Infecté par Virus Besoin d'aide SVP

Merci Lyonnais, je fais ça de suite.

Voici le rapport Vundo fix, par contre je ne peux pas scanner mon pc avec Bit defender car je n'ai pas internet explorer!! Que faire alors? Merci beacoup pour l'aide.


VundoFix V6.2.13

Checking Java version...

Sun Java not detected
Scan started at 11:46:34 11/01/2007

Listing files found while scanning....

C:\WINDOWS\system32\gnwigalj.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gnwigalj.exe
C:\WINDOWS\system32\gnwigalj.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.10

Scan started at 13:55:23 14/06/2007

Listing files found while scanning....

C:\windows\system32\gjllm.bak1
C:\WINDOWS\system32\gjllm.ini
C:\windows\system32\gojdkhcu.dll
C:\WINDOWS\system32\mlljg.dll
C:\WINDOWS\system32\opnlihg.dll
C:\windows\system32\qgbkahmm.exe
C:\windows\system32\tuvwvvv.dll

Beginning removal...

Attempting to delete C:\windows\system32\gjllm.bak1
C:\windows\system32\gjllm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\gjllm.ini
C:\WINDOWS\system32\gjllm.ini Has been deleted!

Attempting to delete C:\windows\system32\gojdkhcu.dll
C:\windows\system32\gojdkhcu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlljg.dll
C:\WINDOWS\system32\mlljg.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\opnlihg.dll
C:\WINDOWS\system32\opnlihg.dll Has been deleted!

Attempting to delete C:\windows\system32\qgbkahmm.exe
C:\windows\system32\qgbkahmm.exe Has been deleted!

Attempting to delete C:\windows\system32\tuvwvvv.dll
C:\windows\system32\tuvwvvv.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.10

Scan started at 17:11:34 14/06/2007

Listing files found while scanning....

C:\windows\system32\gjllm.bak1
C:\WINDOWS\system32\gjllm.ini
C:\WINDOWS\system32\mlljg.dll
C:\windows\system32\nnnnnmj.dll

Beginning removal...

Attempting to delete C:\windows\system32\gjllm.bak1
C:\windows\system32\gjllm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\gjllm.ini
C:\WINDOWS\system32\gjllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlljg.dll
C:\WINDOWS\system32\mlljg.dll Could not be deleted.

Attempting to delete C:\windows\system32\nnnnnmj.dll
C:\windows\system32\nnnnnmj.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\mlljg.dll
C:\WINDOWS\system32\mlljg.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.10

Scan started at 18:52:36 14/06/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...

Ok merci à tout de suite

Lyonnais, j'ai fais le scan, nettoyer, mais impossible de trouver les fichiers demandés dans system32, ont ils disparus????

Re Bonjour à toi! Merci de continuer à m'aider dans cet enfer!!! Je fais de suite les manips demandées.

voici le rapport Navilog:

Search Navipromo version 2.0.3 commencé le 15/06/2007 à 12:07:32,15

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***




*** Recherche dossiers dans C:\WINDOWS ***




*** Recherche dossiers dans C:\Program Files ***




*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\Admin\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1061.

[+] Started on 06/15/07 at 12:07:38.
[-] ERROR: F-Secure BlackLight could not acquire debug privileges.
[+] Exited on 06/15/07 at 12:07:38 (return code = 3).


*** Recherche fichiers ***




*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



Recherche Clé Magic Control



*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

C:\WINDOWS\system32\gjjlm.bak1 trouvé ! infection Vundo possible non traité par cet outil !
C:\WINDOWS\system32\srutv.bak1 trouvé ! infection Vundo possible non traité par cet outil !

2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********


*** Analyse Terminé le 15/06/2007 à 12:08:36,15 ***

RAPPORT DIAGHELP:

DiagHelp version v1.1.1 - http://www.malekal.com
excute le 15/06/2007 à 12:12:56,45


Liste des derniers fichies modifies/crees dans windir\system32
C:\WINDOWS\System32/drivers\fwdrv.err -->14/06/2007 21:02:46
C:\WINDOWS\System32/drivers\fsndis5.sys -->28/05/2007 11:16:30
C:\WINDOWS\System32/drivers\fsdfw.sys -->28/05/2007 11:16:28
C:\WINDOWS\System32/drivers\aswmon.sys -->30/04/2007 17:41:55
C:\WINDOWS\System32/drivers\aswmon2.sys -->30/04/2007 17:41:42
C:\WINDOWS\System32/drivers\khips.sys -->26/04/2007 10:21:34
C:\WINDOWS\System32/drivers\fwdrv.sys -->26/04/2007 10:21:30

C:\WINDOWS\System32\srutv.ini -->15/06/2007 12:12:57
C:\WINDOWS\System32\PerfStringBackup.INI -->15/06/2007 11:35:29
C:\WINDOWS\System32\perfh00C.dat -->15/06/2007 11:35:29
C:\WINDOWS\System32\perfh009.dat -->15/06/2007 11:35:29
C:\WINDOWS\System32\perfc00C.dat -->15/06/2007 11:35:29
C:\WINDOWS\System32\perfc009.dat -->15/06/2007 11:35:29
C:\WINDOWS\System32\tgoqaguw.ini -->15/06/2007 11:29:34
C:\WINDOWS\System32\wugaqogt.dll -->15/06/2007 11:29:22
C:\WINDOWS\System32\srutv.bak1 -->15/06/2007 11:29:21
C:\WINDOWS\System32\vturs.dll -->15/06/2007 11:29:15
C:\WINDOWS\System32\wpa.dbl -->15/06/2007 11:24:11
C:\WINDOWS\System32\nvapps.xml -->15/06/2007 11:24:05
C:\WINDOWS\System32\jjkkj.ini -->15/06/2007 11:20:30
C:\WINDOWS\System32\rnvotvnc.ini -->15/06/2007 00:59:25
C:\WINDOWS\System32\CONFIG.NT -->15/06/2007 00:21:42
C:\WINDOWS\System32\cnvtovnr.dll -->15/06/2007 00:11:30
C:\WINDOWS\System32\yeifvumi.ini -->15/06/2007 00:05:42
C:\WINDOWS\System32\imuvfiey.dll -->14/06/2007 22:55:49
C:\WINDOWS\System32\fshictkb.ini -->14/06/2007 22:55:20
C:\WINDOWS\System32\dvtktfaj.ini -->14/06/2007 22:55:01
C:\WINDOWS\System32\jaftktvd.dll -->14/06/2007 22:54:31
C:\WINDOWS\System32\mcrh.tmp -->14/06/2007 22:54:25
C:\WINDOWS\System32\ClickToFindandFixErrors_Intl.ico -->14/06/2007 22:54:10
C:\WINDOWS\System32\sysmon32.exe -->14/06/2007 22:50:51
C:\WINDOWS\System32\fdkwtmxd.ini -->14/06/2007 22:46:22

