Bonjour à tous,
je ne sais pas si cette question à déjà été posée sur ce forum, mais j'ai un pb avec des fenêtres IE qui s'affichent en permanence alors que j'utilise FIREFOX !!!
La fenêtre qui revient le plus souvent est : www.adserve.5
Cela commence à devenir vraiment pénible
Quelqu'un a t-il eu le même pb et comment l'a t-il résolu
Merci de votre aide

Correction : il s'agit du site : www.adserver5.com

Bonjour, si cela s'ouvre dans des fenêtres IE, alors que tu n'utilises pas IE, malware...

Poste un log hijackthis 2.0.2 dans ta prochaine réponse stp.
Tuto : http://www.libellules.ch/poster_log_hijackthis.php

@ toute

Merci Falkra, voici le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:04:35, on 29/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\System32\GEARSec.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\OrangeHSS\Launcher\Launcher.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\OrangeHSS\systray\systrayapp.exe
C:\Program Files\OrangeHSS\Deskboard\deskboard.exe
C:\Program Files\OrangeHSS\connectivity\connectivitymanager.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\CoreCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\OrangeHSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA PREMIER\ECB-PREM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\dllhost.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Pierre\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_BAND_SEARCHBAR_HTML
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [ROAD ITCH AMOK PING] C:\Documents and Settings\All Users\Application Data\Long slow road itch\OKAY ATOM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [eCarteBleue-PREM] "C:\Program Files\e-Carte Bleue\LCL\e-Carte Bleue VISA PREMIER\ECB-PREM.exe" /dontopenmycards
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Audio eggs] C:\DOCUME~1\Pierre\APPLIC~1\TRAYFR~1\mail meet.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yodm3D] F:\Optimisation XP\Yodm3D.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RIMDeviceManager] "C:\Program Files\Fichiers communs\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe" -RunServer
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7705093781
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA356977-69BF-440C-8BCC-7A67F5C2FF20}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: BvrpKrnl - Unknown owner - C:\Program Files\WinFax eXPert\BVRPKrnl.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Protection Trend Micro contre les programmes espions (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: V2i Protector - PowerQuest Corporation - C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe

--
End of file - 11584 bytes

Est-ce que ceci t'est familier ?

O4 - HKCU\..\Run: [Audio eggs] C:\DOCUME~1\Pierre\APPLIC~1\TRAYFR~1\mail meet.exe

O4 - HKLM\..\Run: [ROAD ITCH AMOK PING] C:\Documents and Settings\All Users\Application Data\Long slow road itch\OKAY ATOM.exe

Il me faut un rapport diaghelp pour compléter ça :

Télécharge et lance DiagHelp sur ton bureau et décompresse-le comme indiqué ici :
http://www.malekal.com/DiagHelp/DiagHelp.php

Ne lance que l'option 1 et poste le rapport dans ta prochaine réponse.

il y a un fichier .gz qui a été généré et quand je le décompresse, je me retrouve avec deux fichiers !!
Serait-ce là le rapport que tu souhaite avoir ?

Non, le lien de téléchargement est là :
http://www.malekal.com/download/DiagHelp.zip

Ca doit t'envoyer un zip, à décompresser sur le bureau (clic droit).
Un nouveau dossier chercher va être créé : DiagHelp.
Ouvre le, ensuite double clique sur go.cmd (qui peut s'appeler "go" tout court selon les paramètres de ta machine), là le rapport sera fait, il faudra le copier coller dans ta prochaine réponse.

OK, c'est ce que j'avais fait mais je n'ai pas été jusqu'au bout de l'opération
voici le rapport :

DiagHelp version v1.3 - http://www.malekal.com
excute le 29/10/2007 à 17:44:07,98


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-179E78B7.pf -->29/10/2007 17:43:29
C:\WINDOWS\prefetch\WINRAR.EXE-3526096B.pf -->29/10/2007 17:43:11
C:\WINDOWS\prefetch\SEARCHFILTERHOST.EXE-36BAE580.pf -->29/10/2007 17:43:06
C:\WINDOWS\prefetch\VERCLSID.EXE-11B4EDAB.pf -->29/10/2007 17:42:56
C:\WINDOWS\prefetch\GZIP.EXE-1B917032.pf -->29/10/2007 17:42:14
C:\WINDOWS\prefetch\SORT.EXE-19C1CFD7.pf -->29/10/2007 17:42:08
C:\WINDOWS\prefetch\NTVDM.EXE-26311DB9.pf -->29/10/2007 17:42:08
C:\WINDOWS\prefetch\REG.EXE-13FAF215.pf -->29/10/2007 17:42:02
C:\WINDOWS\prefetch\KPROCCHECK.EXE-009DE31B.pf -->29/10/2007 17:42:02
C:\WINDOWS\prefetch\CATCHME.EXE-169B54D7.pf -->29/10/2007 17:42:02

C:\WINDOWS\System32\drivers\Pcouffin.sys -->25/07/2007 19:19:35
C:\WINDOWS\System32\drivers\tmxpflt.sys -->12/06/2007 18:00:54
C:\WINDOWS\System32\drivers\tmpreflt.sys -->12/06/2007 18:00:50
C:\WINDOWS\System32\drivers\VsapiNT.sys -->12/06/2007 17:52:00
C:\WINDOWS\System32\drivers\sptd.sys -->26/05/2007 22:33:22
C:\WINDOWS\System32\drivers\update.sys -->23/04/2007 11:32:54
C:\WINDOWS\System32\drivers\pxhelp20.sys -->23/03/2007 02:00:00

C:\WINDOWS\System32\Watermill.log -->29/10/2007 17:10:52
C:\WINDOWS\System32\PerfStringBackup.INI -->29/10/2007 16:01:27
C:\WINDOWS\System32\perfh00C.dat -->29/10/2007 16:01:27
C:\WINDOWS\System32\perfh009.dat -->29/10/2007 16:01:27
C:\WINDOWS\System32\perfc00C.dat -->29/10/2007 16:01:27
C:\WINDOWS\System32\perfc009.dat -->29/10/2007 16:01:27
C:\WINDOWS\System32\wpa.dbl -->29/10/2007 15:51:46
C:\WINDOWS\System32\FNTCACHE.DAT -->29/10/2007 12:57:27
C:\WINDOWS\System32\TZLog.log -->29/10/2007 11:36:28
C:\WINDOWS\System32\MRT.exe -->27/09/2007 22:19:40
C:\WINDOWS\System32\inetcomm.dll -->21/08/2007 07:17:23
C:\WINDOWS\System32\wininet.dll -->20/08/2007 10:59:31
C:\WINDOWS\System32\webcheck.dll -->20/08/2007 10:59:31
C:\WINDOWS\System32\urlmon.dll -->20/08/2007 10:59:31
C:\WINDOWS\System32\url.dll -->20/08/2007 10:59:31
C:\WINDOWS\System32\occache.dll -->20/08/2007 10:59:31
C:\WINDOWS\System32\mstime.dll -->20/08/2007 10:59:30
C:\WINDOWS\System32\msrating.dll -->20/08/2007 10:59:30
C:\WINDOWS\System32\mshtmled.dll -->20/08/2007 10:59:30
C:\WINDOWS\System32\mshtml.dll -->20/08/2007 10:59:30
C:\WINDOWS\System32\msfeedsbs.dll -->20/08/2007 10:59:30
C:\WINDOWS\System32\msfeeds.dll -->20/08/2007 10:59:30
C:\WINDOWS\System32\jsproxy.dll -->20/08/2007 10:59:30
C:\WINDOWS\System32\inetcpl.cpl -->20/08/2007 10:59:30
C:\WINDOWS\System32\iertutil.dll -->20/08/2007 10:59:30

