BFA6A000 - \SystemRoot\System32\ati3duag.dll
BFCD1000 - \SystemRoot\System32\ativvaxx.dll
B89A9000 - \SystemRoot\System32\drivers\afd.sys
B8AE1000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
B8941000 - \SystemRoot\system32\drivers\sysaudio.sys
B8771000 - \SystemRoot\system32\drivers\wdmaud.sys
B84BF000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
F9FDA000 - \SystemRoot\System32\Drivers\ParVdm.SYS
B848F000 - \SystemRoot\System32\Drivers\Aspi32.SYS
F9F8A000 - \??\C:\WINDOWS\System32\PfModNT.sys
B823E000 - \SystemRoot\System32\DRIVERS\srv.sys
B7FD0000 - \SystemRoot\System32\DRIVERS\ipnat.sys
B7D02000 - \SystemRoot\system32\drivers\kmixer.sys
FA095000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 126

Liste des programmes installes

1310
1310_Help
1310Tour
1310Trb
Ad-Aware SE Personal
Adobe Acrobat 4.0, 5.0
Adobe Flash Player 9 ActiveX
AiO_Scan
AiOSoftware
ATI Display Driver
AVG Anti-Spyware 7.5
Avira AntiVir PersonalEdition Classic
BufferChm
C-Media 3D Audio
Carlson Dialer
Copy
Correctif Windows XP - KB842773
CreativeProjects
CreativeProjectsTemplates
CueTour
Destinations
Director
DocProc
DocumentViewer
Fax
GMail Drive Shell Extension
HijackThis 2.0.2
HP Diagnostic Assistant
HP Image Zone 4.2
HP PSC & OfficeJet 4.2
HP Software Update
HPODiscovery
HPSystemDiagnostics
Hyper-Script V5-R3
ICD Client 5.3.1.0
InstantShare
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
Lecteur Windows Media 10
livebox
Logitech Desktop Messenger
Logitech ImageStudio
Messenger Plus! 3
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft Office XP Professional avec FrontPage
mIRC
Mozilla Firefox (2.0.0.11)
Overland
overland
PhotoGallery
PowerDVD
PrintScreen
ProductContext
QFolder
QuickProjects
QuickTime
Readme
Scan
SkinsHP1
Sound Blaster Live!
TrayApp
Unload
WebFldrs XP
WebReg
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime



Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 84A1-4619

Répertoire de C:\Program Files

09/01/2008 20:24 <REP> .
09/01/2008 20:24 <REP> ..
03/01/2008 18:39 10 .autoreg
07/12/2006 18:34 <REP> Adobe
05/01/2008 00:06 <REP> Avira
05/01/2008 00:06 <REP> AVPersonal
10/12/2005 05:36 <REP> C-Media 3D Audio
10/12/2005 05:22 <REP> ComPlus Applications
07/12/2006 18:37 <REP> Creative
27/11/2007 19:58 <REP> CyberLink
04/01/2008 23:57 <REP> Fichiers communs
29/11/2006 20:05 <REP> FunWebProducts
06/10/2006 19:05 <REP> Hewlett-Packard
07/10/2006 19:39 <REP> HP
15/09/2006 22:31 <REP> Hyper-ScripT V5 R2
08/01/2008 19:59 <REP> Hyper-Script V5-R3
04/01/2008 23:59 <REP> Internet Explorer
19/07/2007 12:14 <REP> Java
08/01/2008 19:18 <REP> kernel
22/12/2005 17:17 <REP> Logitech
10/12/2005 21:24 <REP> Messenger
03/01/2008 20:23 <REP> Messenger Plus! Live
15/04/2006 20:03 <REP> MessengerPlus! 3
30/07/2007 20:12 <REP> MessengerSkinner
19/12/2005 14:03 <REP> microsoft frontpage
12/08/2006 16:52 <REP> Microsoft Office
12/08/2006 16:52 <REP> Microsoft Visual Studio
18/02/2006 23:57 <REP> mircfr
10/12/2005 05:24 <REP> Movie Maker
09/01/2008 21:57 <REP> Mozilla Firefox
10/12/2005 05:22 <REP> MSN
10/12/2005 05:22 <REP> MSN Gaming Zone
05/01/2008 19:55 <REP> MSN Messenger
05/01/2008 00:10 <REP> MyWebSearch
10/12/2005 05:24 <REP> NetMeeting
09/01/2008 21:56 <REP> Outerinfo
10/12/2005 05:24 <REP> Outlook Express
07/10/2006 19:40 <REP> Overland
29/04/2006 15:33 <REP> QuickTime
15/08/2007 20:42 <REP> RawFlow
21/01/2006 18:33 <REP> Red Orb
10/02/2007 11:09 <REP> SAGEM
10/02/2007 11:07 <REP> Securitoo
12/12/2007 23:39 <REP> Services en ligne
08/01/2008 22:07 <REP> Temporary
03/08/2007 20:02 <REP> VirusGarde
17/11/2007 00:58 <REP> Wanadoo
16/06/2007 21:18 <REP> Windows Live
22/12/2005 17:17 <REP> Windows Media Components
27/11/2007 19:58 <REP> Windows Media Player
10/12/2005 05:22 <REP> Windows NT
10/12/2005 05:27 <REP> xerox
07/12/2006 21:46 <REP> Yahoo!
1 fichier(s) 10 octets
52 Rép(s) 59 009 249 280 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 84A1-4619

