connection wifi avec ralink wireless RESOLU

Ici on parle de réseau, configurations, problèmes, internet les navigateurs internet

Modérateur : Mods Windows

SkyTech

Re: connection wifi avec ralink wireless

par SkyTech »

Salut,

On pourrait avoir un rapport pour Spybot ?
Engil Hramn a écrit : - Télécharge HiJackThis de Merijn sur ton bureau.
- Double-clic sur HijackThis
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur Do a scan and save log file.
- Le rapport s'ouvre sur le Bloc-Note
- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller
Aide : N'hésite pas à consulter l'aide HiJackThis -
clo5984

Re: connection wifi avec ralink wireless

par clo5984 »

je veux bien mais ce ne sera pas sur la bonne unité centrale vu que je ne peux plus y accéer ? celle-ci dont je me sers à l'instant n'a à priori pas de souci
SkyTech

Re: connection wifi avec ralink wireless

par SkyTech »

Re,
clo5984 a écrit :je veux bien mais ce ne sera pas sur la bonne unité centrale vu que je ne peux plus y accéer ? celle-ci dont je me sers à l'instant n'a à priori pas de souci
Et en mode sans échec ou mode sans échec avec prise en charge réseau sa donne ?

voir : https://www.malekal.com/modesansechec.php

Si tu accède au mode sans échec mets les rapports sur une clé USB ou sinon prend mode sans échec avec prise en charge réseau.
clo5984

Re: connection wifi avec ralink wireless

par clo5984 »

re
alors, après redémarrage en mode sans échec et scan effectué : aucune détection particulière
j'ai redémarré en mode normal sur le même ordinateur qui plantait tout à l'heure (comprend pas tt ce qui se passe ce soir, mais bon !) et voici le rapport :

Avira AntiVir Personal
Report file date: vendredi 3 octobre 2008 22:22

Scanning for 1657543 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Save mode with network
Username: Poste 6
Computer name: PC

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 16/09/2008 22:36:07
AVSCAN.DLL : 8.1.4.0 40705 Bytes 16/09/2008 22:36:07
LUKE.DLL : 8.1.4.5 164097 Bytes 16/09/2008 22:36:08
LUKERES.DLL : 8.1.4.0 12033 Bytes 16/09/2008 22:36:08
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 19:30:10
ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 19:56:27
ANTIVIR3.VDF : 7.0.6.241 167936 Bytes 02/10/2008 18:26:04
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 19/04/2008 21:20:49
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 18/09/2008 17:41:39
AESCN.DLL : 8.1.0.23 119156 Bytes 01/08/2008 19:30:51
AERDL.DLL : 8.1.1.2 438644 Bytes 18/09/2008 17:41:38
AEPACK.DLL : 8.1.2.3 364918 Bytes 24/09/2008 19:26:14
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 18/09/2008 17:41:35
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 18/09/2008 17:41:34
AEHELP.DLL : 8.1.0.15 115063 Bytes 01/08/2008 19:30:39
AEGEN.DLL : 8.1.0.36 315764 Bytes 16/09/2008 21:18:29
AEEMU.DLL : 8.1.0.7 430452 Bytes 01/08/2008 19:30:34
AECORE.DLL : 8.1.1.11 172406 Bytes 16/09/2008 21:18:27
AEBB.DLL : 8.1.0.1 53617 Bytes 01/08/2008 19:30:32
AVWINLL.DLL : 1.0.0.12 15105 Bytes 16/09/2008 22:36:07
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/09/2008 22:36:07
AVREP.DLL : 8.0.0.2 98344 Bytes 01/08/2008 19:30:31
AVREG.DLL : 8.0.0.1 33537 Bytes 16/09/2008 22:36:07
AVARKT.DLL : 1.0.0.23 307457 Bytes 19/04/2008 21:20:44
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 16/09/2008 22:36:07
SQLITE3.DLL : 3.3.17.1 339968 Bytes 19/04/2008 21:20:48
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 16/09/2008 22:36:08
NETNT.DLL : 8.0.0.1 7937 Bytes 19/04/2008 21:20:48
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 16/09/2008 22:35:59
RCTEXT.DLL : 8.0.52.0 86273 Bytes 16/09/2008 22:35:59

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 3 octobre 2008 22:22

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned

Starting master boot sector scan:
Master boot sector HD0

i
No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'

i
No virus was found!

Starting to scan the registry.
The registry was scanned ( '56' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys

!
The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys

!
The file could not be opened!


End of the scan: vendredi 3 octobre 2008 22:52
Used time: 29:40 Minute(s)

The scan has been done completely.

