|
| |||||||
| S'inscrire | Site Spy | Liste des membres | Faire un don | Recherche | Aujourd'hui, les postes | Marquer les forums comme lus | Forum Rules |
 |
 |
| | Thread Tools |
|
#1
25 mars 2008, 08:58
| |||
| |||
| TROJAN HORSE Bonjour, J'ai un problème avec un cheval de Troie. Message d'avertissement est 'C: \ windows \ system32 \ crypt32n.dll TROJAN HORSE BHO.CVX J'ai couru AVG et identifie le fichier tom déplace sur la voûte, mais re-boot, il est là de nouveau. J'ai essayé de supprimer le fichier dans les fenêtres qui ont échoué. J'ai essayé de changer dans les fenêtres (en vue de sa suppression) qui a échoué. J'ai essayé de revenir en arrière et re-configurer mon PC mais je ne peux pas aller au-delà le début du mois et j'ai eu depuis avant Noël. Mon PC semble être ok mais je suis toujours préoccupé par le fait que j'ai un virus! Existe-t-il quelque chose que je peux faire? Aide très appréciée observe Ian A |
|
#2
25e mars 2008, 10:47
| |||
| |||
TROJAN HORSE Bienvenue sur CJ.
__________________  |
|
#3
25e mars 2008, 14:33
| |||
| |||
| TROJAN HORSE Salut Evil Fantansy J'ai essayé au début du mois, voici le log. Espérons que cela signifie quelque chose pour vous Mes doigts sont croisés Ta Ian A StartupList rapport, 05.03.2008, 14:49:42 StartupList version: 1.52.2 Commencé à partir de: C: \ Documents and Settings \ Iana \ Desktop \ HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v7.00 (7.00.6000.16608) * Utiliser les options par défaut * Y compris les sections vides et sans intérêt * Affichage rarement important sections ==========================================\u0 Running processes: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ brsvc01a.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ WINDOWS \ system32 \ brss01a.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ Explorer.EXE C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe C: \ WINDOWS \ system32 \ tpsmain.exe C: \ Program Files \ Synaptics \ SynTP \ Toshiba.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ NDSTray.exe C: \ WINDOWS \ system32 \ TPSBattM.exe C: \ Program Files \ TOSHIBA \ TOSHIBA Zooming Utility \ SmoothView.exe C: \ Program Files \ TOSHIBA \ Touch and Launch \ PadExe.exe C: \ WINDOWS \ System32 \ DLA \ DLACTRLW.EXE C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSServ.exe C: \ Program Files \ Atheros \ ACU.exe C: \ Program Files \ Fichiers communs \ Real \ Update_OB \ realsched.exe C: \ Program Files \ QuickTime \ qttask.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ CFXFER.exe C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ opwarese2.exe C: \ Program Files \ TOSHIBA \ TOSCDSPD \ toscdspd.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Program Files \ Messenger \ msmsgs.exe C: \ Program Files \ FinePixViewer \ QuickDCF.exe C: \ Documents and Settings \ Iana \ Desktop \ HijackThis.exe -------------------------------------------------- Liste des dossiers de démarrage: Shell folders Startup: [C: \ Documents and Settings \ Iana \ Start Menu \ Programs \ Startup] * Pas de fichiers * Shell AltStartup dossiers: * * Dossier introuvable User Shell Folders Startup: * * Dossier introuvable User Shell Folders AltStartup: * * Dossier introuvable Shell folders Common Startup: [C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup] Exif Launcher.lnk = C: \ Program Files \ FinePixViewer \ QuickDCF.exe Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office \ OSA9.exe Shell folders Common AltStartup: * * Dossier introuvable User Shell Folders Common Startup: * * Dossier introuvable User Shell Folders Autre commune de démarrage: * * Dossier introuvable -------------------------------------------------- Vérification de Windows NT Userinit: [HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon] Userinit = C: \ WINDOWS \ system32 \ userinit.exe, [HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Windows logon] * Pas trouvé la clé de Registre * [HKCU \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon] * Valeur de Registre ne trouve pas * [HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Windows logon] * Pas trouvé la clé de Registre * -------------------------------------------------- Autorun entrées de registre: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run SynTPEnh = C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe Toshiba Hotkey Utility = "C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe" / lang en TPSMain = tpsmain.exe NDSTray.exe = NDSTray.exe Smoothview = C: \ Program Files \ TOSHIBA \ TOSHIBA Zooming Utility \ SmoothView.exe PadTouch = C: \ Program Files \ TOSHIBA \ Touch and Launch \ PadExe.exe DLA = C: \ WINDOWS \ System32 \ DLA \ DLACTRLW.EXE CFSServ.exe = CFSServ.exe-NoClient REGSHAVE = C: \ Program Files \ REGSHAVE \ REGSHAVE.EXE / AUTORUN ACU = "C: \ Program Files \ Atheros \ ACU.exe" nogui TkBellExe = "C: \ Program Files \ Fichiers communs \ Real \ Update_OB \ realsched.exe"-osboot QuickTime Task = "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime ! AVG Anti-Spyware = "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimiser AVG7_CC = C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP SunJavaUpdateSched = "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe" Salestart = "C: \ Program Files \ Common Files \ AVSystemCare \ bm.exe" dm = http://avsystemcare.com ad = http://avsystemcare.com Adobe Reader Speed Launcher = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" OpwareSE2 = "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ opwarese2.exe" OPSE rappel = "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ Ereg.exe"-r "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ ereg.ini" -------------------------------------------------- Autorun entrées de registre: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Une fois * Pas de valeurs trouvées * -------------------------------------------------- Autorun entrées de registre: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx * Pas de valeurs trouvées * -------------------------------------------------- Autorun entrées de registre: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Services * Pas de valeurs trouvées * -------------------------------------------------- Autorun entrées de registre: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce * Pas de valeurs trouvées * -------------------------------------------------- Autorun entrées de registre: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run TOSCDSPD = C: \ Program Files \ TOSHIBA \ TOSCDSPD \ toscdspd.exe ctfmon.exe = C: \ WINDOWS \ system32 \ ctfmon.exe PnPUI Registrator = C: \ Program Files \ Common Files \ Sitecom Shared \ PnP Universal Installer \ PnPUIReg.exe-s MSMSGS = "C: \ Program Files \ Messenger \ msmsgs.exe" / background -------------------------------------------------- Autorun entrées de registre: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Une fois * Pas de valeurs trouvées * -------------------------------------------------- Autorun entrées de registre: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx * Pas de valeurs trouvées * -------------------------------------------------- Autorun entrées de registre: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Services * Pas de valeurs trouvées * -------------------------------------------------- Autorun entrées de registre: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce * Pas de valeurs trouvées * -------------------------------------------------- Autorun entrées de registre: HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run * Pas trouvé la clé de Registre * -------------------------------------------------- Autorun entrées de registre: HKCU \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run * Pas trouvé la clé de Registre * -------------------------------------------------- Autorun des entrées dans les sous-clés de registre: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run [OptionalComponents] = -------------------------------------------------- Autorun