Infestion Virus

EvanE74 -  
rudyrital Messages postés 6233 Statut Membre -
Bonjour

J'ai suivi la methode préliminaire de Kristopher. Voici les trois rapports :

AVG anti spyware :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 17:16:10 13/08/2007

+ Résultat de l'analyse:

C:\WINDOWS\system32\libmsns.dll -> Backdoor.IRCBot.acd : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\msninet.exe -> Backdoor.IRCBot.acd : Nettoyé et sauvegardé (mise en quarantaine).
[2024] C:\WINDOWS\system32\libmsns.dll -> Backdoor.IRCBot.acd : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-484763869-606747145-725345543-1003\Dc166.txt -> TrackingCookie.2o7 : Nettoyé.
C:\RECYCLER\S-1-5-21-484763869-606747145-725345543-1003\Dc148.txt -> TrackingCookie.Atdmt : Nettoyé.
C:\RECYCLER\S-1-5-21-484763869-606747145-725345543-1003\Dc150.txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\RECYCLER\S-1-5-21-484763869-606747145-725345543-1003\Dc171.txt -> TrackingCookie.Live : Nettoyé.
C:\RECYCLER\S-1-5-21-484763869-606747145-725345543-1003\Dc175.txt -> TrackingCookie.Weborama : Nettoyé.
C:\RECYCLER\S-1-5-21-484763869-606747145-725345543-1003\Dc161.txt -> TrackingCookie.Webtrends : Nettoyé.

Fin du rapport

Bitdéfender:

BitDefender Online Scanner

Scan report generated at: Mon, Aug 13, 2007 - 18:25:48
Scan path: C:\;D:\;E:\;F:\;

Statistics
Time
00:56:13
Files
214115
Folders
4445
Boot Sectors
5
Archives
10788
Packed Files
11473

Results
Identified Viruses
2
Infected Files
5
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
5

Engines Info
Virus Definitions
690954
Engine build
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)
Scan plugins
14
Archive plugins
37
Unpack plugins
6
E-mail plugins
6
System plugins
1

Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions

Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes

Scanned File
Status
C:\RECYCLER\S-1-5-21-484763869-606747145-725345543-1003\Dc217.exe
Infected with: Trojan.PWS.LDPinch.TAW
C:\RECYCLER\S-1-5-21-484763869-606747145-725345543-1003\Dc217.exe
Disinfection failed
C:\RECYCLER\S-1-5-21-484763869-606747145-725345543-1003\Dc217.exe
Deleted
C:\System Volume Information\_restore{BA502822-B4C5-4272-87BB-436F1C718A4B}\RP56\A0030174.exe
Infected with: Trojan.PWS.LDPinch.TAW
C:\System Volume Information\_restore{BA502822-B4C5-4272-87BB-436F1C718A4B}\RP56\A0030174.exe
Disinfection failed
C:\System Volume Information\_restore{BA502822-B4C5-4272-87BB-436F1C718A4B}\RP56\A0030174.exe
Deleted
C:\System Volume Information\_restore{BA502822-B4C5-4272-87BB-436F1C718A4B}\RP58\A0031944.exe
Infected with: Backdoor.IRCBot.ABEU
C:\System Volume Information\_restore{BA502822-B4C5-4272-87BB-436F1C718A4B}\RP58\A0031944.exe
Disinfection failed
C:\System Volume Information\_restore{BA502822-B4C5-4272-87BB-436F1C718A4B}\RP58\A0031944.exe
Deleted
C:\System Volume Information\_restore{BA502822-B4C5-4272-87BB-436F1C718A4B}\RP58\A0031946.dll
Infected with: Backdoor.IRCBot.ABEU
C:\System Volume Information\_restore{BA502822-B4C5-4272-87BB-436F1C718A4B}\RP58\A0031946.dll
Deleted
C:\System Volume Information\_restore{BA502822-B4C5-4272-87BB-436F1C718A4B}\RP59\A0031970.exe
Infected with: Trojan.PWS.LDPinch.TAW
C:\System Volume Information\_restore{BA502822-B4C5-4272-87BB-436F1C718A4B}\RP59\A0031970.exe
Disinfection failed
C:\System Volume Information\_restore{BA502822-B4C5-4272-87BB-436F1C718A4B}\RP59\A0031970.exe
Deleted

HijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 18:29:56, on 13/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [IFXSPMGT] C:\WINDOWS\system32\IFXSPMGT.exe /NotifyLogon
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\system32\psqlpwd.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: printers - {227B44AD-A323-48F4-B030-70FF4E655C7F} - libmsns.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe

J'ai aussi fait un petit tour sur le forum et constater que quelqu'un avait eu un problème similaire au mien (PB avec MSN) j'ai donc aussi utiliser MSNFIX.

J'ai refait les trois scans aprés :

AVG anti spyware : pas de fichier infester

Bitdefender : pas de fichier infester

HijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 12:20:50, on 16/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\IFXSPMGT.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [IFXSPMGT] C:\WINDOWS\system32\IFXSPMGT.exe /NotifyLogon
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: psfus - C:\WINDOWS\system32\psqlpwd.dll
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe

Reste t'il encore des virus?
Merci pour votre aide.
Dans l'attente de votre réponce
Configuration: Windows XP
Firefox 2.0.0.6

15 réponses

  1. rudyrital Messages postés 6233 Statut Membre 131
     
    Fais un clic droit sur ce lien :
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.zip
    Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    Fais un clic droit sur navilog1.zip et choisis "tout extraire"
    Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation terminée, le fix s'exécutera automatiquement.
    (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

    Laisse-toi guider. Au menu principal, choisis 1 et valides.
    (ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
    Copie-colle l'intégralité dans une réponse. Referme le blocnote.
    Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

    0
  2. EvanE74
     
    Merci pour votre réponse.

    Comme demander, voici le rapport :

    Search Navipromo version 2.0.8 commencé le 18/08/2007 à 17:44:49,54

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Poster ce rapport sur le forum pour le faire analyser !!!
    !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

    Fix lancé depuis C:\Program Files\navilog1
    Mise a jour le 15.08.2007 a 15h00 by IL-MAFIOSO

    Executé en mode normal

    *** Recherche Programmes installes ***

    *** Recherche dossiers dans C:\WINDOWS ***

    *** Recherche dossiers dans C:\Program Files ***

    *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***

    *** Recherche dossiers dans C:\Documents and Settings\Denis Blanchet\Application Data ***

    *** Recherche avec BlackLight Engine/F-secure ***
    BlackLight Engine est un produit de F-secure, pour + d'infos :
    https://www.f-secure.com/en

    F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
    ======================================

    Copyright 2005-2006 F-Secure Corporation. All rights reserved.
    This is a beta version. It will expire on 1st of October, 2007.
    Version information: 2.2.1064.

    [+] Started on 08/18/07 at 17:44:58.
    [+] Initializing ...
    [+] Starting scan, press Ctrl-C to abort.
    [+] Scanning for hidden items ...................................................................
    [+] Scan complete.
    [+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
    [+] Exited on 08/18/07 at 17:52:29 (return code = 0).

    *** Recherche fichiers ***

    *** Recherche cles registre ***

    Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]

    Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]

    Recherche Clé Magic Control

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche fichiers connus:

    2)Recherche Heuristique :
    *
    **
    ***
    ****
    *****
    ******
    *******
    ********

    3)Recherche Certificats :

    *** Recherche avec GenericNaviSearch Beta ***
    !!! Tous Ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A verifier impérativement avant toute suppression manuelle !!!

    Fichiers trouvés :

    Aucun Fichier trouvé !

    Fichiers suspects :

    Aucun Fichier suspect trouvé !

    *** Analyse Terminé le 18/08/2007 à 17:53:10,07 ***
    0
  3. rudyrital Messages postés 6233 Statut Membre 131
     
    Télécharge « clean.zip »
    http://www.malekal.com/download/clean.zip
    •- Décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier dénommé "clean ".

    •- Redémarre en mode sans échec. ( note bien ce que tu as à faire ).
    Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter.
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).

    •- Ouvre le dossier « clean » qui se trouve sur ton bureau.
    •- Double-clic sur « clean.cmd ».
    Une fenêtre noire va apparaître, choisis l’option 2.