5346 Scanning directories
223769 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
223767 Files not concerned
1091 Archives were scanned
2 Warnings
0 Notes
SkyTech

Re: connection wifi avec ralink wireless

par SkyTech »

Salut,

C'est pas un scan Antivir que je te demandait mais le rapport dans lequel Spybot trouve des bizarreries et un log Hijackthis.
PDT_019
clo5984

Re: connection wifi avec ralink wireless

par clo5984 »

sorry pour antivir, donc ci-dessous
1)rapport spybot (précision faite que je n'ai pas pu télécharger les MAJ avant le scan) :

--- Search result list ---
Le conseil du jour: Cliquez sur la barre située à droite pour voir plus d'informations! ()


Common Dialogs: History (4 files) (Clé du registre, nothing done)
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU

Log: Activity: SchedLgU.Txt (Sauver le fichier, nothing done)
C:\WINDOWS\SchedLgU.Txt

Log: Activity: ntbtlog.txt (Sauver le fichier, nothing done)
C:\WINDOWS\ntbtlog.txt

Log: Install: setupact.log (Sauver le fichier, nothing done)
C:\WINDOWS\setupact.log

Log: Install: setupapi.log (Sauver le fichier, nothing done)
C:\WINDOWS\setupapi.log

Log: Install: wmsetup.log (Sauver le fichier, nothing done)
C:\WINDOWS\wmsetup.log

Log: Shutdown: System32\wbem\logs\wbemcore.log (Sauver le fichier, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemcore.log

Log: Shutdown: System32\wbem\logs\wbemess.lo_ (Sauver le fichier, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.lo_

Log: Shutdown: System32\wbem\logs\wbemess.log (Sauver le fichier, nothing done)
C:\WINDOWS\System32\wbem\logs\wbemess.log

Log: Shutdown: System32\wbem\logs\wmiprov.log (Sauver le fichier, nothing done)
C:\WINDOWS\System32\wbem\logs\wmiprov.log

Alcohol 120%: [SBI $3B4B111D] Last used CD image folder (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Alcohol Soft\Alcohol 120%\ImageMaker\CD Image File Path

Alcohol 120%: [SBI $05783055] Last created CD image (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Alcohol Soft\Alcohol 120%\ImageMaker\CD Image Name

Alcohol 120%: [SBI $33A21B15] Images history (6 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Alcohol Soft\Alcohol 120%\Images

Alcohol 120%: [SBI $B1D42532] Image location history (5 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Alcohol Soft\Alcohol 120%\Images\Location

Internet Explorer: [SBI $1E8157BE] Typed URL list (4 fichiers) (Clé du registre, nothing done)
HKEY_USERS\PE_C_CLO\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: [SBI $1E8157BE] Typed URL list (1 fichiers) (Clé du registre, nothing done)
HKEY_USERS\PE_C_INVITé\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: [SBI $0BC7B918] User agent (Modification du registre, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Modification du registre, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Modification du registre, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Management Console: [SBI $ECD50EAD] Recent command list (1 fichiers) (Clé du registre, nothing done)
HKEY_USERS\PE_C_ADMINISTRATEUR\Software\Microsoft\Microsoft Management Console\Recent File List

MS Management Console: [SBI $ECD50EAD] Recent command list (3 fichiers) (Clé du registre, nothing done)
HKEY_USERS\PE_C_CLO\Software\Microsoft\Microsoft Management Console\Recent File List

MS Management Console: [SBI $ECD50EAD] Recent command list (4 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\Microsoft Management Console\Recent File List

MS Media Player: [SBI $E48560B4] Recent file list (2 fichiers) (Clé du registre, nothing done)
HKEY_USERS\PE_C_CLO\Software\Microsoft\MediaPlayer\Player\RecentFileList

MS Media Player: [SBI $E48560B4] Recent file list (1 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\MediaPlayer\Player\RecentFileList

MS Media Player: [SBI $D8642806] Application data file (global) () (Fichier, nothing done)
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\wmplibrary_v_0_12.db

MS Media Player: [SBI $656F1808] Search terms history (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\MediaPlayer\AutoComplete\MediaSearch

MS Media Player: [SBI $619B23EC] Last search folder (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\MediaPlayer\Preferences\SearchPath

MS Media Player: [SBI $8E65C0EE] Last opened playlist (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist

MS Media Player: [SBI $1BDA487B] Last selected track index (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\MediaPlayer\Preferences\LastPlaylistIndex

MS Media Player: [SBI $6D2E50D8] Last selected node (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\MediaPlayer\MediaLibraryUI\MLLastSelectedNode

MS Media Player: [SBI $5C51E349] Client ID (Modification du registre, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Media Player: [SBI $5C51E349] Client ID (Modification du registre, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Media Player: [SBI $5C51E349] Client ID (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Media Player: [SBI $5C51E349] Client ID (Modification du registre, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Direct3D: [SBI $7FB7B83F] Most recent application (Modification du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Modification du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS Office 10.0: [SBI $98B69A5E] Used cliparts (6 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\Office\10.0\Clip Organizer\Search\Last Query

MS Office 10.0: [SBI $40D97094] Recently used symbol list (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\Office\10.0\Common\General\SymbolMRU