des entrées dans les sous-clés de registre: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Une fois [Setup] * Pas de valeurs trouvées * -------------------------------------------------- Autorun des entrées dans les sous-clés de registre: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx * Pas de sous-clés trouvés * -------------------------------------------------- Autorun des entrées dans les sous-clés de registre: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Services * Pas de sous-clés trouvés * -------------------------------------------------- Autorun des entrées dans les sous-clés de registre: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce * Pas de sous-clés trouvés * -------------------------------------------------- Autorun des entrées dans les sous-clés de registre: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run * Pas de sous-clés trouvés * -------------------------------------------------- Autorun des entrées dans les sous-clés de registre: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Une fois [setup] * Pas de valeurs trouvées * -------------------------------------------------- Autorun des entrées dans les sous-clés de registre: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run OnceEx * Pas de sous-clés trouvés * -------------------------------------------------- Autorun des entrées dans les sous-clés de registre: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run Services * Pas de sous-clés trouvés * -------------------------------------------------- Autorun des entrées dans les sous-clés de registre: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Run ServicesOnce * Pas de sous-clés trouvés * -------------------------------------------------- Autorun des entrées dans les sous-clés de registre: HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run * Pas trouvé la clé de Registre * -------------------------------------------------- Autorun des entrées dans les sous-clés de registre: HKCU \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Run * Pas trouvé la clé de Registre * -------------------------------------------------- Association de fichier pour l'entrée. EXE: HKEY_CLASSES_ROOT \ exefile \ shell \ open \ command (Default) = "% 1"% * -------------------------------------------------- Association de fichier pour l'entrée. COM: HKEY_CLASSES_ROOT \ comfile \ shell \ open \ command (Default) = "% 1"% * -------------------------------------------------- Association de fichier pour l'entrée. BAT: HKEY_CLASSES_ROOT \ batfile \ shell \ open \ command (Default) = "% 1"% * -------------------------------------------------- Association de fichier pour l'entrée. PIF: HKEY_CLASSES_ROOT \ piffile \ shell \ open \ command (Default) = "% 1"% * -------------------------------------------------- Association de fichier pour l'entrée. RCS: HKEY_CLASSES_ROOT \ scrfile \ shell \ open \ command (Default) = "% 1" / S -------------------------------------------------- Association de fichier pour l'entrée. HTA: HKEY_CLASSES_ROOT \ htafile \ shell \ open \ command (Default) = C: \ WINDOWS \ system32 \ mshta.exe "% 1"% * -------------------------------------------------- Association de fichier pour l'entrée. TXT: HKEY_CLASSES_ROOT \ NetLog.Document \ shell \ open \ comma nd (Default) = C: \ EPICOM ~ 1.02 \ EPICom2.02 \ EPICOM ~ 1.EXE / dde -------------------------------------------------- Énumération Active Setup stub paths: HKLM \ Software \ Microsoft \ Active Setup \ Installed Components (* = Désactivé par HKCU twin) [<(12d0ed0d-0ee0-4f90-8827-78cefb8f4988)] * Stubpath = C: \ WINDOWS \ system32 \ ieudinit.exe [> (22d6f312-b0f6-11d0-94ab-0080c74c7e95)] Stubpath = C: \ WINDOWS \ inf \ unregmp2.exe / ShowWMP [> (26923b43-4d38-484f-9b9e-de460746276c)] * Stubpath = C: \ WINDOWS \ system32 \ ie4uinit.exe-UserIconConfig [> (881dd1c5-3dcf-431b-b061-f3f88e8be88a)] * Stubpath =% systemroot% \ system32 \ shmgrate.exe OCInstallUserConfigOE [(2C7339CF-2B09-4501-B3F3-F3508C9228ED)] * Stubpath =% SystemRoot% \ system32 \ regsvr32.exe / s / n / i: / UserInstall% SystemRoot% \ system32 \ themeui.dll [(44BBA840-CC51-11CF-AAFA-00AA00B6015C)] * Stubpath = "% ProgramFiles% \ Outlook Express \ setup50.exe" / APP: OE / CALLER: WINNT / user / install [(7790769C-0471-11d2-AF11-00C04FA35D02)] * Stubpath = "% ProgramFiles% \ Outlook Express \ setup50.exe" / APP: WAB / CALLER: WINNT / user / install [(89820200-ecbd-11cf-8B85-00AA005B4340)] * Stubpath = regsvr32.exe / s / n / i: U shell32.dll [(89820200-ecbd-11cf-8B85-00AA005B4383)] * Stubpath = C: \ WINDOWS \ system32 \ ie4uinit.exe-BaseSettings -------------------------------------------------- Énumération ICQ Agent Autostart apps: HKCU \ Software \ Mirabilis \ ICQ \ Agent \ Apps * Pas trouvé la clé de Registre * -------------------------------------------------- Load / Run clés à partir de C: \ WINDOWS \ WIN.INI: charge =* INI section not found * courir =* INI section not found * Load / Run clés de registre: HKLM \ .. \ Windows NT \ CurrentVersion \ WinLogon: load =* Registry pas trouvé de valeur * HKLM \ .. \ Windows NT \ CurrentVersion \ WinLogon: run =* Registry pas trouvé de valeur * HKLM \ .. \ Windows \ CurrentVersion \ WinLogon: load =* pas trouvé la clé de Registre * HKLM \ .. \ Windows \ CurrentVersion \ WinLogon: run =* pas trouvé la clé de Registre * HKCU \ .. \ Windows NT \ CurrentVersion \ WinLogon: load =* Registry pas trouvé de valeur * HKCU \ .. \ Windows NT \ CurrentVersion \ WinLogon: run =* Registry pas trouvé de valeur * HKCU \ .. \ Windows \ CurrentVersion \ WinLogon: load =* pas trouvé la clé de Registre * HKCU \ .. \ Windows \ CurrentVersion \ WinLogon: run =* pas trouvé la clé de Registre * HKCU \ .. \ Windows NT \ CurrentVersion \ Windows: load = HKCU \ .. \ Windows NT \ CurrentVersion \ Windows: run =* Registry pas trouvé de valeur * HKLM \ .. \ Windows NT \ CurrentVersion \ Windows: load =* Registry pas trouvé de valeur * HKLM \ .. \ Windows NT \ CurrentVersion \ Windows: run =* Registry pas trouvé de valeur * HKLM \ .. \ Windows NT \ CurrentVersion \ Windows: AppInit_DLLs = -------------------------------------------------- Shell & clé d'écran de veille à partir de C: \ WINDOWS \ SYSTEM.INI: Shell =* INI section not found * SCRNSAVE.EXE =* INI section not found * drivers =* INI section not found * Shell & screensaver clé de registre: Shell = Explorer.exe SCRNSAVE.EXE = C: \ WINDOWS \ system32 \ logon.scr drivers =* Registry pas trouvé de valeur * Policies Shell key: HKCU \ .. \ Policies: Shell =* Registry pas trouvé de valeur * HKLM \ .. \ Policies: Shell =* Registry pas trouvé de valeur * -------------------------------------------------- Vérification de EXPLORER.EXE instances: C: \ WINDOWS \ Explorer.exe: PRESENT! C: \ Explorer.exe: pas présent C: \ WINDOWS \ Explorer \ Explorer.exe: pas présent C: \ WINDOWS \ System \ Explorer.exe: pas présent C: \ WINDOWS \ System32 \ Explorer.exe: pas présent C: \ WINDOWS \ Command \ Explorer.exe: pas présent C: \ WINDOWS \ Fonts \ Explorer.exe: pas présent -------------------------------------------------- Vérification de la superhidden extensions: . lnk: HIDDEN! (arrow overlay: yes) . pif: HIDDEN! (arrow overlay: yes) . exe: pas caché . com: pas caché . bat: pas caché . hta: pas caché . scr: pas caché . shs: HIDDEN! . shb: HIDDEN! . vbs: pas caché . vbe: pas caché . wsh: pas caché . scf: HIDDEN! (arrow overlay: NO!) . url: HIDDEN! (arrow overlay: yes) . js: pas caché . jse: pas caché -------------------------------------------------- Vérification de l'intégrité REGEDIT.EXE: - Regedit.exe trouve dans C: \ WINDOWS -. Reg ouvert commande est normal (regedit.exe% 1) - Nom de l'entreprise OK: 'Microsoft Corporation' - Original filename OK: "REGEDIT.EXE" - Description du fichier: "Registry Editor" Greffe de vérifier passé -------------------------------------------------- Énumération Browser Helper Objects: (pas de nom) - c: \ windows \ system32 \ athcfg11c.dll (file missing) - (51610169-C280-4F36-84AB-82D92ED1F68B) (pas