    Clean va travailler.
    •- Redémarre normalement
    •- Poste qui se trouve ici C:\rapport_clean.txt.

    (- Où est le rapport clean ? : « Poste de travail » / double clic sur disque « C / » double-clic sur « rapport_clean.txt » et « copier/coller le contenu » sur le forum. )

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le scrïpt.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le scrïpt.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

    0
  4. EvanE74
     
    Voici les trois rapport :

    Clean

    Script execute en mode sans echec
    Rapport clean par Malekal_morte - http://www.malekal.com
    Script execute en mode sans echec 18/08/2007 a 18:27:27,12

    Microsoft Windows XP [version 5.1.2600]

    *** Suppression des fichiers dans C:

    *** Suppression des fichiers dans C:\WINDOWS\

    *** Suppression des fichiers dans C:\WINDOWS\system32

    *** Suppression des fichiers dans C:\Program Files

    *** Suppression des clefs du registre effectuee..
    *** Fin du rapport !

    SDFix

    SDFix: Version 1.99

    Run by Denis Blanchet on 18/08/2007 at 18:48

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\Documents and Settings\Denis Blanchet\aria.txt - Deleted
    C:\WINDOWS\svchost.DLL - Deleted

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
    "C:\\Program Files\\OrangeBS\\BEWInternet\\Connectivity\\ConnectivityManager.exe"="C:\\Program Files\\OrangeBS\\BEWInternet\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
    "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files:
    ---------------

    Backups Folder: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp

    Finished

    HijackThis

    Logfile of HijackThis v1.99.1
    Scan saved at 19:31:13, on 18/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\WINDOWS\system32\IFXSPMGT.exe
    C:\WINDOWS\system32\IFXTCS.exe
    C:\WINDOWS\system32\IfxPsdSv.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\OpenVPN\bin\openvpn-gui.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Protector Suite QL\psqltray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
    C:\Program Files\Infineon\Security Platform Software\SpTna.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
    O4 - HKLM\..\Run: [IFXSPMGT] C:\WINDOWS\system32\IFXSPMGT.exe /NotifyLogon
    O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
    O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: psfus - C:\WINDOWS\system32\psqlpwd.dll
    O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
    O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
    O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
    O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe

    Question : Faut il faire SDFix 2 fois? (2 fois noté). Je ne l'ai fait qu'une seul fois.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. rudyrital Messages postés 6233 Statut Membre 131
     
    non, c'est moi qui ai eu un soucis :)))

    Télécharge http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Double-clic sur combofix il vas te demander une question répond oui touche y puis attends que combofix soit fini il vas générer un rapport

    Poste le sur le forum dans ta réponse

    Étape 1:
    Télécharge eScan Antivirus Toolkit ici:

    http://www.spywareinfo.dk/download/mwav.exe

    Sauvegarde-le sur ton Bureau.
    Avant de lancer le programme, il faut le mettre à jour tel qu'indiqué à l'étape 2.

    Étape 2:
    Voici comment mettre l'outil à jour :

    1.) Double-clique le fichier mwav.exe qui se trouve sur le Bureau ; dézippe les fichiers dans le nouveau dossier suggéré (C:\Kaspersky). Le programme va se lancer, et tu dois le quitter (clique sur "Exit" puis "Exit").

    2.) Double-clique sur le Poste de travail, puis double-clique sur le lecteur principal (habituellement C:\), double-clique sur le dossier Kaspersky ; ensuite, double-clique sur le fichier kavupd.exe. Tu verras maintenant une fenêtre DOS apparaître, et la mise à jour se complètera en quelques minutes.

    3.) Lorsque la mise à jour sera complétée, tu verras "Press any key to continue" ; tape sur une clé pour continuer. Deux nouveaux répertoires (dossiers) ont été créés lors de la mise à jour (C:\Bases et C:\Downloads).

    4.) Sélectionne/copie tous les fichiers présents dans le dossier C:\Downloads, puis colle-les dans le dossier C:\Kaspersky. Accepte à l'invite de remplacer les fichiers existants.

    Ne pas lancer le scan tout de suite !

    Étape 3:
    Redémarre en mode Sans Échec :
    1) Redémarre ton ordi
    2) Tapote la touche F8 immédiatement, juste après le "Bip"
    3) Tu verras un écran avec options de démarrage apparaître
    4) Choisi la première option : Sans Échec, et valide avec "Entrée"
    5) Choisi ton compte régulier, et non Administrateur

    Étape 4:
    Du mode Sans Échec, voici comment utiliser le programme :

    1.) Pour lancer "eScan Antivirus Toolkit", trouve le fichier mwavscan.com situé dans le dossier C:\Kaspersky

    2.) Double-clique sur mwavscan.com ; l'interface d'eScan va apparaître à l'écran.

    3.) Il est très important de bien cocher ces boîtes sous Scan Option : Memory, Registry, Startup Folders, System Folders, Services.
    0
  7. EvanE74
     
    Voici les deux rapports :

    ComboFix :

    ComboFix 07-08-14.4 - "Denis Blanchet" 2007-08-19 13:32:03.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.511 [GMT 2:00]
    * Created a new restore point

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    c:\RECYCLER\S-1-5-21-484763869-606747145-725345543-1003.tar.gz
    C:\WINDOWS\system32\x64

    ((((((((((((((((((((((((( Files Created from 2007-07-19 to 2007-08-19 )))))))))))))))))))))))))))))))