Répertoire de C:\Program Files\fichiers communs

04/01/2008 23:57 <REP> .
04/01/2008 23:57 <REP> ..
07/12/2006 18:34 <REP> Adobe
12/08/2006 16:52 <REP> Designer
06/10/2006 19:03 <REP> Hewlett-Packard
06/10/2006 19:07 <REP> HP
10/12/2005 21:02 <REP> InstallShield
11/12/2005 19:50 <REP> Java
22/12/2005 17:19 <REP> Logitech
19/12/2005 13:46 <REP> Micro Application Shared
25/11/2006 00:54 <REP> Microsoft Shared
10/12/2005 05:23 <REP> MSSoap
19/09/2006 17:38 <REP> NSV
10/12/2005 05:13 <REP> ODBC
10/12/2005 05:24 <REP> Services
10/12/2005 05:13 <REP> SpeechEngines
12/08/2006 16:51 <REP> System
0 fichier(s) 0 octets
17 Rép(s) 59 009 249 280 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 84A1-4619

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

12/08/2006 16:54 <REP> .
12/08/2006 16:54 <REP> ..
12/08/2006 16:53 <REP> 1033
12/08/2006 16:53 <REP> 1036
15/02/2001 04:45 1 318 912 MSONSEXT.DLL
13/02/2001 07:23 58 784 MSOSV.DLL
03/06/1999 14:09 122 937 MSOWS409.DLL
07/03/2001 09:00 127 033 MSOWS40c.DLL
06/08/2000 08:04 401 462 MSVCP60.DLL
22/01/2001 02:25 69 632 PKMAXCTL.DLL
22/01/2001 02:25 872 448 PKMCDO.DLL
22/01/2001 02:25 159 744 PKMCORE.DLL
07/02/2001 08:59 106 496 PKMFORMS.DLL
12/02/2001 03:03 684 032 PKMRES.DLL
22/01/2001 02:25 28 672 PKMSSTLB.DLL
22/01/2001 02:25 40 960 PKMTEMPL.DLL
22/01/2001 02:25 24 576 PKMTRACE.DLL
22/01/2001 02:25 86 016 PKMWS.DLL
22/01/2001 02:25 237 568 PROMDEMO.DLL
18/03/1999 06:37 593 977 RAGENT.DLL
22/01/2001 02:25 184 320 SECMGR.DLL
22/01/2001 02:25 323 584 VAIDDMGR.DLL
22/01/2001 02:25 32 768 VAIMEM.DLL
19 fichier(s) 5 473 921 octets
4 Rép(s) 59 009 249 280 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 84A1-4619

Répertoire de C:\

22/03/2000 10:27 188 416 dict.exe
1 fichier(s) 188 416 octets
0 Rép(s) 59 009 249 280 octets libres




Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 84A1-4619

Répertoire de C:\

c:\Documents and Settings\Christine\Application Data\LimeWire\.NetworkShare\LimeWireWin4.12.11.exe
c:\Documents and Settings\Christine\Application Data\LimeWire\.NetworkShare\Incomplete\T-3098056-LimeWireWin4.12.11.exe
c:\Documents and Settings\Christine\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
c:\Documents and Settings\Christine\Application Data\Microsoft\Installer\{15EE79F4-4ED1-4267-9B0F-351009325D7D}\HPSUShortcut2_936C42D08CEE4BDFB8CEC4BDC93C6CF8_1.exe
c:\Documents and Settings\Christine\Application Data\U3\temp\cleanup.exe
c:\Documents and Settings\Christine\Application Data\U3\temp\Launchpad Removal.exe
c:\Documents and Settings\Christine\Bureau\aawsepersonal.exe
c:\Documents and Settings\Christine\Bureau\gc_w01_FRA.exe
c:\Documents and Settings\Christine\Bureau\install_flash_player.exe
c:\Documents and Settings\Christine\Bureau\Install_Messenger.exe
c:\Documents and Settings\Christine\Bureau\mp10setup(2).exe
c:\Documents and Settings\Christine\Bureau\mp10setup.exe
c:\Documents and Settings\Christine\Bureau\nppgwrap.exe
c:\Documents and Settings\Christine\Bureau\picasa2-current.exe
c:\Documents and Settings\Christine\Bureau\SPNG2.2.397.exe
c:\Documents and Settings\Christine\Bureau\StubInstaller.exe
c:\Documents and Settings\Christine\Bureau\winamp524_full.exe
c:\Documents and Settings\Christine\Bureau\wmplus2.exe
c:\Documents and Settings\Christine\Bureau\zlsSetup_61_744_001_fr(2).exe
c:\Documents and Settings\Christine\Bureau\zlsSetup_61_744_001_fr.exe
c:\Documents and Settings\Christine\Bureau\Nouveau dossier\sounds\gmailfs110\Setup.exe
c:\Documents and Settings\Christine\Local Settings\Temp\~ga6psetup.exe
c:\Documents and Settings\Christine\Local Settings\Temp\ErrorSafeScannerSetup.exe
c:\Documents and Settings\Christine\Local Settings\Temp\Install_Messenger.exe
c:\Documents and Settings\Christine\Local Settings\Temp\MsgPlus - Auto Update.exe
c:\Documents and Settings\Christine\Local Settings\Temp\Setup.exe
c:\Documents and Settings\Christine\Local Settings\Temp\uninstall.exe
c:\Documents and Settings\Christine\Local Settings\Temp\7zSC.tmp\setup.exe
c:\Documents and Settings\Christine\Local Settings\Temp\7zSC.tmp\nonlocalized\firefox.exe
c:\Documents and Settings\Christine\Local Settings\Temp\7zSC.tmp\nonlocalized\updater.exe
c:\Documents and Settings\Christine\Local Settings\Temp\7zSC.tmp\nonlocalized\xpicleanup.exe
c:\Documents and Settings\Christine\Local Settings\Temp\7zSC.tmp\optional\extensions\[email protected]\components\talkback.exe
c:\Documents and Settings\Christine\Local Settings\Temp\hps4\HPSUSelfUpdate.exe
c:\Documents and Settings\Christine\Local Settings\Temp\ICD1.tmp\jinstall.exe
c:\Documents and Settings\Christine\Local Settings\Temp\NI.UERSV_0001_N91S2108\setup.exe
c:\Documents and Settings\Christine\Local Settings\Temp\NI.UGA6PV_0001_N108M0207\setup.exe
c:\Documents and Settings\Christine\Local Settings\Temp\RarSFX0\mcoinstall.exe
c:\Documents and Settings\Christine\Local Settings\Temp\RarSFX1\mcoinstall.exe
c:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\avadmin.exe
c:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\avcenter.exe
c:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\avconfig.exe
c:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\avgnt.exe
c:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\avguard.exe
c:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\avnotify.exe
c:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\avscan.exe
c:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\guardgui.exe
c:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\imp64b.exe
c:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\licmgr.exe
c:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\preupd.exe
c:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\sched.exe
c:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\setup.exe
c:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\update.exe
c:\Documents and Settings\Christine\Local Settings\Temp\RarSFX2\basic\wsctool.exe
c:\Documents and Settings\Christine\Local Settings\Temp\Répertoire temporaire 1 pour bmripper127.zip\bmripper127.exe
c:\Documents and Settings\Christine\Local Settings\Temp\SkypeSetup\SkypeSetup.exe
c:\Documents and Settings\Christine\Local Settings\Temp\temp.fr6A14\WinTouch.exe
c:\Documents and Settings\Christine\Local Settings\Temp\temp.fr6A14\WTUninstaller.exe
c:\Documents and Settings\Christine\Local Settings\Temp\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\LBConfig\Setup.exe
c:\Documents and Settings\Christine\Local Settings\Temporary Internet Files\Content.IE5\6D4FYPQ5\zlsSetup_70_362_000_fr[1].exe
c:\Documents and Settings\Christine\Mes documents\Christine\DETOUT PPS\50 clins d'oeils pour MSN 7.exe
c:\Documents and Settings\Christine\Mes documents\Christine\DETOUT PPS\Coca-Cola_Gift.exe
c:\Documents and Settings\Christine\Mes documents\Christine\smiley\50 clins d'oeils pour MSN 7.exe
c:\Documents and Settings\Christine\Mes documents\Christine\smiley\emoticones.exe
c:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\antivir_workstation_win7u_en_h.exe
c:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\avgas-setup-7.5.1.43.exe
c:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\messengerskinner.exe
c:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\mschat2a.exe
c:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\MsgPlusLive-401(2).exe
c:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\MsgPlusLive-401(3).exe
c:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\MsgPlusLive-401.exe
c:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\MsgPlusLive-410(2).exe
c:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\MsgPlusLive-410.exe
c:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\MsgPlusLive-411.exe
c:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\setup_camtrack_2_3_0.exe
c:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\SkypeSetup.exe
c:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\SmileyCentralPFSetup2.1.60.1.ZNfox000.exe
c:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\windows-live-messenger_windows_live_messenger_8.1.0106.00_beta_francais_19367.exe
c:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\zaSetup_fr(2).exe
c:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\zaSetup_fr.exe
c:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\MSNFix\MSNFix\incl\MD5File.exe
c:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\MSNFix\MSNFix\incl\msnchk.exe
c:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\MSNFix\MSNFix\incl\Process.exe
c:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\MSNFix\MSNFix\incl\swreg.exe
c:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\MSNFix\MSNFix\incl\zip.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\antivir_workstation_win7u_en_h.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\avgas-setup-7.5.1.43.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\dictionnaire_setup.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\dj553fr.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Firefox Setup 1.5.0.1.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\HijackThis.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\hpzglu10.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Install_MSN_Messenger.EXE