de nom) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) (pas de nom) - c: \ program files \ google \ googletoolbar1.dll - (AA58ED58-01DD-4d91-8333-CF10577473F7) (pas de nom) - C: \ WINDOWS \ system32 \ crypt32n.dll - (EA389261-1100-451F-8582-815CAB488AE6) -------------------------------------------------- Énumération Task Scheduler jobs: AppleSoftwareUpdate.job At1.job Norton Security Scan.job RegCure Programme Check.job RegCure.job -------------------------------------------------- Énumération Download Program Files: [Microsoft XML Parser pour Java] CODEBASE = file: / / / C: / WINDOWS / Java / classes / xmldso.cab OSD = C: \ WINDOWS \ Downloaded Program Files \ Microsoft XML Parser pour Java.osd [iPIX ActiveX Control] InProcServer32 = C: \ WINDOWS \ downlo ~ 1 \ ipixx.ocx CODEBASE = http://www.ipix.com/download/ipixx.cab [Shockwave ActiveX Control] InProcServer32 = C: \ WINDOWS \ system32 \ Macromed \ Director \ SwDir.dll CODEBASE = http://fpdownload.macromedia.com/get...irector/sw.cab [MUWebControl Class] InProcServer32 = C: \ WINDOWS \ system32 \ muweb.dll CODEBASE = http://www.update.microsoft.com/micr...?1197453622703 [Java Plug-in 1.6.0_05] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab [(8FFBE65D-2C9C-4669-84BD-5829DC0B603C)] CODEBASE = http://fpdownload.macromedia.com/get.../ultrashim.cab [a-squared Scanner] InProcServer32 = C: \ WINDOWS \ downlo ~ 1 \ asquared.ocx CODEBASE = http://ax.emsisoft.com/asquared.cab [Java Plug-in 1.5.0_06] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab [Java Plug-in 1.5.0_11] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_03] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_05] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_05] InProcServer32 = C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ npjpi160_05.dll CODEBASE = http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Shockwave Flash Object] InProcServer32 = C: \ WINDOWS \ system32 \ Macromed \ Flash \ Flash9e.ocx CODEBASE = http://fpdownload2.macromedia.com/ge...sh/swflash.cab -------------------------------------------------- Énumération Winsock LSP files: NameSpace # 1: C: \ WINDOWS \ System32 \ mswsock.dll NameSpace # 2: C: \ WINDOWS \ System32 \ winrnr.dll NameSpace # 3: C: \ WINDOWS \ System32 \ mswsock.dll NameSpace # 4: C: \ WINDOWS \ System32 \ nwprovau.dll Protocole n ° 1: C: \ WINDOWS \ system32 \ mswsock.dll Protocole n ° 2: C: \ WINDOWS \ system32 \ mswsock.dll Protocole n ° 3: C: \ WINDOWS \ system32 \ mswsock.dll Protocole n ° 4: C: \ WINDOWS \ system32 \ rsvpsp.dll Protocole n ° 5: C: \ WINDOWS \ system32 \ rsvpsp.dll Protocole n ° 6: C: \ WINDOWS \ system32 \ mswsock.dll Protocole n ° 7: C: \ WINDOWS \ system32 \ mswsock.dll Protocole n ° 8: C: \ WINDOWS \ system32 \ mswsock.dll Protocole n ° 9: C: \ WINDOWS \ system32 \ mswsock.dll Protocole n ° 10: C: \ WINDOWS \ system32 \ mswsock.dll Protocole n ° 11: C: \ WINDOWS \ system32 \ mswsock.dll Protocole n ° 12: C: \ WINDOWS \ system32 \ mswsock.dll Protocole n ° 13: C: \ WINDOWS \ system32 \ mswsock.dll Protocole n ° 14: C: \ WINDOWS \ system32 \ mswsock.dll Protocole n ° 15: C: \ WINDOWS \ system32 \ mswsock.dll Protocole n ° 16: C: \ WINDOWS \ system32 \ mswsock.dll Protocole # 17: C: \ WINDOWS \ system32 \ mswsock.dll Protocole n ° 18: C: \ WINDOWS \ system32 \ mswsock.dll Protocole n ° 19: C: \ WINDOWS \ system32 \ mswsock.dll Protocole n ° 20: C: \ WINDOWS \ system32 \ mswsock.dll Protocole n ° 21: C: \ WINDOWS \ system32 \ mswsock.dll Protocole n ° 22: C: \ WINDOWS \ system32 \ mswsock.dll Protocole n ° 23: C: \ WINDOWS \ system32 \ mswsock.dll Protocole n ° 24: C: \ WINDOWS \ system32 \ mswsock.dll -------------------------------------------------- Énumération des services Windows NT/2000/XP Pilote ACPI Microsoft: system32 \ DRIVERS \ ACPI.sys (system) Microsoft Embedded Controller Driver: system32 \ drivers \ ACPIEC.sys (système) Atheros Configuration Service: C: \ WINDOWS \ system32 \ acs.exe (autostart) Microsoft Kernel Acoustic Echo Canceller: system32 \ drivers \ aec.sys (démarrage manuel) AFD: \ SystemRoot \ System32 \ drivers \ afd.sys (system) Alerter:% SystemRoot% \ system32 \ svchost.exe-k LocalService (disabled) Application Layer Gateway Service:% SystemRoot% \ System32 \ alg.exe (manual start) Gestion des applications:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (manual start) Atheros Wireless Network Adapter Service: system32 \ drivers \ ar5211.sys (démarrage manuel) ASP.NET État Service:% SystemRoot% \ Microsoft.NET \ Framework \ v1.1.4322 \ asp net_state.exe (démarrage manuel) RAS Asynchronous Media Driver: system32 \ drivers \ asyncmac.sys (démarrage manuel) Standard IDE / ESDI Hard Disk Controller: system32 \ drivers \ Atapi.sys (système) Ati HotKey Poller:% SystemRoot% \ system32 \ Ati2evxx.exe (autostart) ati2mtag: system32 \ drivers \ ati2mtag.sys (manual start) Protocole client ATM ARP: system32 \ drivers \ atmarpc.sys (démarrage manuel) Audio Windows:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Audio Stub Driver: system32 \ drivers \ audstub.sys (manual start) AVG Anti-Spyware Driver: \? \ C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.sys (système) AVG Anti-Spyware Guard: C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe (autostart) AVG7 Alert Manager Server: C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe (autostart) AVG7 Kernel: \ SystemRoot \ System32 \ Drivers \ avg7core.sys (système) AVG7 Wrap Driver: \ SystemRoot \ System32 \ Drivers \ avg7rsw.sys (système) AVG7 Resident Driver XP: \ SystemRoot \ System32 \ Drivers \ avg7rsxp.sys (système) AVG7 Update Service: C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe (autostart) AVG Anti-Spyware Clean Driver: system32 \ drivers \ AvgAsCln.sys (system) AVG7 Clean Driver: \ SystemRoot \ System32 \ Drivers \ avgclean.sys (système) Background Intelligent Transfer Service:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Access 32bits INT15 routine: system32 \ drivers \ BoiHwSetup.sys (démarrage manuel) BrSplService: C: \ WINDOWS \ system32 \ brsvc01a.exe (autostart) Computer Browser:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Logical Disk Manager Monitor:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Conexant AMC 3D Environmental Audio: system32 \ drivers \ camc6aud.sys (démarrage manuel) CAMCHALA: system32 \ drivers \ camc6hal.sys (démarrage manuel) CD-ROM Driver: system32 \ drivers \ cdrom.sys (system) ConfigFree Service: C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe (autostart) Service d'indexation:% SystemRoot% \ system32 \ Cisvc.exe (démarrage manuel) ClipBook:% SystemRoot% \ system32 \ clipsrv.exe (handicapés) Microsoft ACPI Control Method Battery Driver: system32 \ drivers \ CmBatt.sys (démarrage manuel) Microsoft Composite Battery Driver: system32 \ drivers \ compbatt.sys (système) L'application système COM +: C: \ WINDOWS \ system32 \ DLLHost.exe tombait / Processid: (02D4B3F1-FD88-11D1-960D-00805FC79235) (démarrage manuel) Services de cryptographie:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) DCOM Server Process Launcher:% SystemRoot% \ system32 \ svchost-k DcomLaunch (autostart) Client DHCP:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Disk Driver: system32 \ drivers \ disk.sys (system) DLABOIOM: System32 \ DLA \ DLABOIOM.SYS (autostart) DLACDBHM: System32 \ Drivers \ DLACDBHM.SYS (système) DLADResN: System32 \ DLA \ DLADResN.SYS (autostart) DLAIFS_M: System32 \ DLA \ DLAIFS_M.SYS (autostart) DLAOPIOM: System32 \ DLA \ DLAOPIOM.SYS (autostart) DLAPoolM: System32 \ DLA \ DLAPoolM.SYS (autostart) DLARTL_N: System32 \ Drivers \ DLARTL_N.SYS (système) DLAUDFAM: System32 \ DLA \ DLAUDFAM.SYS (autostart) DLAUDF_M: System32 \ DLA \ DLAUDF_M.SYS (autostart) Logical Disk Manager Administrative Service:% SystemRoot% \ System32 \ dmadmin.exe / com (manual start) dmboot: System32 \ drivers \ dmboot.sys (handicapés) Logical Disk Manager Driver: System32 \ drivers \ dmio.sys (system) dmload: System32 \ drivers \ dmload.sys (système) Gestionnaire de disque logique:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Microsoft Kernel DLS Syntheiszer: system32 \ drivers \ DMusic.sys (démarrage manuel) DNINDIS5 NDIS Protocol Driver: \? \ C: \ PROGRA ~ 1 \ Belkin \ BELKIN ~ 1.11G \ DNINDIS5.SYS (démarrage manuel) Client DNS:% SystemRoot% \ system32 \ svchost.exe-k NetworkService (autostart) Microsoft Kernel DRM Audio désembrouilleur: system32 \ drivers \ drmkaud.sys (démarrage manuel) DRVMCDB: System32 \ Drivers \ DRVMCDB.SYS (système) DRVNDDM: System32 \ Drivers \ DRVNDDM.SYS (autostart) Error Reporting Service:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Journal des événements:% SystemRoot% \ system32 \ services.exe (autostart) Système d'événement COM +: C: \ WINDOWS \ system32 \ svchost.exe-k netsvcs (manual start) Fast User Switching Compatibilité:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manual start) FltMgr: system32 \ drivers \ fltMgr.sys (système) Volume Manager Driver: system32 \ drivers \ ftdisk.sys (system) Generic Packet Classifier: system32 \ drivers \ msgpc.sys (manual start) GTNDIS5 NDIS Protocol Driver: \? \ C: \ WINDOWS \ system32 \ GTNDIS5.SYS (démarrage manuel) Google Updater Service: "C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe" (démarrage manuel) Aide et support:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Human Interface Device Access:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (disabled) Microsoft HID Class Driver: system32 \ drivers \ Hidusb.sys (démarrage manuel) hlkvythd: system32 \ drivers \ vzrpdamf.dat (système) HSFHWATI: system32 \ drivers \ HSFHWATI.sys (démarrage manuel) HSF_DPV: system32 \ drivers \ HSF_DPV.sys (démarrage manuel) HTTP: System32 \ Drivers \ HTTP.sys (manual start) HTTP SSL:% SystemRoot% \ System32 \ svchost.exe-k HTTPFilter (démarrage manuel) i8042 Clavier et souris PS / 2 Port Driver: system32 \ drivers \ i8042prt.sys (system) InstallDriver Table Manager: "C: \ Program Files \ Fichiers communs \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe" (démarrage manuel) CD-Burning Filter Driver: system32 \ drivers \ imapi.sys (system) IMAPI CD-Burning COM Service: C: \ WINDOWS \ system32 \ imapi.exe (manual start) Intel Processor Driver: system32 \ drivers \ Intelppm.sys (système) IPv6 Windows Firewall Driver: system32 \ drivers \ Ip6Fw.sys (démarrage manuel) IP Traffic Filter Driver: system32 \ drivers \ ipfltdrv.sys (démarrage manuel) IP dans IP Tunnel Driver: system32 \ drivers \ ipinip.sys (démarrage manuel) IP Network Address Translator: system32 \ drivers \ ipnat.sys (manual start) IPSEC driver: system32 \ drivers \ ipsec.sys (system) IR Enumerator Service: system32 \ drivers \ irenum.sys (démarrage manuel) PnP ISA / EISA Bus Driver: system32 \ drivers \ Isapnp.sys (système) IVI ASPI Shell: system32 \ drivers \ iviaspi.sys (démarrage manuel) Keyboard Class Driver: system32 \ drivers \ Kbdclass.sys (système) Microsoft Kernel Wave Audio Mixer: system32 \ drivers \ Kmixer.sys (démarrage manuel) Serveur:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Workstation:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) TCP / IP NetBIOS Helper:% SystemRoot% \ system32 \ svchost.exe-k LocalService (autostart) mdmxsdk: system32 \ drivers \ mdmxsdk.sys (autostart) Messenger:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (disabled) Partage de Bureau à distance NetMeeting: C: \ WINDOWS \ system32 \ mnmsrvc.exe (démarrage manuel) Classe Mouse Driver: system32 \ drivers \ mouclass.sys (system) Mouse HID Driver: system32 \ drivers \ mouhid.sys (manual start) Redirecteur client WebDav: system32 \ drivers \ mrxdav.sys (manual start) MRxSmb: system32 \ drivers \ Mrxsmb.sys (système) Distributed Transaction Coordinator: C: \ WINDOWS \ system32 \ msdtc.exe (manual start) Windows Installer: C: \ WINDOWS \ system32 \ msiexec.exe / V (démarrage manuel) Microsoft Streaming Service Proxy: system32 \ drivers \ MSKSSRV.sys (démarrage manuel) Microsoft Streaming Clock Proxy: system32 \ drivers \ MSPCLOCK.sys (démarrage manuel) Microsoft Streaming Quality Manager Proxy: system32 \ drivers \ MSPQM.sys (démarrage manuel) Microsoft System Management BIOS Driver: system32 \ drivers \ mssmbios.sys (manual start) Remote Access NDIS TAPI Driver: system32 \ drivers \ ndistapi.sys (manual start) NDIS Usermode I / O Protocol: system32 \ drivers \ ndisuio.sys (manual start) Remote Access NDIS WAN Driver: system32 \ drivers \ ndiswan.sys (manual start) Interface NetBIOS: system32 \ drivers \ netbios.sys (system) NetBios sur Tcpip: system32 \ drivers \ Netbt.sys (système) DDE réseau:% SystemRoot% \ system32 \ Netdde.exe (handicapés) Network DDE DSDM:% SystemRoot% \ system32 \ Netdde.exe (handicapés) TOSHIBA Network Device Usermode I / O Protocol: system32 \ drivers \ netdevio.sys (autostart) Net Logon:% SystemRoot% \ system32 \ lsass.exe (autostart) Connexions réseau:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manual start) Network Location Awareness (NLA):% SystemRoot% \ system32 \ svchost.exe-k netsvcs (manual start) NT LM Security Support Provider:% SystemRoot% \ system32 \ lsass.exe (manual start) Stockage amovible:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (manual start) Service client pour NetWare:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) IPX Traffic Filter Driver: system32 \ drivers \ nwlnkflt.sys (démarrage manuel) IPX Traffic Forwarder Driver: system32 \ drivers \ nwlnkfwd.sys (démarrage manuel) NWLink IPX / SPX / NetBIOS Compatible Transport Protocol: system32 \ drivers \ nwlnkipx.sys (autostart) NWLink NetBIOS: system32 \ drivers \ nwlnknb.sys (autostart) NWLink SPX / SPXII Protocole: system32 \ drivers \ nwlnkspx.sys (autostart) NetWare Rdr: system32 \ drivers \ nwrdr.sys (démarrage manuel) Office Source Engine: "C: \ Program Files \ Fichiers communs \ Microsoft Shared \ Source Engine \ Ose.exe" (démarrage manuel) PCI Bus Driver: system32 \ drivers \ Pci.sys (système) PCIIde: system32 \ drivers \ Pciide.sys (système) Pcmcia: system32 \ drivers \ Pcmcia.sys (système) Padus ASPI Shell: system32 \ drivers \ pfc.sys (démarrage manuel) Plug and Play:% SystemRoot% \ system32 \ services.exe (autostart) Services IPSEC:% SystemRoot% \ system32 \ lsass.exe (autostart) Miniport WAN (PPTP): system32 \ drivers \ Raspptp.sys (démarrage manuel) Protected Storage:% SystemRoot% \ system32 \ lsass.exe (autostart) Planificateur de paquets QoS: system32 \ drivers \ psched.sys (manual start) Direct Parallel Link Driver: system32 \ drivers \ ptilink.sys (manual start) PxHelp20: System32 \ Drivers \ PxHelp20.sys (system) Quanta HotKey Keyboard Filter Driver: system32 \ drivers \ qkbfiltr.sys (démarrage manuel) Quanta HotKey Mouse Filter Driver: system32 \ drivers \ qmofiltr.sys (démarrage manuel) Remote Access Auto Connection Driver: system32 \ DRIVERS \ rasacd.sys (system) Remote Access Auto Connection Manager:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (manual start) Miniport réseau étendu WAN (L2TP): system32 \ drivers \ rasl2tp.sys (manual start) Remote Access Connection Manager:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (manual start) Remote Access PPPOE Driver: system32 \ drivers \ raspppoe.sys (manual start) Direct Parallel: system32 \ drivers \ raspti.sys (manual start) Rdbss: system32 \ drivers \ rdbss.sys (system) RDPCDD: System32 \ DRIVERS \ RDPCDD.sys (system) Terminal Server Device Redirector Driver: system32 \ drivers \ rdpdr.sys (démarrage manuel) Remote Desktop Help Session Manager: C: \ WINDOWS \ system32 \ sessmgr.exe (manual start) Digital CD Audio Playback Filter Driver: system32 \ drivers \ Redbook.sys (système) Routage et accès distant:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (disabled) À distance au Registre:% SystemRoot% \ system32 \ svchost.exe-k LocalService (autostart) Remote Procedure Call (RPC) Locator:% SystemRoot% \ system32 \ locator.exe (manual start) Remote Procedure Call (RPC):% SystemRoot% \ system32 \ svchost-k