    2007-08-19 13:31 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-08-18 19:45 <REP> d-------- C:\Program Files\MSN Messenger
    2007-08-18 18:47 <REP> d-------- C:\WINDOWS\ERUNT
    2007-08-18 17:42 <REP> d-------- C:\Program Files\Navilog1
    2007-08-18 06:21 <REP> d-------- C:\Program Files\Microsoft.NET
    2007-08-18 06:20 <REP> d-------- C:\Program Files\Microsoft Visual Studio 8
    2007-08-18 06:20 <REP> d-------- C:\Program Files\Fichiers communs\Merge Modules
    2007-08-18 06:20 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
    2007-08-15 16:17 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2007-08-13 18:28 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
    2007-08-13 17:27 <REP> d-------- C:\WINDOWS\BDOSCAN8
    2007-08-13 15:29 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-08-13 15:11 <REP> d-------- C:\Program Files\CCleaner
    2007-08-13 15:09 <REP> d--h----- C:\WINDOWS\$hf_mig$
    2007-08-10 09:30 65,536 --a------ C:\WINDOWS\system32\EEBUtil.dll
    2007-08-10 09:30 65,536 --a------ C:\WINDOWS\system32\EBAPI.dll
    2007-08-10 09:30 54,272 --a------ C:\WINDOWS\system32\EEBSDKIF.dll
    2007-08-10 09:30 122,880 --a------ C:\WINDOWS\system32\EEBAPI.dll
    2007-08-10 09:30 102,400 --a------ C:\WINDOWS\system32\EEBDSCVR.dll
    2007-08-10 09:30 <REP> d-------- C:\Program Files\Fichiers communs\EPSON
    2007-08-10 09:29 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
    2007-08-10 09:29 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
    2007-08-10 09:28 81,920 --a------ C:\WINDOWS\system32\EBPEPS02.DLL
    2007-08-10 09:28 75,324 --a------ C:\WINDOWS\system32\E_SL2375.DLL
    2007-08-10 09:28 182 --a------ C:\WINDOWS\system32\EBPPORT.DAT
    2007-08-10 09:28 <REP> d-------- C:\Program Files\EPSON
    2007-08-10 09:27 <REP> d-------- C:\EPSON
    2007-08-09 13:48 42,648 --a------ C:\WINDOWS\zllsputility_loc040c.dll
    2007-08-09 13:48 22,168 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
    2007-08-09 13:48 18,072 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
    2007-08-09 13:47 75,512 --a------ C:\WINDOWS\zllsputility.exe
    2007-08-09 13:47 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2007-08-09 13:47 1,087,216 --a------ C:\WINDOWS\system32\zpeng24.dll
    2007-08-09 09:07 54,936 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
    2007-08-09 09:07 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2007-08-09 09:06 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
    2007-08-08 21:48 97,280 --a------ C:\DOCUME~1\DENISB~1\ufojli.exe
    2007-08-08 21:44 97,280 --a------ C:\DOCUME~1\DENISB~1\nihktz.exe
    2007-08-08 19:14 <REP> d-------- C:\Program Files\Lavasoft
    2007-08-08 19:14 <REP> d-------- C:\DOCUME~1\DENISB~1\APPLIC~1\Lavasoft
    2007-08-08 18:45 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr
    2007-08-08 18:45 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-08-08 18:45 92,848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2007-08-08 18:45 783,224 --a------ C:\WINDOWS\system32\aswBoot.exe
    2007-08-08 18:45 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-08-08 18:45 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-08-08 18:45 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-08-08 18:45 <REP> d-------- C:\Program Files\Alwil Software
    2007-08-06 20:32 <REP> d-------- C:\Program Files\QuickTime
    2007-08-06 20:32 <REP> d-------- C:\Program Files\Apple Software Update
    2007-08-06 20:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
    2007-08-06 20:32 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
    2007-08-03 15:02 <REP> d-------- C:\viewplot
    2007-08-02 20:18 <REP> d-------- C:\Program Files\Google
    2007-08-02 20:18 <REP> d-------- C:\DOCUME~1\DENISB~1\APPLIC~1\Google
    2007-08-02 18:51 <REP> d-------- C:\Program Files\GerbMagic
    2007-07-27 18:18 <REP> d-------- C:\DOCUME~1\DENISB~1\APPLIC~1\Media Player Classic
    2007-07-27 18:16 <REP> d-------- C:\Program Files\Real Alternative
    2007-07-27 18:16 <REP> d-------- C:\Program Files\Media Player Classic
    2007-07-27 18:16 <REP> d-------- C:\DOCUME~1\DENISB~1\APPLIC~1\Real
    2007-07-27 18:16 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Real
    2007-07-24 06:35 <REP> d-------- C:\Program Files\7-Zip
    2007-07-22 11:29 <REP> d-------- C:\.Trash-denis
    2007-07-21 19:10 <REP> d-------- C:\Program Files\OpenSource Flash Video Splitter
    2007-07-21 19:10 <REP> d-------- C:\Program Files\DScaler5
    2007-07-21 19:10 <REP> d-------- C:\Program Files\CD Audio Reader Filter
    2007-07-21 19:09 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
    2007-07-21 19:09 <REP> d-------- C:\Program Files\SHOUTcast Source
    2007-07-21 19:09 <REP> d-------- C:\Program Files\RealMedia
    2007-07-21 19:09 <REP> d-------- C:\Program Files\ffdshow
    2007-07-21 19:09 <REP> d-------- C:\Program Files\DS-MP3 Source
    2007-07-21 19:08 <REP> d-------- C:\Program Files\DirectVobSub
    2007-07-21 19:07 <REP> d-------- C:\Program Files\Zoom Player
    2007-07-21 19:04 <REP> d-------- C:\Program Files\CoreCodec
    2007-07-21 19:04 <REP> d-------- C:\DOCUME~1\DENISB~1\APPLIC~1\CoreCodec
    2007-07-21 19:03 <REP> d-------- C:\WINDOWS\Internet Logs

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-08-17 14:04 --------- d-------- C:\DOCUME~1\DENISB~1\APPLIC~1\OpenOffice.org2
    2007-08-07 10:28 --------- d-------- C:\Program Files\Mozilla Thunderbird
    2007-07-19 08:58 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll
    2007-07-13 01:30 765952 --a--c--- C:\WINDOWS\system32\dllcache\vgx.dll
    2007-07-07 11:45 --------- d-------- C:\Program Files\VNC
    2007-07-07 11:44 --------- d-------- C:\Program Files\Putty
    2007-07-07 11:40 --------- d-------- C:\Program Files\Mozilla Sunbird
    2007-06-30 12:10 --------- d-------- C:\Program Files\Fichiers communs\France Telecom
    2007-06-30 12:04 --------- d-------- C:\Program Files\OrangeBS
    2007-06-30 11:55 --------- d-------- C:\Program Files\Sierra Wireless Inc
    2007-06-27 15:24 823808 --a--c--- C:\WINDOWS\system32\dllcache\wininet.dll
    2007-06-27 15:24 671232 --a--c--- C:\WINDOWS\system32\dllcache\mstime.dll
    2007-06-27 15:24 477696 --a--c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
    2007-06-27 15:24 232960 --a--c--- C:\WINDOWS\system32\dllcache\webcheck.dll
    2007-06-27 15:24 193024 --a--c--- C:\WINDOWS\system32\dllcache\msrating.dll
    2007-06-27 15:24 1152000 --a--c--- C:\WINDOWS\system32\dllcache\urlmon.dll
    2007-06-27 15:24 105984 --a--c--- C:\WINDOWS\system32\dllcache\url.dll
    2007-06-27 15:24 102400 --a--c--- C:\WINDOWS\system32\dllcache\occache.dll
    2007-06-27 15:23 6058496 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-06-27 15:23 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-06-27 15:23 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-06-27 15:23 44544 --a--c--- C:\WINDOWS\system32\dllcache\iernonce.dll
    2007-06-27 15:23 27648 --a--c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
    2007-06-27 15:23 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-06-27 15:22 384512 --a--c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
    2007-06-27 15:22 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-06-27 15:22 230400 --a--c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
    2007-06-27 15:22 153088 --a--c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
    2007-06-27 15:22 132608 --a--c--- C:\WINDOWS\system32\dllcache\extmgr.dll
    2007-06-27 15:22 124928 --a--c--- C:\WINDOWS\system32\dllcache\advpack.dll
    2007-06-27 10:28 625152 --a--c--- C:\WINDOWS\system32\dllcache\iexplore.exe
    2007-06-27 10:27 63488 --a--c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2007-06-27 10:27 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-06-27 09:00 161792 --a--c--- C:\WINDOWS\system32\dllcache\ieakui.dll
    2007-06-26 19:33 --------- d-------- C:\DOCUME~1\DENISB~1\APPLIC~1\Sierra Wireless
    2007-06-26 08:09 1104896 --a--c--- C:\WINDOWS\system32\dllcache\msxml3.dll
    2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
    2007-06-23 19:04 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-06-23 19:04 --------- d-------- C:\Program Files\Sony
    2007-06-23 18:57 --------- d-------- C:\DOCUME~1\DENISB~1\APPLIC~1\Sony Corporation
    2007-06-19 15:32 282112 --a--c--- C:\WINDOWS\system32\dllcache\gdi32.dll
    2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
    2007-06-15 16:13 315392 --a------ C:\WINDOWS\HideWin.exe
    2007-06-15 15:08 684032 --a------ C:\WINDOWS\system32\NETw4c32.dll
    2007-06-15 15:08 2772992 --a------ C:\WINDOWS\system32\NETw4r32.dll
    2007-06-15 14:29 2430 --a------ C:\WINDOWS\pchealth\helpctr\PackageStore\SkuStore.bin
    2007-06-15 14:26 8972 --a------ C:\WINDOWS\pchealth\helpctr\Config\Cntstore.bin
    2007-06-15 13:29 0 -rahs---- C:\MSDOS.SYS
    2007-06-15 13:29 0 -rahs---- C:\IO.SYS
    2007-06-15 13:29 0 --a------ C:\CONFIG.SYS
    2007-06-15 13:29 0 --a------ C:\AUTOEXEC.BAT
    2007-06-13 15:22 1037312 --a--c--- C:\WINDOWS\system32\dllcache\explorer.exe
    2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe
    2007-06-11 23:51 10834944 --a--c--- C:\WINDOWS\system32\dllcache\wmp.dll
    --------- C:\Program Files\Hijackthis Version Française

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 14:00]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 14:00]
    "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2006-11-11 15:35]
    "IFXSPMGT"="C:\WINDOWS\system32\IFXSPMGT.exe" [2006-11-13 07:23]
    "PSQLLauncher"="C:\Program Files\Protector Suite QL\launcher.exe" [2006-11-29 16:38]
    "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-04-16 12:51]
    "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-04-16 12:51]
    "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-04-16 12:51]
    "openvpn-gui"="C:\Program Files\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 10:55]
    "SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2006-03-09 20:58]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:07]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-11-25 08:29:44]
    EPSON Status Monitor 3 Environment Check(3).lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2007-08-10 09:28:30]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    C:\WINDOWS\system32\psqlpwd.dll 2006-11-29 17:00 90112 C:\WINDOWS\system32\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    VESWinlogon.dll 2006-11-24 10:36 73728 C:\WINDOWS\system32\VESWinlogon.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"= scecli psqlpwd