c:\Documents and Settings\Christine\Mes documents\Programmes\live-tf1.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Media Player 10.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\MsgPlusLive-450.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\picasaweb-current-setup.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Quick Cam.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\SkypeSetup.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\V5-U3.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\zaSetup_fr.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\zlsSetup_65_737_000_fr.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\zlssetup_70_337_000_fr.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\.limewire\.NetworkShare\LimeWireWin4.10.5.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\.limewire\.NetworkShare\LimeWireWinInstaller.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\.limewire\.NetworkShare\Incomplete\LimeWireWinInstaller.partial.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Ad-Aware SE Personal\Ad-Aware.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Ad-Aware SE Personal\unregaaw.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Ad-Aware SE Personal\UNWISE.EXE
c:\Documents and Settings\Christine\Mes documents\Programmes\AVG Anti-Spyware 7.5\avgas.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\AVG Anti-Spyware 7.5\guard.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\AVG Anti-Spyware 7.5\Uninstall.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\cartagogo\setup.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\common\drivers\win9x_me\hpzglu10.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\catchme.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\diff.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\dumphive.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\find2.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\Fport.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\grep.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\gzip.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\LFiles.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\md5sums.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\pslist.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\sigcheck.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\streams.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\swreg.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\diaghelp\DiagHelp\tar.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\DJ695\DISK1\SETUP.EXE
c:\Documents and Settings\Christine\Mes documents\Programmes\DJ695\DISK1\31\HPFLDR.EXE
c:\Documents and Settings\Christine\Mes documents\Programmes\DJ695\DISK1\31\HPFSPLSH.EXE
c:\Documents and Settings\Christine\Mes documents\Programmes\DJ695\DISK1\9X\HPFLDR.EXE
c:\Documents and Settings\Christine\Mes documents\Programmes\DJ695\DISK1\9X\HPFSPLSH.EXE
c:\Documents and Settings\Christine\Mes documents\Programmes\Drivers\dot4\wrapper\_ISDel.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Drivers\dot4\wrapper\Setup.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Drivers\dot4\wrapper\Wrapper.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Messenger Plus! Live\Log Viewer.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Messenger Plus! Live\MPTools.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Messenger Plus! Live\Uninstall.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\MSNFix\MSNFix\incl\MD5File.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\MSNFix\MSNFix\incl\msnchk.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\MSNFix\MSNFix\incl\Process.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\MSNFix\MSNFix\incl\swreg.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\MSNFix\MSNFix\incl\zip.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\hpoapd01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\Hpodircu.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\hponac01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\hponicifs01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\hponiscan01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\hponiscp01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\hporfd01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\hpowfs01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZarp01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZcdl01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZchk01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZddv01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZdui01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZdxs01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZgat01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZmsi01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZnet01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZnfx01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZnop01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZopt01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZpnp01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZprl01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZpsc01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZpsl01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZrcv01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZrein01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZsaf01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZscr01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZshl01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZsui01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZtim01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZwis01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\HPZwrp01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\mdfix01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\usbready.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\CCC\HpRegSecChkFix_v1_1_10.sig.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\CCC\HPZlgc01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\CCC\HPZprs01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\MDAC\dasetup.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\MDAC\mdacsafe.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\MDAC\muisetup.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\MDAC\odbcconf.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\MDAC\setup.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\wis\Win2K_XP\instmsi.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\Setup\wis\Win9x\instmsi.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\util\AIO\hpopdi05.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\util\AIO\hpopin05.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\util\CCC\240075.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\util\CCC\270615USAM.EXE
c:\Documents and Settings\Christine\Mes documents\Programmes\util\CCC\afsinst.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\util\CCC\HpRegSecChkFix_v1_2_1.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\util\CCC\HPZlgc01.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\util\CCC\MediaSizeSettings.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\util\CCC\Q256858_W2K_SP1_x86.EXE
c:\Documents and Settings\Christine\Mes documents\Programmes\util\CCC\fra\Q283787_w2k_sp3_x86.EXE
c:\Documents and Settings\Christine\Mes documents\Programmes\util\CCC\fra\WindowsXP-KB822603-x86-FRA.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\util\common\hpfpdi10.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\util\common\hpqisc09.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\util\common\hpzghl10.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\util\common\hpzpin10.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\util\Support_Tools\MSI_Install_Cleanup\Win2000\msicuu.exe
c:\Documents and Settings\Christine\Mes documents\Programmes\util\Support_Tools\MSI_Install_Cleanup\Win9x\msicu.exe
c:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\avewin32.dll
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Hewlett-Packard\Diagnostic Assistant\data\hprbevdb.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\Christine\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\Christine\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll

****** Fin du rapport DiagHelp

Malekal_morte
Site Admin
Site Admin
Messages : 102010
Inscription : 10 sept. 2005 13:57
Contact :

Re: pages publicitaires intempestives

Message par Malekal_morte »

Beaucoup de choses à dire.

Vas dans ajout/suppression de programmes et désinstalle Carlson Dialer
Carlson Dialer est un dialer, un dialer étant un programme qui effectue des appels vers des numéros surtaxés pour faire des $.
Si tu es en ADSL, ça craint rien.
Il vient avec des infections MSN... tu as dû avoir une infection MSN, ne pas ouvrir les zips parlant de photos...
pour plus d'informations sur les infections MSN, voir ce lien : viewtopic.php?f=45&t=5161

MessengerSkinner a été installé sur cet ordinateur.
MessengerSkinner est un programme dit gratuit qui installe un adware, ceci n'est pas forcemment dit explicitement donc tu dois pas le savoir. Un adware est un programme qui affiche des popups de pubs pour rémunérer les auteurs (c'est pour ça que c'est pas dit explicitement), c'est la source de tes popups de pubs.

Par contre, ce qui est troublant c'est qu'il se trouve ici : c:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\messengerskinner.exe
Ce qui signifie que c'est certainement un de tes contacts qui te l'a envoyé... et il doit pas être au courant.
Il faudrait dire à ce contact d'arreter d'envoyer ce programme sauf si tous ses amis veulent être harcelés par des popups, plus d'informations : https://www.malekal.com/Adware.Magic_Control.php

Tu as d'autres adwares venus avec l'infections MSN.
Des restes du rogue SystemDoctor 2006 Free
Le rogue VirusGarde qui installé.
Mais bon, les adwares doivent ouvrir des popups disant que tu es infecté bllabla, ne pas les écouter.
Plus d'infos sur les rogues, voir : viewtopic.php?f=56&t=589

Bref, tout ça pour dire, fais plus attention à ce que tu installes sur ton ordinateur.
surtout qu'en plus tu as installe limwire qui est une belle source d'infection.

Pour désinfecter :

Relance HijackThis, coche ces lignes :

O4 - HKLM\..\Run: [SystemDoctor 2006 Free] C:\Program Files\SystemDoctor 2006 Free\sd2006.exe -scan
O4 - HKCU\..\Run: [kernel] C:\Program Files\kernel\kernel.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Christine\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [Urha] "C:\WINDOWS\WNSXS~1\chkntfs.exe" -vt yazb
O4 - HKCU\..\Run: [Sei] C:\WINDOWS\system32\?ystem\m?dtc.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Christine\Application Data\Microsoft\Windows\sdpyut.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZNfox000

--> clic sur fix checked

Redémarre l'ordinateur poste un nouveau rapport HijackThis et le rapport catchme qui est sur ton bureau.


Télécharge Combofix sUBs : combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Desactive la protection Antivir

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
c:\Documents and Settings\Christine\Mes documents\Mes fichiers reçus\messengerskinner.exe
c:\Documents and Settings\Christine\Local Settings\Temp\ErrorSafeScannerSetup.exe

Folder::
c:\Documents and Settings\Christine\Local Settings\Temp\temp.fr6A14
C:\Program Files\kernel
C:\Program Files\MyWebSearch
C:\Program Files\Outerinfo
C:\Program Files\VirusGarde
C:\Documents and Settings\Christine\Application Data\WinTouch
Enregistre ce fichier sous le nom CFScript

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

Image
[*]Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
[*]Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
[*]Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis

[*]Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Image

Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus

Les tutoriels Windows 10 du moment : Comment demander de l'aide sur le forum
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.

daniel45

Re: pages publicitaires intempestives

Message par daniel45 »

ComboFix 08-01-10.2 - Christine 2008-01-10 20:51:07.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.57 [GMT 1:00]
Running from: C:\Documents and Settings\Christine\Mes documents\Programmes\ComboFix.exe
Command switches used :: C:\Documents and Settings\Christine\Bureau\CFScript.txt
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Christine\Application Data\MessengerSkinner
C:\Documents and Settings\Christine\Application Data\SystemDoctor 2006 Free
C:\Program Files\FunWebProducts
C:\Program Files\kernel
C:\Program Files\messengerskinner
C:\Program Files\MyWebSearch
C:\Program Files\outerinfo
C:\Program Files\Temporary
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\linkprd.exe
C:\WINDOWS\system32\ystem~1
C:\WINDOWS\tmlpcert2007
C:\WINDOWS\wnsxs~1
C:\WINDOWS\wnsxs~1\W?nSxS\

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-10 to 2008-01-10 ))))))))))))))))))))))))))))))))))))
.