MS Office 10.0 (Office Startup Assistant): [SBI $8EC50E4A] Last used directory (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\Office\10.0\Osa\FindFile\Place

MS Office 10.0 (Document Scanning): [SBI $C6AFE986] Recent file list #1 (2 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\MSPaper\Recent File List

MS Office 10.0 (Document Scanning): [SBI $BF2D2FA9] Recent file list #2 (2 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\MSPaper\Persist File Name

MS Office 10.0 (Word): [SBI $51FE086C] Recently used documents list (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\Office\10.0\Word\Data\Settings

MS Office 10.0 (Word): [SBI $E97870AB] Disabled items history (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\Office\10.0\Word\Resiliency\DisabledItems

MS Photo Editor: [SBI $4E767FED] Last used directory (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\Photo Editor\3.0\File Options\Path

MS Photo Editor: [SBI $ADB59025] Recently used file #1 (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\Photo Editor\3.0\Microsoft Photo Editor\LastFile1

MS Photo Editor: [SBI $3DF342BE] Recently used file type #1 (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\Photo Editor\3.0\Microsoft Photo Editor\LastType1

Windows: [SBI $1E4E2003] Drivers installation paths (Modification du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows.OpenWith: [SBI $8A831112] Open with list - .669 extension (2 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.669\OpenWithList

Windows.OpenWith: [SBI $286A25C6] Open with list - .ACE extension (2 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ACE\OpenWithList

Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (10 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (5 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: [SBI $63036C95] Open with list - .CAB extension (2 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CAB\OpenWithList

Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (2 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList

Windows.OpenWith: [SBI $F34FE1D0] Open with list - .CUE extension (2 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CUE\OpenWithList

Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (38 fichiers) (Clé du registre, nothing done)
HKEY_USERS\PE_C_CLO\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

Windows Explorer: [SBI $A2C7B3CD] Recent wallpaper list (52 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU

Windows Explorer: [SBI $7308A845] Run history (3 fichiers) (Clé du registre, nothing done)
HKEY_USERS\PE_C_CLO\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: [SBI $AA0766B5] Stream history (55 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 fichiers) (Clé du registre, nothing done)
HKEY_USERS\PE_C_ADMINISTRATEUR\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (5 fichiers) (Clé du registre, nothing done)
HKEY_USERS\PE_C_CLO\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 fichiers) (Clé du registre, nothing done)
HKEY_USERS\PE_C_INVITé\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (27 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (10 fichiers) (Clé du registre, nothing done)
HKEY_USERS\PE_C_ADMINISTRATEUR\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (30 fichiers) (Clé du registre, nothing done)
HKEY_USERS\PE_C_CLO\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (13 fichiers) (Clé du registre, nothing done)
HKEY_USERS\PE_C_INVITé\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (641 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $B7EBA926] Last visited history (2 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedMRU

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: [SBI $37AAEDE6] Computer name (Modification du registre, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Modification du registre, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Modification du registre, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Modification du registre, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Valeur du registre, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Valeur du registre, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

WinRAR: [SBI $0B56E92B] Recent file list (1 fichiers) (Clé du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\WinRAR\ArcHistory

WinRAR: [SBI $B84F9965] Last used directory (Modification du registre, nothing done)
HKEY_USERS\S-1-5-21-1757981266-583907252-682003330-1004\Software\WinRAR\General\LastFolder

Cookie: [SBI $49804B54] Cookie (47) (Cookie, nothing done)


Cache: [SBI $49804B54] Cache (2029) (Cache, nothing done)


History: [SBI $49804B54] Historique (46) (Historique, nothing done)


Félicitations!: Aucun mouchard n'a été trouvé. ()



--- Spybot - Search & Destroy version: 1.6.0 (build: 20080729) ---

2008-08-14 blindman.exe (1.0.0.8)
2008-08-14 SDFiles.exe (1.6.0.4)
2008-08-14 SDMain.exe (1.0.0.6)
2008-08-14 SDShred.exe (1.0.2.3)
2008-08-14 SDUpdate.exe (1.6.0.9)
2008-08-14 SDWinSec.exe (1.0.0.12)
2008-07-30 SpybotSD.exe (1.6.0.31)
2008-09-16 TeaTimer.exe (1.6.3.25)
2007-10-24 unins000.exe (51.41.0.0)
2008-09-17 unins001.exe (51.49.0.0)
2008-08-14 Update.exe (1.6.0.7)
2008-08-14 advcheck.dll (1.6.1.12)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-08-14 Tools.dll (2.1.5.7)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2008-09-02 Includes\Adware.sbi (*)
2008-09-09 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-09-02 Includes\Hijackers.sbi (*)
2008-09-02 Includes\HijackersC.sbi (*)
2008-09-09 Includes\Keyloggers.sbi (*)
2008-09-23 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-09-09 Includes\Malware.sbi (*)
2008-09-23 Includes\MalwareC.sbi (*)
2008-09-02 Includes\PUPS.sbi (*)
2008-09-11 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-09-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-09-09 Includes\Spyware.sbi (*)
2008-09-23 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti (*)
2008-09-16 Includes\Trojans.sbi (*)
2008-09-23 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 3 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Player 6.4: Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
/ Windows Media Player 9: Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)
/ Windows Media Player 9: Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782)
/ Windows XP: Mise à jour de sécurité pour Windows XP (KB923689)
/ Windows XP: Mise à jour de sécurité pour Windows XP (KB941569)
/ Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
/ Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
/ Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
/ Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
/ Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
/ Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
/ Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
/ Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)
/ Windows XP / SP0: Correctif pour Windows Internet Explorer 7 (KB947864)
/ Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
/ Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB929969)
/ Windows XP / SP3: Windows XP Service Pack 3
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB938464)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB946648)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB950760)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB950762)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB950974)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB951066)
/ Windows XP / SP4: Mise à jour pour Windows XP (KB951072-v2)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB951376-v2)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB951698)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB951748)
/ Windows XP / SP4: Mise à jour pour Windows XP (KB951978)
/ Windows XP / SP4: Correctif pour Windows XP (KB952287)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB952954)
/ Windows XP / SP4: Mise à jour de sécurité pour Windows XP (KB953839)


