Sujet Précédent Sujet Suivant

Nom de dossier générés automatiquement

Laena -  
 Laena -
Bonjour,

J'ai besoin de votre aide car je n'arrive pas à trouver d'information concernant mon probléme.

Depuis ce soir, j'ai une drole d'icone dans le menu contextuel (clic droit) devant "nouveau dossier" et quand je clique pour creer un nouveau dossier, j'ai un nom qui se genere automatiquement du style : "alouette" ou "dinde"... Je peux le renommer donc c pas trop grave.

C quoi ce bordel ??? Est-ce quelqu'un peut m'aider ???

Merci beaucoup.

5 réponses

Réponse 1 / 5
Utilisateur anonyme
 
Bonjour

Peux-tu faire ça pour y voir plus clair

Télécharge HijackThis :
---> http://www.trendsecure.com/portal/en-US/threat_analytics/HiJackThis_v2.exe

Installe le dans son propre dossier :
- clic droit sur le bureau, tu choisis "nouveau dossier" puis installe-le à l'intérieur.
Fais un clic droit sur Hijackthis, choisis "renommer" puis marque ceci : abcde.exe
Double-clic sur HijackThis. Clic sur "I Accept" puis clic sur "do a system scan and save logfile"
Puis copie et colle ici le rapport qu'il va te générer.

Démo pour HijackThis si besoin :
http://pageperso.aol.fr/balltrap34/demohijack.htm
0
Laena
 
Merci bcp, l'analyse A-SQUARED n'a rien donnée de pertinent, alors voici le resultat de HijackThis.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:34:43, on 16/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Ad-Aware 2007\aawservice.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Anne-Sophie\Bureau\Nouveau dossier\abcde.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://news.google.com/topstories?hl=fr&gl=FR&ceid=FR:fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
0
Réponse 2 / 5
Utilisateur anonyme
 
Pas de pare-feu mis à part celui de Windows ?

¤ Télécharge ce programme puis double clic dessus (ferme ton antivirus s'il te détecte quoi que ce soit)
http://www.suspectfile.com/systemscan/

* Coche uniquement ces cases, décoche tout le reste :

- Recent Files, 60 days
- Registry Run Key
- Loaded modules
- Hidden objects
- suspucious files

Puis clic sur scan now, soit patiente.
Une fois qu'il aura terminé, un rapport va s'ouvrir, copie et colle son contenu ici et vérifie qu'il soit bien en entier, si besoin crée deux messages.
0
Laena
 
Non effectivement pas de pare-feu autre que Windows, c'est vraiement necessaire ? Peut tu me conseiller eventuellement sur qq chose qui soit pas compliquer à parametrer ?

Voici le rapport :

SystemScan - www.suspectfile.com - ver. 3.1.2

Running on: Windows XP HOME Edition, Service Pack 2 (2600.5.1)
System directory: C:\WINDOWS

Date: 16/06/2007
Time: 22:45:45

Output limited to:
-Recent files
-Loaded Dlls
-Hidden objects
-Suspicious Files

===================== Recent files (60 days old)=====================

----- recent files in C:\
15/06/2007 17:32:43 0 byte 1 days old -- CONFIG.SYS
15/06/2007 17:32:43 0 byte 1 days old -- IO.SYS
15/06/2007 17:32:43 0 byte 1 days old -- MSDOS.SYS
15/06/2007 17:32:43 0 byte 1 days old -- AUTOEXEC.BAT
15/06/2007 17:38:39 (DIR) 0 byte 1 days old -- Documents and Settings
15/06/2007 17:49:32 32 byte 1 days old -- ticrdbus.log
15/06/2007 17:50:40 190 byte 1 days old -- syntp.log
15/06/2007 17:56:18 163 byte 1 days old -- setup.log
15/06/2007 17:57:35 165 byte 1 days old -- ivicre.log
15/06/2007 18:00:38 90 byte 1 days old -- chpst.log
15/06/2007 18:02:09 (DIR) 0 byte 1 days old -- Intel
15/06/2007 18:08:06 (DIR) 0 byte 1 days old -- SYSTEM.SAV
15/06/2007 18:21:56 175 byte 1 days old -- sedinst2.log
15/06/2007 18:22:01 161 byte 1 days old -- sedinst.log
15/06/2007 18:33:38 251712 byte 1 days old -- ntldr
15/06/2007 18:33:38 47564 byte 1 days old -- NTDETECT.COM
15/06/2007 18:41:33 216 byte 1 days old -- boot.ini
15/06/2007 18:50:08 (DIR) 0 byte 1 days old -- System Volume Information
15/06/2007 19:11:23 (DIR) 0 byte 1 days old -- RECYCLER
16/06/2007 18:27:08 (DIR) 0 byte 0 days old -- WINDOWS
16/06/2007 22:29:48 (DIR) 0 byte 0 days old -- Program Files
16/06/2007 22:31:45 754974720 byte 0 days old -- pagefile.sys
16/06/2007 22:45:45 (DIR) 0 byte 0 days old -- suspectfile