rpcss (autostart) QoS RSVP:% SystemRoot% \ system32 \ rsvp.exe (démarrage manuel) Belkin RT2500 Wireless Driver: system32 \ drivers \ RT61.sys (démarrage manuel) Realtek 10/100/1000 NIC Family all in one NDIS XP Driver: system32 \ drivers \ Rtlnicxp.sys (démarrage manuel) Realtek RTL8139 (A / B / C)-PCI Fast Ethernet Adapter NT Driver: system32 \ drivers \ RTL8139.sys (démarrage manuel) Gestionnaire de comptes de sécurité:% SystemRoot% \ system32 \ lsass.exe (autostart) Carte à puce:% SystemRoot% \ System32 \ scardsvr.exe (démarrage manuel) Planificateur de tâches:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Secdrv: system32 \ drivers \ secdrv.sys (manual start) Secondary Logon:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) System Event Notification:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Sitecom Serial port driver: system32 \ drivers \ ser2pl.sys (démarrage manuel) Serenum Filter Driver: system32 \ drivers \ serenum.sys (manual start) High-Capacity Floppy Disk Drive: system32 \ drivers \ sfloppy.sys (démarrage manuel) Pare-feu Windows / Partage de connexion Internet (ICS):% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Shell Hardware Detection:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Microsoft Kernel Audio Splitter: system32 \ drivers \ splitter.sys (démarrage manuel) Spouleur d'impression:% SystemRoot% \ system32 \ spoolsv.exe (autostart) System Restore Filter Driver: system32 \ drivers \ sr.sys (system) Service de restauration du système:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Srv: system32 \ drivers \ Srv.sys (démarrage manuel) SSDP Discovery Service:% SystemRoot% \ system32 \ svchost.exe-k LocalService (manual start) Serial Digital Still Camera Driver: system32 \ drivers \ serscan.sys (démarrage manuel) Windows Image Acquisition (WIA):% SystemRoot% \ system32 \ svchost.exe-k imgsvc (autostart) Software Bus Driver: system32 \ drivers \ swenum.sys (manual start) Microsoft Kernel GS Wavetable Synthesizer: system32 \ drivers \ swmidi.sys (démarrage manuel) MS Software Shadow Copy Provider: C: \ WINDOWS \ system32 \ DLLHost.exe tombait / Processid: (6C222AAE-7AD3-43BE-AC4B-02239FF8DEC6) (démarrage manuel) Synaptics TouchPad Driver: system32 \ drivers \ SynTP.sys (démarrage manuel) Microsoft Kernel System Audio Device: system32 \ drivers \ sysaudio.sys (manual start) Journaux et alertes de performance:% SystemRoot% \ system32 \ smlogsvc.exe (manual start) Téléphonie:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manual start) TCP / IP Protocol Driver: system32 \ drivers \ tcpip.sys (system) Terminal Device Driver: system32 \ drivers \ termdd.sys (system) Les services Terminal Server:% SystemRoot% \ System32 \ svchost-k DcomLaunch (démarrage manuel) Thèmes:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Telnet: C: \ WINDOWS \ system32 \ tlntsvr.exe (disabled) tmcomm: \? \ C: \ WINDOWS \ system32 \ drivers \ tmcomm.sys (autostart) Client de suivi de lien distribué:% SystemRoot% \ system32 \ svchost.exe-k netsvcs (autostart) Microcode Update Driver: system32 \ drivers \ update.sys (manual start) Universal Plug and Play Device Host:% SystemRoot% \ system32 \ svchost.exe-k LocalService (manual start) Uninterruptible Power Supply:% SystemRoot% \ System32 \ ups.exe (manual start) Microsoft USB Generic Parent Driver: system32 \ drivers \ usbccgp.sys (manual start) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: system32 \ drivers \ Usbehci.sys (démarrage manuel) USB2 Enabled Hub: system32 \ drivers \ usbhub.sys (démarrage manuel) Microsoft USB Open Host Controller Miniport Driver: system32 \ drivers \ Usbohci.sys (démarrage manuel) Microsoft USB PRINTER Class: system32 \ drivers \ usbprint.sys (manual start) USB Scanner Driver: system32 \ drivers \ usbscan.sys (démarrage manuel) USB Mass Storage Driver: system32 \ drivers \ Usbstor.sys (démarrage manuel) Linksys Wireless-G USB Network Adapter avec SpeedBooster v2 Driver: system32 \ drivers \ usb8023.sys (démarrage manuel) VgaSave: \ SystemRoot \ System32 \ drivers \ vga.sys (system) Volume Shadow Copy:% SystemRoot% \ System32 \ vssvc.exe (manual start) Windows Time:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Remote Access IP ARP Driver: system32 \ drivers \ wanarp.sys (manual start) Windows CE USB Serial Host Driver: system32 \ drivers \ wceusbsh.sys (démarrage manuel) Microsoft WINMM WDM Audio Compatibility Driver: system32 \ drivers \ wdmaud.sys (manual start) WebClient:% SystemRoot% \ system32 \ svchost.exe-k LocalService (autostart) winachsf: system32 \ drivers \ HSF_CNXT.sys (démarrage manuel) Windows Management Instrumentation:% systemroot% \ system32 \ svchost.exe-k netsvcs (autostart) Portable Media Serial Number Service:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manual start) Windows Management Instrumentation Driver Extensions:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manual start) WMI Performance Adapter: C: \ WINDOWS \ system32 \ wbem \ wmiapsrv.exe (manual start) Windows Media Player Network Sharing Service: "C: \ Program Files \ Windows Media Player \ wmpnetwk.exe" (démarrage manuel) Windows Socket 2.0 Non-IFS fournisseur de services de soutien Environnement: \ SystemRoot \ System32 \ drivers \ ws2ifsl.sys (handicapés) Centre de sécurité:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Mises à jour automatiques:% systemroot% \ system32 \ svchost.exe-k netsvcs (autostart) Windows Driver Foundation - User-Mode Driver Framework Platform Driver: system32 \ drivers \ WudfPf.sys (démarrage manuel) Windows Driver Foundation - User-Mode Driver Framework Reflector: system32 \ drivers \ wudfrd.sys (démarrage manuel) Windows Driver Foundation - User-Mode Driver Framework:% SystemRoot% \ system32 \ svchost.exe-k WudfServiceGroup (démarrage manuel) Wireless Zero Configuration:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (autostart) Network Provisioning Service:% SystemRoot% \ System32 \ svchost.exe-k netsvcs (manual start) -------------------------------------------------- Énumération Windows NT logon / logoff scripts: * Pas de scripts mis à courir * Windows NT CheckDisk commande: BootExecute = autocheck autochk * Windows NT »Wininit.ini»: PendingFileRenameOperations: * Valeur de Registre ne trouve pas * -------------------------------------------------- Énumération ShellServiceObjectDelayLoad items: PostBootReminder: C: \ WINDOWS \ system32 \ shell32.dll CDBurn: C: \ WINDOWS \ system32 \ shell32.dll WebCheck: C: \ WINDOWS \ system32 \ Webcheck.dll SysTray: C: \ WINDOWS \ system32 \ stobject.dll UPnPMonitor: C: \ WINDOWS \ system32 \ upnpui.dll WPDShServiceObj: C: \ WINDOWS \ system32 \ WPDShServiceObj.dll -------------------------------------------------- Autorun entrées de registre: HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ pol icies \ Explorer \ Run * Pas de valeurs trouvées * -------------------------------------------------- Autorun entrées de registre: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ pol icies \ Explorer \ Run * Pas de valeurs trouvées * -------------------------------------------------- Fin du rapport, 38242 octets Rapport générée en 0.266 secondes Options de ligne de commande: / verbose - d'ajouter des informations supplémentaires sur chaque section / complet - à vide et les sections de données unsuspicious / pleine - pour comprendre plusieurs sections rarement important / force9x - d'inclure Win9x seulement, même si le démarrage en cours d'exécution sur WinNT / forcent - WinNT pour inclure uniquement le démarrage, même si en cours d'exécution sur Windows 9x / forceall - à tous les Win9x et WinNT startups, indépendamment de la plate-forme / history - to list version de l'histoire que |
|
#4
25 mars 2008, 14:47
| |||
| |||
| TROJAN HORSE Thats a la liste de démarrage de HJT qui est utile, mais j'ai besoin de l'analyse principale. Ouvrir et sélectionnez le HJT Faites un système de numériser et enregistrer un fichier journal bouton. Publier ce journal s'il vous plaît.
