Bon je pensais ne jamais avoir a faire a ce genre de virus car je me méfis de ce type de virus.
Mais la c'est en fait ma mère qui a reçu le zip et qui me la donné par MSN pour que je l ouvre etc car elle arrivait pas, elle me disait que c'était un de ses potes qui lui avait passé donc ça ne me choquai pas.
Et en clinquant sur le virus je me suis dit a la même seconde : "t1 il est con son pote pk c'est ça l extension c'est bizarre puis 1 sec après -> oula je sens le virus en fait"
Et hop trop tard ^^
Bref voila pour l'anecdote, les virus deviennent trop intelligent now , ils se servent de nos parent pour nous faire baisser notre garde oO
Si quelqu'un pouvait m'aider ça serait cool , car en lisant les divers post ça me parait un peu le bordel pour résoudre ce problème.
PS: Pour mieux naviguer dans ce grand post, cliquez sur l'icone a coté de code pour
reduire la partie des rapports.
[ Ce message a été modifié par : : zadams le 26-04-2007 19:51 ]
Ajout du 26-04-2007 à 20:00:
Je viens de faire une analyse hijackthis car j'ai cru voir dans le forum que c'était utile et ça me donne ça:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Code: 
- Scan saved at 19:58:04, on 26/04/2007
- Platform: Windows XP SP2 (WinNT 5.01.2600)
- Boot mode: Normal
-
- Running processes:
- C:\WINDOWS\System32\smss.exe
- C:\WINDOWS\system32\winlogon.exe
- C:\WINDOWS\system32\services.exe
- C:\WINDOWS\system32\lsass.exe
- C:\WINDOWS\system32\Ati2evxx.exe
- C:\WINDOWS\system32\svchost.exe
- C:\WINDOWS\System32\svchost.exe
- C:\WINDOWS\system32\spoolsv.exe
- C:\Server local\bin\stable\apache\apache.exe
- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
- C:\Program Files\Alwil Software\Avast4\ashServ.exe
- C:\WINDOWS\system32\CTSvcCDA.EXE
- C:\Server local\bin\stable\filezilla\Filezilla Server.exe
- C:\WINDOWS\System32\FTRTSVC.exe
- C:\Server local\bin\stable\hmailserver\bin\hMailServer.exe
- C:\WINDOWS\system32\inetsrv\inetinfo.exe
- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
- C:\Server local\bin\stable\mysql\bin\mysqld.exe
- C:\Server local\bin\stable\apache\apache.exe
- C:\WINDOWS\System32\svchost.exe
- C:\Program Files\HHVcdV6Sys\VC6SecS.exe
- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
- C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
- C:\WINDOWS\system32\vmnat.exe
- C:\WINDOWS\system32\MsPMSPSv.exe
- C:\WINDOWS\system32\vmnetdhcp.exe
- C:\WINDOWS\system32\Ati2evxx.exe
- C:\Program Files\Winamp\winampa.exe
- C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
- C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
- C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
- C:\Server local\NetServer.exe
- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
- C:\WINDOWS\SOUNDMAN.EXE
- C:\Program Files\ULI5289\ALi5289.exe
- C:\Program Files\DAEMON Tools\daemon.exe
- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
- C:\WINDOWS\system32\ctfmon.exe
- C:\Program Files\Google\GoogleToolbarNotifier.2.1128.5462\GoogleToolbarNotifier.exe
- C:\WINDOWS\System32\svchost.exe
- C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
- C:\PROGRA~1\Wanadoo\ComComp.exe
- C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
- C:\PROGRA~1\Wanadoo\Toaster.exe
- C:\PROGRA~1\Wanadoo\Inactivity.exe
- C:\PROGRA~1\Wanadoo\PollingModule.exe
- C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
- C:\PROGRA~1\Wanadoo\Watch.exe
- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
- C:\WINDOWS\system32\wuauclt.exe
- C:\Program Files\MSN Messenger\usnsvc.exe
- C:\Program Files\Mozilla Firefox\firefox.exe
- C:\WINDOWS\explorer.exe
- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
- C:\Program Files\MSN Messenger\msnmsgr.exe
- C:\Documents and Settings\Damien\Bureau\test.exe
-
- R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gunz.ijji.com/
- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
- R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
- R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
- O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
- O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
- O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
- O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
- O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar.02.5000.1021\fr\msntb.dll
- O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar.02.5000.1021\fr\msntb.dll
- O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
- O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
- O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
- O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
- O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
- O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
- O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
- O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
- O4 - HKLM\..\Run: [NetServer] C:\Server local\NetServer.exe
- O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
- O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
- O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
- O4 - HKLM\..\Run: [Explorer] C:\WINDOWS\system32\expIorer.exe
- O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
- O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
- O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
- O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
- O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
- O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
- O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
- O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
- O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
- O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
- O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
- O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier.2.1128.5462\GoogleToolbarNotifier.exe
- O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
- O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
- O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
- O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
- O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
- O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
- O4 - Global Startup: SATARaid.lnk = ?