----- recent files in C:\WINDOWS\
15/06/2007 17:28:37 (DIR) 0 byte 1 days old -- Cursors
15/06/2007 17:29:30 36 byte 1 days old -- vb.ini
15/06/2007 17:29:30 37 byte 1 days old -- vbaddin.ini
15/06/2007 17:30:36 (DIR) 0 byte 1 days old -- PCHealth
15/06/2007 17:31:30 749 byte 1 days old -- WindowsShell.Manifest
15/06/2007 17:31:36 (DIR) 0 byte 1 days old -- Offline Web Pages
15/06/2007 17:32:27 (DIR) 0 byte 1 days old -- Registration
15/06/2007 17:32:32 4207 byte 1 days old -- ODBCINST.INI
15/06/2007 17:32:40 299552 byte 1 days old -- WMSysPrx.prx
15/06/2007 17:32:43 0 byte 1 days old -- control.ini
15/06/2007 17:32:55 (DIR) 0 byte 1 days old -- repair
15/06/2007 17:36:21 8192 byte 1 days old -- REGLOCS.OLD
15/06/2007 17:48:17 (DIR) 0 byte 1 days old -- tisdio
15/06/2007 17:49:22 (DIR) 0 byte 1 days old -- tiinst
15/06/2007 17:49:59 (DIR) 0 byte 1 days old -- OPTIONS
15/06/2007 17:51:17 (DIR) 0 byte 1 days old -- Drivers
15/06/2007 17:55:19 (DIR) 0 byte 1 days old -- RegisteredPackages
15/06/2007 18:09:51 (DIR) 0 byte 1 days old -- $NtUninstallQ819696$
15/06/2007 18:11:42 (DIR) 0 byte 1 days old -- $NtUninstallQ814995$
15/06/2007 18:18:03 (DIR) 0 byte 1 days old -- $NtUninstallQ811114$
15/06/2007 18:22:03 231 byte 1 days old -- system.ini
15/06/2007 18:28:35 (DIR) 0 byte 1 days old -- EHome
15/06/2007 18:31:23 (DIR) 0 byte 1 days old -- $NtServicePackUninstall$
15/06/2007 18:34:01 (DIR) 0 byte 1 days old -- Web
15/06/2007 18:36:58 (DIR) 0 byte 1 days old -- srchasst
15/06/2007 18:37:15 (DIR) 0 byte 1 days old -- ServicePackFiles
15/06/2007 18:40:01 (DIR) 0 byte 1 days old -- Media
15/06/2007 18:40:01 (DIR) 0 byte 1 days old -- provisioning
15/06/2007 18:40:03 (DIR) 0 byte 1 days old -- peernet
15/06/2007 18:40:31 (DIR) 0 byte 1 days old -- ime
15/06/2007 18:50:05 (DIR) 0 byte 1 days old -- AppPatch
15/06/2007 18:51:05 316640 byte 1 days old -- WMSysPr9.prx
15/06/2007 18:51:59 (DIR) 0 byte 1 days old -- system
15/06/2007 18:56:13 (DIR) 0 byte 1 days old -- ShellNew
15/06/2007 18:56:57 583 byte 1 days old -- win.ini
15/06/2007 18:57:29 385 byte 1 days old -- ODBC.INI
15/06/2007 19:04:43 (DIR) 0 byte 1 days old -- Fonts
15/06/2007 19:14:31 (DIR) 0 byte 1 days old -- security
15/06/2007 19:16:50 (DIR) 0 byte 1 days old -- msapps
15/06/2007 19:16:50 (DIR) 0 byte 1 days old -- Resources
15/06/2007 19:16:50 (DIR) 0 byte 1 days old -- Config
15/06/2007 19:16:50 (DIR) 0 byte 1 days old -- Driver Cache
15/06/2007 19:16:50 (DIR) 0 byte 1 days old -- Connection Wizard
15/06/2007 19:16:50 (DIR) 0 byte 1 days old -- java
15/06/2007 19:16:50 (DIR) 0 byte 1 days old -- mui
15/06/2007 19:16:50 (DIR) 0 byte 1 days old -- addins
15/06/2007 19:18:37 (DIR) 0 byte 1 days old -- twain_32
15/06/2007 19:58:09 (DIR) 0 byte 1 days old -- Tasks
15/06/2007 20:09:51 1144288 byte 1 days old -- setupapi.log.0.old
15/06/2007 20:10:00 (DIR) 0 byte 1 days old -- Help
15/06/2007 20:10:06 (DIR) 0 byte 1 days old -- SoftwareDistribution
16/06/2007 10:17:55 (DIR) 0 byte 0 days old -- Downloaded Program Files
16/06/2007 10:58:41 (DIR) 0 byte 0 days old -- $hf_mig$
16/06/2007 10:59:44 (DIR) 0 byte 0 days old -- WinSxS
16/06/2007 11:03:37 (DIR) 0 byte 0 days old -- inf
16/06/2007 11:05:20 (DIR) 0 byte 0 days old -- msagent
16/06/2007 11:15:01 (DIR) 0 byte 0 days old -- Debug
16/06/2007 11:48:33 444 byte 0 days old -- wmsetup.log
16/06/2007 18:22:33 0 byte 0 days old -- setuperr.log
16/06/2007 18:22:33 0 byte 0 days old -- setupact.log
16/06/2007 18:23:02 5535 byte 0 days old -- setupapi.log
16/06/2007 18:28:38 11018 byte 0 days old -- FaxSetup.log
16/06/2007 18:28:40 14775 byte 0 days old -- ocgen.log
16/06/2007 18:28:40 871 byte 0 days old -- msgsocm.log
16/06/2007 18:28:41 6314 byte 0 days old -- tsoc.log
16/06/2007 18:28:41 1854 byte 0 days old -- ocmsn.log
16/06/2007 18:28:41 3328 byte 0 days old -- ntdtcsetup.log
16/06/2007 18:28:41 4566 byte 0 days old -- imsins.log
16/06/2007 18:28:42 3959 byte 0 days old -- comsetup.log
16/06/2007 18:28:43 997 byte 0 days old -- iis6.log
16/06/2007 18:56:57 (DIR) 0 byte 0 days old -- system32
16/06/2007 18:58:42 (DIR) 0 byte 0 days old -- Installer
16/06/2007 22:31:04 8778 byte 0 days old -- SchedLgU.Txt
16/06/2007 22:31:47 2048 byte 0 days old -- bootstat.dat
16/06/2007 22:31:56 1133379 byte 0 days old -- WindowsUpdate.log
16/06/2007 22:32:00 0 byte 0 days old -- 0.log
16/06/2007 22:32:04 (DIR) 0 byte 0 days old -- Temp
16/06/2007 22:45:45 (DIR) 0 byte 0 days old -- Prefetch

----- recent files in C:\WINDOWS\Downloaded Program Files\
15/06/2007 17:31:36 65 byte 1 days old -- desktop.ini