--- Startup entries list ---
Located: HK_LM:Run, Adobe Photo Downloader
command: "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
file: C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
size: 63712
MD5: 831FB892A5A5F28BB69DE0AB77FA7281

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 8B9145D229D4E89D15ACB820D4A3A90F

Located: HK_LM:Run, ATICCC
command: "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
file: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
size: 45056
MD5: 64C4C17BF6A40FF1CD21205E6FD415B8

Located: HK_LM:Run, avgnt
command: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
file: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
size: 266497
MD5: 6E812818306D460D62B4ABEA9FDC6679

Located: HK_LM:Run, eBayToolbar
command: C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
file: C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
size: 652528
MD5: 03575BAD0E1AC47CFEEB0524207940B8

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 267048
MD5: 29ABA5DBAF0ADBFF426E7229412D6411

Located: HK_LM:Run, MSN Services
command: C:\RECYCLER\msnservice.exe
file: C:\RECYCLER\msnservice.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 286720
MD5: C41FE114D9D7710EDA1189D304D85088

Located: HK_LM:Run, SoundMan
command: SOUNDMAN.EXE
file: C:\WINDOWS\SOUNDMAN.EXE
size: 57344
MD5: 18AF798F49A1084B0ED8C47D3CECA6B2

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
file: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
size: 132496
MD5: D4F0F7437327DBAA264338BAAFB5E5AF

Located: HK_LM:Run, zzzHPSETUP
command: D:\Setup.exe \RESET
file: D:\Setup.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\System32\CTFMON.EXE
file: C:\WINDOWS\System32\CTFMON.EXE
size: 15360
MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4

Located: HK_CU:Run, CTFMON.EXE
where: PE_C_ADMINISTRATEUR...
command: C:\WINDOWS\System32\CTFMON.EXE
file: C:\WINDOWS\System32\CTFMON.EXE
size: 15360
MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4

Located: HK_CU:Run, CTFMON.EXE
where: PE_C_CLO...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4

Located: HK_CU:Run, msnmsgr
where: PE_C_CLO...
command: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 5724184
MD5: 97384875B6D03831B2D1820AB8952F67

Located: HK_CU:Run, QuickTime Task
where: PE_C_CLO...
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 286720
MD5: C41FE114D9D7710EDA1189D304D85088

Located: HK_CU:Run, swg
where: PE_C_CLO...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE

Located: HK_CU:Run, CTFMON.EXE
where: PE_C_INVITé...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4

Located: HK_CU:Run, msnmsgr
where: PE_C_INVITé...
command: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
file: C:\Program Files\Windows Live\Messenger\msnmsgr.exe
size: 5724184
MD5: 97384875B6D03831B2D1820AB8952F67

Located: HK_CU:Run, QuickTime Task
where: PE_C_INVITé...
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 286720
MD5: C41FE114D9D7710EDA1189D304D85088

Located: HK_CU:Run, swg
where: PE_C_INVITé...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: C:\WINDOWS\System32\CTFMON.EXE
file: C:\WINDOWS\System32\CTFMON.EXE
size: 15360
MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-1757981266-583907252-682003330-1004...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4

Located: HK_CU:Run, DAEMON Tools
where: S-1-5-21-1757981266-583907252-682003330-1004...
command: "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
file: C:\Program Files\DAEMON Tools\daemon.exe
size: 157592
MD5: 4323A5EE3EBC7F5681CD41B69360D2D4

Located: HK_CU:Run, MSMSGS
where: S-1-5-21-1757981266-583907252-682003330-1004...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: E13EA4860E8F2AA845B53BFD2B6FEC5B

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1757981266-583907252-682003330-1004...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1833296
MD5: 63B3FF83B87AFCEBA89CED54695DA0F6