C:\WINDOWS\lexstat.ini -->15/06/2007 11:53:12
C:\WINDOWS\setupapi.log -->15/06/2007 11:39:09
C:\WINDOWS\fsinstaller.log -->15/06/2007 11:37:02
C:\WINDOWS\ih8.config.xml.log -->15/06/2007 11:37:01
C:\WINDOWS\UNINPLUG.log -->15/06/2007 11:36:01
C:\WINDOWS\RunSetup.log -->15/06/2007 11:36:01
C:\WINDOWS\HELPINST.LOG -->15/06/2007 11:36:01
C:\WINDOWS\FSSYSUPD.LOG -->15/06/2007 11:36:01
C:\WINDOWS\FSSSINST.log -->15/06/2007 11:36:01
C:\WINDOWS\FSSFM.log -->15/06/2007 11:36:01
C:\WINDOWS\FSSETUP.log -->15/06/2007 11:36:01
C:\WINDOWS\FSSCINST.log -->15/06/2007 11:36:01
C:\WINDOWS\FSPSINST.LOG -->15/06/2007 11:36:01
C:\WINDOWS\FSPROD.log -->15/06/2007 11:36:01
C:\WINDOWS\fsmainst.log -->15/06/2007 11:36:01


Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 844F-BBEF

Répertoire de C:\WINDOWS\system

10/09/1999 12:06 4 672 WOWPOST.EXE
1 fichier(s) 4 672 octets
0 Rép(s) 16 463 073 280 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 844F-BBEF

Répertoire de C:\WINDOWS\system32

19/08/2004 16:09 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 16 463 073 280 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 844F-BBEF

Répertoire de C:\WINDOWS\Downloaded Program Files

15/06/2007 11:44 <REP> .
15/06/2007 11:44 <REP> ..
05/06/2007 16:36 196 608 ascstubie.dll
05/06/2007 15:54 395 ascstubie.inf
24/08/2006 08:28 141 424 asinst.dll
22/08/2006 09:06 537 asinst.inf
28/03/2007 10:06 541 ca.pub
15/06/2007 11:44 111 331 daas.log
07/05/2007 16:38 500 120 daas_s.dll
14/10/2006 17:27 65 desktop.ini
25/07/2002 19:13 24 576 dwusplay.dll
25/07/2002 19:13 196 608 dwusplay.exe
07/05/2007 16:39 192 920 fsauc.dll
07/05/2007 16:39 254 360 fscax.dll
13/04/2007 15:52 482 fscax.inf
10/06/2005 11:44 417 792 isusweb.dll
08/08/2006 11:45 576 kavwebscan.inf
23/04/2007 12:48 7 168 libcomm.dll
16 fichier(s) 2 045 503 octets

Total des fichiers listés :
16 fichier(s) 2 045 503 octets
2 Rép(s) 16 463 069 184 octets libres

Recherche de rootkit! (Merci S!Ri)
[b]xpdx présent[/b] Possible infection Rustock, l'utilisation d'un scanneur rootkit est recommandé

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Documents and Settings\\Admin\\Application Data\\U3\\0000060420109041\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\Skype.exe"="C:\\Documents and Settings\\Admin\\Application Data\\U3\\0000060420109041\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\Skype.exe:*:Enabled:Skype"
"C:\\DOCUME~1\\Admin\\LOCALS~1\\Temp\\win261.tmp.exe"="C:\\DOCUME~1\\Admin\\LOCALS~1\\Temp\\win261.tmp.exe:*:Enabled:win261.tmp"
"C:\\WINDOWS\\system32\\cmdklejt.exe"="C:\\WINDOWS\\system32\\cmdklejt.exe:*:Enabled:Server"
"C:\\WINDOWS\\system32\\ghupjfno.exe"="C:\\WINDOWS\\system32\\ghup"
"C:\\WINDOWS\\system32\\rdlljvue.exe"="C:\\WINDOWS\\system32\\rdlljvue.exe:*:Enabled:Server"
"C:\\WINDOWS\\TEMP\\win28B.tmp.exe"="C:\\WINDOWS\\TEMP\\win28B.tmp.exe:*:Enabled:win28B.tmp"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\cmdklejt.exe"="C:\\WINDOWS\\system32\\cmdklejt.exe:*:Enabled:Server"
"C:\\WINDOWS\\system32\\rdlljvue.exe"="C:\\WINDOWS\\system32\\rdlljvue.exe:*:Enabled:Server"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

Rechercher adresses sensibles dans le fichier HOSTS...



catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-15 12:13:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden files ...

scan completed successfully
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
236 - explorer.exe
348 - rundll32.exe
356 - svchost.exe
380 - guard.exe
444 - nvsvc32.exe
472 - kpf4gui.exe
504 - lxbkbmon.exe
528 - GoogleUpdaterSe
764 - kpf4ss.exe
784 - csrss.exe
824 - winlogon.exe
868 - services.exe
880 - lsass.exe
1032 - svchost.exe
1092 - svchost.exe
1184 - svchost.exe
1360 - fsgk32.exe
1388 - xcommsvr.exe
1628 - lxbkbmgr.exe
1656 - apdproxy.exe
1792 - LEXPPS.EXE
1800 - spoolsv.exe
1904 - RTHDCPL.exe
1936 - MediaDetect.exe
1948 - qttask.exe
2040 - rundll32.exe
2124 - fssm32.exe
2156 - IEXPLORE.EXE
2456 - lolgrmra.exe
2556 - smgr.exe
2652 - NMBgMonitor.exe
2768 - alg.exe
2972 - NkbMonitor.exe
2992 - NMIndexStoreSvr
3000 - GoogleUpdater.e
3044 - soffice.bin
3240 - fssm32.exe
3304 - kpf4gui.exe
3460 - firefox.exe
3632 - cmd.exe
3648 - fsgk32.exe
3748 - IEXPLORE.EXE
3812 - pando.exe