----- recent files in C:\WINDOWS\system\

----- recent files in C:\WINDOWS\system32\
18/04/2007 12:27:34 121856 byte 59 days old -- xpsp3res.dll
18/04/2007 14:31:55 1024000 byte 59 days old -- browseui.dll
18/04/2007 14:31:55 152064 byte 59 days old -- cdfview.dll
18/04/2007 14:31:56 357888 byte 59 days old -- dxtmsft.dll
18/04/2007 14:31:56 1056768 byte 59 days old -- danim.dll
18/04/2007 14:31:57 205312 byte 59 days old -- dxtrans.dll
18/04/2007 14:31:57 55808 byte 59 days old -- extmgr.dll
18/04/2007 14:31:57 16384 byte 59 days old -- jsproxy.dll
18/04/2007 14:31:57 96768 byte 59 days old -- inseng.dll
18/04/2007 14:31:57 251392 byte 59 days old -- iepeers.dll
18/04/2007 14:32:00 39424 byte 59 days old -- pngfilt.dll
18/04/2007 14:32:00 449024 byte 59 days old -- mshtmled.dll
18/04/2007 14:32:00 146432 byte 59 days old -- msrating.dll
18/04/2007 14:32:00 532480 byte 59 days old -- mstime.dll
18/04/2007 14:32:01 1495040 byte 59 days old -- shdocvw.dll
18/04/2007 14:32:01 474624 byte 59 days old -- shlwapi.dll
18/04/2007 14:32:01 617472 byte 59 days old -- urlmon.dll
18/04/2007 14:32:02 663040 byte 59 days old -- wininet.dll
18/04/2007 18:14:18 2854400 byte 59 days old -- msi.dll
23/04/2007 02:02:36 73728 byte 54 days old -- dpl100.dll
23/04/2007 02:15:30 3596288 byte 54 days old -- qt-dx331.dll
25/04/2007 16:22:35 144896 byte 52 days old -- schannel.dll
28/04/2007 14:54:36 593920 byte 49 days old -- xvidcore.dll
04/05/2007 14:36:14 3079680 byte 43 days old -- mshtml.dll
16/05/2007 17:13:53 683520 byte 31 days old -- inetcomm.dll
31/05/2007 08:44:56 740442 byte 16 days old -- divx.dll
03/06/2007 14:31:28 10752 byte 13 days old -- ff_vfw.dll
05/06/2007 23:38:42 15747032 byte 11 days old -- MRT.exe
07/06/2007 21:11:12 380928 byte 9 days old -- ac3filter.acm
09/06/2007 06:14:10 564224 byte 7 days old -- x264vfw.dll
15/06/2007 17:26:09 (DIR) 0 byte 1 days old -- spool
15/06/2007 17:29:22 (DIR) 0 byte 1 days old -- MsDtc
15/06/2007 17:29:47 21892 byte 1 days old -- emptyregdb.dat
15/06/2007 17:30:10 (DIR) 0 byte 1 days old -- Macromed
15/06/2007 17:31:03 (DIR) 0 byte 1 days old -- DirectX
15/06/2007 17:31:30 749 byte 1 days old -- nwc.cpl.manifest
15/06/2007 17:31:30 749 byte 1 days old -- cdplayer.exe.manifest
15/06/2007 17:31:30 749 byte 1 days old -- sapi.cpl.manifest
15/06/2007 17:31:30 749 byte 1 days old -- ncpa.cpl.manifest
15/06/2007 17:31:30 749 byte 1 days old -- wuaucpl.cpl.manifest
15/06/2007 17:31:36 488 byte 1 days old -- logonui.exe.manifest
15/06/2007 17:31:36 488 byte 1 days old -- WindowsLogon.manifest
15/06/2007 17:32:16 (DIR) 0 byte 1 days old -- ias
15/06/2007 17:32:41 16832 byte 1 days old -- amcompat.tlb
15/06/2007 17:32:41 23392 byte 1 days old -- nscompat.tlb
15/06/2007 17:32:43 3072 byte 1 days old -- CONFIG.NT
15/06/2007 17:32:55 (DIR) 0 byte 1 days old -- xircom
15/06/2007 17:35:33 237 byte 1 days old -- $winnt$.inf
15/06/2007 17:36:10 (DIR) 0 byte 1 days old -- config
15/06/2007 17:38:54 25065 byte 1 days old -- wmpscheme.xml
15/06/2007 17:39:49 (DIR) 0 byte 1 days old -- Microsoft
15/06/2007 18:25:20 0 byte 1 days old -- h323log.txt
15/06/2007 18:31:35 (DIR) 0 byte 1 days old -- ReinstallBackups
15/06/2007 18:36:12 (DIR) 0 byte 1 days old -- usmt
15/06/2007 18:37:01 (DIR) 0 byte 1 days old -- npp
15/06/2007 18:37:01 (DIR) 0 byte 1 days old -- Restore
15/06/2007 18:40:31 (DIR) 0 byte 1 days old -- mui
15/06/2007 18:40:32 (DIR) 0 byte 1 days old -- Setup
15/06/2007 18:40:33 (DIR) 0 byte 1 days old -- oobe
15/06/2007 18:44:49 (DIR) 0 byte 1 days old -- CatRoot
15/06/2007 18:50:32 (DIR) 0 byte 1 days old -- wbem
15/06/2007 18:50:44 261 byte 1 days old -- spupdwxp.log
15/06/2007 18:51:17 2206 byte 1 days old -- wpa.dbl
15/06/2007 19:16:50 (DIR) 0 byte 1 days old -- 3076
15/06/2007 19:16:50 (DIR) 0 byte 1 days old -- 2052
15/06/2007 19:16:50 (DIR) 0 byte 1 days old -- ShellExt
15/06/2007 19:16:50 (DIR) 0 byte 1 days old -- 1025
15/06/2007 19:16:50 (DIR) 0 byte 1 days old -- 1028
15/06/2007 19:16:50 (DIR) 0 byte 1 days old -- 3com_dmi
15/06/2007 19:16:50 (DIR) 0 byte 1 days old -- 1041
15/06/2007 19:16:50 (DIR) 0 byte 1 days old -- wins
15/06/2007 19:16:50 (DIR) 0 byte 1 days old -- 1037
15/06/2007 19:16:50 (DIR) 0 byte 1 days old -- 1042
15/06/2007 19:16:50 (DIR) 0 byte 1 days old -- 1054
15/06/2007 19:16:50 (DIR) 0 byte 1 days old -- inetsrv
15/06/2007 19:16:50 (DIR) 0 byte 1 days old -- 1031
15/06/2007 19:16:50 (DIR) 0 byte 1 days old -- dhcp
15/06/2007 19:16:50 (DIR) 0 byte 1 days old -- export
15/06/2007 19:16:50 (DIR) 0 byte 1 days old -- IME
15/06/2007 19:17:59 (DIR) 0 byte 1 days old -- 1033
15/06/2007 19:18:25 (DIR) 0 byte 1 days old -- icsxml
15/06/2007 19:18:31 (DIR) 0 byte 1 days old -- ras
15/06/2007 19:18:41 (DIR) 0 byte 1 days old -- 1036
15/06/2007 20:09:45 (DIR) 0 byte 1 days old -- SoftwareDistribution
15/06/2007 20:15:59 (DIR) 0 byte 1 days old -- PreInstall
16/06/2007 10:55:33 (DIR) 0 byte 0 days old -- Com
16/06/2007 10:58:35 121912 byte 0 days old -- TZLog.log
16/06/2007 11:02:34 (DIR) 0 byte 0 days old -- drivers
16/06/2007 11:05:20 (DIR) 0 byte 0 days old -- dllcache
16/06/2007 11:05:24 152384 byte 0 days old -- FNTCACHE.DAT
16/06/2007 18:24:56 (DIR) 0 byte 0 days old -- CatRoot2
16/06/2007 18:28:07 774660 byte 0 days old -- PerfStringBackup.INI
16/06/2007 18:28:07 40326 byte 0 days old -- perfc009.dat
16/06/2007 18:28:07 311938 byte 0 days old -- perfh009.dat
16/06/2007 18:28:08 368314 byte 0 days old -- perfh00C.dat
16/06/2007 18:28:08 49054 byte 0 days old -- perfc00C.dat

----- recent files in C:\WINDOWS\system32\drivers\
04/06/2007 15:14:56 6272 byte 12 days old -- AWRTPD.sys
04/06/2007 15:17:02 8320 byte 12 days old -- AWRTRD.sys
04/06/2007 15:18:48 9344 byte 12 days old -- NSDriver.sys
15/06/2007 19:16:50 (DIR) 0 byte 1 days old -- disdn
15/06/2007 19:18:28 (DIR) 0 byte 1 days old -- etc

----- recent files in C:\WINDOWS\temp\
16/06/2007 14:23:05 16384 byte 0 days old -- Perflib_Perfdata_5f4.dat
16/06/2007 20:22:44 16384 byte 0 days old -- Perflib_Perfdata_5f0.dat