    R1 DMICall;Sony DMI Call service;C:\WINDOWS\system32\DRIVERS\DMICall.sys
    R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys
    R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    R2 XAudio;XAudio;C:\WINDOWS\system32\DRIVERS\xaudio.sys
    R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
    R3 SNC;Périphérique de contrôle d'ordinateur portable Sony;C:\WINDOWS\system32\DRIVERS\SonyNC.sys
    R3 SPI;Périphérique de contrôle d'E/S programmable Sony;C:\WINDOWS\system32\DRIVERS\SonyPI.sys
    R3 swivsp;AC8xx Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\swivspnt.sys
    R3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys
    R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys
    R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys
    S3 ACGPRS;Sierra Wireless 3G Adapter;C:\WINDOWS\system32\DRIVERS\acgprs.sys
    S3 igfx;igfx;C:\WINDOWS\system32\DRIVERS\igdkmd32.sys
    S3 mf;mf;C:\WINDOWS\system32\DRIVERS\mf.sys
    S3 scrswi;Sierra Wireless Smart Card Reader;C:\WINDOWS\system32\DRIVERS\scrswi.sys
    S3 SWUMX20;Sierra Wireless USB MUX Driver (UMTS20);C:\WINDOWS\system32\DRIVERS\swumx20.sys

    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-08-19 13:35:17
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-08-19 13:36:45
    C:\ComboFix-quarantined-files.txt ... 2007-08-19 13:36

    --- E O F ---

    eScan Antivirus Toolkit :

    Sun Aug 19 16:52:43 2007 => **********************************************************
    Sun Aug 19 16:52:43 2007 => eScan AntiVirus Toolkit Utility.
    Sun Aug 19 16:52:43 2007 => Copyright © 2003-2004, MicroWorld Technologies Inc.
    Sun Aug 19 16:52:43 2007 => **********************************************************
    Sun Aug 19 16:52:43 2007 => Version 4.4.7
    Sun Aug 19 16:52:43 2007 => Log File: C:\KASPER~1\mwav.log
    Sun Aug 19 16:52:43 2007 => Latest Date of files inside MWAV: 13 May 2007 14:04:31.
    Sun Aug 19 16:52:47 2007 => AV Library Loaded...
    Sun Aug 19 16:52:47 2007 => Scanning File C:\KASPER~1\kavss.exe
    Sun Aug 19 16:52:47 2007 => Scanning File C:\KASPER~1\Getvlist.exe
    Sun Aug 19 16:52:47 2007 => Scanning File C:\KASPER~1\kavss.dll
    Sun Aug 19 16:52:47 2007 => Scanning File C:\KASPER~1\kavssdi.dll
    Sun Aug 19 16:52:47 2007 => Scanning File C:\KASPER~1\kavssi.dll
    Sun Aug 19 16:52:47 2007 => Scanning File C:\KASPER~1\kavvlg.dll
    Sun Aug 19 16:52:47 2007 => Scanning File C:\KASPER~1\msvlclnt.dll
    Sun Aug 19 16:52:47 2007 => Scanning File C:\KASPER~1\ipc.dll
    Sun Aug 19 16:52:48 2007 => Scanning File C:\KASPER~1\main.avi
    Sun Aug 19 16:52:48 2007 => Scanning File C:\KASPER~1\virus.avi
    Sun Aug 19 16:52:48 2007 => Virus Database Date: 2007/05/13
    Sun Aug 19 16:52:48 2007 => Virus Database Count: 318294
    Sun Aug 19 17:23:04 2007 => **********************************************************
    Sun Aug 19 17:23:04 2007 => eScan AntiVirus Toolkit Utility.
    Sun Aug 19 17:23:04 2007 => Copyright © 2003-2004, MicroWorld Technologies Inc.
    Sun Aug 19 17:23:04 2007 => **********************************************************
    Sun Aug 19 17:23:04 2007 => Version 4.4.7
    Sun Aug 19 17:23:04 2007 => Log File: C:\KASPER~1\mwav.log
    Sun Aug 19 17:23:08 2007 => Latest Date of files inside MWAV: 19 Aug 2007 17:28:17.
    Sun Aug 19 17:23:30 2007 => AV Library Loaded...
    Sun Aug 19 17:23:30 2007 => Scanning File C:\KASPER~1\kavss.exe
    Sun Aug 19 17:23:30 2007 => Scanning File C:\KASPER~1\Getvlist.exe
    Sun Aug 19 17:23:30 2007 => Scanning File C:\KASPER~1\kavss.dll
    Sun Aug 19 17:23:30 2007 => Scanning File C:\KASPER~1\kavssdi.dll
    Sun Aug 19 17:23:31 2007 => Scanning File C:\KASPER~1\kavssi.dll
    Sun Aug 19 17:23:31 2007 => Scanning File C:\KASPER~1\kavvlg.dll
    Sun Aug 19 17:23:31 2007 => Scanning File C:\KASPER~1\msvlclnt.dll
    Sun Aug 19 17:23:31 2007 => Scanning File C:\KASPER~1\ipc.dll
    Sun Aug 19 17:23:31 2007 => Scanning File C:\KASPER~1\main.avi
    Sun Aug 19 17:23:31 2007 => Scanning File C:\KASPER~1\virus.avi
    Sun Aug 19 17:23:31 2007 => Virus Database Date: 2007/08/19
    Sun Aug 19 17:23:31 2007 => Virus Database Count: 385131

    Sun Aug 19 17:24:11 2007 => **********************************************************
    Sun Aug 19 17:24:11 2007 => eScan AntiVirus Toolkit Utility.
    Sun Aug 19 17:24:11 2007 => Copyright © 2003-2004, MicroWorld Technologies Inc.
    Sun Aug 19 17:24:11 2007 =>
    Sun Aug 19 17:24:11 2007 => Support: support@mwti.net
    Sun Aug 19 17:24:11 2007 => Web: https://www.escanav.com/en/index.asp
    Sun Aug 19 17:24:11 2007 => **********************************************************
    Sun Aug 19 17:24:11 2007 => Version 4.4.7
    Sun Aug 19 17:24:11 2007 => Log File: C:\KASPER~1\mwav.log
    Sun Aug 19 17:24:11 2007 => Latest Date of files inside MWAV: 19 Aug 2007 17:28:17.

    Sun Aug 19 17:24:12 2007 => Options Selected by User:
    Sun Aug 19 17:24:12 2007 => Memory Check: Enabled
    Sun Aug 19 17:24:12 2007 => Registry Check: Enabled
    Sun Aug 19 17:24:12 2007 => StartUp Folder Check: Enabled
    Sun Aug 19 17:24:12 2007 => System Folder Check: Enabled
    Sun Aug 19 17:24:12 2007 => System Area Check: Disabled
    Sun Aug 19 17:24:12 2007 => Services Check: Enabled
    Sun Aug 19 17:24:12 2007 => Drive Check Option Disabled
    Sun Aug 19 17:24:12 2007 => Scanning Type: Scan And Clean
    Sun Aug 19 17:24:12 2007 => Folder Check: Disabled

    Sun Aug 19 17:24:12 2007 => ***** Scanning Memory Files *****
    Sun Aug 19 17:24:12 2007 => Scanning File C:\WINDOWS\system32\services.exe
    Sun Aug 19 17:24:12 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
    Sun Aug 19 17:24:12 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:12 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGANT~1.5\guard.exe
    Sun Aug 19 17:24:12 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:12 2007 => Scanning File C:\WINDOWS\Explorer.EXE
    Sun Aug 19 17:24:12 2007 => Scanning File C:\Kaspersky\mwavscan.com
    Sun Aug 19 17:24:12 2007 => Scanning File C:\Kaspersky\kavss.exe

    Sun Aug 19 17:24:12 2007 => ***** Scanning Registry Files *****

    Sun Aug 19 17:24:12 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    Sun Aug 19 17:24:12 2007 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
    Sun Aug 19 17:24:12 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
    Sun Aug 19 17:24:12 2007 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
    Sun Aug 19 17:24:12 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
    Sun Aug 19 17:24:12 2007 => Scanning File C:\WINDOWS\system32\webcheck.dll
    Sun Aug 19 17:24:12 2007 => Scanning File C:\WINDOWS\system32\stobject.dll
    Sun Aug 19 17:24:12 2007 => Scanning File C:\WINDOWS\system32\WPDShServiceObj.dll