2008-01-10 19:35 . 2000-08-31 08:00
2008-01-09 23:47 . 2008-01-09 23:47
2008-01-08 20:43 . 2008-01-08 20:43
2008-01-08 20:43 . 2008-01-08 20:43
2008-01-08 20:43 . 2007-05-30 13:10
2008-01-05 20:10 . 2008-01-05 20:10
2008-01-05 20:09 . 2008-01-05 20:31
2008-01-05 11:30 . 2008-01-05 11:30
2008-01-05 00:06 . 2008-01-05 00:06
2008-01-05 00:06 . 2008-01-05 00:06
2007-12-28 22:11 . 2008-01-08 21:41
2007-12-13 21:41 . 2007-12-13 21:41
2007-12-13 21:37 . 2004-07-01 23:08
2007-12-13 21:37 . 2004-07-01 23:08
2007-12-13 21:37 . 2004-07-01 23:08
2007-12-13 21:37 . 2004-07-01 23:08
2007-12-13 21:37 . 2004-07-01 23:08
2007-12-13 21:37 . 2004-07-01 23:08
2007-12-13 21:37 . 2004-07-01 23:08
2007-12-13 21:37 . 2004-07-01 23:08
2007-12-12 23:40 . 2008-01-10 20:05
2007-12-12 23:40 . 2007-12-12 23:40

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
10/01/2008 18:57
10/01/2008 18:56
08/01/2008 18:59
05/01/2008 18:55
04/01/2008 23:10
04/01/2008 23:06
04/01/2008 22:57
03/01/2008 19:23
03/01/2008 17:39
12/12/2007 22:39
27/11/2007 18:58
16/11/2007 23:58
13/11/2007 00:03
15/01/2007 12:08
13/01/2007 09:28
08/01/2007 21:30
03/01/2007 11:52
21/12/2006 18:40
16/12/2006 17:26
15/12/2006 16:13
12/12/2006 17:57
11/12/2006 22:44
01/11/2006 16:11
23/11/2001 04:08
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
WebCamRT.exe="" []
WOOKIT="C:\PROGRA~1\Wanadoo\Shell.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Cmaudio="cmicnfg.cpl" []
Zone Labs Client="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [ ]
LVCOMS="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
LogitechGalleryRepair="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32 155648]
LogitechImageStudioTray="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31 61440]
HP Component Manager="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 13:54 241664]
HP Software Update="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
WINDVDPatch="CTHELPER.EXE" [2002-07-02 10:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
UpdReg="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
Jet Detection="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672]
CTStartup="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 01:00 28672]
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-07 21:27 249896]
!AVG Anti-Spyware="C:\Documents and Settings\Christine\Mes documents\Programmes\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13:00 13312]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
DisableRegistryTools= 0 (0x0)

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
R3 LVBulk;LVBulk Service;C:\WINDOWS\System32\DRIVERS\LVBulk.sys [2002-06-10 14:21]
R3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\System32\DRIVERS\LV551AV.sys [2002-06-10 14:24]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 21:00:09
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???p???w^?s?????>?wH ?w???????w*??w4???U??w4???????D8?s4????????92?????\???\????????H?s????w;?w?????_?w?`?w\???\[email protected]?\???\??????s????\??????s\[email protected]?x??????sx????:?w\[email protected]

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-10 21:03:24 - machine was rebooted [Christine]
ComboFix-quarantined-files.txt 2008-01-10 20:03:19
.
13/12/2007 20:42

daniel45

Re: pages publicitaires intempestives

Message par daniel45 »

:) ça a l'air d'aller meieux je n'ai pas revu de fenetres intempestives


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:31:23, on 10/01/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\spider.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Christine\Mes documents\Programmes\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\Christine\Mes documents\Programmes\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... 0.0.15.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by107fd.bay107.hotmail.msn.com/a ... Atchmt.ocx
O18 - Protocol: bw+0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {24474A9F-E54F-47CD-A01A-CA94C8EC1E07} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: talkto - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\Christine\Mes documents\Programmes\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

--
End of file - 18633 bytes

Malekal_morte
Site Admin
Site Admin
Messages : 102010
Inscription : 10 sept. 2005 13:57
Contact :

Re: pages publicitaires intempestives

Message par Malekal_morte »

Bizarre ton rapport ComboFix.