----- recent files in C:\Program Files\
15/06/2007 17:28:41 (DIR) 0 byte 1 days old -- MSN Gaming Zone
15/06/2007 17:28:53 (DIR) 0 byte 1 days old -- WindowsUpdate
15/06/2007 17:29:32 (DIR) 0 byte 1 days old -- ComPlus Applications
15/06/2007 17:31:22 (DIR) 0 byte 1 days old -- Services en ligne
15/06/2007 17:32:55 (DIR) 0 byte 1 days old -- microsoft frontpage
15/06/2007 17:32:56 (DIR) 0 byte 1 days old -- xerox
15/06/2007 17:48:56 (DIR) 0 byte 1 days old -- CONEXANT
15/06/2007 17:50:28 (DIR) 0 byte 1 days old -- Synaptics
15/06/2007 17:52:30 (DIR) 0 byte 1 days old -- Intel
15/06/2007 17:56:48 (DIR) 0 byte 1 days old -- InterVideo
15/06/2007 17:57:55 (DIR) 0 byte 1 days old -- Sonic
15/06/2007 18:08:46 (DIR) 0 byte 1 days old -- InstallShield Installation Information
15/06/2007 18:08:48 (DIR) 0 byte 1 days old -- HPQ
15/06/2007 18:20:01 (DIR) 0 byte 1 days old -- Uninstall Information
15/06/2007 18:20:01 (DIR) 0 byte 1 days old -- Common Files
15/06/2007 18:36:49 (DIR) 0 byte 1 days old -- Windows NT
15/06/2007 18:36:56 (DIR) 0 byte 1 days old -- NetMeeting
15/06/2007 18:40:02 (DIR) 0 byte 1 days old -- Movie Maker
15/06/2007 18:55:40 (DIR) 0 byte 1 days old -- Microsoft Office
15/06/2007 18:56:08 (DIR) 0 byte 1 days old -- Microsoft Visual Studio
15/06/2007 18:59:04 (DIR) 0 byte 1 days old -- Microsoft Works Suite 2004
15/06/2007 19:05:51 (DIR) 0 byte 1 days old -- Microsoft AutoRoute
15/06/2007 19:18:34 (DIR) 0 byte 1 days old -- Symantec
15/06/2007 19:58:10 (DIR) 0 byte 1 days old -- Norton AntiVirus
15/06/2007 20:18:09 (DIR) 0 byte 1 days old -- Google
15/06/2007 20:29:35 (DIR) 0 byte 1 days old -- K-Lite Codec Pack Divx
15/06/2007 20:39:54 (DIR) 0 byte 1 days old -- CCleaner
16/06/2007 10:51:53 (DIR) 0 byte 0 days old -- Fichiers communs
16/06/2007 10:56:31 (DIR) 0 byte 0 days old -- Outlook Express
16/06/2007 10:57:14 (DIR) 0 byte 0 days old -- Windows Media Player
16/06/2007 10:58:08 (DIR) 0 byte 0 days old -- Internet Explorer
16/06/2007 11:05:21 (DIR) 0 byte 0 days old -- Messenger
16/06/2007 11:09:08 (DIR) 0 byte 0 days old -- Adobe
16/06/2007 12:37:25 (DIR) 0 byte 0 days old -- Ad-Aware 2007
16/06/2007 12:54:11 (DIR) 0 byte 0 days old -- ALZip
16/06/2007 13:12:34 (DIR) 0 byte 0 days old -- PDFCreator
16/06/2007 13:59:24 (DIR) 0 byte 0 days old -- Spybot - Search & Destroy
16/06/2007 18:57:13 (DIR) 0 byte 0 days old -- Microsoft Works
16/06/2007 22:29:19 (DIR) 0 byte 0 days old -- a-squared Free

----- recent files in C:\Program Files\Fichiers communs\
15/06/2007 17:30:15 (DIR) 0 byte 1 days old -- MSSoap
15/06/2007 17:30:23 (DIR) 0 byte 1 days old -- Services
15/06/2007 17:58:02 (DIR) 0 byte 1 days old -- SureThing Shared
15/06/2007 17:58:53 (DIR) 0 byte 1 days old -- Sonic
15/06/2007 18:08:43 (DIR) 0 byte 1 days old -- InstallShield
15/06/2007 18:22:05 (DIR) 0 byte 1 days old -- SpeechEngines
15/06/2007 18:22:08 (DIR) 0 byte 1 days old -- ODBC
15/06/2007 18:56:08 (DIR) 0 byte 1 days old -- Designer
15/06/2007 19:18:31 (DIR) 0 byte 1 days old -- Symantec Shared
15/06/2007 20:32:34 (DIR) 0 byte 1 days old -- Wise Installation Wizard
16/06/2007 10:52:06 (DIR) 0 byte 0 days old -- Adobe
16/06/2007 10:56:30 (DIR) 0 byte 0 days old -- System
16/06/2007 18:56:56 (DIR) 0 byte 0 days old -- Microsoft Shared

===================== loaded Dlls =====================

*** NOTE *** Process ydjnpeurrk.exe belongs to SystemScan
Already known legit dlls are not shown

------------------------------------------------------------------------------
System pid: 4
Command line: <no command line>
------------------------------------------------------------------------------
smss.exe pid: 500
Command line: \SystemRoot\System32\smss.exe

Base Size Version Path
0x48580000 0xf000 \SystemRoot\System32\smss.exe
------------------------------------------------------------------------------
csrss.exe pid: 572
Command line: C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

Base Size Version Path
0x4a680000 0x5000 \??\C:\WINDOWS\system32\csrss.exe
0x75ad0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\CSRSRV.dll
0x75ae0000 0x10000 5.01.2600.2180 C:\WINDOWS\system32\basesrv.dll
0x75af0000 0x4b000 5.01.2600.3103 C:\WINDOWS\system32\winsrv.dll
------------------------------------------------------------------------------
winlogon.exe pid: 596
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x77680000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
------------------------------------------------------------------------------
services.exe pid: 640
Command line: C:\WINDOWS\system32\services.exe

Base Size Version Path
0x01000000 0x1c000 5.01.2600.2180 C:\WINDOWS\system32\services.exe
0x76a20000 0x53000 5.01.2600.2180 C:\WINDOWS\system32\SCESRV.dll
0x77680000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x7dbc0000 0x21000 5.01.2600.2744 C:\WINDOWS\system32\umpnpmgr.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x77b80000 0x11000 5.01.2600.2180 C:\WINDOWS\system32\eventlog.dll
------------------------------------------------------------------------------
lsass.exe pid: 652
Command line: C:\WINDOWS\system32\lsass.exe

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\lsass.exe
0x756b0000 0xb5000 5.01.2600.2976 C:\WINDOWS\system32\LSASRV.dll
0x76740000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x743b0000 0x6e000 5.01.2600.2180 C:\WINDOWS\system32\SAMSRV.dll
0x76730000 0xc000 5.01.2600.2180 C:\WINDOWS\system32\cryptdll.dll
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x20000000 0xe000 5.01.2600.2180 C:\WINDOWS\system32\msprivs.dll
0x71c50000 0x4b000 5.01.2600.2698 C:\WINDOWS\system32\kerberos.dll
0x74420000 0x65000 5.01.2600.2180 C:\WINDOWS\system32\netlogon.dll
0x76760000 0x2d000 5.01.2600.2180 C:\WINDOWS\system32\w32time.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x76790000 0x27000 5.01.2600.3126 C:\WINDOWS\system32\schannel.dll
0x742e0000 0xf000 5.01.2600.2180 C:\WINDOWS\system32\wdigest.dll
0x74370000 0x30000 5.01.2600.2180 C:\WINDOWS\system32\scecli.dll
0x74340000 0x30000 5.01.2600.2180 C:\WINDOWS\system32\ipsecsvc.dll
0x77680000 0x11000 5.01.2600.2622 C:\WINDOWS\system32\AUTHZ.dll
0x75dd0000 0xce000 5.01.2600.2180 C:\WINDOWS\system32\oakley.DLL
0x742d0000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\WINIPSEC.DLL
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x74300000 0xb000 5.01.2600.2180 C:\WINDOWS\system32\pstorsvc.dll
0x68100000 0x24000 5.01.2600.2133 C:\WINDOWS\system32\dssenh.dll
0x74320000 0x1b000 5.01.2600.2180 C:\WINDOWS\system32\psbase.dll
------------------------------------------------------------------------------
svchost.exe pid: 804
Command line: C:\WINDOWS\system32\svchost -k DcomLaunch