    Sun Aug 19 17:24:12 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
    Sun Aug 19 17:24:12 2007 => {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    Sun Aug 19 17:24:12 2007 => Scanning File C:\PROGRA~1\FICHIE~1\Adobe\Acrobat\ActiveX\ACROIE~1.DLL
    Sun Aug 19 17:24:13 2007 => {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    Sun Aug 19 17:24:13 2007 => Scanning File C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
    Sun Aug 19 17:24:13 2007 => {7E853D72-626A-48EC-A868-BA8D5E23E045} = NULL

    Sun Aug 19 17:24:13 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Sun Aug 19 17:24:13 2007 => Scanning File C:\WINDOWS\Explorer.exe
    Sun Aug 19 17:24:13 2007 => Scanning File C:\WINDOWS\system32\userinit.exe

    Sun Aug 19 17:24:13 2007 => Scanning HKCU\Control Panel\Desktop

    Sun Aug 19 17:24:13 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Sun Aug 19 17:24:13 2007 => Scanning File C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
    Sun Aug 19 17:24:13 2007 => Scanning File C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
    Sun Aug 19 17:24:13 2007 => Scanning File C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
    Sun Aug 19 17:24:13 2007 => Scanning File C:\PROGRA~1\Sony\ISBUTI~1\ISBMgr.exe
    Sun Aug 19 17:24:13 2007 => Scanning File C:\WINDOWS\system32\IFXSPMGT.exe
    Sun Aug 19 17:24:14 2007 => Scanning File C:\PROGRA~1\PROTEC~1\launcher.exe
    Sun Aug 19 17:24:14 2007 => Scanning File C:\WINDOWS\system32\igfxtray.exe
    Sun Aug 19 17:24:14 2007 => Scanning File C:\WINDOWS\system32\hkcmd.exe
    Sun Aug 19 17:24:14 2007 => Scanning File C:\WINDOWS\system32\igfxpers.exe
    Sun Aug 19 17:24:14 2007 => Scanning File C:\PROGRA~1\OpenVPN\bin\OPENVP~1.EXE
    Sun Aug 19 17:24:14 2007 => Scanning File C:\PROGRA~1\Sony\VAIOPO~1\SPMgr.exe
    Sun Aug 19 17:24:15 2007 => Scanning File C:\PROGRA~1\QUICKT~1\QTTask.exe
    Sun Aug 19 17:24:15 2007 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    Sun Aug 19 17:24:15 2007 => Scanning File C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    Sun Aug 19 17:24:15 2007 => *** File C:\PROGRA~1\Grisoft\AVGANT~1.5\avgas.exe having Size Restriction ***
    Sun Aug 19 17:24:15 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGANT~1.5\avgas.exe [**]

    Sun Aug 19 17:24:15 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

    Sun Aug 19 17:24:15 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

    Sun Aug 19 17:24:15 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

    Sun Aug 19 17:24:15 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Sun Aug 19 17:24:15 2007 => Scanning File C:\WINDOWS\system32\ctfmon.exe
    Sun Aug 19 17:24:16 2007 => Scanning File C:\PROGRA~1\MICROS~2\wcescomm.exe
    Sun Aug 19 17:24:16 2007 => *** File C:\PROGRA~1\MSNMES~1\MsnMsgr.Exe having Size Restriction ***
    Sun Aug 19 17:24:16 2007 => Scanning File C:\PROGRA~1\MSNMES~1\MsnMsgr.Exe [**]

    Sun Aug 19 17:24:16 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

    Sun Aug 19 17:24:16 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

    Sun Aug 19 17:24:16 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

    Sun Aug 19 17:24:16 2007 => Scanning HKCR\txtfile\shell\open\command

    Sun Aug 19 17:24:16 2007 => Scanning HKCR\comfile\shell\open\command

    Sun Aug 19 17:24:16 2007 => Scanning HKCR\exefile\shell\open\command

    Sun Aug 19 17:24:16 2007 => Scanning HKCR\dllfile\shell\open\command

    Sun Aug 19 17:24:16 2007 => Scanning HKCR\batfile\shell\open\command

    Sun Aug 19 17:24:16 2007 => Scanning HKCR\piffile\shell\open\command

    Sun Aug 19 17:24:16 2007 => Scanning HKCR\scrfile\shell\open\command

    Sun Aug 19 17:24:16 2007 => Scanning HKCR\scrfile\shell\config\command

    Sun Aug 19 17:24:16 2007 => Scanning HKCR\regfile\shell\open\command

    Sun Aug 19 17:24:16 2007 => ***** Scanning StartUp Folders *****

    Sun Aug 19 17:24:16 2007 => ***** Scanning C:\Documents and Settings\Denis Blanchet\Menu Démarrer\Programmes\Démarrage Folder *****
    Sun Aug 19 17:24:16 2007 => Scanning Folder: C:\Documents and Settings\Denis Blanchet\Menu Démarrer\Programmes\Démarrage\*.*
    Sun Aug 19 17:24:16 2007 => Scanning File C:\Documents and Settings\Denis Blanchet\Menu Démarrer\Programmes\Démarrage\desktop.ini

    Sun Aug 19 17:24:16 2007 => ***** Scanning C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Folder *****
    Sun Aug 19 17:24:16 2007 => Scanning Folder: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\*.*
    Sun Aug 19 17:24:16 2007 => Scanning File C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk
    Sun Aug 19 17:24:16 2007 => Scanning File C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
    Sun Aug 19 17:24:16 2007 => Scanning File C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\EPSON Status Monitor 3 Environment Check(3).lnk