C:\WINDOWS\WindowsUpdate.log -->29/10/2007 16:06:48
C:\WINDOWS\XPSEPSCLP.log -->29/10/2007 15:58:38
C:\WINDOWS\XpsEPSC.log -->29/10/2007 15:58:35
C:\WINDOWS\tsoc.log -->29/10/2007 15:58:15
C:\WINDOWS\tabletoc.log -->29/10/2007 15:58:15
C:\WINDOWS\ocmsn.log -->29/10/2007 15:58:15
C:\WINDOWS\ntdtcsetup.log -->29/10/2007 15:58:15
C:\WINDOWS\KB925720.log -->29/10/2007 15:58:15
C:\WINDOWS\imsins.log -->29/10/2007 15:58:15
C:\WINDOWS\iis6.log -->29/10/2007 15:58:15
C:\WINDOWS\comsetup.log -->29/10/2007 15:58:15
C:\WINDOWS\ocgen.log -->29/10/2007 15:58:14
C:\WINDOWS\netfxocm.log -->29/10/2007 15:58:14
C:\WINDOWS\msgsocm.log -->29/10/2007 15:58:14
C:\WINDOWS\MedCtrOC.log -->29/10/2007 15:58:14


MD5 des fichiers sensibles
tcpip.sys 1dbf125862891817f374f407626967f4
ndis.sys 558635d3af1c7546d26067d5d9b6959e
null.sys 73c1e1f395918bc2c6dd67af7591a3ad
svchost.exe 1bd6c2f707a275cb7c16fd99fe0f31ca


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - http://www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 1804
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x44080000 0xcf000 7.00.6000.16544 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16544 C:\WINDOWS\system32\iertutil.dll
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x014f0000 0x92000 6.00.6000.16431 C:\Program Files\Windows Desktop Search\deskbar.dll
0x10000000 0x5000 6.00.6000.16431 C:\Program Files\Windows Desktop Search\fr-fr\dbres.dll.mui
0x013c0000 0x16000 6.00.6000.16431 C:\Program Files\Windows Desktop Search\dbres.dll
0x01590000 0x92000 6.00.6000.16431 C:\Program Files\Windows Desktop Search\wordwheel.dll
0x621f0000 0x1f000 1.00.2536.0000 C:\WINDOWS\system32\MAPI32.dll
0x01640000 0xc000 6.00.6000.16431 C:\Program Files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui
0x01650000 0x94000 6.00.6000.16431 C:\Program Files\Windows Desktop Search\msnlExtRes.dll
0x44160000 0x124000 7.00.6000.16544 C:\WINDOWS\system32\urlmon.dll
0x44360000 0x5cb000 7.00.6000.16544 C:\WINDOWS\system32\ieframe.dll
0x442b0000 0x3c000 7.00.6000.16544 C:\WINDOWS\system32\webcheck.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x01f00000 0x10000 6.00.0156.0000 C:\Program Files\Microsoft Virtual PC\VPCShExH.DLL
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x10100000 0x17000 2.20.0733.0000 C:\Program Files\Logitech\SetPoint\lgscroll.dll
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x02720000 0x7000 1.00.0003.0724 C:\Program Files\OrangeHSS\Launcher\Inactivity.Dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x029d0000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x040c0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
0x61c20000 0x54000 8.00.0000.9118 C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll
0x5fc70000 0x18000 8.00.0000.9107 C:\Program Files\OpenOffice.org 2.2\program\uwinapi.dll
0x61740000 0x8e000 4.05.2003.0120 C:\Program Files\OpenOffice.org 2.2\program\stlport_vc7145.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\OpenOffice.org 2.2\program\MSVCP71.dll
0x033e0000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll
0x01b40000 0x4b000 6.00.6000.16431 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
0x01c10000 0x48000 15.00.0000.1419 C:\Program Files\Trend Micro\Internet Security 2007\Tmdshell.dll
0x019c0000 0x2c000 C:\Program Files\WinRAR\rarext.dll
0x00c60000 0x8000 2.00.0000.0002 C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll
0x00bd0000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
0x03660000 0xd5000 1.04.0000.0000 C:\PROGRA~1\SPYBOT~1\SDHelper.dll
0x6bd10000 0x10000 12.00.4518.1014 C:\Program Files\Microsoft Office\Office12\msohevi.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - http://www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 1464
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x01dd0000 0x3b000 1.07.0017.0000 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll


Le volume dans le lecteur C s'appelle Systeme
Le numéro de série du volume est FF47-80EB

Répertoire de C:\WINDOWS\system32

05/08/2004 13:00 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 50 712 104 960 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C s'appelle Systeme
Le numéro de série du volume est FF47-80EB

Répertoire de C:\WINDOWS\Downloaded Program Files

29/07/2007 10:21 <REP> .
29/07/2007 10:21 <REP> ..
05/02/2007 10:17 65 desktop.ini
30/06/2006 11:00 29 616 dwusplay.dll
30/06/2006 11:00 201 648 dwusplay.exe
11/09/2006 03:40 484 272 isusweb.dll
11/12/2006 16:44 367 LegitCheckControl.inf
26/05/2005 03:19 293 muweb.inf
09/11/2006 14:36 5 019 swflash.inf
7 fichier(s) 721 280 octets

Total des fichiers listés :
7 fichier(s) 721 280 octets
2 Rép(s) 50 712 104 960 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues
C:\Program Files\Advert présent! Possible infection : lop.com

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\WinFax eXPert\\WinFax.exe"="C:\\Program Files\\WinFax eXPert\\WinFax.exe:*:Enabled:Winfax"
"C:\\Program Files\\WinFax eXPert\\BvrpKrnl.exe"="C:\\Program Files\\WinFax eXPert\\BvrpKrnl.exe:*:Enabled:Bvrpkrnl"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe"="C:\\Program Files\\OrangeHSS\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

REGEDIT4

[taskmgr.exe]


exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
127.0.0.1 trial.updates.winsoftware.com ## added by CiD

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (http://www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
348 - PcScnSrv.exe
592 - wmiprvse.exe
664 - spoolsv.exe
824 - cisvc.exe
904 - nvsvc32.exe
916 - PcCtlCom.exe
948 - wuauclt.exe
1188 - OUTLOOK.EXE
1440 - csrss.exe
1464 - winlogon.exe
1508 - services.exe
1520 - lsass.exe
1528 - searchprotocolh
1588 - cmd.exe
1732 - svchost.exe
1804 - explorer.exe
1844 - svchost.exe
1964 - FTCOMModule.exe
1984 - svchost.exe
2076 - Launcher.exe
2116 - wcescomm.exe
2136 - GoogleToolbarNo
2144 - iexplore.exe
2168 - cidaemon.exe
2192 - ctfmon.exe
2232 - RIMDeviceManage
2300 - iexplore.exe
2384 - AlertModule.exe
2480 - OraConfigRecove
2532 - SetPoint.exe
2572 - searchfilterhos
2784 - TmPfw.exe
3004 - ECB-PREM.exe
3012 - SystrayApp.exe
3020 - Deskboard.exe
3028 - ConnectivityMan
3040 - CoreCom.exe
3396 - firefox.exe
3704 - searchindexer.e
3884 - alg.exe
5164 - dllhost.exe
5284 - msdtc.exe