Total number of processes = 44
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806CE000 - \WINDOWS\system32\hal.dll
F7ADB000 - \WINDOWS\system32\KDCOM.DLL
F79EB000 - \WINDOWS\system32\BOOTVID.dll
F74BA000 - imagesrv.sys
F748B000 - ACPI.sys
F7ADD000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS
F747A000 - pci.sys
F75DB000 - isapnp.sys
F7BA3000 - pciide.sys
F785B000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F75EB000 - MountMgr.sys
F745B000 - ftdisk.sys
F7ADF000 - dmload.sys
F7435000 - dmio.sys
F7863000 - PartMgr.sys
F75FB000 - VolSnap.sys
F741D000 - atapi.sys
F7404000 - nvata.sys
F7AE1000 - imagedrv.sys
F73EC000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
F760B000 - disk.sys
F761B000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F73CC000 - fltMgr.sys
F73BA000 - sr.sys
F786B000 - PxHelp20.sys
F73A3000 - KSecDD.sys
F7316000 - Ntfs.sys
F72E9000 - NDIS.sys
F72CE000 - Mup.sys
F76EB000 - \SystemRoot\system32\DRIVERS\AmdK8.sys
F64FE000 - \SystemRoot\system32\DRIVERS\serial.sys
F7266000 - \SystemRoot\system32\DRIVERS\serenum.sys
F7943000 - \SystemRoot\system32\DRIVERS\irsir.sys
F7262000 - \SystemRoot\system32\DRIVERS\irenum.sys
F64EA000 - \SystemRoot\system32\DRIVERS\parport.sys
F76FB000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F794B000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F7953000 - \SystemRoot\system32\DRIVERS\usbohci.sys
F64C7000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F795B000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F770B000 - \SystemRoot\system32\DRIVERS\imapi.sys
F7963000 - \SystemRoot\system32\drivers\pfc.sys
F771B000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F772B000 - \SystemRoot\system32\DRIVERS\redbook.sys
F64A4000 - \SystemRoot\system32\DRIVERS\ks.sys
F647F000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys
F773B000 - \SystemRoot\system32\DRIVERS\nvnetbus.sys
F637A000 - \SystemRoot\system32\DRIVERS\NVNRM.SYS
F6327000 - \SystemRoot\system32\DRIVERS\NVSNPU.SYS
F5F68000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys
F5F54000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F7CD8000 - \SystemRoot\system32\DRIVERS\audstub.sys
F796B000 - \SystemRoot\system32\DRIVERS\rasirda.sys
F7973000 - \SystemRoot\system32\DRIVERS\TDI.SYS
F774B000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F7A9F000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F5F3D000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F775B000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F776B000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F5F2C000 - \SystemRoot\system32\DRIVERS\psched.sys
F777B000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F797B000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F7983000 - \SystemRoot\system32\DRIVERS\raspti.sys
F5EFB000 - \SystemRoot\system32\DRIVERS\rdpdr.sys
F778B000 - \SystemRoot\system32\DRIVERS\termdd.sys
F798B000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F7B0F000 - \SystemRoot\system32\DRIVERS\swenum.sys
F5EC7000 - \SystemRoot\system32\DRIVERS\update.sys
F7AB7000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F77BB000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F780B000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F7B21000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F764B000 - \SystemRoot\system32\DRIVERS\NVENETFD.sys
F2625000 - \SystemRoot\system32\drivers\RtkHDAud.sys
F2603000 - \SystemRoot\system32\drivers\portcls.sys
F765B000 - \SystemRoot\system32\drivers\drmk.sys
F7B47000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7C7F000 - \SystemRoot\System32\Drivers\Null.SYS
F7B49000 - \SystemRoot\System32\Drivers\Beep.SYS
F7C80000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys
F3549000 - \??\C:\WINDOWS\system32\xpdx.sys
F78F3000 - \SystemRoot\System32\drivers\vga.sys
F7B4B000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7B4D000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F1CA0000 - \SystemRoot\system32\drivers\fwdrv.sys
F78FB000 - \SystemRoot\System32\Drivers\Msfs.SYS
F7903000 - \SystemRoot\System32\Drivers\Npfs.SYS
F726A000 - \SystemRoot\system32\DRIVERS\rasacd.sys
F1C3D000 - \SystemRoot\system32\DRIVERS\ipsec.sys
F1BE5000 - \SystemRoot\system32\DRIVERS\tcpip.sys
F1BBD000 - \SystemRoot\system32\DRIVERS\netbt.sys
F1B9B000 - \SystemRoot\System32\drivers\afd.sys
F3539000 - \SystemRoot\system32\DRIVERS\netbios.sys
F1AD0000 - \SystemRoot\system32\DRIVERS\rdbss.sys
F1A39000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
F1A28000 - \SystemRoot\system32\drivers\khips.sys
F1A07000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F3519000 - \SystemRoot\system32\DRIVERS\wanarp.sys
F3509000 - \SystemRoot\System32\Drivers\Fips.SYS
F7C9C000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
EEC4C000 - \SystemRoot\system32\DRIVERS\hidusb.sys
F1B5B000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
F1C60000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
EEBD4000 - \SystemRoot\system32\DRIVERS\usbscan.sys
EEBA8000 - \SystemRoot\system32\DRIVERS\usbprint.sys
EEBD0000 - \SystemRoot\system32\DRIVERS\mouhid.sys
B44FB000 - \SystemRoot\System32\Drivers\Cdfs.SYS
B3823000 - \SystemRoot\System32\Drivers\dump_nvata.sys
EEC42000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
B41CC000 - \SystemRoot\System32\drivers\Dxapi.sys
B4545000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F04F2000 - \SystemRoot\System32\drivers\dxgthk.sys
BABBE000 - \SystemRoot\system32\DRIVERS\STREAM.SYS
B41C8000 - \SystemRoot\system32\DRIVERS\NVxbar.sys
BF9D5000 - \SystemRoot\System32\nv4_disp.dll
B30AC000 - \SystemRoot\system32\DRIVERS\irda.sys
F72A2000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
B2809000 - \SystemRoot\system32\drivers\wdmaud.sys
F20B0000 - \SystemRoot\system32\drivers\sysaudio.sys
F7B5F000 - \SystemRoot\System32\Drivers\ParVdm.SYS
B2826000 - \SystemRoot\System32\Drivers\Aspi32.SYS
B2638000 - \SystemRoot\System32\Drivers\HTTP.sys
B2596000 - \SystemRoot\system32\DRIVERS\srv.sys
B2576000 - \SystemRoot\system32\DRIVERS\nvcap.sys
B2564000 - \??\C:\WINDOWS\system32\drivers\PfModNT.sys
F1AB8000 - \SystemRoot\System32\drivers\ws2ifsl.sys
AEBB1000 - \??\C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys
AEAFC000 - \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys
F1050000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 132