- O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
- O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
- O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
- O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
- O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
- O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
- O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
- O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
- O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
- O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096068124359
- O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146392038921
- O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
- O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
- O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
- O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
- O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
- O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
- O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
- O21 - SSODL: rdihost - {A9009610-E2A1-489F-8073-A679A1EE14CF} - rdihost.dll (file missing)
- O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
- O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
- O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
- O23 - Service: Apache - Apache Software Foundation - C:\Server local\bin\stable\apache\apache.exe
- O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
- O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
- O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
- O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
- O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
- O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
- O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
- O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
- O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
- O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Server local\bin\stable\filezilla\Filezilla Server.exe
- O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
- O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
- O23 - Service: hMailServer - hMailServer - C:\Server local\bin\stable\hmailserver\bin\hMailServer.exe
- O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\Intel 32\IDriverT.exe
- O23 - Service: Administration IIS (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe
- O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
- O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
- O23 - Service: MySQL - Unknown owner - C:\Server local\bin\stable\mysql\bin\mysqld.exe
- O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
- O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
- O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
- O23 - Service: Simple Mail Transfer Protocol (SMTP) (SMTPSVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe
- O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
- O23 - Service: Virtual CD v6 Management Service (VC6SecS) - H+H Software GmbH - C:\Program Files\HHVcdV6Sys\VC6SecS.exe
- O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
- O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
- O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
- O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
- O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
- O23 - Service: Publication World Wide Web (W3SVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe
- O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
-
- --
- End of file - 13296 bytes
[ Ce message a été modifié par : : zadams le 26-04-2007 20:06 ]
Ajout du 26-04-2007 à 20:10:
Puis donc j'ai fait ca
MSN_Fix 1.20
Code: - C:\Documents and Settings\Damien\Bureau\MSNFix\MSNFix
- Fix exécuté le 26/04/2007 - 20:08:02,59 By Damien
- mode normal
-
- ************************ Recherche les fichiers présents
-
- ... C:\WINDOWS\photo album.zip
- ... C:\WINDOWS\*album*.zip
- ... C:\WINDOWS\system32\rdihost.dll
-
- ************************ Recherche les dossiers présents
-
- Aucun dossier trouvé
-
-
-
-
-
- ************************ Suppression des fichiers
-
- .. OK ... C:\WINDOWS\photo album.zip
- .. OK ... C:\WINDOWS\*album*.zip
- .. OK ... C:\WINDOWS\system32\rdihost.dll
-
-
-
- ************************ Nettoyage du registre
- .......... OK
-
-
- ************************ suppression des fichiers temporaires
-
- .......... OK
-
- ************************ Nettoyage du dossier C:\WINDOWS\Prefetch\
-
- .......... OK
-
-
-
- Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 26042007_20084168.zip
-
-
- ----
- Auteur : !aur3n7 Contact: http://lyonnais92.aceboard.fr
- ----
-
- ----------- END -----------
Sauvegardez ce rapport puis faites un copier/coller de ce rapport sur le forum, ainsi qu'un nouveau scan HijackThis fait en mode normal..