Located: HK_CU:Run, swg
where: S-1-5-21-1757981266-583907252-682003330-1004...
command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\System32\CTFMON.EXE
file: C:\WINDOWS\System32\CTFMON.EXE
size: 15360
MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4

Located: Démarrage (tous utilisateurs), Microsoft Office.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\Microsoft Office\Office10\OSA.EXE
file: C:\Program Files\Microsoft Office\Office10\OSA.EXE
size: 83360
MD5: 5BC65464354A9FD3BEAA28E18839734A

Located: Démarrage (tous utilisateurs), Outil de mise à jour Google.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\Google\Google Updater\GoogleUpdater.exe
file: C:\Program Files\Google\Google Updater\GoogleUpdater.exe
size: 126136
MD5: 8D89B60FD56F70813DA50C01E232C8FB

Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Aide pour le lien d'Adobe PDF Reader)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Aide pour le lien d'Adobe PDF Reader
description: Adobe Acrobat reader
classification: Legitimate
known filename: AcroIEhelper.ocx<br>AcroIEhelper.dll
info link: http://www.adobe.com/products/acrobat/readstep2.html
info source: TonyKlein
Path: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelper.dll
Short name: ACROIE~1.DLL
Date (created): 23/10/2006 00:08:42
Date (last access): 04/10/2008 21:31:16
Date (last write): 23/10/2006 00:08:42
Filesize: 62080
Attributes: archive
MD5: C11F6A1F61481E24BE3FDC06EA6F7D2A
CRC32: E388508F
Version: 8.0.0.456

{22D8E815-4A5E-4DFB-845E-AAB64207F5BD} (eBay Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: eBay Toolbar Helper
Path: C:\Program Files\eBay\eBay Toolbar2\
Long name: eBayTb.dll
Short name:
Date (created): 26/09/2007 21:26:12
Date (last access): 04/10/2008 21:30:30
Date (last write): 17/09/2008 08:22:22
Filesize: 562416
Attributes: archive
MD5: 577382E883EC1040353E44AD450D513F
CRC32: 52C551E9
Version: 2.5000.11.3

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 17/09/2008 00:45:46
Date (last access): 04/10/2008 21:31:16
Date (last write): 15/09/2008 14:25:44
Filesize: 1562960
Attributes: readonly hidden sysfile archive
MD5: 35F73F1936BDE91F1B6995510A61E7A8
CRC32: BE6A5D15
Version: 1.6.2.14

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: SSVHelper Class
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: ssv.dll
Short name:
Date (created): 09/05/2008 06:55:54
Date (last access): 04/10/2008 21:31:12
Date (last write): 22/02/2008 04:25:20
Filesize: 509328
Attributes: archive
MD5: 5B42CB6A121256465B251840FDB1B2FE
CRC32: 6EF0BCE9
Version: 6.0.50.13

{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{988B07F5-7392-455A-8A1F-64935CB8B6ED} (BHO Barre de Confiance CM-CIC)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: BHO Barre de Confiance CM-CIC
Path: C:\Program Files\BarreConfCMCIC\
Long name: TAPbar.dll
Short name:
Date (created): 18/07/2006 19:24:52
Date (last access): 04/10/2008 21:31:18
Date (last write): 18/07/2006 19:24:52
Filesize: 192512
Attributes: archive
MD5: 6E4D744B3CFB5479EA83C811723241DC
CRC32: 7EBA7C73
Version: 1.1.0.0

{AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Helper
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein
Path: c:\program files\google\
Long name: GoogleToolbar1.dll
Short name: GOOGLE~1.DLL
Date (created): 16/09/2008 23:43:48
Date (last access): 04/10/2008 21:31:18
Date (last write): 16/09/2008 23:43:48
Filesize: 2582136
Attributes: readonly archive
MD5: F5F55FD61AB135233C24B90D9EDA2521
CRC32: F5EAB681
Version: 4.0.1602.35650

{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Google Toolbar Notifier BHO
Path: C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\
Long name: swg.dll
Short name:
Date (created): 23/10/2007 00:06:10
Date (last access): 04/10/2008 21:30:34
Date (last write): 23/10/2007 00:06:10
Filesize: 654832
Attributes: archive
MD5: B85A0FA95E24D9EA3B4181DAD716A27B
CRC32: D4D52E25
Version: 2.1.615.5858



--- ActiveX list ---
{166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/sh ... tor/sw.cab
description: Macromedia ShockWave Flash Player 7
classification: Legitimate
known filename: SWDIR.DLL
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 21/01/2007 13:03:24
Date (last access): 04/10/2008 22:27:36
Date (last write): 07/08/2007 18:20:44
Filesize: 182248
Attributes: archive
MD5: 6C90714399BD3F1E7C0503A38EADBAC7
CRC32: D1E8C81D
Version: 10.2.0.23