Liste des programmes installes

a-squared Free 2.0
Adobe Acrobat 5.0
Adobe Flash Player Plugin
Adobe Photoshop 7.0
Adobe Reader 7.0.8
Adobe SVG Viewer 3.0
Adobe® Photoshop® Album Starter Edition 3.0
Apple Software Update
Archiveur WinRAR
AVG Anti-Spyware 7.5
AviSynth 2.5
Bink and Smacker
BitDefender Free Edition
Capture NX
CCleaner (remove only)
CDex extraction audio
Compel Adaptec WinASPI
Corel Photo Album 6
Correctif pour Windows XP (KB935448)
Creative MediaSource
DFX 8 for Windows Media Player
DVD Shrink 3.2
DVD Solution
EasyCleaner
F-Secure Anti-Virus
ffdshow
FirmTools Panorama Composer
FLV Player 1.3.3
Google Earth
HijackThis 1.99.1
Hijackthis Version Française
Hotfix for Windows Media Format 11 SDK (KB929399)
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 2.77 Full
Kaspersky Online Scanner
Lecteur Windows Media 11
Lexmark X1100 Series
LG ODD Auto Firmware Update
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Mise à jour de sécurité pour Windows XP (KB918118)
Mise à jour de sécurité pour Windows XP (KB924667)
Mise à jour de sécurité pour Windows XP (KB925902)
Mise à jour de sécurité pour Windows XP (KB926436)
Mise à jour de sécurité pour Windows XP (KB927779)
Mise à jour de sécurité pour Windows XP (KB927802)
Mise à jour de sécurité pour Windows XP (KB928090)
Mise à jour de sécurité pour Windows XP (KB928255)
Mise à jour de sécurité pour Windows XP (KB928843)
Mise à jour de sécurité pour Windows XP (KB929123)
Mise à jour de sécurité pour Windows XP (KB929969)
Mise à jour de sécurité pour Windows XP (KB930178)
Mise à jour de sécurité pour Windows XP (KB931261)
Mise à jour de sécurité pour Windows XP (KB931768)
Mise à jour de sécurité pour Windows XP (KB931784)
Mise à jour de sécurité pour Windows XP (KB932168)
Mise à jour de sécurité pour Windows XP (KB933566)
Mise à jour de sécurité pour Windows XP (KB935839)
Mise à jour de sécurité pour Windows XP (KB935840)
Mise à jour pour Windows XP (KB927891)
Mise à jour pour Windows XP (KB929338)
Mise à jour pour Windows XP (KB930916)
Mise à jour pour Windows XP (KB931836)
Mozilla Firefox (2.0.0.4)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
Multi Media France Toolbar
Multimedia Launcher
muvee autoProducer 3.5 magicMoments
Navilog1 Version 2.0.3
NEF Thumbnail Updater
NeoDivx Suite
Nero 7 Premium
Neuf - Kit de connexion
Nikon FotoShare
Nikon Message Center
NVIDIA Drivers
NVIDIA WDM Drivers
OpenOffice.org 2.0
Outerinfo
Outil de mise à jour Google
Panda ActiveScan
Panda TotalScan
Pando
PictureProject
PowerDVD
PowerProducer
QuickTime
RealPlayer
Realtek High Definition Audio Driver
RegistryFix v5.5
Replay Converter 2.20
Sonic Foundry Sound Forge 6.0d
Spybot - Search & Destroy 1.4
Studio 8
Sunbelt Personal Firewall
SUPER © Version 2007.bld.22 (Mar 14, 2007)
THOMSON mp3PRO Audio Player
Transcribe!
Trust WB-1400T Webcam
Trust WB-1400T Webcam
Video mp3 Extractor
VirusTotal Uploader
WebFldrs XP
Winamp (remove only)
Windows Genuine Advantage Notifications (KB905474)
Windows Live Messenger
Windows Live Toolbar
Yahoo! Toolbar
YouTUBE (TM) movie downloader



Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 844F-BBEF

Répertoire de C:\Program Files

15/06/2007 12:04 <REP> .
15/06/2007 12:04 <REP> ..
06/12/2006 21:27 <REP> Adobe
01/12/2006 22:36 <REP> Ahead
15/06/2007 00:20 <REP> Alwil Software
15/02/2007 16:54 <REP> Apple Software Update
05/11/2006 18:48 <REP> a-squared Free
04/05/2007 21:03 <REP> AviSynth 2.5
26/11/2006 18:37 <REP> BitTorrent
07/04/2007 11:20 <REP> Cacheman
11/06/2007 07:26 <REP> Capture NX
01/06/2007 11:56 <REP> CCleaner
25/12/2006 18:16 <REP> CDex_150
14/06/2007 22:43 <REP> Common Files
14/10/2006 17:24 <REP> ComPlus Applications
07/12/2006 14:12 <REP> Corel
03/01/2007 13:15 <REP> Creative
07/11/2006 20:31 <REP> CyberLink
16/11/2006 14:13 <REP> CyberLink DVD Solution
07/11/2006 20:11 <REP> DFX
15/10/2006 14:31 <REP> DVD Shrink
03/04/2007 10:46 <REP> eRightSoft
04/05/2007 15:18 <REP> ffdshow
29/03/2005 07:26 3 608 064 ffmpeg.exe
15/06/2007 00:41 <REP> Fichiers communs
26/10/2006 17:57 <REP> FirmTools
29/05/2007 00:30 <REP> FLVPlayer
15/06/2007 11:37 <REP> F-Secure Internet Security
11/06/2007 16:03 <REP> Google
12/05/2007 14:32 15 714 552 Google_Earth_BZXE.exe
11/01/2007 12:49 <REP> Grisoft
15/06/2007 00:31 <REP> Hijackthis Version Française
29/03/2007 13:08 <REP> hugin
14/06/2007 03:00 <REP> Internet Explorer
11/05/2007 14:42 <REP> Java
14/06/2007 18:39 <REP> Kerio
28/10/2006 21:22 <REP> K-Lite Codec Pack
25/12/2006 17:59 <REP> lang
14/06/2007 22:40 <REP> Lavasoft
19/10/2006 21:34 <REP> Lexmark X1100 Series
15/06/2007 11:24 <REP> lg_fwupdate
25/12/2006 18:01 <REP> LocalCDDB
04/01/2007 15:36 <REP> microsoft frontpage
04/05/2007 19:01 <REP> movie maker
14/06/2007 22:14 <REP> Mozilla Firefox
14/10/2006 17:28 <REP> msn gaming zone
31/10/2006 09:40 <REP> MSN Messenger
06/12/2006 21:24 <REP> MSXML 4.0
20/10/2006 11:22 <REP> Musicmatch
07/11/2006 19:59 <REP> muvee Technologies
11/06/2007 08:00 <REP> MySpace
15/06/2007 12:07 <REP> Navilog1
15/10/2006 11:45 <REP> Nero
14/10/2006 17:25 <REP> NetMeeting
29/10/2006 20:51 <REP> Neuf
14/04/2007 20:59 <REP> Nikon
19/10/2006 21:34 <REP> OpenOffice.org 2.0
14/06/2007 22:43 <REP> Outerinfo
14/06/2007 03:00 <REP> Outlook Express
30/05/2007 15:48 <REP> Pando Networks
12/11/2006 18:50 <REP> Pinnacle
12/11/2006 18:53 <REP> Pinnacle Studio
25/12/2006 17:59 <REP> Plugins
15/02/2007 16:55 <REP> QuickTime
27/04/2007 17:22 <REP> RADVideo
15/03/2006 00:15 206 readme.txt
18/03/2007 14:09 <REP> Real
01/12/2006 22:05 <REP> Realtek
07/06/2007 23:27 <REP> RegistryFix
07/04/2007 11:20 <REP> RegistryFix(2)
04/05/2007 18:48 <REP> Replay Converter
28/12/2006 23:03 <REP> RM-X Player V4
14/10/2006 17:26 <REP> Services en ligne
13/04/2007 11:22 <REP> SlySoft
21/10/2006 11:21 <REP> Softwin
30/05/2007 19:03 <REP> Sonic Foundry
30/05/2007 19:03 <REP> Sonic Foundry Setup
07/04/2007 11:20 <REP> Spybot - Search & Destroy
14/06/2007 18:43 <REP> Sunbelt Software
03/11/2006 21:30 <REP> Tech
20/10/2006 13:18 <REP> THOMSON mp3PRO Audio Player
19/10/2006 20:11 <REP> ToniArts
19/10/2006 21:34 <REP> Transcribe
15/04/2003 12:36 727 552 Transcribe.exe
15/10/2006 17:24 <REP> Trust
16/10/2006 15:00 <REP> Ulead Systems
01/10/2004 16:00 40 960 Uninstall_CDS.exe
29/03/2007 12:55 <REP> Video mp3 Extractor
14/10/2006 18:10 <REP> VideoLAN
14/06/2007 21:12 <REP> VirusTotalUploader
17/11/2006 13:21 <REP> VSO
13/06/2007 11:58 <REP> Winamp
04/05/2007 15:23 <REP> WinASPI
04/05/2007 18:48 <REP> Windows Media Connect 2
21/12/2006 00:38 <REP> Windows Media Player
14/10/2006 17:28 <REP> Windows NT
07/11/2006 16:12 <REP> WinRAR
14/10/2006 17:28 <REP> xerox
07/04/2007 11:20 <REP> xp-AntiSpy
5 fichier(s) 20 091 334 octets
94 Rép(s) 16 463 011 840 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 844F-BBEF

Répertoire de C:\Program Files\fichiers communs

15/06/2007 00:41 <REP> .
15/06/2007 00:41 <REP> ..
18/01/2007 21:42 <REP> ACD Systems
06/12/2006 21:27 <REP> Adobe
01/12/2006 22:39 <REP> Ahead
07/12/2006 14:12 <REP> Corel
07/12/2006 14:12 <REP> InstallShield
11/05/2007 14:41 <REP> Java
04/01/2007 15:36 <REP> Microsoft Shared
14/10/2006 17:25 <REP> MSSoap
07/11/2006 19:59 <REP> muvee Technologies
14/04/2007 20:59 <REP> Nikon
14/10/2006 19:21 <REP> ODBC
19/10/2006 21:34 <REP> PCCamera
18/03/2007 14:09 <REP> Real
14/10/2006 17:25 <REP> Services
21/10/2006 11:21 <REP> Softwin
14/10/2006 19:21 <REP> SpeechEngines
31/10/2006 12:14 <REP> SWF Studio
14/06/2007 03:00 <REP> System
07/11/2006 20:11 <REP> Wise Installation Wizard
18/03/2007 14:09 <REP> xing shared
21/10/2006 11:25 <REP> {344FBBEF-08A3-1036-0602-060816060021}
30/10/2006 18:08 <REP> {844FBBEF-08A3-1036-0602-060816060021}
0 fichier(s) 0 octets
24 Rép(s) 16 463 011 840 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 844F-BBEF

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

14/06/2007 19:27 <REP> .
14/06/2007 19:27 <REP> ..
18/05/2001 15:57 561 209 MSONSEXT.DLL
03/06/1999 12:09 122 937 MSOWS409.DLL
07/03/2001 07:00 127 033 MSOWS40c.DLL
3 fichier(s) 811 179 octets
2 Rép(s) 16 463 007 744 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 844F-BBEF