Total number of processes = 43
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (http://www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806E2000 - \WINDOWS\system32\hal.dll
BADA8000 - \WINDOWS\system32\KDCOM.DLL
BACB8000 - \WINDOWS\system32\BOOTVID.dll
BA6BF000 - sptd.sys
BADAA000 - \WINDOWS\System32\Drivers\WMILIB.SYS
BA6A7000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
BA678000 - ACPI.sys
BA667000 - pci.sys
BA8A8000 - ohci1394.sys
BA8B8000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS
BA8C8000 - isapnp.sys
BAE70000 - pciide.sys
BAB28000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
BA8D8000 - MountMgr.sys
BA648000 - ftdisk.sys
BADAC000 - dmload.sys
BA622000 - dmio.sys
BAB30000 - PartMgr.sys
BA8E8000 - VolSnap.sys
BA60A000 - atapi.sys
BA8F8000 - jraid.sys
BA908000 - disk.sys
BA918000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
BA5EA000 - fltMgr.sys
BA5D8000 - sr.sys
BA5C4000 - PQV2i.sys
BA928000 - PxHelp20.sys
BA5AD000 - KSecDD.sys
BA520000 - Ntfs.sys
BA4F3000 - NDIS.sys
BA4D8000 - Mup.sys
BADAE000 - JGOGO.sys
BA958000 - \SystemRoot\system32\DRIVERS\intelppm.sys
B9EEC000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys
B9ED8000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
BA968000 - \SystemRoot\system32\DRIVERS\HECI.sys
BAB90000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
B9EB5000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
BAB98000 - \SystemRoot\system32\DRIVERS\usbehci.sys
B9E90000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys
B9E53000 - \SystemRoot\system32\DRIVERS\yk51x86.sys
BA978000 - \SystemRoot\system32\DRIVERS\imapi.sys
BAD90000 - \SystemRoot\system32\drivers\pfc.sys
BADB4000 - \SystemRoot\System32\Drivers\ElbyDelay.sys
BABB0000 - \SystemRoot\System32\Drivers\ElbyCDFL.sys
BA988000 - \SystemRoot\system32\DRIVERS\cdrom.sys
BA998000 - \SystemRoot\system32\DRIVERS\redbook.sys
B9E30000 - \SystemRoot\system32\DRIVERS\ks.sys
BAD9C000 - \SystemRoot\System32\Drivers\GearAspiWDM.SYS
B9DF1000 - \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
B9CFF000 - \SystemRoot\system32\DRIVERS\HSF_DPV.sys
B9C4C000 - \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
BABD8000 - \SystemRoot\System32\Drivers\Modem.SYS
BA9A8000 - \SystemRoot\system32\DRIVERS\nic1394.sys
B9C3B000 - \SystemRoot\system32\DRIVERS\serial.sys
BADA4000 - \SystemRoot\system32\DRIVERS\serenum.sys
B9BFF000 - \SystemRoot\system32\DRIVERS\parport.sys
BA9B8000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
BA9C8000 - \SystemRoot\system32\DRIVERS\L8042mou.Sys
BA9D8000 - \SystemRoot\system32\DRIVERS\LMouKE.Sys
BAC00000 - \SystemRoot\system32\DRIVERS\mouclass.sys
BA4B0000 - \SystemRoot\system32\DRIVERS\L8042Kbd.sys
BAC10000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
BA9E8000 - \SystemRoot\system32\DRIVERS\VMNetSrv.sys
BAE97000 - \SystemRoot\system32\DRIVERS\audstub.sys
BADBA000 - \SystemRoot\System32\Drivers\RootMdm.sys
BA9F8000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
BA4A4000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
B9B48000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
BAA08000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
BAA18000 - \SystemRoot\system32\DRIVERS\raspptp.sys
BAC38000 - \SystemRoot\system32\DRIVERS\TDI.SYS
B9B37000 - \SystemRoot\system32\DRIVERS\psched.sys
BAA28000 - \SystemRoot\system32\DRIVERS\msgpc.sys
BAC48000 - \SystemRoot\system32\DRIVERS\ptilink.sys
BAC58000 - \SystemRoot\system32\DRIVERS\raspti.sys
BAA38000 - \SystemRoot\System32\Drivers\Pcouffin.sys
BAC68000 - \SystemRoot\system32\DRIVERS\RimSerial.sys
B9B06000 - \SystemRoot\system32\DRIVERS\rdpdr.sys
BAA48000 - \SystemRoot\system32\DRIVERS\termdd.sys
BADC0000 - \SystemRoot\system32\DRIVERS\swenum.sys
B9AAD000 - \SystemRoot\system32\DRIVERS\update.sys
BA480000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
BA478000 - \SystemRoot\system32\drivers\TMBUS.sys
B98C6000 - \SystemRoot\system32\DRIVERS\TM_CFW.sys
BAA58000 - \SystemRoot\System32\Drivers\NDProxy.SYS
BAA68000 - \SystemRoot\system32\DRIVERS\usbhub.sys
BADC6000 - \SystemRoot\system32\DRIVERS\USBD.SYS
B6378000 - \SystemRoot\system32\drivers\RtkHDAud.sys
B6356000 - \SystemRoot\system32\drivers\portcls.sys
BAA78000 - \SystemRoot\system32\drivers\drmk.sys
BA484000 - \SystemRoot\system32\drivers\MODEMCSA.sys
BADCE000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
BAEFB000 - \SystemRoot\System32\Drivers\Null.SYS
BADD2000 - \SystemRoot\System32\Drivers\Beep.SYS
B9A89000 - \SystemRoot\system32\drivers\MTictwl.sys
BACB0000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
BAB40000 - \SystemRoot\System32\drivers\vga.sys
BADD8000 - \SystemRoot\System32\Drivers\mnmdd.SYS
BADDC000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
BABA0000 - \SystemRoot\System32\Drivers\Msfs.SYS
BABB8000 - \SystemRoot\System32\Drivers\Npfs.SYS
B6352000 - \SystemRoot\system32\DRIVERS\rasacd.sys
B61CC000 - \SystemRoot\system32\DRIVERS\ipsec.sys
B6174000 - \SystemRoot\system32\DRIVERS\tcpip.sys
B6153000 - \SystemRoot\system32\DRIVERS\ipnat.sys
B612B000 - \SystemRoot\system32\DRIVERS\netbt.sys
BAAA8000 - \SystemRoot\system32\DRIVERS\wanarp.sys
B60E1000 - \SystemRoot\System32\drivers\afd.sys
BAAB8000 - \SystemRoot\system32\DRIVERS\arp1394.sys
BAAC8000 - \SystemRoot\system32\DRIVERS\netbios.sys
B60A6000 - \??\C:\WINDOWS\system32\Drivers\vmm.sys
B6095000 - \SystemRoot\system32\DRIVERS\tmtdi.sys
B606A000 - \SystemRoot\system32\DRIVERS\rdbss.sys
BAAD8000 - \SystemRoot\System32\Drivers\PQIMount.SYS
B6242000 - \??\C:\WINDOWS\system32\drivers\pclepci.sys
B5FAB000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
BAAE8000 - \SystemRoot\System32\Drivers\Fips.SYS
BABF0000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS
BABF8000 - \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys
BAC18000 - \SystemRoot\system32\DRIVERS\usbccgp.sys
B611F000 - \SystemRoot\system32\DRIVERS\hidusb.sys
BAB08000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
B5F57000 - \SystemRoot\system32\DRIVERS\CamDrL21.sys
BAB18000 - \SystemRoot\system32\DRIVERS\STREAM.SYS
BAC30000 - \SystemRoot\system32\DRIVERS\USBCAMD.SYS
B9BEF000 - \SystemRoot\System32\Drivers\Cdfs.SYS
B9BDF000 - \SystemRoot\system32\drivers\usbaudio.sys
B5E9F000 - \SystemRoot\System32\Drivers\dump_atapi.sys
BADE8000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
B6336000 - \SystemRoot\System32\drivers\Dxapi.sys
BAC80000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
BAF63000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\nv4_disp.dll
BAA98000 - \SystemRoot\system32\drivers\Tmpreflt.sys
BFFA0000 - \SystemRoot\System32\ATMFD.DLL
B59FD000 - \SystemRoot\system32\drivers\VsapiNT.sys
B59BB000 - \SystemRoot\system32\drivers\TmXPFlt.sys
B59AB000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
B5736000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
BAE36000 - \SystemRoot\System32\Drivers\ParVdm.SYS
BAE3A000 - \??\C:\Program Files\Quintessential Player\cdrpdacc.sys
B596B000 - \SystemRoot\System32\Drivers\ElbyCDIO.sys
B583B000 - \SystemRoot\system32\DRIVERS\mdmxsdk.sys
B5694000 - \SystemRoot\system32\DRIVERS\srv.sys
B55B7000 - \SystemRoot\system32\drivers\wdmaud.sys
B57BB000 - \SystemRoot\system32\drivers\sysaudio.sys
B5257000 - \??\C:\WINDOWS\system32\drivers\tmcomm.sys
B519A000 - \SystemRoot\system32\DRIVERS\tm_mbd_c.sys
B5E3F000 - \??\C:\WINDOWS\system32\PCANDIS5.SYS
BAF2D000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys
B3229000 - \SystemRoot\system32\drivers\kmixer.sys