Ajout du 26-04-2007 à 20:11:
Donc j'ai refait hijackthis ^^
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Code: - Scan saved at 20:10:25, on 26/04/2007
- Platform: Windows XP SP2 (WinNT 5.01.2600)
- Boot mode: Normal
-
- Running processes:
- C:\WINDOWS\System32\smss.exe
- C:\WINDOWS\system32\winlogon.exe
- C:\WINDOWS\system32\services.exe
- C:\WINDOWS\system32\lsass.exe
- C:\WINDOWS\system32\Ati2evxx.exe
- C:\WINDOWS\system32\svchost.exe
- C:\WINDOWS\System32\svchost.exe
- C:\WINDOWS\system32\spoolsv.exe
- C:\Server local\bin\stable\apache\apache.exe
- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
- C:\Program Files\Alwil Software\Avast4\ashServ.exe
- C:\WINDOWS\system32\CTSvcCDA.EXE
- C:\Server local\bin\stable\filezilla\Filezilla Server.exe
- C:\WINDOWS\System32\FTRTSVC.exe
- C:\Server local\bin\stable\hmailserver\bin\hMailServer.exe
- C:\WINDOWS\system32\inetsrv\inetinfo.exe
- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
- C:\Server local\bin\stable\mysql\bin\mysqld.exe
- C:\Server local\bin\stable\apache\apache.exe
- C:\WINDOWS\System32\svchost.exe
- C:\Program Files\HHVcdV6Sys\VC6SecS.exe
- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
- C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
- C:\WINDOWS\system32\vmnat.exe
- C:\WINDOWS\system32\MsPMSPSv.exe
- C:\WINDOWS\system32\vmnetdhcp.exe
- C:\WINDOWS\system32\Ati2evxx.exe
- C:\Program Files\Winamp\winampa.exe
- C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
- C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
- C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
- C:\Server local\NetServer.exe
- C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
- C:\WINDOWS\SOUNDMAN.EXE
- C:\Program Files\ULI5289\ALi5289.exe
- C:\Program Files\DAEMON Tools\daemon.exe
- C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
- C:\WINDOWS\system32\ctfmon.exe
- C:\Program Files\Google\GoogleToolbarNotifier.2.1128.5462\GoogleToolbarNotifier.exe
- C:\WINDOWS\System32\svchost.exe
- C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
- C:\PROGRA~1\Wanadoo\ComComp.exe
- C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe
- C:\PROGRA~1\Wanadoo\Toaster.exe
- C:\PROGRA~1\Wanadoo\Inactivity.exe
- C:\PROGRA~1\Wanadoo\PollingModule.exe
- C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
- C:\PROGRA~1\Wanadoo\Watch.exe
- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
- C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
- C:\WINDOWS\system32\wuauclt.exe
- C:\Program Files\MSN Messenger\usnsvc.exe
- C:\Program Files\Mozilla Firefox\firefox.exe
- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
- C:\Documents and Settings\Damien\Bureau\test.exe
- C:\WINDOWS\explorer.exe
-
- R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gunz.ijji.com/
- R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
- R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
- R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
- O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
- O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
- O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
- O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar.02.5000.1021\fr\msntb.dll
- O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar.02.5000.1021\fr\msntb.dll
- O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
- O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
- O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
- O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
- O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
- O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
- O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
- O4 - HKLM\..\Run: [NetServer] C:\Server local\NetServer.exe
- O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
- O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
- O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
- O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
- O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
- O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
- O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
- O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
- O4 - HKLM\..\Run: [ALi5289] C:\Program Files\ULI5289\ALi5289.exe
- O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
- O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
- O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
- O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
- O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
- O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier.2.1128.5462\GoogleToolbarNotifier.exe
- O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
- O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
- O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
- O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
- O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
- O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
- O4 - Global Startup: SATARaid.lnk = ?
- O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
- O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
- O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
- O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
- O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe
- O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
- O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
- O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
- O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
- O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096068124359
- O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1146392038921
- O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
- O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
- O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
- O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
- O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
- O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
- O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
- O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
- O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
- O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
- O23 - Service: Apache - Apache Software Foundation - C:\Server local\bin\stable\apache\apache.exe
- O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
- O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
- O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
- O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
- O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
- O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
- O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
- O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
- O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
- O23 - Service: FileZilla Server FTP server (FileZilla Server) - Unknown owner - C:\Server local\bin\stable\filezilla\Filezilla Server.exe
- O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
- O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
- O23 - Service: hMailServer - hMailServer - C:\Server local\bin\stable\hmailserver\bin\hMailServer.exe
- O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\Intel 32\IDriverT.exe
- O23 - Service: Administration IIS (IISADMIN) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe
- O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
- O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
- O23 - Service: MySQL - Unknown owner - C:\Server local\bin\stable\mysql\bin\mysqld.exe
- O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
- O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
- O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
- O23 - Service: Simple Mail Transfer Protocol (SMTP) (SMTPSVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe
- O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
- O23 - Service: Virtual CD v6 Management Service (VC6SecS) - H+H Software GmbH - C:\Program Files\HHVcdV6Sys\VC6SecS.exe
- O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
- O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
- O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - C:\Program Files\Fichiers communs\VMware\VMware Virtual Image Editing\vmount2.exe
- O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
- O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
- O23 - Service: Publication World Wide Web (W3SVC) - Unknown owner - C:\WINDOWS\system32\inetsrv\inetinfo.exe
- O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
-
- --
- End of file - 12937 bytes
[ Ce message a été modifié par : : zadams le 26-04-2007 20:13 ]