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x77680000 0x11000 5.01.2600.2622 c:\windows\system32\AUTHZ.dll
0x76ac0000 0x11000 3.05.2284.0000 c:\windows\system32\ATL.DLL
------------------------------------------------------------------------------
svchost.exe pid: 876
Command line: C:\WINDOWS\system32\svchost -k rpcss

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\svchost.exe
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
------------------------------------------------------------------------------
svchost.exe pid: 912
Command line: C:\WINDOWS\System32\svchost.exe -k netsvcs

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76ed0000 0x27000 5.01.2600.2938 c:\windows\system32\DNSAPI.dll
0x76ac0000 0x11000 3.05.2284.0000 c:\windows\system32\ATL.DLL
0x76790000 0x27000 5.01.2600.3126 C:\WINDOWS\System32\SCHANNEL.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\System32\MSVCP60.dll
0x76740000 0x13000 5.01.2600.2180 c:\windows\system32\NTDSAPI.dll
0x776d0000 0x41000 2001.12.4414.0308 c:\windows\system32\es.dll
0x74eb0000 0xc000 5.01.2600.2180 c:\windows\pchealth\helpctr\binaries\pchsvc.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\System32\HNETCFG.DLL
0x76bb0000 0x2f000 5.01.2600.2180 c:\windows\system32\credui.dll
0x4f0b0000 0x28000 5.01.2600.2180 c:\windows\system32\wbem\wmisvc.dll
0x76760000 0x2d000 5.01.2600.2180 c:\windows\system32\w32time.dll
0x50000000 0x5000 5.04.3790.2180 c:\windows\system32\wuauserv.dll
0x50040000 0x14a000 5.08.0000.2469 C:\WINDOWS\system32\wuaueng.dll
0x751d0000 0x29000 6.00.2900.2180 C:\WINDOWS\System32\ADVPACK.dll
0x750c0000 0x14000 5.01.2600.2180 C:\WINDOWS\System32\Cabinet.dll
0x60440000 0xb000 5.01.2600.2180 C:\WINDOWS\System32\mspatcha.dll
0x71990000 0x40000 5.01.2600.2180 c:\windows\system32\MSWSOCK.dll
0x77680000 0x11000 5.01.2600.2622 c:\windows\system32\AUTHZ.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x748f0000 0x10e000 8.70.1113.0000 C:\WINDOWS\System32\msxml3.dll
0x50640000 0xc000 5.08.0000.2469 C:\WINDOWS\system32\wups.dll
0x74e40000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\wbem\wbemsvc.dll
0x68100000 0x24000 5.01.2600.2133 C:\WINDOWS\System32\dssenh.dll
0x6ea40000 0x6a000 5.01.2600.2180 C:\WINDOWS\system32\licdll.dll
0x75d30000 0x91000 6.00.2900.2180 C:\WINDOWS\System32\mlang.dll
0x4cc80000 0x10000 5.01.2600.2180 C:\WINDOWS\System32\xmlprovi.dll
------------------------------------------------------------------------------
svchost.exe pid: 956
Command line: C:\WINDOWS\System32\svchost.exe -k NetworkService

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76ed0000 0x27000 5.01.2600.2938 c:\windows\system32\DNSAPI.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\System32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
svchost.exe pid: 1024
Command line: C:\WINDOWS\System32\svchost.exe -k LocalService

Base Size Version Path
0x01000000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\svchost.exe
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\System32\hnetcfg.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
explorer.exe pid: 1392
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x01000000 0x100000 6.00.2900.2180 C:\WINDOWS\Explorer.EXE
0x75f10000 0xfd000 6.00.2900.3121 C:\WINDOWS\system32\BROWSEUI.dll
0x7e210000 0x16f000 6.00.2900.3121 C:\WINDOWS\system32\SHDOCVW.dll
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x5b950000 0x73000 6.00.2900.2180 C:\WINDOWS\System32\themeui.dll
0x76310000 0x5000 5.01.2600.2180 C:\WINDOWS\System32\MSIMG32.dll
0x71ca0000 0x1c000 6.00.2900.2180 C:\WINDOWS\System32\actxprxy.dll
0x5ffb0000 0x33000 5.01.2600.2180 C:\WINDOWS\System32\msutb.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\System32\MSCTF.dll
0x76920000 0x8000 5.01.2600.2751 C:\WINDOWS\system32\LINKINFO.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.DLL
0x63000000 0x14000 7.10.0011.0001 C:\WINDOWS\system32\SynTPFcs.dll
0x76540000 0x21000 5.01.2600.2180 C:\WINDOWS\System32\stobject.dll
0x74a60000 0xa000 6.00.2900.2180 C:\WINDOWS\System32\BatMeter.dll
0x01a40000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x01b00000 0x3c000 3.00.0000.3856 C:\WINDOWS\System32\igfxpph.dll
0x01b40000 0x1e000 3.00.0000.3856 C:\WINDOWS\System32\hccutils.DLL
0x01b80000 0x2a000 3.00.0000.3856 C:\WINDOWS\system32\igfxres.dll
0x01bc0000 0x57000 3.00.0000.3856 C:\WINDOWS\System32\igfxsrvc.dll
0x01c30000 0x26000 3.00.0000.3856 C:\WINDOWS\System32\igfxdev.dll
0x76bb0000 0x2f000 5.01.2600.2180 C:\WINDOWS\system32\credui.dll
0x01e10000 0x2e000 6.11.0027.0111 C:\PROGRA~1\ALZip\AZCTM.dll
0x01a80000 0x1a000 8.00.0000.0058 C:\Program Files\Norton AntiVirus\NavShExt.dll
0x75ef0000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\drprov.dll
0x71b70000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\ntlanman.dll
0x71c30000 0x17000 5.01.2600.2180 C:\WINDOWS\System32\NETUI0.dll
0x71bf0000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\NETUI1.dll
0x75f00000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\davclnt.dll
0x02440000 0x8e000 6.00.2900.2180 C:\WINDOWS\system32\shdoclc.dll
0x015c0000 0x13000 6.00.2900.2180 C:\WINDOWS\system32\browselc.dll
0x10000000 0xe000 7.00.0000.1333 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x6c650000 0x4d000 5.01.2600.2180 C:\WINDOWS\system32\DUSER.dll
0x75ed0000 0x13000 5.131.2600.2180 C:\WINDOWS\system32\cryptnet.dll
0x72220000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\SensApi.dll
0x75d30000 0x91000 6.00.2900.2180 C:\WINDOWS\system32\MLANG.dll
------------------------------------------------------------------------------
spoolsv.exe pid: 1420
Command line: C:\WINDOWS\system32\spoolsv.exe

Base Size Version Path
0x01000000 0x10000 5.01.2600.2696 C:\WINDOWS\system32\spoolsv.exe
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x10000000 0x21000 C:\WINDOWS\system32\pdfcmnnt.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\mswsock.dll
0x76740000 0x13000 5.01.2600.2180 C:\WINDOWS\system32\NTDSAPI.dll
------------------------------------------------------------------------------
a2service.exe pid: 1548
Command line: "C:\Program Files\a-squared Free\a2service.exe"

Base Size Version Path
0x00400000 0x9a000 3.00.0000.0291 C:\Program Files\a-squared Free\a2service.exe
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
------------------------------------------------------------------------------
aawservice.exe pid: 1576
Command line: "C:\Program Files\Ad-Aware 2007\aawservice.exe"