    Sun Aug 19 17:24:16 2007 => ***** Scanning Service Files *****
    Sun Aug 19 17:24:17 2007 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
    Sun Aug 19 17:24:17 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\acgprs.sys
    Sun Aug 19 17:24:17 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ACPI.sys
    Sun Aug 19 17:24:17 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    Sun Aug 19 17:24:17 2007 => Scanning File C:\WINDOWS\system32\drivers\aec.sys
    Sun Aug 19 17:24:17 2007 => Scanning File C:\WINDOWS\System32\drivers\afd.sys
    Sun Aug 19 17:24:17 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:17 2007 => Scanning File C:\WINDOWS\System32\alg.exe
    Sun Aug 19 17:24:17 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:17 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\arp1394.sys
    Sun Aug 19 17:24:17 2007 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    Sun Aug 19 17:24:18 2007 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\aswUpdSv.exe
    Sun Aug 19 17:24:18 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    Sun Aug 19 17:24:18 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\atapi.sys
    Sun Aug 19 17:24:18 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    Sun Aug 19 17:24:18 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Aug 19 17:24:18 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\audstub.sys
    Sun Aug 19 17:24:18 2007 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\ashServ.exe
    Sun Aug 19 17:24:18 2007 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\ashMaiSv.exe
    Sun Aug 19 17:24:18 2007 => Scanning File C:\PROGRA~1\ALWILS~1\Avast4\ashWebSv.exe
    Sun Aug 19 17:24:18 2007 => Scanning File C:\PROGRA~1\GRISOFT\AVGANT~1.5\GUARD.SYS
    Sun Aug 19 17:24:19 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGANT~1.5\guard.exe
    Sun Aug 19 17:24:19 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys
    Sun Aug 19 17:24:19 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:19 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:19 2007 => ERROR!!! Invalid Entry \??\C:\DOCUME~1\DENISB~1\LOCALS~1\Temp\catchme.sys in SYSTEM\CurrentControlSet\Services\catchme...
    Sun Aug 19 17:24:19 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\cdrom.sys
    Sun Aug 19 17:24:19 2007 => Scanning File C:\WINDOWS\system32\cisvc.exe
    Sun Aug 19 17:24:19 2007 => Scanning File C:\WINDOWS\system32\clipsrv.exe
    Sun Aug 19 17:24:19 2007 => Scanning File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    Sun Aug 19 17:24:19 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    Sun Aug 19 17:24:19 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\compbatt.sys
    Sun Aug 19 17:24:19 2007 => Scanning File C:\WINDOWS\system32\dllhost.exe
    Sun Aug 19 17:24:19 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:19 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:19 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:19 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\disk.sys
    Sun Aug 19 17:24:19 2007 => Scanning File C:\WINDOWS\System32\dmadmin.exe
    Sun Aug 19 17:24:19 2007 => Scanning File C:\WINDOWS\system32\drivers\dmboot.sys
    Sun Aug 19 17:24:20 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\DMICall.sys
    Sun Aug 19 17:24:20 2007 => Scanning File C:\WINDOWS\system32\drivers\dmio.sys
    Sun Aug 19 17:24:20 2007 => Scanning File C:\WINDOWS\system32\drivers\dmload.sys
    Sun Aug 19 17:24:20 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Aug 19 17:24:20 2007 => Scanning File C:\WINDOWS\system32\drivers\DMusic.sys
    Sun Aug 19 17:24:20 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:20 2007 => Scanning File C:\WINDOWS\system32\drivers\drmkaud.sys
    Sun Aug 19 17:24:20 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\e100b325.sys
    Sun Aug 19 17:24:21 2007 => Scanning File C:\PROGRA~1\FICHIE~1\EPSON\EBAPI\eEBSVC.exe
    Sun Aug 19 17:24:21 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Aug 19 17:24:21 2007 => Scanning File C:\WINDOWS\system32\services.exe
    Sun Aug 19 17:24:21 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:21 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Aug 19 17:24:21 2007 => Scanning File C:\WINDOWS\system32\fxssvc.exe
    Sun Aug 19 17:24:21 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    Sun Aug 19 17:24:21 2007 => Scanning File C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    Sun Aug 19 17:24:22 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    Sun Aug 19 17:24:22 2007 => Scanning File C:\PROGRA~1\FICHIE~1\FRANCE~1\SHARED~1\FTRTSVC\0\FTRTSVC.exe
    Sun Aug 19 17:24:22 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\msgpc.sys
    Sun Aug 19 17:24:22 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    Sun Aug 19 17:24:22 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Aug 19 17:24:22 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Aug 19 17:24:22 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\hidusb.sys
    Sun Aug 19 17:24:22 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
    Sun Aug 19 17:24:22 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
    Sun Aug 19 17:24:22 2007 => Scanning File C:\WINDOWS\system32\Drivers\HTTP.sys
    Sun Aug 19 17:24:23 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Aug 19 17:24:23 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    Sun Aug 19 17:24:23 2007 => *** File C:\WINDOWS\system32\DRIVERS\igxpmp32.sys having Size Restriction ***
    Sun Aug 19 17:24:23 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [**]
    Sun Aug 19 17:24:23 2007 => Scanning File C:\WINDOWS\MICROS~1.NET\FRAMEW~1\v3.0\WINDOW~1\infocard.exe
    Sun Aug 19 17:24:23 2007 => Scanning File C:\WINDOWS\system32\IFXSPMGT.exe
    Sun Aug 19 17:24:23 2007 => Scanning File C:\WINDOWS\system32\IFXTCS.exe
    Sun Aug 19 17:24:23 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
    Sun Aug 19 17:24:24 2007 => ERROR!!! Invalid Entry system32\DRIVERS\igdkmd32.sys in SYSTEM\CurrentControlSet\Services\igfx...
    Sun Aug 19 17:24:24 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\imapi.sys
    Sun Aug 19 17:24:24 2007 => Scanning File C:\WINDOWS\system32\imapi.exe
    Sun Aug 19 17:24:24 2007 => Scanning File C:\WINDOWS\system32\drivers\RtkHDAud.sys
    Sun Aug 19 17:24:24 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\intelppm.sys
    Sun Aug 19 17:24:24 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    Sun Aug 19 17:24:24 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    Sun Aug 19 17:24:24 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ipinip.sys
    Sun Aug 19 17:24:24 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ipnat.sys
    Sun Aug 19 17:24:24 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ipsec.sys
    Sun Aug 19 17:24:25 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\irenum.sys
    Sun Aug 19 17:24:25 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\isapnp.sys
    Sun Aug 19 17:24:25 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    Sun Aug 19 17:24:25 2007 => Scanning File C:\WINDOWS\system32\drivers\kmixer.sys
    Sun Aug 19 17:24:25 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:25 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:25 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:25 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
    Sun Aug 19 17:24:25 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:25 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mf.sys
    Sun Aug 19 17:24:25 2007 => Scanning File C:\WINDOWS\system32\mnmsrvc.exe
    Sun Aug 19 17:24:25 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mouclass.sys
    Sun Aug 19 17:24:25 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mouhid.sys
    Sun Aug 19 17:24:25 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    Sun Aug 19 17:24:26 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    Sun Aug 19 17:24:26 2007 => Scanning File C:\WINDOWS\system32\msdtc.exe
    Sun Aug 19 17:24:26 2007 => Scanning File C:\WINDOWS\system32\msiexec.exe
    Sun Aug 19 17:24:26 2007 => Scanning File C:\WINDOWS\system32\drivers\MSKSSRV.sys
    Sun Aug 19 17:24:26 2007 => Scanning File C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    Sun Aug 19 17:24:26 2007 => Scanning File C:\WINDOWS\system32\drivers\MSPQM.sys
    Sun Aug 19 17:24:26 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    Sun Aug 19 17:24:26 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    Sun Aug 19 17:24:27 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    Sun Aug 19 17:24:27 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    Sun Aug 19 17:24:27 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\netbios.sys
    Sun Aug 19 17:24:27 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\netbt.sys
    Sun Aug 19 17:24:27 2007 => Scanning File C:\WINDOWS\system32\netdde.exe
    Sun Aug 19 17:24:27 2007 => Scanning File C:\WINDOWS\system32\netdde.exe
    Sun Aug 19 17:24:27 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
    Sun Aug 19 17:24:27 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Aug 19 17:24:27 2007 => Scanning File C:\WINDOWS\MICROS~1.NET\FRAMEW~1\v3.0\WINDOW~1\SMSVCH~1.EXE
    Sun Aug 19 17:24:27 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