__________________ |
|
#5
27 mars 2008, 12:47
| |||
| |||
| TROJAN HORSE Salut, Désolé si je semble lent à répondre, mais je vais avoir du mal à sauver le scan! J'ai été à HJT run 'Faites un système de numériser et enregistrer un fichier journal, mais quand il essaie d'ouvrir un fichier journal, il échoue. La seule façon dont je vois de fournir cette information est si je sauvegarder une copie de l'écran pour écrire, mais que ce sera un gros fichier pensez-vous que c'est une bonne idée ou y at-il quelque chose d'autre je peux essayer? Observe Ian A |
|
#6
27 mars 2008, 12:58
| |||
| |||
| TROJAN HORSE Essayez ce lieu et d'après les journaux de lui. Télécharger Deckard's System Scanner (DSS) à votre Desktop. Note: Vous devez être connecté sur un compte avec des privilèges d'administrateur.
Que fera DSS:
__________________ |
|
#7
28 mars 2008, 14:41
| |||
| |||
| TROJAN HORSE Salut Je dois être en pensez! J'ai essayé d'aller le chaud lien Deckards scanner mais je ne trouve pas le dss.exe. Deckards me demande de vous inscrire à un autre site Web forum semblable à celui que je suis déjà sur S'il vous plaît expliquer Ian |
|
#8
28e mars 2008, 14:46
| |||
| |||
| TROJAN HORSE Utilisez ce lien. http://www.techsupportforum.com/sect...eckard/dss.exe
__________________ |
|
#9
7e avril 2008, 00:56
| |||
| |||
| TROJAN HORSE Bonjour, Désolé si on le fait parfois depuis que je suis de retour, mais je suis loin J'ai maintenant réussi à faire l'analyse et voici les résultats Restauration du système ------------------------------------------------ -------------- Créé avec succès un Deckard's System Scanner Restore Point. - Last 5 Restore Point (s) -- 49: 2008-04-07 07:50:49 UTC - RP160 - Deckard's System Scanner Restore Point 48: 2008-04-07 06:07:59 UTC - RP159 - System Checkpoint 47: 2008-04-01 17:50:42 UTC - RP158 - System Checkpoint 46: 2008-03-28 20:48:03 UTC - RP157 - Installed SUPERAntiSpyware Free Edition 45: 2008-03-28 19:02:25 UTC - RP156 - System Checkpoint - Premier point de restauration -- 1: 2008-01-04 07:54:54 UTC - RP112 - System Checkpoint Soutenu en ruches de Registre. Joué sur Nettoyage de disque. Pourcentage d'utilisation de la mémoire: 76% (plus de 75%). Total Physical Memory: 447 MiB (512 MiB recommended). - HijackThis (run comme iana.exe) ---------------------------------------- -------- Logfile de Trend Micro HijackThis v2.0.2 Scan sauvé à 08:52:30, le 07.04.2008 Plate-forme: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C: \ WINDOWS \ System32 \ smss.exe C: \ WINDOWS \ system32 \ winlogon.exe C: \ WINDOWS \ system32 \ services.exe C: \ WINDOWS \ system32 \ lsass.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ brsvc01a.exe C: \ WINDOWS \ system32 \ spoolsv.exe C: \ WINDOWS \ system32 \ brss01a.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe C: \ WINDOWS \ system32 \ svchost.exe C: \ WINDOWS \ System32 \ svchost.exe C: \ WINDOWS \ system32 \ Ati2evxx.exe C: \ WINDOWS \ Explorer.EXE C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe C: \ WINDOWS \ system32 \ tpsmain.exe C: \ Program Files \ Synaptics \ SynTP \ Toshiba.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ NDSTray.exe C: \ Program Files \ TOSHIBA \ TOSHIBA Zooming Utility \ SmoothView.exe C: \ Program Files \ TOSHIBA \ Touch and Launch \ PadExe.exe C: \ WINDOWS \ System32 \ DLA \ DLACTRLW.EXE C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSServ.exe C: \ Program Files \ Atheros \ ACU.exe C: \ Program Files \ Fichiers communs \ Real \ Update_OB \ realsched.exe C: \ Program Files \ QuickTime \ qttask.exe C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ opwarese2.exe C: \ Program Files \ TOSHIBA \ TOSCDSPD \ toscdspd.exe C: \ WINDOWS \ system32 \ ctfmon.exe C: \ Program Files \ Messenger \ msmsgs.exe C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe C: \ WINDOWS \ system32 \ TPSBattM.exe C: \ Program Files \ FinePixViewer \ QuickDCF.exe C: \ Program Files \ TOSHIBA \ ConfigFree \ CFXFER.exe C: \ Program Files \ Internet Explorer \ iexplore.exe C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ acrord32.exe C: \ WINDOWS \ system32 \ WISPTIS.EXE C: \ Documents and Settings \ Iana \ Local Settings \ Temporary Internet Files \ Content.IE5 \ EL9EICW6 \ dss [1]. Exe C: \ PROGRA ~ 1 \ TRENDM ~ 1 \ HIJACK ~ 1 \ iana.exe R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch = R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyServer = flotechsvr: 8080 O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll O2 - BHO: (no name) - (51610169-C280-4F36-84AB-82D92ED1F68B) - c: \ windows \ system32 \ athcfg11c.dll (file missing) O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar1.dll O2 - BHO: (no name) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar1.dll O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe O4 - HKLM \ .. \ Run: [Toshiba Hotkey Utility] "C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe" / lang en O4 - HKLM \ .. \ Run: [TPSMain] tpsmain.exe O4 - HKLM \ .. \ Run: [NDSTray.exe] NDSTray.exe O4 - HKLM \ .. \ Run: [smoothview] C: \ Program Files \ TOSHIBA \ TOSHIBA Zooming Utility \ SmoothView.exe O4 - HKLM \ .. \ Run: [PadTouch] C: \ Program Files \ TOSHIBA \ Touch and Launch \ PadExe.exe O4 - HKLM \ .. \ Run: [DLA] C: \ WINDOWS \ System32 \ DLA \ DLACTRLW.EXE O4 - HKLM \ .. \ Run: [CFSServ.exe] CFSServ.exe-NoClient O4 - HKLM \ .. \ Run: [REGSHAVE] C: \ Program Files \ REGSHAVE \ REGSHAVE.EXE / AUTORUN O4 - HKLM \ .. \ Run: [ACU] "C: \ Program Files \ Atheros \ ACU.exe" nogui O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Fichiers communs \ Real \ Update_OB \ realsched.exe"-osboot O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe" / minimiser O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [OpwareSE2] "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ opwarese2.exe" O4 - HKLM \ .. \ Run: [OPSE rappel] "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ Ereg.exe"-r "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ ereg . ini " O4 - HKCU \ .. \ Run: [TOSCDSPD] C: \ Program Files \ TOSHIBA \ TOSCDSPD \ toscdspd.exe O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe O4 - HKCU \ .. \ Run: [PnPUI Registrator] C: \ Program Files \ Common Files \ Sitecom Shared \ PnP Universal Installer \ PnPUIReg.exe-s O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE') O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM') O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user') O4 - Global Startup: Exif Launcher.lnk = C: \ Program Files \ FinePixViewer \ QuickDCF.exe O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office \ OSA9.exe O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ ssv.dll O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MI05E6 ~ 1 \ OFFICE11 \ REFIEBAR.DLL O9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe O10 - Unknown file dans Winsock LSP: c: \ windows \ system32 \ nwprovau.dll Ø14 - IERESET.INF: START_PAGE_URL = http://companyweb O16 - DPF: (11260943-421B-11D0-8EAC-0000C07D88CF) (iPIX ActiveX Control) -- http://www.ipix.com/download/ipixx.cab O16 - DPF: (6E32070A-766D-4EE6-879C-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1197453622703 O16 - DPF: (8AD9C840-044E-11D1-B3E9-00805F499D93) (Java Runtime Environment 1.6.0) -- http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab O16 - DPF: (BB21F850-63F4-4EC9-BF9D-565BD30C9AE9) (a-squared Scanner) -- http://ax.emsisoft.com/asquared.cab O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM \ System \ CCS \ Services \ Tcpip \ Parameters: Domain = flotech.local O17 - HKLM \ Software \ .. \ Telephony: DomainName = flotech.local O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (3C838800-1126-48EC-8092-81CB4BD5BA88): NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CS1 \ Services \ Tcpip \ Parameters: Domain = flotech.local O17 - HKLM \ System \ CS1 \ Services \ Tcpip \ Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CS1 \ Services \ Tcpip \ .. \ (3C838800-1126-48EC-8092-81CB4BD5BA88): NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CS3 \ Services \ Tcpip \ Parameters: Domain = flotech.local O17 - HKLM \ System \ CS3 \ Services \ Tcpip \ Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CS3 \ Services \ Tcpip \ .. \ (3C838800-1126-48EC-8092-81CB4BD5BA88): NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM \ System \ CCS \ Services \ Tcpip \ Parameters: NameServer = 208.67.220.220,208.67.222.222 O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll O20 - Winlogon Notify: detcdzqc - athcfg11c.dll (file missing) O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C: \ WINDOWS \ system32 \ acs.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc - C: \ WINDOWS \ system32 \ Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C: \ WINDOWS \ system32 \ brsvc01a.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C: \ Program Files \ TOSHIBA \ ConfigFree \ CFSvcs.exe O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Fichiers communs \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe -- Fin de file - 9862 bytes - HijackThis Fixed Entries (C: \ PROGRA ~ 1 \ TRENDM ~ 1 \ HIJACK ~ 1 \ backups \) ----------- backup-20071217-070814-188 O4 - HKLM \ .. \ Run: [\ \ WKS-216 \ EPSON Stylus C46 Series] C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ E_S4I0T 1.EXE / P33 "\ \ WKS-216 \ EPSON Stylus C46 Series "/ O6" USB002 "/ M" Stylus C46 " backup-20071217-071110-763 O16 - DPF: (935F9B04-0C7B-4454-A391-348C54AD7ADD) (Jolly Bear Games Player) -- http://games.bigfishgames.com/en_big...GamePlayer.cab backup-20071219-071455-100 O20 - Winlogon Notify: detcdzqc - C: \ WINDOWS \ SYSTEM32 \ athcfg11c.dll backup-20071219-071455-320 O4 - Global Startup: EPSON Status Monitor 3 Environment Check (3). lnk = C: \ WINDOWS \ system32 \ spool \ drivers \ w32x86 \ 3 \ E_SRCV0 3.EXE backup-20071219-071455-780 O2 - BHO: (no name) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll backup-20080327-194111-931 O2 - BHO: (no name) - (51610169-C280-4F36-84AB-82D92ED1F68B) - c: \ windows \ system32 \ athcfg11c.dll (file missing) backup-20080327-194139-797 O2 - BHO: (no name) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll backup-20080327-194247-663 O2 - BHO: (no name) - (EA389261-1100-451F-8582-815CAB488AE6) - C: \ WINDOWS \ system32 \ crypt32n.dll - File Associations ---------------------------------------------- ------------- . txt - NetLog.Document - DefaultIcon - C: \ EPICOM ~ 1.02 \ EPICom2.02 \ EPICOM ~ 1.EXE, 8 . txt - NetLog.Document - shell \ open \ command - C: \ EPICOM ~ 1.02 \ EPICom2.02 \ EPICOM ~ 1.EXE / dde - Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 hlkvythd - c: \ windows \ system32 \ drivers \ vzrpdamf.dat R1 SASDIFSV - c: \ program files \ SUPERAntiSpyware \ sasdifsv.sys R1 SASKUTIL - c: \ program files \ SUPERAntiSpyware \ saskutil.sys R2 MASPINT - c: \ windows \ system32 \ drivers \ maspint.sys <Non Verified; MicroStaff Co.,Ltd.; Aspi32 Driver pour WinNT> R2 mdmxsdk - c: \ windows \ system32 \ drivers \ mdmxsdk.sys <Non Verified; Conexant; diagnostic Interface> R2 Netdevio (TOSHIBA Network Device Usermode I / O Protocol) - c: \ windows \ system32 \ drivers \ netdevio.sys <Non Verified; TOSHIBA Corporation.; TOSHIBA Network Device Usermode I/O protocol> R3 AR5211 (Atheros Wireless Network Adapter Service) - c: \ windows \ system32 \ drivers \ ar5211.sys <Non Verified; Atheros Communications, Inc.; Atheros AR5001 Wireless Network Adapter> R3 BoiHwsetup (Access 32bits INT15 routine) - c: \ windows \ system32 \ drivers \ boihwsetup.sys <Non Verified; Quanta Computer Corp; Toshiba HwSetup Driver> R3 CAMCAUD (Conexant AMC 3D Environmental Audio) - c: \ windows \ system32 \ drivers \ camc6aud.sys <Non Verified; Conexant Systems Inc.; Conexant Audio Driver> R3 CAMCHALA - c: \ windows \ system32 \ drivers \ camc6hal.sys <Non Verified; Conexant Systems Inc.; Conexant AmcHal Driver> R3 HSF_DPV - c: \ windows \ system32 \ drivers \ hsf_dpv.sys <Non Verified; Conexant Systems, Inc.; SoftK56 Modem Driver> R3 HSFHWATI - c: \ windows \ system32 \ drivers \ hsfhwati.sys <Non Verified; Conexant Systems, Inc.; SoftK56 Modem Driver> R3 Iviaspi (IVI ASPI Shell) - c: \ windows \ system32 \ drivers \ iviaspi.sys <Non Verified; InterVideo, Inc.; InterVideo ASPI Shell> R3 pfc (Padus ASPI Shell) - c: \ windows \ system32 \ drivers \ pfc.sys <Non Verified; Padus, Inc.; Padus(R) ASPI Shell> R3 qkbfiltr (Quanta HotKey Keyboard Filter Driver) - c: \ windows \ system32 \ drivers \ qkbfiltr.sys <Non Verified; Quanta Computer, Inc.; Quanta HotKey Keyboard Filter Driver> R3 qmofiltr (Quanta HotKey Mouse Filter Driver) - c: \ windows \ system32 \ drivers \ qmofiltr.sys <Non Verified; Quanta Quanta Computer, Inc.; Mouse Filter Device Driver> R3 SASENUM - c: \ program files \ SUPERAntiSpyware \ sasenum.sys <Non Verified; SuperAdBlocker, Inc.; SuperAntiSpyware> R3 winachsf - c: \ windows \ system32 \ drivers \ hsf_cnxt.sys <Non Verified; Conexant Systems, Inc.; SoftK56 Modem Driver> S3 DNINDIS5 (DNINDIS5 NDIS Protocol Driver) - c: \ progra ~ 1 \ belkin \ ~ belkin 1.11g \ dnindis5.sys (file missing) S3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c: \ windows \ system32 \ gtndis5.sys (file missing) S3 RT61 (RT2500 Belkin Wireless Driver) - c: \ windows \ system32 \ drivers \ rt61.sys (file missing) S3 Ser2pl (Sitecom Serial port driver) - c: \ windows \ system32 \ drivers \ ser2pl.sys <Non Verified; Prolific Technology Inc.; Prolific USB-to-Serial Bridge Cable> S3 wceusbsh (Windows CE USB Serial Host Driver) - c: \ windows \ system32 \ drivers \ wceusbsh.sys <Non Verified; Microsoft Corporation; Windows CE USB Serial Host Driver> - Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 