Total number of drivers = 155

Liste des programmes installes

3Planesoft Screensaver Manager 1.1
ACDSee Pro
Ad-Aware SE Personal
Adobe Acrobat 4.0
Adobe Flash Player 9 ActiveX
Adobe MPEG Encoder
Adobe Premiere 6.5
Adobe Reader 8.1.1 - Français
Advanced RealMedia Export Plug-in for Premiere 6.0
Ahead Nero Burning ROM
Analyseur et SDK MSXML 4.0 SP2
Ancient Castle 3D Screensaver 1.1
Archiveur WinRAR
Avanquest update
BlackBerry
BlackBerry Desktop Software 4.2.2
BlackBerry Desktop Software 4.2.2
BSPlayer
Canon i560
Canon ScanGear Toolbox 3.1
CarteSurTable Demo
CartoExploreur 3
CartoExploreur 3
CartoExploreur 3 3.02
Clock Tower 3D Screensaver 1.1
CloneCD
CloneDVD2
Combined Community Codec Pack 2006-12-15
ConvertXtoDVD 2.0.11
Copernic Agent Professional
Correctif pour Lecteur Windows Media 11 (KB939683)
Creabilis ScreenSaver
Discovery 3D Screensaver 1.1
e-Carte Bleue VISA PREMIER
e-COMO
eoClock 3.6
eoComputer 3.3
eoEngine 4.6
eoNet 2.4
eoPhoto 1.3
eoRss 2.3
eoSudoku 2.3
eoWeather 4.4
FSX France Décors Ultra Détaillés
Gigabyte Raid Configurer
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows XP (KB909394)
Hotfix for Windows XP (KB915865)
Img2Ozf Version 3
inook2007 Screen Saver
Intel(R) Active Client Manager 2.0 HECI Driver
ItsTV 3.0
J2SE Runtime Environment 5.0 Update 11
K-Lite Codec Pack 2.54 Full
Language pack for Ad-Aware SE
Lecteur Windows Media 11
Livebox
Logitech QuickCam
Logitech SetPoint
MagicTune3.6
Mechanical Clock 3D Screensaver 1.0
Media Player Classic fr
Messenger Plus! 3 & Sponsor
Messenger Plus! Live & Sponsor
MFCDLL Shared Library - Retail Version
Micro Application - Cartes de visite 2002
Micro Application - MediaDICO 12
Microsoft (R) C Runtime Library
Microsoft (R) C++ Runtime Library
Microsoft .NET Framework (French)
Microsoft .NET Framework (French) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Language Pack - FRA
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0 French Language Pack
Microsoft ActiveSync
Microsoft Flight Simulator X
Microsoft Flight Simulator X
Microsoft Flight Simulator X Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (French) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office InfoPath MUI (French) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Software Update for Web Folders (French) 12
Microsoft Virtual PC 2007
Microsoft Visual C++ 2005 Redistributable
Mise à jour de l'affichage des décors photo de Flight Simulator X de Microsoft
Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows XP (KB921503)
Mise à jour de sécurité pour Windows XP (KB923789)
Mise à jour de sécurité pour Windows XP (KB929123)
Mise à jour de sécurité pour Windows XP (KB933729)
Mise à jour de sécurité pour Windows XP (KB935839)
Mise à jour de sécurité pour Windows XP (KB935840)
Mise à jour de sécurité pour Windows XP (KB936021)
Mise à jour de sécurité pour Windows XP (KB938829)
Mise à jour de sécurité pour Windows XP (KB941202)
Mise à jour pour Windows XP (KB920342)
Mise à jour pour Windows XP (KB925720)
Mise à jour pour Windows XP (KB933360)
Mise à jour pour Windows XP (KB936357)
Mise à jour pour Windows XP (KB938828)
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
Mozilla Firefox (2.0.0.
MSXML 3.0
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
Multimedia Card Reader
Multimedia Card Reader
Natural Color
NoniGPSPlot
NVIDIA Drivers
OgcDrv 2.12
OmniPage Pro 9.0
OpenOffice.org 2.2
Orange - Logiciels Internet
OvisLink OF-56C,V.92 Conexant Internal Modem
OziExplorer 3.95
OziExplorerCE Settings Manager Version 1.00
Package de base Microsoft de service de chiffrement pour cartes à puce
PCI SoftV92 Modem
PhotoExploreur 3D 1.05
PoiEdit
PowerDVD
PowerQuest Drive Image 7.0
QuickTime
Quintessential Player
RealPlayer 7 Basic
Realtek High Definition Audio Driver
Roxio Media Manager
Ruby-185-21
Réseau France Bayo 0013-Q0
Réseau France BdAlti 2006-Q2
Réseau France BdNyme 2004-Q4
Réseau France NavTeq 2005-Q1
Réseau France POI 2005-Q1
Réseau France TopoNyme 2004-Q4
Scan Manager 5.2
Security Update for Excel 2007 (KB936509)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for Publisher 2007 (KB936646)
Security Update for the 2007 Microsoft Office System (KB936960)
Security Update pour Microsoft .NET Framework 2.0 (KB928365)
Skype™ 3.2
Skype™ for Pocket PC 2.1
Spb Backup
Spelling Dictionaries Support For Adobe Reader 8
Spybot - Search & Destroy 1.4
TC Native Essentials 2.02
TerraExplorer
The Lost Watch 3D Screensaver 1.0
Thrustmapper
Thrustmaster FFB Joystick driver
Trend Micro PC-cillin Internet Security 2007
Trend Micro PC-cillin Internet Security 2007
Tropical Fish 3D Screensaver 1.1
TuneUp Utilities 2007
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Outlook 2007 (KB937608)
Update for Outlook 2007 Junk Email Filter (kb942575)
Update for Word 2007 (KB934173)
Watermill 3D Screensaver 2.0
WebFldrs XP
Winamp (remove only)
Windows Communication Foundation
Windows Communication Foundation Language Pack - FRA
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Presentation Foundation Language Pack (FRA)
Windows Workflow Foundation
Windows Workflow Foundation FR Language Pack
WinFax eXPert
XML Paper Specification Shared Components Language Pack 1.0
XML Paper Specification Shared Components Pack 1.0
XnView 1.90.1