{233C1507-6A77-46A4-9443-F871F945D258} (Shockwave ActiveX Control)
DPF name:
CLSID name: Shockwave ActiveX Control
Installer: C:\WINDOWS\Downloaded Program Files\setup.inf
Codebase: http://fpdownload.macromedia.com/get/sh ... tor/sw.cab
description:
classification: Legitimate
known filename: SwDir.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\system32\Macromed\Director\
Long name: SwDir.dll
Short name:
Date (created): 21/01/2007 13:03:24
Date (last access): 04/10/2008 22:27:36
Date (last write): 07/08/2007 18:20:44
Filesize: 182248
Attributes: archive
MD5: 6C90714399BD3F1E7C0503A38EADBAC7
CRC32: D1E8C81D
Version: 10.2.0.23

{867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control)
DPF name:
CLSID name: HardwareDetection Control
Installer: C:\WINDOWS\Downloaded Program Files\hardwaredetection.inf
Codebase: http://www.touslesdrivers.com/fichiers/ ... b?version=
description:
classification: Legitimate
known filename: HARDWA~1.OCX
info link:
info source: Safer Networking Ltd.
Path: C:\PROGRA~1\HARDWA~1\IE\
Long name: HardwareDetection.ocx
Short name: HARDWA~1.OCX
Date (created): 17/01/2007 13:32:00
Date (last access): 04/10/2008 22:27:36
Date (last write): 17/01/2007 13:32:00
Filesize: 390976
Attributes: archive
MD5: 496913CBB162A11C7B78E661DE5D783F
CRC32: 544C133E
Version: 2.0.3.13

{88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class)
DPF name:
CLSID name: AdVerifierADPCtrl Class
Installer: C:\WINDOWS\Downloaded Program Files\AdSignerADP.inf
Codebase: https://static.impots.gouv.fr/tdir/stat ... DP-1.0.cab
Path: C:\WINDOWS\Downloaded Program Files\
Long name: AdVerifierADP.dll
Short name: ADVERI~1.DLL
Date (created): 27/03/2007 16:19:32
Date (last access): 04/10/2008 22:27:36
Date (last write): 27/03/2007 16:19:32
Filesize: 273744
Attributes: archive
MD5: 103120BAFA04CFE18F66D40D5EE20EA0
CRC32: 1CFBAEBF
Version: 1.3.5.0

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 22/02/2008 02:33:32
Date (last access): 04/10/2008 22:27:36
Date (last write): 22/02/2008 04:25:20
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13

{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
DPF name:
CLSID name:
Installer: C:\WINDOWS\Downloaded Program Files\erma.inf
Codebase: http://fpdownload.macromedia.com/get/fl ... rashim.cab
description:
classification: Open for discussion
known filename:
info link:
info source: Safer Networking Ltd.

{B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer)
DPF name:
CLSID name: MSN Games - Installer
Installer:
Codebase: http://messenger.zone.msn.com/binary/ZI ... b56649.cab
description:
classification: Legitimate
known filename: ZIntro.ocx
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: ZIntro.ocx
Short name:
Date (created): 19/02/2007 11:26:28
Date (last access): 04/10/2008 22:27:36
Date (last write): 19/02/2007 11:26:28
Filesize: 159128
Attributes: archive
MD5: E681AC948003CCA59C6C00D3F5EC3D4B
CRC32: C8723760
Version: 9.5.6649.1

{C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class)
DPF name:
CLSID name: MessengerStatsClient Class
Installer:
Codebase: http://messenger.zone.msn.com/binary/Me ... b56907.cab
description:
classification: Legitimate
known filename: MessengerStatsPAClient.dll
info link:
info source: Safer Networking Ltd.
Path: C:\WINDOWS\Downloaded Program Files\
Long name: MessengerStatsPAClient.dll
Short name: MESSEN~1.DLL
Date (created): 22/02/2007 23:41:12
Date (last access): 04/10/2008 22:27:38
Date (last write): 22/02/2007 23:41:12
Filesize: 304544
Attributes: archive
MD5: 8945CCA5FC4F25168E8B6F401EFAF51F
CRC32: 0F12FD23
Version: 9.5.6907.1

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_03
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Path: C:\Program Files\Java\jre1.6.0_03\bin\
Long name: npjpi160_03.dll
Short name: NPJPI1~1.DLL
Date (created): 25/09/2007 00:31:44
Date (last access): 04/10/2008 22:27:38
Date (last write): 25/09/2007 02:11:34
Filesize: 132496
Attributes: archive
MD5: D6A4682A6FF41832A3F1A7AB9AE08199
CRC32: 9080B537
Version: 6.0.30.5

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 22/02/2008 02:33:32
Date (last access): 04/10/2008 22:27:36
Date (last write): 22/02/2008 04:25:20
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_05
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre1.6.0_05\bin\
Long name: npjpi160_05.dll
Short name: NPJPI1~1.DLL
Date (created): 22/02/2008 02:33:32
Date (last access): 04/10/2008 22:27:36
Date (last write): 22/02/2008 04:25:20
Filesize: 132496
Attributes: archive
MD5: 4FDFB86D78994BD71CBB779A7809E9CD
CRC32: 5A0EB880
Version: 6.0.50.13