Répertoire de C:\Program Files\common files

14/06/2007 22:43 <REP> .
14/06/2007 22:43 <REP> ..
15/06/2007 00:39 <REP> ?dobe
0 fichier(s) 0 octets
3 Rép(s) 16 463 007 744 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 844F-BBEF

Répertoire de C:\

12/05/2007 18:22 68 096 diff.exe
12/05/2007 18:22 103 424 grep.exe
28/10/2006 12:43 48 128 psa30se_fr_fr.exe
25/10/2006 22:59 762 512 ytb612_efgsip.exe
4 fichier(s) 982 160 octets
0 Rép(s) 16 463 007 744 octets libres
c:\Documents and Settings\Admin\.housecall6.6\getMac.exe
c:\Documents and Settings\Admin\.housecall6.6\patch.exe
c:\Documents and Settings\Admin\.housecall6.6\tsc.exe
c:\Documents and Settings\Admin\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\ARPPRODUCTICON.exe
c:\Documents and Settings\Admin\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
c:\Documents and Settings\Admin\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
c:\Documents and Settings\Admin\Application Data\Microsoft\Installer\{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}\UNINST_Uninstall_G_3DE5E7D47B88403CA3FD2017A8240C5B.exe
c:\Documents and Settings\Admin\Application Data\Microsoft\Installer\{93B8FF8A-E569-459F-BCF4-F17696799324}\ARPPRODUCTICON.exe
c:\Documents and Settings\Admin\Application Data\Microsoft\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\ARPPRODUCTICON.exe
c:\Documents and Settings\Admin\Application Data\Microsoft\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut1_E659E0EE10E649B7869660F38D0EB174.exe
c:\Documents and Settings\Admin\Application Data\Microsoft\Installer\{BFD080F6-3BF0-40E1-9507-9CA969C35870}\NewShortcut2_8315396A5EA1419DBEC4978284BDF556.exe
c:\Documents and Settings\Admin\Application Data\MySpace\IM\Install\MSIMClientSetup.1.0.697.0-static-fr.exe
c:\Documents and Settings\Admin\Application Data\U3\temp\cleanup.exe
c:\Documents and Settings\Admin\Bureau\avast_avast_4.7.1001_francais_anglais_11113.exe
c:\Documents and Settings\Admin\Bureau\Everest Poker.exe
c:\Documents and Settings\Admin\Bureau\fs2007sp1.exe
c:\Documents and Settings\Admin\Bureau\Navilog1.exe
c:\Documents and Settings\Admin\Bureau\OTMoveIt.exe
c:\Documents and Settings\Admin\Bureau\setupfre(2).exe
c:\Documents and Settings\Admin\Bureau\setupfre(3).exe
c:\Documents and Settings\Admin\Bureau\setupfre.exe
c:\Documents and Settings\Admin\Bureau\tapette.exe
c:\Documents and Settings\Admin\Bureau\VirtumundoBeGone(2).exe
c:\Documents and Settings\Admin\Bureau\vtsetup.exe
c:\Documents and Settings\Admin\Bureau\VundoFix.exe
c:\Documents and Settings\Admin\Bureau\clean\pskill.exe
c:\Documents and Settings\Admin\Bureau\clean\clean\pskill.exe
c:\Documents and Settings\Admin\Bureau\clean(3)\clean\pskill.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\Admin\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\Admin\Bureau\NETTOYAGE\ccsetup140.exe
c:\Documents and Settings\Admin\Bureau\NETTOYAGE\HijackThisFR.exe
c:\Documents and Settings\Admin\Bureau\NETTOYAGE\WindowsXP-KB935448-x86-FRA.exe
c:\Documents and Settings\Admin\Local Settings\Temp\1020265.exe
c:\Documents and Settings\Admin\Local Settings\Temp\107671.exe
c:\Documents and Settings\Admin\Local Settings\Temp\1080562.exe
c:\Documents and Settings\Admin\Local Settings\Temp\1140671.exe
c:\Documents and Settings\Admin\Local Settings\Temp\1200812.exe
c:\Documents and Settings\Admin\Local Settings\Temp\1261015.exe
c:\Documents and Settings\Admin\Local Settings\Temp\167062.exe
c:\Documents and Settings\Admin\Local Settings\Temp\167875.exe
c:\Documents and Settings\Admin\Local Settings\Temp\227187.exe
c:\Documents and Settings\Admin\Local Settings\Temp\228515.exe
c:\Documents and Settings\Admin\Local Settings\Temp\287406.exe
c:\Documents and Settings\Admin\Local Settings\Temp\288609.exe
c:\Documents and Settings\Admin\Local Settings\Temp\347890.exe
c:\Documents and Settings\Admin\Local Settings\Temp\348750.exe
c:\Documents and Settings\Admin\Local Settings\Temp\408968.exe
c:\Documents and Settings\Admin\Local Settings\Temp\469046.exe
c:\Documents and Settings\Admin\Local Settings\Temp\529203.exe
c:\Documents and Settings\Admin\Local Settings\Temp\589218.exe
c:\Documents and Settings\Admin\Local Settings\Temp\649453.exe
c:\Documents and Settings\Admin\Local Settings\Temp\710734.exe
c:\Documents and Settings\Admin\Local Settings\Temp\778703.exe
c:\Documents and Settings\Admin\Local Settings\Temp\838859.exe
c:\Documents and Settings\Admin\Local Settings\Temp\899078.exe
c:\Documents and Settings\Admin\Local Settings\Temp\960109.exe
c:\Documents and Settings\Admin\Local Settings\Temp\GLB1A2B.EXE
c:\Documents and Settings\Admin\Local Settings\Temp\preconfig.exe
c:\Documents and Settings\Admin\Local Settings\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
c:\Documents and Settings\Admin\Local Settings\Temp\OnlineScanner\Anti-Virus\fssm32.exe
c:\Documents and Settings\Admin\Local Settings\Temp\Rar$EX00.797\kerio 4.2 - kerio.probb.fr .exe
c:\Documents and Settings\Admin\Local Settings\Temp\VSD51B.tmp\dotnetfx\dotnetchk.exe
c:\Documents and Settings\Admin\Local Settings\Temp\~nsu.tmp\Au_.exe
c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\0DI4OF8M\antzom[1].exe
c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\0DI4OF8M\FOYGq2JV9B[1].exe
c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\24866TPS\music_fr[1].exe
c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\24866TPS\NewMediaCodecInstaller[1].exe
c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\24866TPS\NewMediaCodecInstaller[2].exe
c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\24866TPS\NewMediaCodecInstaller[3].exe
c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\24866TPS\xc42[1].exe
c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\5LPG3DAY\anti4[1].exe
c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\5LPG3DAY\xc60[1].exe
c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\N0ELMDIP\kav6.0.2.621fr[1].exe
c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\N0ELMDIP\NewMediaCodecInstaller[1].exe
c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\N0ELMDIP\NewMediaCodecInstaller[2].exe
c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\N0ELMDIP\NewMediaCodecInstaller[3].exe
c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\N0ELMDIP\NewMediaCodecInstaller[4].exe
c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\N0ELMDIP\NewMediaCodecInstaller[5].exe
c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\N0ELMDIP\NewMediaCodecInstaller[6].exe
c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\N0ELMDIP\NewMediaCodecInstaller[7].exe
c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\N0ELMDIP\xc23[1].exe
c:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\N0ELMDIP\xzc37[1].exe
c:\Documents and Settings\Admin\NeoDivX Suite\NeoChat.exe
c:\Documents and Settings\Admin\NeoDivX Suite\NeoDivXSuite.exe
c:\Documents and Settings\Admin\NeoDivX Suite\NeoShrink.exe
c:\Documents and Settings\Admin\NeoDivX Suite\uninstall.exe
c:\Documents and Settings\Admin\NeoDivX Suite\InstallFile\Avisynth_256.exe
c:\Documents and Settings\Admin\NeoDivX Suite\InstallFile\Compel WinAspi.exe
c:\Documents and Settings\Admin\NeoDivX Suite\InstallFile\ffdshow-20060226.exe
c:\Documents and Settings\Admin\NeoDivX Suite\InstallFile\mmswitch.exe
c:\Documents and Settings\Admin\NeoDivX Suite\InstallFile\x264-468-install.exe
c:\Documents and Settings\Admin\NeoDivX Suite\InstallFile\XviD-1.1.0-30122005.exe
c:\Documents and Settings\Admin\NeoDivX Suite\Settings\VirtualDubMod\AuxSetup.exe
c:\Documents and Settings\Admin\NeoDivX Suite\Settings\VirtualDubMod\VirtualDubMod.exe
c:\Documents and Settings\All Users\Application Data\ctqbgngx.exe
c:\Documents and Settings\All Users\Application Data\lolgrmra.exe
c:\Documents and Settings\Admin\Application Data\Creative\Media Database\JetFileBackup\Expsrv.dll
c:\Documents and Settings\Admin\Application Data\Creative\Media Database\JetFileBackup\Msado15.dll
c:\Documents and Settings\Admin\Application Data\Creative\Media Database\JetFileBackup\Msadox.dll
c:\Documents and Settings\Admin\Application Data\Creative\Media Database\JetFileBackup\Msadrh15.dll
c:\Documents and Settings\Admin\Application Data\Creative\Media Database\JetFileBackup\Msjet40.dll
c:\Documents and Settings\Admin\Application Data\Creative\Media Database\JetFileBackup\Msjetoledb40.dll
c:\Documents and Settings\Admin\Application Data\Creative\Media Database\JetFileBackup\Msjint40.dll
c:\Documents and Settings\Admin\Application Data\Creative\Media Database\JetFileBackup\Msjro.dll
c:\Documents and Settings\Admin\Application Data\Creative\Media Database\JetFileBackup\Msjter40.dll
c:\Documents and Settings\Admin\Application Data\Creative\Media Database\JetFileBackup\Msjtes40.dll
c:\Documents and Settings\Admin\Application Data\Creative\Media Database\JetFileBackup\Mswstr10.dll
c:\Documents and Settings\Admin\Application Data\Creative\Media Database\JetFileBackup\vbajet32.dll
c:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\19l7prnl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
c:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\19l7prnl.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