Tu n'as pas l'air d'avoir bien fait glisser le script CFScript dans l'icone Combofix, ou le script était vide, recommence stp.
Image

Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus

Les tutoriels Windows 10 du moment : Comment demander de l'aide sur le forum
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.

daniel45

Re: pages publicitaires intempestives

Message par daniel45 »

ComboFix 08-01-10.2 - Christine 2008-01-11 16:34:51.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.0.1252.1.1036.18.56 [GMT 1:00]
Running from: C:\Documents and Settings\Christine\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Christine\Bureau\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-11 to 2008-01-11 ))))))))))))))))))))))))))))))))))))
.
2008-01-10 19:35 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-09 23:47 . 2008-01-09 23:47 428,612 --a------ C:\upload_moi_CHRISTINE.tar.gz
2008-01-08 20:43 . 2008-01-08 20:43 <REP> d-------- C:\Documents and Settings\Christine\Application Data\Grisoft
2008-01-08 20:43 . 2008-01-08 20:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-08 20:43 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-05 20:10 . 2008-01-05 20:10 0 --a------ C:\LOG257.tmp
2008-01-05 20:09 . 2008-01-05 20:31 <REP> d-------- C:\Documents and Settings\Christine\Application Data\U3
2008-01-05 11:30 . 2008-01-05 11:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-05 00:06 . 2008-01-05 00:06 <REP> d-------- C:\Program Files\Avira
2008-01-05 00:06 . 2008-01-05 00:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-28 22:11 . 2008-01-08 21:41 <REP> d--h----- C:\Program Files\Fichiers communs\Carlson
2007-12-13 21:41 . 2007-12-13 21:41 <REP> d-------- C:\WINDOWS\system32\bits
2007-12-13 21:37 . 2004-07-01 23:08 360,960 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2007-12-13 21:37 . 2004-07-01 23:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-12-13 21:37 . 2004-07-01 23:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-12-13 21:37 . 2004-07-01 23:08 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-12-13 21:37 . 2004-07-01 23:08 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2007-12-13 21:37 . 2004-07-01 23:08 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-12-13 21:37 . 2004-07-01 23:08 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2007-12-13 21:37 . 2004-07-01 23:08 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-12-12 23:40 . 2008-01-10 20:05 <REP> d-------- C:\Documents and Settings\Christine\Application Data\MSN6
2007-12-12 23:40 . 2007-12-12 23:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 18:57 --------- d-----w C:\Documents and Settings\Christine\Application Data\LimeWire
2008-01-10 18:56 --------- d-----w C:\Documents and Settings\Christine\Application Data\CamTrack
2008-01-08 18:59 --------- d-----w C:\Program Files\Hyper-Script V5-R3
2008-01-05 18:55 --------- d-----w C:\Program Files\MSN Messenger
2008-01-04 23:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-04 23:06 --------- d-----w C:\Program Files\AVPersonal
2008-01-04 22:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-01-04 12:20 44,032 -c--a-w C:\WINDOWS\system32\ftp.exe
2008-01-04 12:20 17,920 -c--a-w C:\WINDOWS\system32\tftp.exe
2008-01-03 19:23 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-01-03 17:39 10 ----a-w C:\Program Files\.autoreg
2007-12-27 18:00 134,656 ----a-w C:\WINDOWS\system32\sfc_os.dll
2007-12-12 22:39 --------- d-----w C:\Program Files\Services en ligne
2007-11-27 18:58 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2007-11-27 18:58 --------- d-----w C:\Program Files\CyberLink
2007-11-16 23:58 --------- d-----w C:\Program Files\Wanadoo
2007-11-13 00:03 0 ----a-w C:\WINDOWS\Fonts\auto.txt
2007-01-15 12:08 88,486 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_01_14_10_07_06_small.dmp.zip
2007-01-13 09:28 84,097 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_01_12_18_49_03_small.dmp.zip
2007-01-08 21:30 88,265 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_01_08_22_26_59_small.dmp.zip
2007-01-03 11:52 84,391 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_01_02_19_06_51_small.dmp.zip
2006-12-21 18:40 80,348 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_21_12_44_52_small.dmp.zip
2006-12-16 17:26 91,083 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_16_13_51_20_small.dmp.zip
2006-12-15 16:13 88,126 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_15_12_55_00_small.dmp.zip
2006-12-12 17:57 17,031,026 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_12_13_04_21_full.dmp.zip
2006-12-11 22:44 92,402 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_12_11_12_57_22_small.dmp.zip
2006-11-01 16:11 39,108 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2006_11_01_17_06_50_small.dmp.zip
2001-11-23 04:08 712,704 -c--a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.
((((((((((((((((((((((((((((( [email protected]_21.02.32.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-10 19:50:56 241,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-11 15:34:40 241,664 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-10 19:50:57 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-11 15:34:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-10 19:50:57 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-11 15:34:40 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-10 19:50:57 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-11 15:34:40 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2008-01-10 19:50:57 4,538,368 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-11 15:34:41 4,538,368 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
- 2008-01-10 19:50:57 167,936 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
+ 2008-01-11 15:34:41 167,936 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebCamRT.exe"="" []
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [ ]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54 127022]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32 155648]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31 61440]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 13:54 241664]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 10:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 01:00 28672]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 01:00 28672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-07 21:27 249896]
"!AVG Anti-Spyware"="C:\Documents and Settings\Christine\Mes documents\Programmes\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13:00 13312]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 22:06:36]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 21:31:38]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2006-08-18 20:04:33]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04]
R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys [2007-07-18 14:22]
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys [2007-08-09 13:04]
R3 LVBulk;LVBulk Service;C:\WINDOWS\System32\DRIVERS\LVBulk.sys [2002-06-10 14:21]
R3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\System32\DRIVERS\LV551AV.sys [2002-06-10 14:24]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 16:37:51
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run???p???w^?s?????>?wH ?w???????w*??w4???U??w4???????D8?s4????????92?????\???\????????H?s????w;?w?????_?w?`?w\???\[email protected][email protected]?\???\??????s????\??????s\[email protected]?x??????sx????:?w\[email protected]
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-11 16:39:39
ComboFix-quarantined-files.txt 2008-01-11 15:39:33
ComboFix2.txt 2008-01-11 13:00:45
.
2007-12-13 20:42:51 --- E O F ---