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
DPF name:
CLSID name: Shockwave Flash Object
Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
Codebase: http://download.macromedia.com/pub/shoc ... wflash.cab
description: Macromedia Shockwave Flash Player
classification: Legitimate
known filename:
info link:
info source: Patrick M. Kolla
Path: C:\WINDOWS\system32\Macromed\Flash\
Long name: Flash9f.ocx
Short name:
Date (created): 25/03/2008 04:32:42
Date (last access): 04/10/2008 21:31:24
Date (last write): 25/03/2008 04:32:42
Filesize: 2991488
Attributes: readonly archive
MD5: 48FDF435B8595604E54125B321924510
CRC32: 12335E29
Version: 9.0.124.0



--- Process list ---
PID: 0 ( 0) [System]
PID: 188 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 236 ( 188) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 260 ( 188) \??\C:\WINDOWS\system32\winlogon.exe
size: 512000
PID: 304 ( 260) C:\WINDOWS\system32\services.exe
size: 109056
MD5: 54CB50058851D95E56EC70D09F70857F
PID: 316 ( 260) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 91E6024D6D4DCDECDB36C43ECF9BBECB
PID: 468 ( 304) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: E4BDF223CD75478BF44567B4D5C2634D
PID: 528 ( 304) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: E4BDF223CD75478BF44567B4D5C2634D
PID: 584 ( 304) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: E4BDF223CD75478BF44567B4D5C2634D
PID: 840 ( 812) C:\WINDOWS\Explorer.EXE
size: 1037824
MD5: F2317622D29F9FF0F88AEECD5F60F0DD
PID: 1580 (1560) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 59DC5BB82E4C8E0B3EADCFDBC44BA6E4
PID: 1876 ( 840) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891984
MD5: 9C8F0F34F66BB845B42F70E92A972B5F
PID: 1916 (1876) C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe
size: 1429840
MD5: 92E147F70C7982928559DF6E14212DEF
PID: 800 (1876) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1833296
MD5: 63B3FF83B87AFCEBA89CED54695DA0F6
PID: 4 ( 0) System
PID: 1096 ( 468) C:\WINDOWS\System32\wbem\wmiprvse.exe
size: 218112
MD5: 7E7B3EAFE66ED06E558F56A60F6F7DDA


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 04/10/2008 22:30:39

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.google.com
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Bar
http://www.google.com/ie
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://google.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
http://home.microsoft.com/access/autosearch.asp?p=%s
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896


--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 4: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\rsvpsp.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 5: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6270BD08-F548-4C7A-85B8-FBCD1F349BD6}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 6: MSAFD NetBIOS [\Device\NetBT_Tcpip_{6270BD08-F548-4C7A-85B8-FBCD1F349BD6}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 7: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E90FC2D5-142D-44FC-A655-0A75A9AADBD9}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 8: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E90FC2D5-142D-44FC-A655-0A75A9AADBD9}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 9: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B9D09A22-771D-4773-84F0-EA6AF3250A6C}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B9D09A22-771D-4773-84F0-EA6AF3250A6C}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{58C3C597-D741-4F3B-8147-604F5C622ED4}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{58C3C597-D741-4F3B-8147-604F5C622ED4}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5DCCBB0F-42CC-4A25-ADE1-DCCF442C8A59}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5DCCBB0F-42CC-4A25-ADE1-DCCF442C8A59}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3CEFBB77-08A4-410E-88DD-87E08E520567}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{3CEFBB77-08A4-410E-88DD-87E08E520567}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: TCP/IP
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 1: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

Namespace Provider 2: Espace de noms NLA (Network Location Awareness)
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename: %SystemRoot%\System32\mswsock.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

le rapport hijackthis figure sur mon post suivant (surcharge)
clo5984

Re: connection wifi avec ralink wireless

par clo5984 »

2) rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:08:42, on 04/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
c:\temp\Rar$EX04.109\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.notaires.fr:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = intra.notaires.fr;ccs.notaires.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSN Services] C:\RECYCLER\msnservice.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/ ... b?version=
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/stat ... DP-1.0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E90FC2D5-142D-44FC-A655-0A75A9AADBD9}: NameServer = 192.168.0.1
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7156 bytes
SkyTech

Re: connection wifi avec ralink wireless

par SkyTech »

Salut,

Vide ta corbeille.

Pour DAEMON Tools, c'est à virer, voir : http://forum.malekal.com/viewtopic.php?f=33&t=775

Tu as plusieurs toolbars, en as-tu besoin ? voir : http://forum.malekal.com/les-toolbars-e ... t6173.html
Si tu ne t'en sert pas désinstalle les via ajout\suppression de programmes.
(Si tu n'arrive pas à les virer parce que tu est en mode sans échec, ce n'est pas grave on verra après.)