****** Fin du rapport DiagHelp

Ok Chef, à tout de suite

Voilà les rapports:

************************* Rustock.b-fix v. 1.01 -- By ejvindh *************************
15/06/2007 16:33:26,92

******************* Pre-run Status of system *******************

Rootkit driver xpdx is found. Starting the unload-procedure....

Rustock.b-ADS attached to the System32-folder:
No streams found.

Looking for Rustock.b-files in the System32-folder:
system32\xpdx.sys FOUND!
attempting to delete xpdx.sys from system32-folder


******************* Post-run Status of system *******************

Rustock.b-driver on the system: NONE!

Rustock.b-ADS attached to the System32-folder:
No System32-ADS found.

Looking for Rustock.b-files in the System32-folder:
No Rustock.b-files found in system32


******************************* End of Logfile ********************************


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\nsblkcql

*******************

Script file located at: \??\C:\Documents and Settings\^hwniqxv.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver xpdx unloaded successfully.
Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.

En fait vous êtes deux! parce que j'ai mis ma demande en même temps sur CCM et Sur la Toile parce que je ne pensais pas avoir de réponses aussi rapides! Le truc c'est que vos infos sont complémentaire ça me permet donc d'essayer de résoudre ce foutu probleme de virus au plus rapide car je bosse toute la journée sur ordi est suis vraiment embeté par ces saloperies!!! Dis moi si ça te pose probleme? J'espère que tu comprends ma démarche du mec préssé!!!

Merci quand même!!! Tu peux comprendre que quand tu est dans l'urgence tu cherches à cumuler les avis!

Merci à toi et encore milles excuses!!!!

Lyonnais t'es toujours là? Je flippe parce que du coup j'ai aucune réponse de La Toile depuis un long moment est ce que eux aussi font la grève au opportunistes comme moi???? S'il sont en week end je suis dans la M... parce que je ne peux plus rien faire avec mon ordi et c'est mon outil de travail!! Je suis musicien et bosse jour et nuit sur pc.

Merci beacoup Lyonnais, je fais tout ça!

Lyonnais, j'ai bien télécharger CLEAN, mais impossible de le trouver en mode Sans Echec sur le bureau. Est ce que je fais la manip en mode normal?

Ok!