Le volume dans le lecteur C s'appelle Systeme
Le numéro de série du volume est FF47-80EB

Répertoire de C:\Program Files

29/10/2007 15:12 <REP> .
29/10/2007 15:12 <REP> ..
17/03/2007 09:20 <REP> 3D Relief Screensaver
16/05/2007 19:53 <REP> 3Planesoft Screensaver Manager
07/02/2007 00:13 <REP> ACD Systems
19/06/2007 21:23 <REP> Adobe
01/03/2007 22:07 <REP> Adverts
07/02/2007 00:45 <REP> Ahead
06/02/2007 19:13 <REP> Alcohol Soft
23/06/2007 11:36 <REP> Ancient Castle 3D Screensaver
06/02/2007 20:42 <REP> AvantGo Connect
18/07/2007 17:31 <REP> Bayo
06/02/2007 23:25 <REP> Caere
06/02/2007 23:26 <REP> Canon
22/08/2007 08:09 <REP> CarteSurTable
17/06/2007 15:45 <REP> Clock Tower 3D Screensaver
07/02/2007 01:35 <REP> ColiPoste
06/02/2007 23:20 <REP> Combined Community Codec Pack
06/02/2007 20:42 <REP> Common Files
05/02/2007 10:15 <REP> ComPlus Applications
07/05/2007 15:18 <REP> CONEXANT
08/07/2007 12:57 <REP> Copernic Agent
05/02/2007 10:46 <REP> CyberLink
17/02/2007 08:15 <REP> directx
17/06/2007 15:52 <REP> Discovery 3D Screensaver
28/02/2007 14:44 <REP> Dnote Software
26/05/2007 22:32 <REP> D-Tools
29/10/2007 15:11 <REP> e-Carte Bleue
11/02/2007 16:38 <REP> Elaborate Bytes
28/05/2007 10:25 <REP> eoRezo
10/02/2007 06:17 <REP> exit win
29/10/2007 11:26 <REP> Fichiers communs
05/02/2007 10:31 <REP> GIGABYTE
17/05/2007 07:51 <REP> Google
05/02/2007 10:28 <REP> Intel
29/10/2007 12:26 <REP> Internet Explorer
28/05/2007 10:25 <REP> Its Label
09/03/2007 06:46 <REP> Java
06/02/2007 23:17 <REP> K-Lite Codec Pack
04/03/2007 12:39 <REP> Lavasoft
02/07/2007 19:54 <REP> LiveUpdate
06/02/2007 21:00 <REP> Logitech
16/05/2007 19:53 <REP> Mechanical Clock 3D Screensaver
06/02/2007 23:18 <REP> Media Player Classic
06/02/2007 17:06 <REP> Messenger
10/02/2007 06:17 <REP> Messenger Plus! Live
07/02/2007 06:46 <REP> MessengerPlus! 3
07/02/2007 00:52 <REP> Micro Application
22/08/2007 07:46 <REP> Microsoft ActiveSync
05/02/2007 10:18 <REP> microsoft frontpage
10/02/2007 19:38 <REP> Microsoft Games
06/02/2007 18:32 <REP> Microsoft Office
26/05/2007 22:34 <REP> Microsoft Virtual PC
06/02/2007 18:32 <REP> Microsoft Visual Studio
06/02/2007 18:32 <REP> Microsoft Works
05/02/2007 10:16 <REP> Movie Maker
29/10/2007 15:34 <REP> Mozilla Firefox
29/10/2007 12:35 <REP> MSBuild
05/02/2007 10:14 <REP> MSN
05/02/2007 10:15 <REP> MSN Gaming Zone
10/02/2007 06:17 <REP> MSN Messenger
10/02/2007 20:14 <REP> MSXML 4.0
18/08/2007 13:32 <REP> MSXML 6.0
08/05/2007 07:51 <REP> Multimedia Card Reader
05/02/2007 10:16 <REP> NetMeeting
05/02/2007 10:15 <REP> Online Services
20/04/2007 05:17 <REP> OpenOffice.org 2.1
10/07/2007 18:04 <REP> OpenOffice.org 2.2
29/10/2007 11:30 <REP> OrangeHSS
12/06/2007 22:52 <REP> Outlook Express
06/02/2007 17:14 <REP> PowerQuest
17/02/2007 08:17 <REP> QuickTime
08/02/2007 20:52 <REP> Quintessential Player
06/02/2007 21:00 <REP> Real
05/02/2007 10:31 <REP> Realtek
29/10/2007 12:32 <REP> Reference Assemblies
29/07/2007 10:17 <REP> Research In Motion
29/07/2007 10:21 <REP> Roxio
06/02/2007 15:46 <REP> SAGEM
06/02/2007 15:29 <REP> SEC
29/10/2007 11:27 <REP> Securitoo
05/02/2007 10:17 <REP> Services en ligne
22/08/2007 04:34 <REP> Skyline
12/06/2007 22:49 <REP> Skype
11/02/2007 16:36 <REP> SlySoft
20/08/2007 06:24 <REP> Spybot - Search & Destroy
17/02/2007 08:15 <REP> TCWorks
05/05/2007 10:20 <REP> The Lost Watch 3D Screensaver
06/02/2007 23:49 <REP> Thrustmaster
29/10/2007 12:19 <REP> Tray Free
06/02/2007 16:04 <REP> Trend Micro
17/06/2007 13:24 <REP> Tropical Fish 3D Screensaver
05/05/2007 09:15 <REP> TuneUp Utilities 2007
25/07/2007 19:19 <REP> vso
06/02/2007 15:49 <REP> Wanadoo
16/05/2007 20:00 <REP> Watermill 3D Screensaver
06/02/2007 23:13 <REP> Webteh
07/02/2007 00:28 <REP> Winamp
07/05/2007 15:25 <REP> Windows Desktop Search
06/02/2007 21:01 <REP> Windows Media Components
07/02/2007 19:04 <REP> Windows Media Connect 2
07/05/2007 15:25 <REP> Windows Media Player
05/02/2007 10:14 <REP> Windows NT
02/07/2007 19:53 <REP> WinFax eXPert
06/02/2007 18:59 <REP> WinRAR
05/02/2007 10:18 <REP> xerox
08/03/2007 19:53 <REP> XnView
0 fichier(s) 0 octets
107 Rép(s) 50 710 237 184 octets libres
Le volume dans le lecteur C s'appelle Systeme
Le numéro de série du volume est FF47-80EB

