help rapport ci joint

[popsss]

Logfile of random's system information tool 1.10 (written by random/random)
Run by Administrateur at 2017-06-07 21:21:32
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 5 GB (24%) free of 20 GB
Total RAM: 1023 MB (17% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:21:54, on 07/06/2017
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.e xe
C:\WINDOWS\system32\services.e xe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.ex e
C:\WINDOWS\System32\svchost.ex e
C:\WINDOWS\system32\svchost.ex e
C:\WINDOWS\system32\spoolsv.ex e
C:\Program Files\Orange\ma Livebox\dedicarz\DedicarzServi ce.exe
C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsSer vice\FreemakeUtilsService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Freemake\CaptureLib\Capt ureLibService.exe
C:\WINDOWS\system32\hasplms.ex e
C:\WINDOWS\system32\nvsvc32.ex e
C:\WINDOWS\system32\svchost.ex e
C:\WINDOWS\system32\RunDLL32.e xe
C:\WINDOWS\system32\DeltaIITra y.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.ex e
C:\Program Files\Google\Chrome\Applicatio n\chrome.exe
C:\Program Files\Google\Chrome\Applicatio n\chrome.exe
C:\WINDOWS\System32\svchost.ex e
C:\Program Files\Google\Chrome\Applicatio n\chrome.exe
C:\Program Files\Google\Chrome\Applicatio n\chrome.exe
C:\Program Files\Google\Chrome\Applicatio n\chrome.exe
C:\Program Files\Google\Chrome\Applicatio n\chrome.exe
C:\Program Files\Google\Chrome\Applicatio n\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EX E
C:\Program Files\Google\Chrome\Applicatio n\chrome.exe
C:\Documents and Settings\Administrateur\Bureau \RSIT.exe
C:\Program Files\trend micro\Administrateur.exe

R1 - HKCU\Software\Microsoft\Intern et Explorer\Main,Default_Search_U RL = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Intern et Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Intern et Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Intern et Explorer\Search,SearchAssistan t =
R0 - HKLM\Software\Microsoft\Intern et Explorer\Search,CustomizeSearc h =
R1 - HKCU\Software\Microsoft\Intern et Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Intern et Explorer\Main,Window Title = Windows Ultimate Edition
R0 - HKCU\Software\Microsoft\Intern et Explorer\Toolbar,LinksFolderNa me = Liens
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll, NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\DeltaIITra y.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll ,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON SX218 Series] C:\WINDOWS\System32\spool\DRIV ERS\W32X86\3\E_FATIGDE.EXE /FU "C:\WINDOWS\TEMP\E_S483.tm p" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClien tMsiTrans\tscuinst.vbs" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClien tMsiTrans\tscuinst.vbs" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1935655697-2052111302-725345543-1004\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-1935655697-2052111302-725345543-1004\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClien tMsiTrans\tscuinst.vbs" (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClien tMsiTrans\tscuinst.vbs" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClien tMsiTrans\tscuinst.vbs" (User 'Default user')
O4 - Startup: ma Livebox.lnk = C:\Program Files\Orange\ma Livebox\maLivebox.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://logicielsgratuits.orange.fr
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.d ll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.d ll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\F lash\FlashPlayerUpdateService. exe
O23 - Service: Dedicarz Service - Unknown owner - C:\Program Files\Orange\ma Livebox\dedicarz\DedicarzServi ce.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.ex e
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.e xe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Freemake Improver - Freemake - C:\Documents and Settings\All Users\Application Data\Freemake\FreemakeUtilsSer vice\FreemakeUtilsService.exe
O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files\Freemake\CaptureLib\Capt ureLibService.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpda te.exe
O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpda te.exe
O23 - Service: Sentinel LDK License Manager (hasplms) - SafeNet Inc. - C:\WINDOWS\system32\hasplms.ex e
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.ex e
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.e xe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.e xe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

--
End of file - 7676 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\F lash\FlashPlayerUpdateService. exe
C:\WINDOWS\tasks\GoogleUpdateT askMachineCore.job - C:\Program Files\Google\Update\GoogleUpda te.exe /c
C:\WINDOWS\tasks\GoogleUpdateT askMachineUA.job - C:\Program Files\Google\Update\GoogleUpda te.exe /ua /installsource scheduler
C:\WINDOWS\tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe Scan -RestrictPrivileges
C:\WINDOWS\tasks\Notification de fin de service de Microsoft Windows XP - à la connexion.job - C:\WINDOWS\system32\xp_eos.exe -c
C:\WINDOWS\tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\VideoPadSeven Days.job - C:\Program Files\NCH Software\VideoPad\videopad.exe -sevendays

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Mi crosoft\Windows\CurrentVersion \Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"NvCplDaemon"=C:\WINDOWS\syste m32\NvCpl.dll [2013-11-11 15711008]
"NvMediaCenter"=NvMCTray.dll,N vTaskbarInit -login []
"M-Audio Taskbar Icon"=C:\WINDOWS\system32\Delt aIITray.exe [2009-07-27 236040]

[HKEY_LOCAL_MACHINE\Software\Mi crosoft\Windows\CurrentVersion \RunOnce]
"WIAWizardMenu"=C:\WINDOWS\sys tem32\sti_ci.dll [2008-04-14 138240]

[HKEY_CURRENT_USER\Software\Mic rosoft\Windows\CurrentVersion\ Run]
"ctfmon.exe"=C:\WINDOWS\system 32\ctfmon.exe [2008-04-14 15360]
"EPSON SX218 Series"=C:\WINDOWS\System32\sp ool\DRIVERS\W32X86\3\E_FATIGDE .EXE [2009-09-14 200704]

C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
ma Livebox.lnk - C:\Program Files\Orange\ma Livebox\maLivebox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Mi crosoft\Windows NT\CurrentVersion\Winlogon\Not ify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Mi crosoft\Windows\CurrentVersion \ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshservi ceobj.dll [2007-12-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Mi crosoft\Windows\CurrentVersion \Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIF D1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\Curr entControlSet\Control\SafeBoot \Minimal\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\Curr entControlSet\Control\SafeBoot \Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\Curr entControlSet\Control\SafeBoot \Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\Curr entControlSet\Control\SafeBoot \Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\Curr entControlSet\Control\SafeBoot \Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\Curr entControlSet\Control\SafeBoot \Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\Curr entControlSet\Control\SafeBoot \network\MBAMService]

[HKEY_LOCAL_MACHINE\SYSTEM\Curr entControlSet\Control\SafeBoot \network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\Curr entControlSet\Control\SafeBoot \network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\Curr entControlSet\Control\SafeBoot \network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\Curr entControlSet\Control\SafeBoot \network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\Curr entControlSet\Control\SafeBoot \network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Mi crosoft\Windows\CurrentVersion \Policies\System]
"dontdisplaylastusername"= 0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"ConsentPromptBehaviorAdmi n"=5
"PromptOnSecureDesktop"=0

[HKEY_CURRENT_USER\Software\Mic rosoft\Windows\CurrentVersion\ Policies\explorer]
"NoDriveTypeAutoRun"=221
"NoUserNameInStartMenu"=1

[HKEY_LOCAL_MACHINE\Software\Mi crosoft\Windows\CurrentVersion \Policies\explorer]
"HonorAutoRunSetting"=1
-----

[xsun]

tu mets un rapport comme ça, sans explication
tu oublies que nous sommes bénévoles, un minimum est demandé car nous n'avons aucune obligation envers toi

de plus XP illégal

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')

sujet fermé