CFSvcs (ConfigFree Service) - c: \ program files \ toshiba \ ConfigFree \ cfsvcs.exe <Non Verified; TOSHIBA CORPORATION; ConfigFree(TM)> S2 ACS (Atheros Configuration Service) - c: \ windows \ system32 \ acs.exe - Device Manager: Disabled -------------------------------------------- -------- Non handicapés dispositifs trouvés. - Tâches planifiées ---------------------------------------------- --------------- 2008-04-07 06:48:40 436 - a ------ C: \ WINDOWS \ Tasks \ RegCure Programme Check.job 2008-04-04 12:33:04 438 - a ------ C: \ WINDOWS \ Tasks \ At1.job 2008-03-15 17:25:00 284 - a ------ C: \ WINDOWS \ Tasks \ AppleSoftwareUpdate.job 2008-01-31 16:37:13 370 - a ------ C: \ WINDOWS \ Tasks \ RegCure.job - Les fichiers créés entre 2008-03-07 et 2008-04-07 ----------------------------- 2008-03-28 21:48:16 0 d -------- C: \ Documents and Settings \ All Users \ Application Data \ SUPERAntiSpyware.com 2008-03-28 21:48:05 0 d -------- C: \ Program Files \ SUPERAntiSpyware 2008-03-28 21:48:05 0 d -------- C: \ Documents and Settings \ Iana \ Application Data \ SUPERAntiSpyware.com 2008-03-28 21:47:28 0 d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard - Find3M Report ---------------------------------------------- ----------------- 2008-04-07 06:51:23 0 d -------- C: \ Documents and Settings \ Iana \ Application Data \ AVG7 2008-04-04 16:30:58 0 d -------- C: \ Program Files \ Hansa52Client 2008-04-04 15:41:49 0 d -------- C: \ Documents and Settings \ Iana \ Application Data \ AdobeUM 2008-03-28 21:47:28 0 d -------- C: \ Program Files \ Common Files 2008-03-25 10:03:27 0 d -------- C: \ Program Files \ Fichiers communs \ Adobe 2008-03-25 09:31:28 0 d -------- C: \ Program Files \ Common Files \ Symantec Shared 2008-03-05 15:04:08 0 d -------- C: \ Program Files \ Canon 2008-03-05 11:57:28 0 d -------- C: \ Program Files \ Java 2008-02-25 09:26:29 0 d -------- C: \ Documents and Settings \ Iana \ Application Data \ ScanSoft 2008-02-25 09:26:26 0 d -------- C: \ Program Files \ Fichiers communs \ ScanSoft Shared 2008-02-25 09:25:40 0 d -------- C: \ Program Files \ ScanSoft 2008-02-25 08:32:09 0 d -------- C: \ Program Files \ Google 2008-02-21 18:33:48 0 d -------- C: \ Program Files \ MumbleJumble 2008-02-21 18:10:04 0 d -------- C: \ Program Files \ Mahjong Deluxe 2008-02-21 12:06:28 0 d -------- C: \ Program Files \ RogueRemover FREE 2008-02-21 12:04:40 0 d -------- C: \ Program Files \ The Walls of Jericho 2008-02-21 12:04:31 0 d -------- C: \ Program Files \ HP Creative Idea CD 2008-02-21 12:04:11 0 d -------- C: \ Program Files \ XviD 2008-02-21 12:03:54 0 d -------- C: \ Program Files \ RegCure 2008-02-21 12:02:55 0 d -------- C: \ Program Files \ Suppression Man 2008-02-21 12:02:55 0 d -------- C: \ Program Files \ Polarkubes 2008-02-21 12:01:40 0 d -------- C: \ Program Files \ PopCap Games 2008-02-18 19:38:17 16 - a ------ C: \ WINDOWS \ popcinfot.dat 2008-02-18 19:19:59 0 - a ------ C: \ WINDOWS \ popcreg.dat 2008-02-11 17:53:24 0 d -------- C: \ Program Files \ IDIGICON Limited 2008-01-21 18:36:58 1024 - a ------ C: \ WINDOWS \ jericho_game_ra.dat - Registry Dump ---------------------------------------------- ----------------- * Note * empty entries & legit entrées par défaut ne sont pas indiquées [HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (51610169-C280-4F36-84AB-82D92ED1F68B)] [HKEY_LOCAL_MACHINE \ ~ \ Browser Helper Objects \ (EA389261-1100-451F-8582-815CAB488AE6)] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "SynTPEnh" = "C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe" [17/12/2005 00:32] "Toshiba Hotkey Utility" = "C: \ Program Files \ Toshiba \ Windows Utilities \ Hotkey.exe" [28/01/2006 05:13] "TPSMain" = "tpsmain.exe" [08/02/2006 16:02 C: \ WINDOWS \ system32 \ tpsmain.exe] "NDSTray.exe" = "NDSTray.exe" [] "Smoothview" = "C: \ Program Files \ TOSHIBA \ TOSHIBA Zooming Utility \ SmoothView.exe" [12/05/2005 11:31] "PadTouch" = "C: \ Program Files \ TOSHIBA \ Touch and Launch \ PadExe.exe" [21/12/2005 14:52] "DLA" = "C: \ WINDOWS \ System32 \ DLA \ DLACTRLW.EXE" [06/10/2005 06:20] "CFSServ.exe" = "CFSServ.exe" [] "REGSHAVE" = "C: \ Program Files \ REGSHAVE \ REGSHAVE.exe" [04/02/2002 23:32] "ACU" = "C: \ Program Files \ Atheros \ ACU.exe" [11/07/2005 16:04] "TkBellExe" = "C: \ Program Files \ Fichiers communs \ Real \ Update_OB \ realsched.exe" [04/03/2007 17:39] "QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [01/09/2006 16:57] ! AVG Anti-Spyware "=" C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7.5 \ avgas.exe "[11/06/2007 10:25] "AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [02/01/2008 12:20] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_05 \ bin \ jusched.exe" [22/02/2008 05:25] "OpwareSE2" = "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ opwarese2.exe" [08/05/2003 12:00] "OPSE rappel" = "C: \ Program Files \ ScanSoft \ OmniPageSE2.0 \ EregEng \ Ereg.exe" [07/07/2003 10:29] "RegistryMechanic" = "" [] [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curré ntVersion \ Run] "TOSCDSPD" = "C: \ Program Files \ TOSHIBA \ TOSCDSPD \ toscdspd.exe" [11/04/2005 12:26] "ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [04/08/2004 14:00] "PnPUI Registrator" = "C: \ Program Files \ Common Files \ Sitecom Shared \ PnP Universal Installer \ PnPUIReg.exe" [22/11/2004 21:04] "MSMSGS" = "C: \ Program Files \ Messenger \ msmsgs.exe" [13/10/2004 17:24] "SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [27/02/2007 12:39] C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \ Exif Launcher.lnk - C: \ Program Files \ FinePixViewer \ QuickDCF.exe [09/01/2002 22:53:14] Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office \ OSA9.exe [21/01/2000 09:15:54] [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curré ntversion \ policies \ system] "DisableRegistryTools" = 0 (0x0) [HKEY_LOCAL_MACHINE \ software \ microsoft \ windows \ curr entversion \ Policies \ Explorer] "NoWelcomeScreen" = 1 (0x1) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853a-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [20/12/2006 13:55 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon] C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 27/02/2007 12:39 282624 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ detcdzqc] athcfg11c.dll [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ Lsa] "Authentication Packages" = MSV1_0 nwprovau HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Svchost - NetSvcs buznlwxw [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curré ntversion \ explorer \ mountpoints2 \ (a2fd87dd-a192-11dc-B600-0016e375ed46)] AutoRun \ command-E: \ LaunchU3.exe - Fin de Deckard's System Scanner: fini à 2008-04-07 08:53:08 ------------ Hope tout cela fait sens pour vous Observe Iana |