Base Size Version Path
0x00400000 0x8c000 7.00.0001.0004 C:\Program Files\Ad-Aware 2007\aawservice.exe
0x10000000 0xb0000 7.00.0001.0002 C:\Program Files\Ad-Aware 2007\CEAPI.dll
0x00490000 0x19a000 8.04.0217.0000 C:\Program Files\Ad-Aware 2007\PKArchive84cb.dll
0x00340000 0x81000 C:\Program Files\Ad-Aware 2007\Update.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
------------------------------------------------------------------------------
SynTPLpr.exe pid: 1608
Command line: "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe"

Base Size Version Path
0x00400000 0x19000 7.10.0011.0001 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
0x10000000 0x13000 7.10.0011.0001 C:\WINDOWS\System32\SynCOM.dll
0x63000000 0x14000 7.10.0011.0001 C:\WINDOWS\system32\SynTPFcs.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
SynTPEnh.exe pid: 1616
Command line: "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"

Base Size Version Path
0x00400000 0x85000 7.10.0011.0001 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x10000000 0x13000 7.10.0011.0001 C:\WINDOWS\System32\SynCOM.dll
0x63010000 0x17000 7.10.0011.0001 C:\WINDOWS\system32\SynTPAPI.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x010e0000 0x14000 7.10.0011.0001 C:\WINDOWS\system32\SynTPFcs.dll
------------------------------------------------------------------------------
igfxtray.exe pid: 1624
Command line: "C:\WINDOWS\System32\igfxtray.exe"

Base Size Version Path
0x00400000 0x2b000 3.00.0000.3856 C:\WINDOWS\System32\igfxtray.exe
0x10000000 0x1e000 3.00.0000.3856 C:\WINDOWS\System32\hccutils.DLL
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x00940000 0x26000 3.00.0000.3856 C:\WINDOWS\System32\igfxdev.dll
0x63000000 0x14000 7.10.0011.0001 C:\WINDOWS\system32\SynTPFcs.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x00e50000 0x57000 3.00.0000.3856 C:\WINDOWS\System32\igfxsrvc.dll
0x00ec0000 0x2a000 3.00.0000.3856 C:\WINDOWS\System32\igfxres.dll
0x00f00000 0xe4000 3.00.0000.3856 C:\WINDOWS\System32\igfxress.dll
------------------------------------------------------------------------------
hkcmd.exe pid: 1636
Command line: "C:\WINDOWS\System32\hkcmd.exe"

Base Size Version Path
0x00400000 0x20000 3.00.0000.3856 C:\WINDOWS\System32\hkcmd.exe
0x10000000 0x1e000 3.00.0000.3856 C:\WINDOWS\System32\hccutils.DLL
0x00910000 0x26000 3.00.0000.3856 C:\WINDOWS\System32\igfxdev.dll
0x63000000 0x14000 7.10.0011.0001 C:\WINDOWS\system32\SynTPFcs.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x00e30000 0x57000 3.00.0000.3856 C:\WINDOWS\System32\igfxsrvc.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x00eb0000 0x2a000 3.00.0000.3856 C:\WINDOWS\System32\igfxres.dll
0x00ef0000 0x22000 3.00.0000.3856 C:\WINDOWS\System32\igfxhk.dll
------------------------------------------------------------------------------
Navapw32.exe pid: 1652
Command line: "C:\PROGRA~1\NORTON~1\navapw32.exe"

Base Size Version Path
0x00400000 0x11000 8.00.0000.0058 C:\PROGRA~1\NORTON~1\navapw32.exe
0x10000000 0x9000 8.00.0000.0058 C:\PROGRA~1\NORTON~1\apwutil.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x00890000 0x17000 8.00.0000.0058 C:\PROGRA~1\NORTON~1\apwcmdnt.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x00900000 0x1b000 8.00.0000.0058 C:\PROGRA~1\NORTON~1\NAVProxy.dll
0x00870000 0x6000 4.00.0000.0066 C:\WINDOWS\system32\SYMREDIR.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x75ed0000 0x13000 5.131.2600.2180 C:\WINDOWS\system32\cryptnet.dll
0x72220000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\SensApi.dll
0x010a0000 0x34000 8.00.0000.0058 C:\PROGRA~1\NORTON~1\DefAlert.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x63000000 0x14000 7.10.0011.0001 C:\WINDOWS\system32\SynTPFcs.dll
------------------------------------------------------------------------------
ctfmon.exe pid: 1660
Command line: "C:\WINDOWS\system32\ctfmon.exe"

Base Size Version Path
0x00400000 0x6000 5.01.2600.2180 C:\WINDOWS\system32\ctfmon.exe
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x5ffb0000 0x33000 5.01.2600.2180 C:\WINDOWS\system32\MSUTB.dll
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
------------------------------------------------------------------------------
GoogleUpdaterService.exe pid: 1800
Command line: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"

Base Size Version Path
0x00400000 0x25000 2.02.0824.5515 C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
------------------------------------------------------------------------------
mdm.exe pid: 1860
Command line: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"

Base Size Version Path
0x00400000 0x44000 7.00.9064.9150 C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
------------------------------------------------------------------------------
GoogleUpdater.exe pid: 1876
Command line: "C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -systray -startup

Base Size Version Path
0x00400000 0x21000 2.01.0886.21021 C:\Program Files\Google\Google Updater\GoogleUpdater.exe
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x60000000 0xdf000 2.01.0886.21021 C:\Program Files\Google\Google Updater\2.1.886.21021\ci.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x63000000 0x14000 7.10.0011.0001 C:\WINDOWS\system32\SynTPFcs.dll
0x10000000 0x54000 2.00.0301.5672 C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
0x019b0000 0xf000 2.00.0301.5672 C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\res_fr.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
------------------------------------------------------------------------------
Navapsvc.exe pid: 1920
Command line: "C:\Program Files\Norton AntiVirus\navapsvc.exe"

Base Size Version Path
0x00400000 0x1b000 8.00.0000.0058 C:\Program Files\Norton AntiVirus\navapsvc.exe
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
------------------------------------------------------------------------------
alg.exe pid: 232
Command line: C:\WINDOWS\System32\alg.exe

Base Size Version Path
0x01000000 0xd000 5.01.2600.2180 C:\WINDOWS\System32\alg.exe
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\System32\ATL.DLL
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\MSWSOCK.DLL
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\System32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
------------------------------------------------------------------------------
iexplore.exe pid: 1064
Command line: "C:\Program Files\Internet Explorer\iexplore.exe"

