Pc lent +rapport

j'ai pas posté le bon truc

ça y est c le bon

logfile of random's system information tool 1.06 (written by random/random)
Run by Compaq_Propriétaire at 2009-12-03 18:15:33
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 95 GB (64%) free of 148 GB
Total RAM: 511 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:15:39, on 03/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\keyhook.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\spider.exe
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Downloads\RSIT (3).exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Propriétaire.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searcheo.fr/france
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60264
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60264
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q404&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60264
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60264
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =

https://support.norton.com/sp/fr/fr/home/current/solutions/v58540272?abproduct=LU&abversion=1.90&build=Symantec&ced=true&entsrc=CED_pubweb&error=1814&module=LU&src=_mi
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {AEEC3B59-CA98-4EBA-A140-57B94E283583} - (no file)
R3 - URLSearchHook: (no name) - {814C76CB-2623-43F4-AAD0-58A0E5190A20} - (no file)
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: (no name) - {DB35C569-5624-4CFC-8043-E5139F55A073} - C:\PROGRA~1\Crawler\Shared\CShared.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: barre d'outils Orange - {D3028143-6145-4318-99D3-3EDCE54A95A9} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M

"Stylus DX4200"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM=
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Compaq_Propriétaire] C:\Documents and Settings\Compaq_Propriétaire\Compaq_Propriétaire.exe /i
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\pchbutton.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: ajouter cette page à vos favoris Orange - C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\cce660.html
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: traduire la page - C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\cce65E.html
O8 - Extra context menu item: traduire le texte sélectionné - C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\cce65F.html
O9 - Extra button: Crawler Screensaver - {CDAFD956-97BE-443D-8EF7-F4F094EB5766} - C:\Program Files\Crawler\SSaver\CSSaver.exe
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Orange\ToolbarFR\ToolbarContainer101000315.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -

http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?e=1232621260938&h=23adf2255bb2954a1a4d17d5efb6f691/&filename=jinstall-6

u11-windows-i586-jc.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game01.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxenligne.orange.fr/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Update Service (gupdate1c9726b9996aa68) (gupdate1c9726b9996aa68) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://www.couriramorlaix.com/courir%20a%20morlaix/fichier_photo-videos/diaporamas/st-martin2007_15km/medium/0012.jpg
O24 - Desktop Component 1: (no name) - https://www.marmiton.org/App_Themes/Recettes/img/recettes/recette_titre.gif2

je viens d'essayer de telecharger toolbar ,impossible d'aller sur la page;un message en anglais apparait

bonjour
http://eric71.geekstogo.com/tools/ToolBarSD.exe
il y a un problème avec le serveur de Eric, je donne un autre lien

..............
BON JE L'ai supprimé puis réexecuté
j'ai selectionné la langue
+ option recherche+entré : est la rien , et pourtant j'ai mis en pause mon antivirus,maintenant ?

JE COMPREND RIEN Y A UN TRUC QUI COLLE PAS DS CE PC

GMER 1.0.15.15252 - http://www.gmer.net
Rootkit quick scan 2009-12-04 14:58:43
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\kxldrpow.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwEnumerateKey [0xF83B3C7E]
SSDT sptd.sys ZwEnumerateValueKey [0xF83B3FF6]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82AB7EB0

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \Fat 8266E300

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

attend il n'est pas complet

voici le rapport gmer
GMER 1.0.15.15252 - http://www.gmer.net
Rootkit scan 2009-12-04 16:35:22
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\kxldrpow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF53636B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF5363574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF5363A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF536314C]
SSDT sptd.sys ZwEnumerateKey [0xF83B3C7E]
SSDT sptd.sys ZwEnumerateValueKey [0xF83B3FF6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF536364E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF536308C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF53630F0]
SSDT sptd.sys ZwQueryKey [0xF83B40C0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF536376E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF536372E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF53638AE]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
? C:\WINDOWS\System32\Drivers\SPTD1245.SYS Le processus ne peut pas accéder au fichier car ce fichier est utilisé par un autre processus.
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF6782510]

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 00, 15, 00]
.text C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
.text C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 00, 15, 00]
.text C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
.text C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 01, 15, 00]
.text C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
.text C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B91EB1A
.text C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
.text C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 02, 15, 00]
.text C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
.text C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 01, 15, 00]
.text C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
.text C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 02, 15, 00]
.text C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
.text C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B91EB8B
.text C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
.text C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 00, 15, 00]
.text C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
.text C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B91ECB9
.text C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
.text C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 01, 15, 00]
.text C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
.text C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 02, 15, 00]
.text C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3576] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F83BCDB2] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F83D271E] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F83BD3B2] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F83BD2B6] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F83BD482] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F83D2032] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F83BCF6E] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F83D1C76] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F83BCE06] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F83AFA32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F83AFB6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F83AFAF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F83B06CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F83B05A2] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F83D2864] sptd.sys
IAT \WINDOWS\system32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F83C1F78] sptd.sys
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F83D2864] sptd.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F83D1C76] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F83D1C82] sptd.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82AB7EB0