Répertoire de C:\Program Files\fichiers communs

29/10/2007 11:26 <REP> .
29/10/2007 11:26 <REP> ..
07/02/2007 00:13 <REP> ACD Systems
19/06/2007 21:02 <REP> Adobe
07/02/2007 00:45 <REP> Ahead
18/07/2007 17:51 <REP> Bayo
06/02/2007 23:25 <REP> Caere
07/02/2007 00:32 <REP> Copernic
06/02/2007 18:32 <REP> DESIGNER
29/10/2007 11:26 <REP> France Telecom
06/02/2007 21:00 <REP> InstallShield
09/03/2007 06:45 <REP> Java
06/02/2007 21:00 <REP> Logitech
15/07/2007 18:34 <REP> Microsoft Shared
05/02/2007 10:16 <REP> MSSoap
05/02/2007 11:04 <REP> ODBC
06/02/2007 21:00 <REP> Real
29/07/2007 10:17 <REP> Research In Motion
29/07/2007 10:21 <REP> Roxio Shared
05/02/2007 10:16 <REP> Services
12/06/2007 22:49 <REP> Skype
29/07/2007 10:23 <REP> Sonic Shared
05/02/2007 11:04 <REP> SpeechEngines
12/06/2007 22:52 <REP> System
05/05/2007 09:15 <REP> Wise Installation Wizard
0 fichier(s) 0 octets
25 Rép(s) 50 710 233 088 octets libres
Le volume dans le lecteur C s'appelle Systeme
Le numéro de série du volume est FF47-80EB

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

06/02/2007 18:32 <REP> .
06/02/2007 18:32 <REP> ..
06/02/2007 18:29 <REP> 1036
26/10/2006 19:49 970 528 MSONSEXT.DLL
26/10/2006 20:12 40 256 MSOSV.DLL
03/06/1999 12:09 122 937 MSOWS409.DLL
07/03/2001 07:00 127 033 MSOWS40c.DLL
4 fichier(s) 1 260 754 octets
3 Rép(s) 50 710 233 088 octets libres
Le volume dans le lecteur C s'appelle Systeme
Le numéro de série du volume est FF47-80EB

Répertoire de C:\Program Files\common files

06/02/2007 20:42 <REP> .
06/02/2007 20:42 <REP> ..
06/02/2007 20:42 <REP> Microsoft Shared
0 fichier(s) 0 octets
3 Rép(s) 50 710 233 088 octets libres




c:\Documents and Settings\All Users\Application Data\Error Dumb Readme Face\pingbias.exe
c:\Documents and Settings\All Users\Application Data\Long slow road itch\OKAY ATOM.exe
c:\Documents and Settings\All Users\Application Data\mathsafemfcdmags\Axis Ante.exe
c:\Documents and Settings\All Users\Application Data\mathsafemfcdmags\Program nurb.exe
c:\Documents and Settings\All Users\Application Data\Trend Micro\OE\auhome\patch.exe
c:\Documents and Settings\Pierre\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe
c:\Documents and Settings\Pierre\Application Data\EoRezo\tmp.exe
c:\Documents and Settings\Pierre\Application Data\exit win\bnflmjsv.exe
c:\Documents and Settings\Pierre\Application Data\exit win\loudprogram.exe
c:\Documents and Settings\Pierre\Application Data\exit win\MealErrorAtom.exe
c:\Documents and Settings\Pierre\Application Data\exit win\Scr Open Support Global.exe
c:\Documents and Settings\Pierre\Application Data\exit win\vyaudcnk.exe
c:\Documents and Settings\Pierre\Application Data\Microsoft\Installer\{1AC91509-E17B-46F7-A032-B54DCCA6E8BB}\ARPPRODUCTICON.exe
c:\Documents and Settings\Pierre\Application Data\Tray Free\dtujaxpd.exe
c:\Documents and Settings\Pierre\Application Data\Tray Free\mail meet.exe
c:\Documents and Settings\Pierre\Application Data\Tray Free\quxfxten.exe
c:\Documents and Settings\Pierre\Application Data\Tray Free\refvcdumb.exe
c:\Documents and Settings\Pierre\Application Data\Tray Free\Way Web Each Exit.exe
c:\Documents and Settings\Pierre\Bureau\HiJackThis.exe
c:\Documents and Settings\Pierre\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\Pierre\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\Pierre\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\Pierre\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Pierre\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\Pierre\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\Pierre\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\Pierre\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\Pierre\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Pierre\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\Pierre\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Pierre\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\Pierre\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\Pierre\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\Pierre\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\Pierre\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\Pierre\Local Settings\Temp\qk8v68di.exe
c:\Documents and Settings\Pierre\Local Settings\Temp\staD.exe
c:\Documents and Settings\Pierre\Local Settings\Temp\x5hp9oel.exe
c:\Documents and Settings\Pierre\Local Settings\Temporary Internet Files\Content.IE5\37I5WFFS\bbie_21[1].exe
c:\Documents and Settings\Pierre\Mes documents\CarteSurTable\MapCorr\MapCorr.exe
c:\Documents and Settings\Pierre\Mes documents\CarteSurTable\MapSplit\MapSplit.exe
c:\Documents and Settings\Pierre\Mes documents\OpenOffice\instmsia.exe
c:\Documents and Settings\Pierre\Mes documents\OpenOffice\instmsiw.exe
c:\Documents and Settings\Pierre\Mes documents\OpenOffice\setup.exe
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Skyline\TEDetect.dll
c:\Documents and Settings\All Users\Application Data\Trend Micro\OE\tmaseng.dll
c:\Documents and Settings\All Users\Application Data\Trend Micro\OE\auhome\PATCHW32.DLL
c:\Documents and Settings\All Users\Application Data\Trend Micro\OE\auhome\TmUpdate.dll
c:\Documents and Settings\All Users\Application Data\Trend Micro\OE\oe_engine\01\tmaseng.dll
c:\Documents and Settings\Pierre\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll
c:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\qlq6nbca.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
c:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\qlq6nbca.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
c:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\qlq6nbca.default\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}\components\mintray-9178506d-2005072516-trunk.dll
c:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\qlq6nbca.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\components\FoxyTunes.dll
c:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\qlq6nbca.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_PERSO1.tar.gz a l'adresse http://upload.malekal.com

Poste le fichier C:\upload_moi_PERSO1.tar.gz a l'adresse http://upload.malekal.com stp, ça aidera à analyser plus vite les saletés.

Tu as une infection LOP (éliminable sans trop de soucis d'ordinaire).
C'est le "sponsor" de MSNPlus! qui est une saleté en fait, il faut décocher la case à l'installation.

On vérifie avant traitement (phase à faire pour pouvoir désinfecter).

Télécharge Lop S&D de Angeldark et Eric71 sur ton bureau.

• Décompresse l'archive obtenue en faisant un clic-droit et 'Extraire tout'.
• Double-clique sur le nouveau répertoire Lop S&D obtenu et double-clique sur Scan.bat
  (il est possible que l'extension .bat n'apparaisse pas suivant les options d'affichage définies).
• Tape R pour Rechercher et valide ton choix par la touche Entrée.
• Laisse l'outil travailler, il va générer un rapport, poste le à la suite.

c'est déjà fit pour malekal.com
le rapport suit

le voici :


------------------------------[ Lop S&D 1.5 ]----------------------------

Version : Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]

Lancé depuis : "C:\Documents and Settings\Pierre\Bureau\Lop S&D"

Rapport créé Le 29/10/2007 à 18:09:25,71 PC : PERSO1

! Faire analyser le rapport par un Helper avant intervention !