Base Size Version Path
0x00400000 0x19000 6.00.2900.2180 C:\Program Files\Internet Explorer\iexplore.exe
0x7e210000 0x16f000 6.00.2900.3121 C:\WINDOWS\system32\SHDOCVW.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x63000000 0x14000 7.10.0011.0001 C:\WINDOWS\system32\SynTPFcs.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x75f10000 0xfd000 6.00.2900.3121 C:\WINDOWS\system32\BROWSEUI.dll
0x20000000 0x13000 6.00.2900.2180 C:\WINDOWS\system32\browselc.dll
0x10000000 0x387000 4.00.1601.4978 c:\program files\google\googletoolbar1.dll
0x76310000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\MSIMG32.dll
0x748f0000 0x10e000 8.70.1113.0000 C:\WINDOWS\System32\msxml3.dll
0x5d3f0000 0xa1000 5.01.2600.2180 C:\WINDOWS\system32\DBGHELP.DLL
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x75ef0000 0x7000 5.01.2600.2180 C:\WINDOWS\System32\drprov.dll
0x71b70000 0xe000 5.01.2600.2180 C:\WINDOWS\System32\ntlanman.dll
0x71c30000 0x17000 5.01.2600.2180 C:\WINDOWS\System32\NETUI0.dll
0x71bf0000 0x40000 5.01.2600.2180 C:\WINDOWS\System32\NETUI1.dll
0x75f00000 0x9000 5.01.2600.2180 C:\WINDOWS\System32\davclnt.dll
0x72220000 0x5000 5.01.2600.2180 C:\WINDOWS\system32\sensapi.dll
0x01b30000 0xe000 7.00.0000.1333 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x01d90000 0xd5000 1.04.0000.0000 C:\PROGRA~1\SPYBOT~1\SDHelper.dll
0x5f140000 0x17000 5.01.2600.2180 C:\WINDOWS\system32\olepro32.dll
0x01f80000 0x54000 2.00.0301.5672 C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
0x02000000 0x1a000 8.00.0000.0058 C:\Program Files\Norton AntiVirus\NavShExt.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x01930000 0x8e000 6.00.2900.2180 C:\WINDOWS\system32\shdoclc.dll
0x75d30000 0x91000 6.00.2900.2180 C:\WINDOWS\system32\mlang.dll
0x71990000 0x40000 5.01.2600.2180 C:\WINDOWS\system32\mswsock.dll
0x62e40000 0x59000 5.01.2600.2180 C:\WINDOWS\system32\hnetcfg.dll
0x719d0000 0x8000 5.01.2600.2180 C:\WINDOWS\System32\wshtcpip.dll
0x76ed0000 0x27000 5.01.2600.2938 C:\WINDOWS\system32\DNSAPI.dll
0x7dbf0000 0x2f6000 6.00.2900.3132 C:\WINDOWS\System32\mshtml.dll
0x74630000 0x27000 3.10.0349.0000 C:\WINDOWS\System32\msls31.dll
0x74660000 0x2a000 5.01.2600.2180 C:\WINDOWS\System32\msimtf.dll
0x32520000 0x12000 10.00.2609.0000 C:\Program Files\Microsoft Office\Office10\msohev.dll
0x03020000 0x1b000 1.01.0000.0126 C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\scrauth.dll
0x03150000 0x1e000 1.01.0000.0126 C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\ScrBlock.dll
0x75ed0000 0x13000 5.131.2600.2180 C:\WINDOWS\system32\cryptnet.dll
0x672b0000 0x40000 6.00.2900.3121 C:\WINDOWS\System32\iepeers.dll
0x753c0000 0x6b000 1.420.2600.2180 C:\WINDOWS\system32\USP10.dll
0x761c0000 0x71000 6.00.2900.3121 C:\WINDOWS\System32\mshtmled.dll
0x66cc0000 0xc000 6.00.2900.2180 C:\WINDOWS\system32\ImgUtil.dll
0x5e680000 0xc000 6.00.2900.3121 C:\WINDOWS\System32\pngfilt.dll
0x30000000 0x2ef000 9.00.0045.0000 C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx
0x6c270000 0x36000 6.03.2900.3121 C:\WINDOWS\System32\dxtrans.dll
0x6d8f0000 0xa000 5.03.2600.2180 C:\WINDOWS\System32\ddrawex.dll
0x736b0000 0x49000 5.03.2600.2180 C:\WINDOWS\System32\DDRAW.dll
0x73b10000 0x6000 5.01.2600.2180 C:\WINDOWS\System32\DCIMAN32.dll
0x6c2b0000 0x5a000 6.03.2900.3121 C:\WINDOWS\System32\dxtmsft.dll
0x71ca0000 0x1c000 6.00.2900.2180 C:\WINDOWS\System32\actxprxy.dll
0x76920000 0x8000 5.01.2600.2751 C:\WINDOWS\system32\LINKINFO.dll
0x01040000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x602c0000 0x26000 6.00.2900.3121 C:\WINDOWS\system32\MSRATING.dll
0x602f0000 0x12000 6.00.2600.0000 C:\WINDOWS\system32\msratelc.dll
0x6e980000 0xc000 2003.01.2600.2180 C:\WINDOWS\system32\corpol.dll
0x73220000 0x5000 5.131.2600.0000 C:\WINDOWS\system32\SOFTPUB.DLL
------------------------------------------------------------------------------
sys23586.exe pid: 2084
Command line: "C:\Documents and Settings\Anne-Sophie\Bureau\Nouveau dossier\sys23586.exe"

Base Size Version Path
0x00400000 0x39000 C:\Documents and Settings\Anne-Sophie\Bureau\Nouveau dossier\sys23586.exe
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x63000000 0x14000 7.10.0011.0001 C:\WINDOWS\system32\SynTPFcs.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
------------------------------------------------------------------------------
runme.exe pid: 2312
Command line: runme.exe

Base Size Version Path
0x00400000 0x59000 3.01.0000.0002 C:\DOCUME~1\ANNE-S~1\LOCALS~1\Temp\nst4.tmp\runme.exe
0x66000000 0x152000 6.00.0097.0082 C:\WINDOWS\system32\MSVBVM60.DLL
0x66630000 0x20000 5.00.0081.0069 C:\WINDOWS\system32\VB6FR.DLL
0x63000000 0x14000 7.10.0011.0001 C:\WINDOWS\system32\SynTPFcs.dll
0x74690000 0x4b000 5.01.2600.2180 C:\WINDOWS\system32\MSCTF.dll
0x10000000 0x1e000 1.01.0000.0126 C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\ScrBlock.dll
0x01840000 0x1b000 1.01.0000.0126 C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\scrauth.dll
0x734f0000 0x25000 5.06.0000.8820 C:\WINDOWS\System32\scrrun.dll
------------------------------------------------------------------------------
cmd.exe pid: 1596
Command line: cmd /c ydjnpeurrk.exe >> C:\suspectfile\tempd.txt

Base Size Version Path
0x4ad00000 0x64000 5.01.2600.2180 C:\WINDOWS\system32\cmd.exe
0x5cea0000 0x26000 5.01.2600.2180 C:\WINDOWS\system32\ShimEng.dll
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
------------------------------------------------------------------------------
ydjnpeurrk.exe pid: 3060
Command line: ydjnpeurrk.exe

Base Size Version Path
0x00400000 0x14000 2.25.0000.0000 C:\DOCUME~1\ANNE-S~1\LOCALS~1\Temp\nst4.tmp\ydjnpeurrk.exe
0x77390000 0x103000 6.00.2900.2982 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

===================== Hidden Objects =====================


SCAN ABORTED: an unknown error has occurred. Please check Rootkit presence with another tool

===================== Checking Rustock rootkit =====================



===================== Checking Suspicious files =====================
(Unusually Runtime packers compressed exe and dll files in C:\, %windir%\, %windir%\system32\

-This file is compressed with Upack C:\WINDOWS\System32\MRT.EXE
-This file is compressed with Upack C:\WINDOWS\System32\IFMON.DLL
-This file is compressed with Nspack C:\WINDOWS\System32\MRT.EXE
-This file is compressed with polycrypt C:\WINDOWS\System32\MRT.EXE
-This file is compressed with PECompact C:\WINDOWS\System32\MRT.EXE
-This file is compressed with PECompact C:\WINDOWS\System32\DIVX.DLL

==========================================
Scan completed in 9,7 minutes
End of report
0
Réponse 3 / 5
Laena
 
g un fichier texte qui est apparu sur mon bureau il se nomme CatchMe.