Malekal_morte
Site Admin
Site Admin
Messages : 102010
Inscription : 10 sept. 2005 13:57
Contact :

Re: pages publicitaires intempestives

Message par Malekal_morte »

Supprime ce dossier : C:\Program Files\Fichiers communs\Carlson

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Internet Explorer pas à jour, il contient des failles de sécurités qui peuvent via des exploits sur des sites WEB conduire à l'infection.
Mets à jour Internet Explorer 6 vers la version 7 : http://www.microsoft.com/france/windows ... itnow.mspx
En outre, tu peux faire un scan de vulnérabilités afin de vérifier que tes logiciels soit à jour sans failles de sécurités.



C'est OK, tu n'es plus infecté en suivant les dernières manipulations ci-dessous et lire ATTENTIVEMENT ce qui suit :)

Essaye de rapporter ton infection sur le site que je te donne ci-dessous, ce serait super cool ;)

Tes infections : divers adwares...

Finir le nettoyage :
- Nettoye ton ordinateur avec CCleaner : https://www.malekal.com/tutorial_CCleaner.html
- Désactive puis réactive la restauration du système :
- Mode d'emploi Windows XP
- Tu peux ensuite désinstaller tous les programmes que l'on a utilisé.




___________________________________


je t'invite à lire ce PDF (cliquer sur la bannière si dessous), ce PDF explique comment les infections se propagent, les bonnes habitudes à avoir pour ne plus se faire infecter et comment sécuriser ton ordinateur, lis tout attentivement, n'hésite surtout pas à l'envoyer à tous tes amis par mail :

Image

Tout est résumé dans Sécuriser son ordinateur (version courte)

___________________________________


Faire bouger les choses :

Rapporte ton infection pour faire condamner les auteurs sur Malware-Complaints. Pour faire entendre notre voix, nous devons être le plus nombreux possibles, alors rapport ton infection :
- Voir les règles de Malware-Complaints
- Enregistre sur le forum à partir du bouton register en haut :
Si tu as plus de 13 ans, choisir : I Agree to these terms and am over or exactly 13 years of age
Si tu as moins, clic sur : I Agree to these terms and am under 13 years of age

Après t'être enregistré, tu as sous forme de liste les types d'infection (Look2Me, Smitfraud, SpywareQuake etc..) : http://www.malwarecomplaints.info/viewf ... da8cee41a4

Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas quelle infection tu as eu, créé un message dans le sujet "Autres infections" conforme au règle du forum (age, ville, département etc..) : http://www.malwarecomplaints.info/viewforum.php?f=10

Pour poster un message, clics sur le bouton "post reply" et remplir les informations - NE PAS CREER UN SUJET avec le bouton New Topic.

Pour toutes aides pour poster ton message, tu peux consulter ce lien : https://www.malekal.com/malwarecomplaints.html
Si tu as des questions ou des problèmes, n'hésites pas à me demander ici ou à contacter un des modérateurs du forum : Kimberly, AgnesD ou ipl_001.
Image

Première règle élémentaire de sécurité : on réfléchit puis on clic et pas l'inverse - Les fichiers/programmes c'est comme les bonbons, quand ça vient d'un inconnu, on n'accepte pas !
Comment protéger son PC des virus

Les tutoriels Windows 10 du moment : Comment demander de l'aide sur le forum
Partagez malekal.com : n'hésitez pas à partager les articles qui vous plaisent sur la page Facebook du site.

daniel45

Message par daniel45 »

merci beaucoup je vais faire tout ça, bonne fin de journée et bravo pour ton site

Répondre

Revenir à « Supprimer/Desinfecter les virus (Trojan, Adwares, Ransomwares, Backdoor, Spywares) »