-------------[ Listing des Dossiers dans Application Data ]-------------

C:\Documents and settings\All Users\Application Data\Long slow road itch
C:\Documents and settings\All Users\Application Data\Error Dumb Readme Face
C:\Documents and settings\All Users\Application Data\Microsoft Help
C:\Documents and settings\All Users\Application Data\Skyline
C:\Documents and settings\All Users\Application Data\InstallShield
C:\Documents and settings\All Users\Application Data\Sonic
C:\Documents and settings\All Users\Application Data\Roxio
C:\Documents and settings\All Users\Application Data\BVRP Software
C:\Documents and settings\All Users\Application Data\Adobe
C:\Documents and settings\All Users\Application Data\Skype
C:\Documents and settings\All Users\Application Data\Avanquest Software
C:\Documents and settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and settings\All Users\Application Data\Microsoft
C:\Documents and settings\All Users\Application Data\QuickTime
C:\Documents and settings\All Users\Application Data\Pinnacle Studio
C:\Documents and settings\All Users\Application Data\Pinnacle
C:\Documents and settings\All Users\Application Data\TDK
C:\Documents and settings\All Users\Application Data\mathsafemfcdmags
C:\Documents and settings\All Users\Application Data\nView_Profiles
C:\Documents and settings\All Users\Application Data\ACD Systems
C:\Documents and settings\All Users\Application Data\NVIDIA
C:\Documents and settings\All Users\Application Data\TuneUp Software
C:\Documents and settings\All Users\Application Data\PowerQuest
C:\Documents and settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and settings\All Users\Application Data\Google
C:\Documents and settings\All Users\Application Data\Trend Micro
C:\Documents and settings\All Users\Application Data\desktop.ini
C:\Documents and settings\All Users\Application Data\CyberLink

C:\Documents and settings\Default User\Application Data\desktop.ini
C:\Documents and settings\Default User\Application Data\Microsoft

C:\Documents and settings\LocalService\Application Data\Roxio
C:\Documents and settings\LocalService\Application Data\Adobe
C:\Documents and settings\LocalService\Application Data\Microsoft

C:\Documents and settings\NetworkService\Application Data\Microsoft

C:\Documents and settings\Pierre\Application Data\EoRezo
C:\Documents and settings\Pierre\Application Data\Tray Free
C:\Documents and settings\Pierre\Application Data\Canon
C:\Documents and settings\Pierre\Application Data\Skype
C:\Documents and settings\Pierre\Application Data\Roxio
C:\Documents and settings\Pierre\Application Data\Blackberry Desktop
C:\Documents and settings\Pierre\Application Data\Research In Motion
C:\Documents and settings\Pierre\Application Data\Vso
C:\Documents and settings\Pierre\Application Data\CyberLink
C:\Documents and settings\Pierre\Application Data\VSO_HWE
C:\Documents and settings\Pierre\Application Data\SecuROM
C:\Documents and settings\Pierre\Application Data\$_hpcst$.hpc
C:\Documents and settings\Pierre\Application Data\OpenOffice.org2
C:\Documents and settings\Pierre\Application Data\Microsoft
C:\Documents and settings\Pierre\Application Data\InstallShield
C:\Documents and settings\Pierre\Application Data\Adobe
C:\Documents and settings\Pierre\Application Data\Leadertech
C:\Documents and settings\Pierre\Application Data\Uniblue
C:\Documents and settings\Pierre\Application Data\XnView
C:\Documents and settings\Pierre\Application Data\Windows Desktop Search
C:\Documents and settings\Pierre\Application Data\BSplayer Pro
C:\Documents and settings\Pierre\Application Data\ItsLabel
C:\Documents and settings\Pierre\Application Data\Sun
C:\Documents and settings\Pierre\Application Data\Lavasoft
C:\Documents and settings\Pierre\Application Data\Google
C:\Documents and settings\Pierre\Application Data\Mozilla
C:\Documents and settings\Pierre\Application Data\Help
C:\Documents and settings\Pierre\Application Data\Elaborate Bytes
C:\Documents and settings\Pierre\Application Data\exit win
C:\Documents and settings\Pierre\Application Data\Ahead
C:\Documents and settings\Pierre\Application Data\Copernic
C:\Documents and settings\Pierre\Application Data\ACD Systems
C:\Documents and settings\Pierre\Application Data\Media Player Classic
C:\Documents and settings\Pierre\Application Data\AdobeUM
C:\Documents and settings\Pierre\Application Data\Macromedia
C:\Documents and settings\Pierre\Application Data\TuneUp Software
C:\Documents and settings\Pierre\Application Data\IsolatedStorage
C:\Documents and settings\Pierre\Application Data\Logitech
C:\Documents and settings\Pierre\Application Data\desktop.ini
C:\Documents and settings\Pierre\Application Data\Identities

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

C:\WINDOWS\tasks\A84A6F939185E567.job
C:\WINDOWS\tasks\1 Copernic Intra-Daily ~PERSO1 Pierre.job
C:\WINDOWS\tasks\2 Copernic Daily ~PERSO1 Pierre.job
C:\WINDOWS\tasks\3 Copernic Weekly ~PERSO1 Pierre.job
C:\WINDOWS\tasks\4 Copernic Monthly ~PERSO1 Pierre.job
C:\WINDOWS\tasks\Maintenance en 1 clic.job
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans Program Files ]--------------

C:\Program Files\3D Relief Screensaver
C:\Program Files\3Planesoft Screensaver Manager
C:\Program Files\ACD Systems
C:\Program Files\Adobe
C:\Program Files\Adverts
C:\Program Files\Ahead
C:\Program Files\Alcohol Soft
C:\Program Files\Ancient Castle 3D Screensaver
C:\Program Files\AvantGo Connect
C:\Program Files\Bayo
C:\Program Files\Caere
C:\Program Files\Canon
C:\Program Files\CarteSurTable
C:\Program Files\Clock Tower 3D Screensaver
C:\Program Files\ColiPoste
C:\Program Files\Combined Community Codec Pack
C:\Program Files\Common Files
C:\Program Files\ComPlus Applications
C:\Program Files\CONEXANT
C:\Program Files\Copernic Agent
C:\Program Files\CyberLink
C:\Program Files\directx
C:\Program Files\Discovery 3D Screensaver
C:\Program Files\Dnote Software
C:\Program Files\D-Tools
C:\Program Files\e-Carte Bleue
C:\Program Files\Elaborate Bytes
C:\Program Files\eoRezo
C:\Program Files\exit win
C:\Program Files\Fichiers communs
C:\Program Files\GIGABYTE
C:\Program Files\Google
C:\Program Files\Intel
C:\Program Files\Internet Explorer
C:\Program Files\Its Label
C:\Program Files\Java
C:\Program Files\K-Lite Codec Pack
C:\Program Files\Lavasoft
C:\Program Files\LiveUpdate
C:\Program Files\Logitech
C:\Program Files\Mechanical Clock 3D Screensaver
C:\Program Files\Media Player Classic
C:\Program Files\Messenger
C:\Program Files\Messenger Plus! Live
C:\Program Files\MessengerPlus! 3
C:\Program Files\Micro Application
C:\Program Files\Microsoft ActiveSync
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Games
C:\Program Files\Microsoft Office
C:\Program Files\Microsoft Virtual PC
C:\Program Files\Microsoft Visual Studio
C:\Program Files\Microsoft Works
C:\Program Files\Movie Maker
C:\Program Files\Mozilla Firefox
C:\Program Files\MSBuild
C:\Program Files\MSN
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSN Messenger
C:\Program Files\MSXML 4.0
C:\Program Files\MSXML 6.0
C:\Program Files\Multimedia Card Reader
C:\Program Files\NetMeeting
C:\Program Files\Online Services
C:\Program Files\OpenOffice.org 2.1
C:\Program Files\OpenOffice.org 2.2
C:\Program Files\OrangeHSS
C:\Program Files\Outlook Express
C:\Program Files\PowerQuest
C:\Program Files\QuickTime
C:\Program Files\Quintessential Player
C:\Program Files\Real
C:\Program Files\Realtek
C:\Program Files\Reference Assemblies
C:\Program Files\Research In Motion
C:\Program Files\Roxio
C:\Program Files\SAGEM
C:\Program Files\SEC
C:\Program Files\Securitoo
C:\Program Files\Services en ligne
C:\Program Files\Skyline
C:\Program Files\Skype
C:\Program Files\SlySoft
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\TCWorks
C:\Program Files\The Lost Watch 3D Screensaver
C:\Program Files\Thrustmaster
C:\Program Files\Tray Free
C:\Program Files\Trend Micro
C:\Program Files\Tropical Fish 3D Screensaver
C:\Program Files\TuneUp Utilities 2007
C:\Program Files\vso
C:\Program Files\Wanadoo
C:\Program Files\Watermill 3D Screensaver
C:\Program Files\Webteh
C:\Program Files\Winamp
C:\Program Files\Windows Desktop Search
C:\Program Files\Windows Media Components
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinFax eXPert
C:\Program Files\WinRAR
C:\Program Files\xerox
C:\Program Files\XnView