J'ai peur ...

Voici le texte :

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-16 22:46:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...
0
Réponse 4 / 5
Utilisateur anonyme
 
Tu peux tout jeter, ça semble propre !

¤ Fais un clic droit sur cette url et choisis enregistrer sous Ton Bureau
https://www.silentrunners.org/Silent%20Runners.vbs

Double-clic dessus sur Silent Runners.vbs. Clic sur Oui au message qui apparaîtra puis ok
Attends quelques minutes. Un message va apparaître clic sur OK.
Puis copie et colle ici le contenu du rapport Startup Program.... qu'il a créé sur ton bureau.
0
Laena
 
J'espere qu'on va y arriver, c qd meme fou ce truc, ah au fait c'est que des noms d'oiseaux, je sais pas si ca peut aider...

"Silent Runners.vbs", revision R50, https://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"SynTPLpr" = "C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" ["Synaptics, Inc."]
"SynTPEnh" = "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" ["Synaptics, Inc."]
"IgfxTray" = "C:\WINDOWS\System32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"UpdateManager" = ""C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"NAV Agent" = "C:\PROGRA~1\NORTON~1\navapw32.exe" ["Symantec Corporation"]

HKLM\Software\Microsoft\Active Setup\Installed Components\
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}\(Default) = "Outlook Express"
\StubPath = "C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE" [MS]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll" ["Google Inc."]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {HKLM...CLSID} = "CNavExtBho Class"
\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Extension Affichage Panorama du Panneau de configuration"
-> {HKLM...CLSID} = "Extension Affichage Panorama du Panneau de configuration"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Extension icône HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{DEE12703-6333-4D4E-8F34-738C4DCC2E04}" = "RecordNow! SendToExt"
-> {HKLM...CLSID} = "RecordNow! SendToExt"
\InProcServer32\(Default) = "C:\Program Files\Sonic\RecordNow!\shlext.dll" [null data]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{4EB37360-49E8-11D3-95B5-004033382980}" = "ALZip 4.0 Context Menu Shell Extension"
-> {HKLM...CLSID} = "ALZip 5.0 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\ALZip\AZCTM.dll" ["ESTsoft"]

HKLM\System\CurrentControlSet\Control\Session Manager\
<<!>> "BootExecute" = "autocheck autochk *"|"lsdelete" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ALZip\(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"
-> {HKLM...CLSID} = "ALZip 5.0 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\ALZip\AZCTM.dll" ["ESTsoft"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ALZip\(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"
-> {HKLM...CLSID} = "ALZip 5.0 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\ALZip\AZCTM.dll" ["ESTsoft"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
ALZip\(Default) = "{4EB37360-49E8-11D3-95B5-004033382980}"
-> {HKLM...CLSID} = "ALZip 5.0 Context Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\ALZip\AZCTM.dll" ["ESTsoft"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Anne-Sophie\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Enabled Screen Saver:
---------------------

HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\logon.scr" [MS]


Startup items in "Anne-Sophie" & "All Users" startup folders:
-------------------------------------------------------------

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
"Lancement rapide d'Adobe Reader" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"Outil de mise à jour Google" -> shortcut to: "C:\Program Files\Google\Google Updater\GoogleUpdater.exe -systray -startup" ["Google"]


Enabled Scheduled Tasks:
------------------------

"Norton AntiVirus - Analyser mon ordinateur" -> launches: "C:\PROGRA~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {HKLM...CLSID} = "Norton AntiVirus"
\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar1.dll" ["Google Inc."]


Miscellaneous IE Hijack Points
------------------------------

C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")

Added lines (compared with English-language version):
[Strings]: SAFESITE_VALUE="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2ffr%2f%3f"

Missing lines (compared with English-language version):
[Strings]: 1 line


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

a-squared Free Service, a2free, "C:\Program Files\a-squared Free\a2service.exe" ["Emsi Software GmbH"]
Ad-Aware 2007 Service, aawservice, ""C:\Program Files\Ad-Aware 2007\aawservice.exe"" ["Lavasoft AB"]
Google Updater Service, gusvc, ""C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"" ["Google"]
Machine Debug Manager, MDM, ""C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Service Norton AntiVirus Auto-Protect, navapsvc, "C:\Program Files\Norton AntiVirus\navapsvc.exe" ["Symantec Corporation"]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
PDFCreator\Driver = "pdfcmnnt.dll" [null data]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 43 seconds, including 11 seconds for message boxes)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
Utilisateur anonyme
 
Tu peux jeter, aussi ..

Fais ceci en attendant que je regarde de mon côté ;-) :

Fais ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2(en haut) va se mettre à clignoter, clique dessus et choisit "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp

---> https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

- Démarrer Online Scanner
- Accept
- Scanne complétement ton (tes) disques dur
0
Laena
 
et voila, merci pour tout :

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, June 17, 2007 1:00:40 AM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 17/06/2007
Enregistrements dans la base antivirus Kaspersky : 326072
-------------------------------------------------------------------------------

Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai

Cible de l'analyse - Poste de travail:
C:\
D:\
E:\

Statistiques de l'analyse:
Total d'objets analysés: 49019
Nombre de virus trouvés: 0
Nombre d'objets infectés: 0 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 01:03:06

Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\Anne-Sophie\Application Data\Microsoft\Modèles\Normal.dot L'objet est verrouillé ignoré
C:\Documents and Settings\Anne-Sophie\Application Data\Microsoft\Outlook\Outlook.srs L'objet est verrouillé ignoré
C:\Documents and Settings\Anne-Sophie\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Anne-Sophie\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst L'objet est verrouillé ignoré
C:\Documents and Settings\Anne-Sophie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Anne-Sophie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Anne-Sophie\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Anne-Sophie\Local Settings\Temp\~DFBE9C.tmp L'objet est verrouillé ignoré
C:\Documents and Settings\Anne-Sophie\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Anne-Sophie\Mes documents\Les Documents de Anne-Sophie\Sauvegarde Outlook\Sauvegarde Outlook.pst L'objet est verrouillé ignoré
C:\Documents and Settings\Anne-Sophie\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\Anne-Sophie\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{12D45DB0-D82D-4DF4-BBB9-CBA002C7946E}\RP31\change.log L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré

Analyse terminée.
0
Laena > Laena
 
Merci pour ton aide, je trouve vraiement genereux de consacrer autant de temps aux gens qui y en ont besoin... Merci ;-)

J'ai trouvé la répose à mon pb, c'est l'utilitaire ALZIP qui est la cause de cesouci. en fait si tu utilise le menu contextuel il prend le relai sans te le dire, c'est dans un des sujets de ce forum que j'ai vu la reponse.

Merci encore.

Bon dimanche.
0

Discussions similaires

Nom d’adresse
X -
X -

2 réponses
Trouver un nom avec une adresse
lakshmi66 -
Nath01 -

11 réponses
Nom d'adresse
Marie -
brucine -

1 réponse
"Nom de l'adresse" lors d'une inscription sur une site
DAYANA2 -
brucine -

2 réponses