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom 8266E300

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 82AB86D0
Device \Driver\Ftdisk \Device\HarddiskVolume2 82AB86D0
Device \Driver\Cdrom \Device\CdRom0 82903870
Device \Driver\atapi \Device\Ide\IdePort0 [F8328B40] atapi.sys[unknown section] {MOV EAX, 0x82ab8338; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf83c4442; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-1b [F8328B40] atapi.sys[unknown section] {MOV EAX, 0x82ab8338; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf83c4442; RET }
Device \Driver\atapi \Device\Ide\IdePort1 [F8328B40] atapi.sys[unknown section] {MOV EAX, 0x82ab8338; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf83c4442; RET }
Device \Driver\atapi \Device\Ide\IdePort2 [F8328B40] atapi.sys[unknown section] {MOV EAX, 0x82ab8338; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf83c4442; RET }
Device \Driver\atapi \Device\Ide\IdePort3 [F8328B40] atapi.sys[unknown section] {MOV EAX, 0x82ab8338; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf83c4442; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-8 [F8328B40] atapi.sys[unknown section] {MOV EAX, 0x82ab8338; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf83c4442; RET }
Device \Driver\NetBT \Device\NetBt_Wins_Export 8243C6A0
Device \Driver\NetBT \Device\NetbiosSmb 8243C6A0

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Disk \Device\Harddisk0\DR0 82AB70E8

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Npfs \Device\NamedPipe 8252A280
Device \Driver\Ftdisk \Device\FtControl 82AB86D0
Device \Driver\NetBT \Device\NetBT_Tcpip_{1BF0BA87-9129-46D8-8E49-F080968FAF72} 8243C6A0
Device \FileSystem\Msfs \Device\Mailslot 827C2BE0
Device \FileSystem\Fastfat \Fat 8266E300

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Cdfs \Cdfs 828570E8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 -716554510
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1539707631
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 756851384
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\orange\jeux\Women\x2019s Murder Club\Uninstall.exe 2

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\DRVSTORE\hpf4200a_E7EAA61E164BFBDDC91BBD6CE28A51D38C4562F7\hpF4200a.cab 9865903 bytes
File C:\WINDOWS\system32\DRVSTORE\hpf4200a_E7EAA61E164BFBDDC91BBD6CE28A51D38C4562F7\hpF4200a.cat 121459 bytes
File C:\WINDOWS\system32\DRVSTORE\hpf4200a_E7EAA61E164BFBDDC91BBD6CE28A51D38C4562F7\hpf4200a.inf 23820 bytes
File C:\WINDOWS\system32\DRVSTORE\hpf4200a_E7EAA61E164BFBDDC91BBD6CE28A51D38C4562F7\hpzids01.dll 271704 bytes executable
File C:\WINDOWS\system32\DRVSTORE\hpf4200a_E7EAA61E164BFBDDC91BBD6CE28A51D38C4562F7\P3i2frww.cab 6829 bytes
File C:\WINDOWS\system32\DRVSTORE\hpof4200_s_512EC285D237602EBFD04DE1FE5F9769470B7E5F\drivers 0 bytes
File C:\WINDOWS\system32\DRVSTORE\hpof4200_s_512EC285D237602EBFD04DE1FE5F9769470B7E5F\drivers\dot4 0 bytes
File C:\WINDOWS\system32\DRVSTORE\hpof4200_s_512EC285D237602EBFD04DE1FE5F9769470B7E5F\drivers\dot4\Win2000 0 bytes
File C:\WINDOWS\system32\DRVSTORE\hpof4200_s_512EC285D237602EBFD04DE1FE5F9769470B7E5F\drivers\dot4\Win2000\difxapi.dll 309760 bytes executable
File C:\WINDOWS\system32\DRVSTORE\hpof4200_s_512EC285D237602EBFD04DE1FE5F9769470B7E5F\drivers\dot4\Win2000\hppldcoi.dll 372736 bytes executable
File C:\WINDOWS\system32\DRVSTORE\hpof4200_s_512EC285D237602EBFD04DE1FE5F9769470B7E5F\drivers\scanner 0 bytes
File C:\WINDOWS\system32\DRVSTORE\hpof4200_s_512EC285D237602EBFD04DE1FE5F9769470B7E5F\drivers\scanner\x32 0 bytes
File C:\WINDOWS\system32\DRVSTORE\hpof4200_s_512EC285D237602EBFD04DE1FE5F9769470B7E5F\drivers\scanner\x32\hpotscl6.dll 581632 bytes executable
File C:\WINDOWS\system32\DRVSTORE\hpof4200_s_512EC285D237602EBFD04DE1FE5F9769470B7E5F\drivers\scanner\x32\hpotsti1.dll 229376 bytes executable
File C:\WINDOWS\system32\DRVSTORE\hpof4200_s_512EC285D237602EBFD04DE1FE5F9769470B7E5F\drivers\scanner\x32\hpovst15.dll 303104 bytes executable
File C:\WINDOWS\system32\DRVSTORE\hpof4200_s_512EC285D237602EBFD04DE1FE5F9769470B7E5F\drivers\scanner\x32\hpowiax7.dll 729088 bytes executable
File C:\WINDOWS\system32\DRVSTORE\hpof4200_s_512EC285D237602EBFD04DE1FE5F9769470B7E5F\hpoF4200_sc.cat 15309 bytes
File C:\WINDOWS\system32\DRVSTORE\hpof4200_s_512EC285D237602EBFD04DE1FE5F9769470B7E5F\hpof4200_sc.inf 73846 bytes
File C:\WINDOWS\system32\DRVSTORE\hpzid413_F2DA46DE686A3E981420574C9735FC7A1D1CEC02\drivers\dot4 0 bytes

---- EOF - GMER 1.0.15 ----