------[ Listing des dossiers dans Program Files\Fichiers Communs ]------

C:\program files\fichiers communs\ACD Systems
C:\program files\fichiers communs\Adobe
C:\program files\fichiers communs\Ahead
C:\program files\fichiers communs\Bayo
C:\program files\fichiers communs\Caere
C:\program files\fichiers communs\Copernic
C:\program files\fichiers communs\DESIGNER
C:\program files\fichiers communs\France Telecom
C:\program files\fichiers communs\InstallShield
C:\program files\fichiers communs\Java
C:\program files\fichiers communs\Logitech
C:\program files\fichiers communs\Microsoft Shared
C:\program files\fichiers communs\MSSoap
C:\program files\fichiers communs\ODBC
C:\program files\fichiers communs\Real
C:\program files\fichiers communs\Research In Motion
C:\program files\fichiers communs\Roxio Shared
C:\program files\fichiers communs\Services
C:\program files\fichiers communs\Skype
C:\program files\fichiers communs\Sonic Shared
C:\program files\fichiers communs\SpeechEngines
C:\program files\fichiers communs\System
C:\program files\fichiers communs\Wise Installation Wizard

----------------------[ Recherche dans le Registre ]----------------------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"ROAD ITCH AMOK PING"="C:\\Documents and Settings\\All Users\\Application Data\\Long slow road itch\\OKAY ATOM.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"Audio eggs"="C:\\DOCUME~1\\Pierre\\APPLIC~1\\TRAYFR~1\\mail meet.exe"

-----------------[ Recherche de Fichiers - Dossiers Lop ]-----------------

C:\Documents and settings\All Users\Application Data\Long slow road itch
C:\Documents and settings\Pierre\Application Data\TRAYFR~1
C:\Program Files\TRAYFR~1
C:\Program Files\Adverts
C:\Documents and settings\Pierre\Cookies\pierre@advertstream[1].txt
C:\Documents and settings\Pierre\Cookies\pierre@d2.advertserve[1].txt
C:\Documents and settings\Pierre\Cookies\pierre@sharpadverts[1].txt
C:\WINDOWS\tasks\A84A6F939185E567.job

--------------------[ Vérification du fichier Hosts ]---------------------

Fichier Hosts : MODIFIE

127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 http://www.drivecleaner.com ## added by CiD
127.0.0.1 http://www.errorprotector.com ## added by CiD
127.0.0.1 http://www.errorsafe.com ## added by CiD
127.0.0.1 http://www.systemdoctor.com ## added by CiD
127.0.0.1 http://www.utils.winfixer.com ## added by CiD
127.0.0.1 http://www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 http://www.win-virus-pro.com ## added by CiD
127.0.0.1 http://www.winantispam.com ## added by CiD
127.0.0.1 http://www.winantispy.com ## added by CiD
127.0.0.1 http://www.winantispyware.com ## added by CiD
127.0.0.1 http://www.winantivirus.com ## added by CiD
127.0.0.1 http://www.winantiviruspro.com ## added by CiD
127.0.0.1 http://www.windrivecleaner.com ## added by CiD
127.0.0.1 http://www.windrivesafe.com ## added by CiD
127.0.0.1 http://www.winfixer.com ## added by CiD
127.0.0.1 http://www.winfixer2006.com ## added by CiD
127.0.0.1 http://www.winsoftware.com ## added by CiD

--------------[ Recherche de fichiers cachés avec Catchme ]---------------

catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-29 18:09:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:212843ba
"s2"=dword:099bdb79
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
scanning hidden files ...
scan completed successfully
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

F:\Autorun.inf


--------------------[ Fin du rapport à 18:13:27,92 ]----------------------

Merci pour l'upload chez Malekal.

Pour ton infection, bingo.
Relance Lop S&S avec cette fois l'option S au lieu de R, et poste... le nouveau rapport (surpris hein ?).

je n'ai plus rien sur le rapport ??
en revanche, la fenêtre rouge est restée bloquée et j'ai du me reconnecter pour relancer la machine
J'espère que c'est ce qu'il fallait faire ?

Arf, arf, normalement on a aussi un rapport pour ça, regarde dans le dossier de Lop S&D ou à la racine du disque C.

je pense qu'il s'agit de cela :

Supprimé - C:\Program Files\TRAYFR~1
Présent! - C:\Documents and settings\All Users\Application Data\Long slow road itch
Supprimé - C:\Documents and settings\Pierre\Application Data\TRAYFR~1
Supprimé - C:\Program Files\Adverts
Supprimé - C:\Documents and settings\Pierre\Cookies\pierre@advertstream[1].txt
Supprimé - C:\Documents and settings\Pierre\Cookies\pierre@d2.advertserve[1].txt
Supprimé - C:\Documents and settings\Pierre\Cookies\pierre@sharpadverts[1].txt
Supprimé - C:\WINDOWS\tasks\A84A6F939185E567.job
Restauré - Fichier Hosts
Supprimé - F:\autorun.inf

EN tous cas MERCI et j'espère que je n'aurai plus ce genre de désagréments à l'avenir

C'est exactement ça.

Plus de symptômes anormaux ?

Ca, c'était le "sponsor" de MSNPlus!, coché par défaut dans l'installateur, gaffe...

Un peu de lecture pour éviter que ça ne revienne :
Prévention : éviter bien des infections.

merci pour la lecture La prochaine fois, j'essayerai d'être plus vigilant !!
Pour l'instant, je n'ai pas d'intrusion. Espérons que cela va durer

Ok, on peut marquer [résolu]. A rouvrir en cas de pépin ultérieur.
Je transfèrerai dans la section sécurité du forum, qui traite ces désinfections.

Bon surf.

HORREUR !!!!
les fenêtres IE s'ouvrent encore !!

Poste un nouveau log hijackthis, qu'on voie les modifs.