Ca y'est:

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Option 2, executee le 15/06/2007 a 22:41:03,73

Microsoft Windows XP [version 5.1.2600]

*** Suppression de fichiers sur C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\mcrh.tmp

tentative de suppression de "C:\Program Files\Everest Poker\"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !

Voilà le rapport:
Search Navipromo version 2.0.3 commencé le 15/06/2007 à 23:02:09,43

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 08.06.2007 a 17h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes ***




*** Recherche dossiers dans C:\WINDOWS ***




*** Recherche dossiers dans C:\Program Files ***




*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\Admin\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1061.

[+] Started on 06/15/07 at 23:02:14.
[-] ERROR: F-Secure BlackLight could not acquire debug privileges.
[+] Exited on 06/15/07 at 23:02:14 (return code = 3).


*** Recherche fichiers ***




*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]



Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]



Recherche Clé Magic Control



*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

C:\WINDOWS\system32\gjjlm.bak1 trouvé ! infection Vundo possible non traité par cet outil !

2)Recherche Heuristique :
*
**
***
****
*****
******
*******
********
C:\WINDOWS\system32\sysmon32.exe trouvé !


*** Analyse Terminé le 15/06/2007 à 23:02:47,56 ***

ok

Oui j'ai bien fais la manip dans l'ordre. J'ai bcp moins de plante qu'avant, mais AVST continue à m'alerter toutes les 30 sec. Le dernier message concerne un cheval de troie WIN32:Alphabet-B (Trj). Voici les rapports que tu m'as demandé:


VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.10

Scan started at 23:21:39 15/06/2007

Listing files found while scanning....

No infected files were found.

Logfile of HijackThis v1.99.1
Scan saved at 23:25:32, on 15/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\avp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Everest Poker\Everest Poker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.lexmark.com/index?page=productSelection&channel=supportAndDownloads&locale=en&userlocale=EN_US
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Usb Autorun.exe] G:\perso general\Usb Autorun.exe
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b46571f7735642b6a006a9a09d9ebee7
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b46571f7735642b6a006a9a09d9ebee7
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ghupjfno.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Yes

Désolé Lyonnais, je ne peux pas scanner avec Bit defender car ma version Windows et IE sont craquées!!!! Je sais que c'est pas bien mais que faire?

Je sais que c'est dangereux mais quand t'as pas de ronds....tu va au plus simple (et au plus risqué!!). Je fais les manips tout de suite.

Ca a l'air d'alller beacoup mieux, Avast n'as pas réagi à l'ouverture de la nouvelle session! Ca sent bon????
Voici les rapports:

SDFix: Version 1.87

Run by Admin on 15/06/2007 at 23:56

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\Admin\Bureau\SDFix

Safe Mode:
Checking Services:

Name:
NtmlSvc

ImagePath:
%SystemRoot%\System32\svchost.exe -k netsvcs

NtmlSvc - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service

Rebooting...


Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\avp.exe - Deleted
C:\WINDOWS\system32\sysmon32.exe - Deleted
C:\WINDOWS\wr.txt - Deleted



Removing Temp Files...

ADS Check:

Checking C:\WINDOWS\
C:\WINDOWS
No streams found.

Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.

Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Messenger"
"C:\\Documents and Settings\\Admin\\Application Data\\U3\\0000060420109041\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\Skype.exe"="C:\\Documents and Settings\\Admin\\Application Data\\U3\\0000060420109041\\0DE4F643-C398-46ec-9339-2362F2311932\\Exec\\Skype.exe:*:Enabled:Skype"
"C:\\DOCUME~1\\Admin\\LOCALS~1\\Temp\\win261.tmp.exe"="C:\\DOCUME~1\\Admin\\LOCALS~1\\Temp\\win261.tmp.exe:*:Enabled:win261.tmp"
"C:\\WINDOWS\\system32\\cmdklejt.exe"="C:\\WINDOWS\\system32\\cmdklejt.exe:*:Enabled:Server"
"C:\\WINDOWS\\system32\\ghupjfno.exe"="C:\\WINDOWS\\system32\\ghu"
"C:\\WINDOWS\\system32\\rdlljvue.exe"="C:\\WINDOWS\\system32\\rdlljvue.exe:*:Enabled:Server"
"C:\\WINDOWS\\TEMP\\win28B.tmp.exe"="C:\\WINDOWS\\TEMP\\win28B.tmp.exe:*:Enabled:win28B.tmp"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\system32\\cmdklejt.exe"="C:\\WINDOWS\\system32\\cmdklejt.exe:*:Enabled:Server"
"C:\\WINDOWS\\system32\\rdlljvue.exe"="C:\\WINDOWS\\system32\\rdlljvue.exe:*:Enabled:Server"

Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\Admin\Bureau\SDFix\backups\backups.zip

Listing Files with Hidden Attributes:

C:\Program Files\eRightSoft\SUPER\cygwin1.dll
C:\Program Files\eRightSoft\SUPER\cygz.dll
C:\Program Files\eRightSoft\SUPER\_Setup.dll
C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll
C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll
C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll
C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll
C:\WINDOWS\system32\AVSredirect.dll
C:\WINDOWS\system32\cygwin1.dll
C:\WINDOWS\system32\cygz.dll
C:\WINDOWS\system32\flvDX.dll
C:\WINDOWS\system32\msfDX.dll
C:\Program Files\eRightSoft\SUPER\Setup.exe
C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\cmdklejt.exe
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\contpzhk.exe
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\escsn.exe
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\ikern32.exe
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\rdlljvue.exe
C:\_OTMoveIt\MovedFiles\WINDOWS\system32\rdsruns.exe
C:\WINDOWS\system32\21DA97C73B.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp

Listing User Accounts:

comptes d'utilisateurs de \\XPSP2-DE3F4D660

Admin Administrateur ASPNET
HelpAssistant Invit‚ SUPPORT_388945a0
La commande s'est termin‚e correctement.


Finished

Logfile of HijackThis v1.99.1
Scan saved at 00:03:07, on 16/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://support.lexmark.com/index?page=productSelection&channel=supportAndDownloads&locale=en&userlocale=EN_US
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Usb Autorun.exe] G:\perso general\Usb Autorun.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PowerBar] "C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?b46571f7735642b6a006a9a09d9ebee7
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?b46571f7735642b6a006a9a09d9ebee7
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\ghupjfno.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)