    Sun Aug 19 17:24:28 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\nic1394.sys
    Sun Aug 19 17:24:28 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:28 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
    Sun Aug 19 17:24:28 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:28 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    Sun Aug 19 17:24:28 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    Sun Aug 19 17:24:28 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    Sun Aug 19 17:24:28 2007 => Scanning File C:\PROGRA~1\OpenVPN\bin\OPENVP~2.EXE
    Sun Aug 19 17:24:28 2007 => Scanning File C:\WINDOWS\SYSTEM32\PCAMPR5.SYS
    Sun Aug 19 17:24:28 2007 => Scanning File C:\WINDOWS\SYSTEM32\PCANDIS5.SYS
    Sun Aug 19 17:24:28 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\pci.sys
    Sun Aug 19 17:24:28 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\pciide.sys
    Sun Aug 19 17:24:28 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\pcmcia.sys
    Sun Aug 19 17:24:28 2007 => Scanning File C:\WINDOWS\System32\drivers\psd.sys
    Sun Aug 19 17:24:29 2007 => Scanning File C:\WINDOWS\system32\IfxPsdSv.exe
    Sun Aug 19 17:24:29 2007 => Scanning File C:\WINDOWS\system32\services.exe
    Sun Aug 19 17:24:29 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
    Sun Aug 19 17:24:29 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\raspptp.sys
    Sun Aug 19 17:24:29 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
    Sun Aug 19 17:24:29 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\psched.sys
    Sun Aug 19 17:24:29 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ptilink.sys
    Sun Aug 19 17:24:29 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\rasacd.sys
    Sun Aug 19 17:24:29 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:29 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    Sun Aug 19 17:24:29 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:29 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    Sun Aug 19 17:24:29 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\raspti.sys
    Sun Aug 19 17:24:29 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\rdbss.sys
    Sun Aug 19 17:24:29 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    Sun Aug 19 17:24:29 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    Sun Aug 19 17:24:30 2007 => Scanning File C:\WINDOWS\system32\sessmgr.exe
    Sun Aug 19 17:24:30 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\redbook.sys
    Sun Aug 19 17:24:30 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:30 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:30 2007 => Scanning File C:\WINDOWS\system32\Drivers\RootMdm.sys
    Sun Aug 19 17:24:30 2007 => Scanning File C:\WINDOWS\system32\locator.exe
    Sun Aug 19 17:24:30 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:30 2007 => Scanning File C:\WINDOWS\system32\rsvp.exe
    Sun Aug 19 17:24:30 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
    Sun Aug 19 17:24:30 2007 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
    Sun Aug 19 17:24:30 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Aug 19 17:24:30 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\scrswi.sys
    Sun Aug 19 17:24:31 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\secdrv.sys
    Sun Aug 19 17:24:31 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Aug 19 17:24:31 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:31 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Aug 19 17:24:31 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Aug 19 17:24:31 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\SonyNC.sys
    Sun Aug 19 17:24:31 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\SonyPI.sys
    Sun Aug 19 17:24:31 2007 => Scanning File C:\WINDOWS\system32\drivers\splitter.sys
    Sun Aug 19 17:24:31 2007 => Scanning File C:\WINDOWS\system32\spoolsv.exe
    Sun Aug 19 17:24:31 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\sr.sys
    Sun Aug 19 17:24:31 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\srescan.sys
    Sun Aug 19 17:24:31 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:31 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\srv.sys
    Sun Aug 19 17:24:31 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:32 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:32 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\swenum.sys
    Sun Aug 19 17:24:32 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\swivspnt.sys
    Sun Aug 19 17:24:32 2007 => Scanning File C:\WINDOWS\system32\drivers\swmidi.sys
    Sun Aug 19 17:24:32 2007 => Scanning File C:\WINDOWS\system32\dllhost.exe
    Sun Aug 19 17:24:32 2007 => ERROR!!! Invalid Entry system32\DRIVERS\swumx20.sys in SYSTEM\CurrentControlSet\Services\SWUMX20...
    Sun Aug 19 17:24:32 2007 => Scanning File C:\WINDOWS\system32\drivers\sysaudio.sys
    Sun Aug 19 17:24:32 2007 => Scanning File C:\WINDOWS\system32\smlogsvc.exe
    Sun Aug 19 17:24:32 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\tap0801.sys
    Sun Aug 19 17:24:32 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Aug 19 17:24:32 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\tcpip.sys
    Sun Aug 19 17:24:32 2007 => Scanning File C:\WINDOWS\system32\Drivers\tcusb.sys
    Sun Aug 19 17:24:32 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\termdd.sys
    Sun Aug 19 17:24:33 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Aug 19 17:24:33 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Aug 19 17:24:33 2007 => Scanning File C:\WINDOWS\system32\drivers\ti21sony.sys
    Sun Aug 19 17:24:33 2007 => Scanning File C:\WINDOWS\system32\tlntsvr.exe
    Sun Aug 19 17:24:33 2007 => Scanning File C:\PROGRA~1\Toshiba\BLUETO~1\TosBtSrv.exe
    Sun Aug 19 17:24:34 2007 => Scanning File C:\WINDOWS\system32\drivers\Toshidpt.sys
    Sun Aug 19 17:24:34 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\tosporte.sys
    Sun Aug 19 17:24:34 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
    Sun Aug 19 17:24:34 2007 => Scanning File C:\WINDOWS\system32\Drivers\tosrfbnp.sys
    Sun Aug 19 17:24:34 2007 => Scanning File C:\WINDOWS\system32\Drivers\tosrfcom.sys
    Sun Aug 19 17:24:34 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
    Sun Aug 19 17:24:34 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
    Sun Aug 19 17:24:34 2007 => Scanning File C:\WINDOWS\system32\drivers\tosrfsnd.sys
    Sun Aug 19 17:24:34 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
    Sun Aug 19 17:24:35 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:35 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\update.sys
    Sun Aug 19 17:24:35 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:35 2007 => Scanning File C:\WINDOWS\System32\ups.exe
    Sun Aug 19 17:24:35 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\usbehci.sys
    Sun Aug 19 17:24:35 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\usbhub.sys
    Sun Aug 19 17:24:35 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\usbprint.sys
    Sun Aug 19 17:24:35 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    Sun Aug 19 17:24:35 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    Sun Aug 19 17:24:35 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\usb8023x.sys
    Sun Aug 19 17:24:35 2007 => Scanning File C:\PROGRA~1\MSNMES~1\usnsvc.exe
    Sun Aug 19 17:24:35 2007 => Scanning File C:\PROGRA~1\Sony\VAIOEV~1\VESMgr.exe
    Sun Aug 19 17:24:36 2007 => Scanning File C:\WINDOWS\System32\drivers\vga.sys
    Sun Aug 19 17:24:36 2007 => Scanning File C:\WINDOWS\system32\vsdatant.sys
    Sun Aug 19 17:24:36 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    Sun Aug 19 17:24:36 2007 => Scanning File C:\WINDOWS\System32\vssvc.exe
    Sun Aug 19 17:24:36 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Aug 19 17:24:36 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\wanarp.sys
    Sun Aug 19 17:24:36 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
    Sun Aug 19 17:24:37 2007 => Scanning File C:\WINDOWS\system32\drivers\wdmaud.sys
    Sun Aug 19 17:24:37 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:37 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
    Sun Aug 19 17:24:37 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:37 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Aug 19 17:24:37 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Aug 19 17:24:37 2007 => Scanning File C:\WINDOWS\system32\wbem\wmiapsrv.exe
    Sun Aug 19 17:24:37 2007 => Scanning File C:\PROGRA~1\WINDOW~2\WMPNetwk.exe
    Sun Aug 19 17:24:38 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Aug 19 17:24:38 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:38 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    Sun Aug 19 17:24:38 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    Sun Aug 19 17:24:38 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Aug 19 17:24:38 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Aug 19 17:24:38 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\xaudio.sys
    Sun Aug 19 17:24:38 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\xaudio.exe
    Sun Aug 19 17:24:38 2007 => Scanning File C:\WINDOWS\System32\svchost.exe