O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

Désinstalle l'Outil de mise à jour Google.

Relance Hijackthis, coche ces lignes et clique sur Fixchecked.
clo5984 a écrit :2)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zzzHPSETUP] D:\Setup.exe \RESET
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
Puis redémarre ton PC et reposte un log Hijackthis.
clo5984

Re: connection wifi avec ralink wireless

par clo5984 »

bonsoir
j'ai donc appliqué toutes les indications précédentes sans avoir à passer par le mode sans échec et voici le dernier rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:58:06, on 06/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\temp\Répertoire temporaire 3 pour HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.notaires.fr:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = intra.notaires.fr;ccs.notaires.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSN Services] C:\RECYCLER\msnservice.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-21-1757981266-583907252-682003330-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'clo')
O4 - HKUS\S-1-5-21-1757981266-583907252-682003330-1008\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'clo')
O4 - HKUS\S-1-5-21-1757981266-583907252-682003330-1008\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'clo')
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/ ... b?version=
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/stat ... DP-1.0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E90FC2D5-142D-44FC-A655-0A75A9AADBD9}: NameServer = 192.168.0.1
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6197 bytes

en espérant ne pas avoir raté une étape...
SkyTech

Re: connection wifi avec ralink wireless

par SkyTech »

Salut,

Ca marche mieux ?

Supprime (si tu n'as plus de programmes Google) C:\Program Files\Google

Relance Hijakcthis et fix cette ligne.

O4 - HKUS\S-1-5-21-1757981266-583907252-682003330-1008\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'clo')

Puis reposte un log Hijackthis.

Je vient de voir que tu avait une infection également.

Si ton problème est résolu.
Poste un log Hijackthis dans la partie virus.
voir : http://forum.malekal.com/viewforum.php?f=3

EDIT : Si ton problème est résolu, rajoute Résolu dans la titre de ton premier message, pour cela va sur ton premier message, clique sur le bouton éditer et rajoute au titre [Résolu].
clo5984

Re: connection wifi avec ralink wireless

par clo5984 »

oui ça va bcp mieux
mais je me sers exclusivement de google, je fais quoi alors par rapport à ça :

"Supprime (si tu n'as plus de programmes Google) C:\Program Files\Google
Relance Hijakcthis et fix cette ligne.
O4 - HKUS\S-1-5-21-1757981266-583907252-682003330-1008\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'clo')"

faut-il quand même que j'agisse ?
SkyTech

Re: connection wifi avec ralink wireless

par SkyTech »

Re,
clo5984 a écrit :mais je me sers exclusivement de google, je fais quoi alors par rapport à ça :

"Supprime (si tu n'as plus de programmes Google) C:\Program Files\Google
Relance Hijakcthis et fix cette ligne.
O4 - HKUS\S-1-5-21-1757981266-583907252-682003330-1008\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'clo')"
Si tu n'as plus de programmes Google sur ton PC fait le.

(Si tu utilises le moteur de recherche Google ça n'as pas d'effet dessus.)
Dernière modification par SkyTech le 07 oct. 2008 23:24, modifié 1 fois.
clo5984

Re: connection wifi avec ralink wireless

par clo5984 »

voila, ligne 4 virée et dernier rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:03:48, on 07/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\WinRAR\WinRAR.exe
c:\temp\Rar$EX00.657\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.notaires.fr:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = intra.notaires.fr;ccs.notaires.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSN Services] C:\RECYCLER\msnservice.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-21-1757981266-583907252-682003330-1008\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'clo')
O4 - HKUS\S-1-5-21-1757981266-583907252-682003330-1008\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'clo')
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/ ... b?version=
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/stat ... DP-1.0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E90FC2D5-142D-44FC-A655-0A75A9AADBD9}: NameServer = 192.168.0.1
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6118 bytes

je ne comprends pas trop comment j'ai pu avoir encore une infection en scannant régulièrement aussi bien avec Avira que Spybot : dois-je m'y prendre autrement à l'avenir ?
SkyTech

Re: connection wifi avec ralink wireless

par SkyTech »

Re,
clo5984 a écrit :je ne comprends pas trop comment j'ai pu avoir encore une infection en scannant régulièrement aussi bien avec Avira que Spybot : dois-je m'y prendre autrement à l'avenir ?
Un antivirus\spyware a des limites, c'est pas la solution miracle.

Problème résolu ? PDT_001

Si oui :

Poste un log Hijackthis dans la partie virus.
voir : http://forum.malekal.com/viewforum.php?f=3

Rajoute Résolu dans la titre de ton premier message, pour cela va sur ton premier message, clique sur le bouton éditer et rajoute au titre [Résolu].
clo5984

Re: connection wifi avec ralink wireless RESOLU

par clo5984 »

il me faut créer un nouveau sujet ?
  • Sujets similaires
    Réponses
    Vues
    Dernier message

Revenir à « Réseau, internet et navigateurs internet »