    Sun Aug 19 17:24:38 2007 => ***** Scanning System32 Folders *****
    Sun Aug 19 17:24:38 2007 => Scanning C:\WINDOWS Directory
    Sun Aug 19 17:24:38 2007 => Scanning Folder: C:\WINDOWS\*.*
    Sun Aug 19 17:24:38 2007 => Scanning File C:\WINDOWS\0.log [**]
    Sun Aug 19 17:24:38 2007 => Scanning File C:\WINDOWS\Alcmtr.exe
    Sun Aug 19 17:24:38 2007 => Scanning File C:\WINDOWS\alcwzrd.exe
    Sun Aug 19 17:24:39 2007 => Scanning File C:\WINDOWS\bdoscandel.exe
    Sun Aug 19 17:24:39 2007 => Scanning File C:\WINDOWS\bdoscandellang.ini
    Sun Aug 19 17:24:39 2007 => Scanning File C:\WINDOWS\bootstat.dat
    Sun Aug 19 17:24:39 2007 => Scanning File C:\WINDOWS\Bulles de savon.bmp
    Sun Aug 19 17:24:39 2007 => Scanning File C:\WINDOWS\catchme.exe
    Sun Aug 19 17:24:40 2007 => Scanning File C:\WINDOWS\clock.avi
    Sun Aug 19 17:24:40 2007 => Scanning File C:\WINDOWS\control.ini [**]
    Sun Aug 19 17:24:40 2007 => Scanning File C:\WINDOWS\desktop.ini
    Sun Aug 19 17:24:40 2007 => Scanning File C:\WINDOWS\DPINST.LOG
    Sun Aug 19 17:24:40 2007 => Scanning File C:\WINDOWS\explorer.exe
    Sun Aug 19 17:24:40 2007 => Scanning File C:\WINDOWS\explorer.scf
    Sun Aug 19 17:24:40 2007 => Scanning File C:\WINDOWS\Granit vert.bmp
    Sun Aug 19 17:24:40 2007 => Scanning File C:\WINDOWS\hh.exe
    Sun Aug 19 17:24:40 2007 => Scanning File C:\WINDOWS\HideWin.exe
    Sun Aug 19 17:24:40 2007 => Scanning File C:\WINDOWS\Jour de pêche.bmp
    Sun Aug 19 17:24:40 2007 => Scanning File C:\WINDOWS\MicCal.exe
    Sun Aug 19 17:24:41 2007 => Scanning File C:\WINDOWS\ModemLog_HDAUDIO SoftV92 Data Fax Modem with SmartCP.txt
    Sun Aug 19 17:24:41 2007 => Scanning File C:\WINDOWS\ModemLog_Sierra Wireless AirCard 3G Modem.txt
    Sun Aug 19 17:24:41 2007 => Scanning File C:\WINDOWS\ModemLog_Sierra Wireless AirCard HSDPA Modem.txt
    Sun Aug 19 17:24:41 2007 => Scanning File C:\WINDOWS\mozver.dat
    Sun Aug 19 17:24:41 2007 => Scanning File C:\WINDOWS\msdfmap.ini
    Sun Aug 19 17:24:41 2007 => Scanning File C:\WINDOWS\msnfix.txt
    Sun Aug 19 17:24:41 2007 => Scanning File C:\WINDOWS\Mur de Santa Fe.bmp
    Sun Aug 19 17:24:42 2007 => Scanning File C:\WINDOWS\nircmd.exe
    Sun Aug 19 17:24:42 2007 => Scanning File C:\WINDOWS\NOTEPAD.EXE
    Sun Aug 19 17:24:42 2007 => Scanning File C:\WINDOWS\nsreg.dat [**]
    Sun Aug 19 17:24:42 2007 => Scanning File C:\WINDOWS\ntbtlog.txt
    Sun Aug 19 17:24:42 2007 => Scanning File C:\WINDOWS\ODBCINST.INI
    Sun Aug 19 17:24:42 2007 => Scanning File C:\WINDOWS\Plume.bmp
    Sun Aug 19 17:24:42 2007 => Scanning File C:\WINDOWS\PSDrecovery.exe
    Sun Aug 19 17:24:42 2007 => Scanning File C:\WINDOWS\QTFont.for
    Sun Aug 19 17:24:42 2007 => Scanning File C:\WINDOWS\QTFont.qfn
    Sun Aug 19 17:24:42 2007 => Scanning File C:\WINDOWS\regedit.exe
    Sun Aug 19 17:24:43 2007 => Scanning File C:\WINDOWS\REGLOCS.OLD
    Sun Aug 19 17:24:43 2007 => Scanning File C:\WINDOWS\Rhododendron.bmp
    Sun Aug 19 17:24:43 2007 => Scanning File C:\WINDOWS\Rivière Sumida.bmp
    Sun Aug 19 17:24:43 2007 => Scanning File C:\WINDOWS\Rosace bleue 16.bmp
    Sun Aug 19 17:24:43 2007 => *** File C:\WINDOWS\RTHDCPL.exe having Size Restriction ***
    Sun Aug 19 17:24:43 2007 => Scanning File C:\WINDOWS\RTHDCPL.exe [**]
    Sun Aug 19 17:24:43 2007 => *** File C:\WINDOWS\RTLCPL.exe having Size Restriction ***
    Sun Aug 19 17:24:43 2007 => Scanning File C:\WINDOWS\RTLCPL.exe [**]
    Sun Aug 19 17:24:43 2007 => Scanning File C:\WINDOWS\RtlExUpd.dll
    Sun Aug 19 17:24:43 2007 => Scanning File C:\WINDOWS\RtlUpd.exe
    Sun Aug 19 17:24:43 2007 => Scanning File C:\WINDOWS\SchedLgU.Txt
    Sun Aug 19 17:24:43 2007 => Scanning File C:\WINDOWS\SET3.tmp
    Sun Aug 19 17:24:43 2007 => Scanning File C:\WINDOWS\SET4.tmp
    Sun Aug 19 17:24:44 2007 => Scanning File C:\WINDOWS\SET8.tmp
    Sun Aug 19 17:24:44 2007 => Scanning File C:\WINDOWS\setupact.log
    Sun Aug 19 17:24:44 2007 => Scanning File C:\WINDOWS\setupapi.log
    Sun Aug 19 17:24:44 2007 => Scanning File C:\WINDOWS\setupapi.log.0.old
    Sun Aug 19 17:24:44 2007 => Scanning File C:\WINDOWS\setuperr.log [**]
    Sun Aug 19 17:24:44 2007 => Scanning File C:\WINDOWS\SkyTel.exe
    Sun Aug 19 17:24:44 2007 => Scanning File C:\WINDOWS\snymsico.dll
    Sun Aug 19 17:24:44 2007 => Scanning File C:\WINDOWS\SoundMan.exe
    Sun Aug 19 17:24:44 2007 => Scanning File C:\WINDOWS\system.ini
    Sun Aug 19 17:24:44 2007 => Scanning File C:\WINDOWS\TASKMAN.EXE
    Sun Aug 19 17:24:45 2007 => Scanning File C:\WINDOWS\Tasse à café.bmp
    Sun Aug 19 17:24:45 2007 => Scanning File C:\WINDOWS\tosOBEX.INI [**]
    Sun Aug 19 17:24:45 2007 => Scanning File C:\WINDOWS\twain.dll
    Sun Aug 19 17:24:45 2007 => Scanning File C:\WINDOWS\twain_32.dll
    Sun Aug 19 17:24:45 2007 => Scanning File C:\WINDOWS\twunk_16.exe
    Sun Aug 19 17:24:45 2007 => Scanning File C:\WINDOWS\twunk_32.exe
    Sun Aug 19 17:24:45 2007 => Scanning File C:\WINDOWS\VAIOUpdt.INI [**]
    Sun Aug 19 17:24:45 2007 => Scanning File C:\WINDOWS\vb.ini
    Sun Aug 19 17:24:45 2007 => Scanning File C:\WINDOWS\vbaddin.ini
    Sun Aug 19 17:24:45 2007 => Scanning File C:\WINDOWS\Vent de prairie.bmp
    Sun Aug 19 17:24:45 2007 => Scanning File C:\WINDOWS\vmmreg32.dll
    Sun Aug 19 17:24:45 2007 => Scanning File C:\WINDOWS\win.ini
    Sun Aug 19 17:24:45 2007 => Scanning File C:\WINDOWS\WindowsShell.Manifest
    Sun Aug 19 17:24:45 2007 => Scanning File C:\WINDOWS\WindowsUpdate.log
    Sun Aug 19 17:24:45 2007 => Scanning File C:\WINDOWS\winhelp.exe
    Sun Aug 19 17:24:46 2007 => Scanning File C:\WINDOWS\winhlp32.exe
    Sun Aug 19 17:24:46 2007 => Scanning File C:\WINDOWS\winnt.bmp
    Sun Aug 19 17:24:46 2007 => Scanning File C:\WINDOWS\winnt256.bmp
    Sun Aug 19 17:24:46 2007 => Scanning File C:\WINDOWS\wmprfFRA.prx
    Sun Aug 19 17:24:46 2007 => Scanning File C:\WINDOWS\WMSysPr9.prx
    Sun Aug 19 17:24:46 2007 => Scanning File C:\WINDOWS\Zapotec.bmp
    Sun Aug 19 17:24:46 2007 => Scanning File C:\WINDOWS\zllsputility.exe
    Sun Aug 19 17:24:46 2007 => Scanning File C:\WINDOWS\zllsputility_loc040c.dll
    Sun Aug 19 17:24:47 2007 => Scanning File C:\WINDOWS\_default.pif
    Sun Aug 19 17:24:47 2007 => Scanning C:\WINDOWS\system32 Directory
    Sun Aug 19 17:24:47 2007 => Scanning Folder: C:\WINDOWS\system32\*.*
    Sun Aug 19 17:24:47 2007 => Scanning File C:\WINDOWS\system32\$winnt$.inf
    Sun Aug 19 17:24:47 2007 => Scanning File C:\WINDOWS\system32\12520437.cpx
    Sun Aug 19 17:24:47 2007 => Scanning File C:\WINDOWS\system32\12520850.cpx
    Sun Aug 19 17:24:47 2007 => Scanning File C:\WINDOWS\system32\6to4svc.dll
    Sun Aug 19 17:24:47 2007 => Scanning File C:\WINDOWS\system32\a15.tbl
    Sun Aug 19 17:24:47 2007 => Scanning File C:\WINDOWS\system32\a234.tbl
    Sun Aug 19 17:24:47 2007 => Scanning File C:\WINDOWS\system32\aaaamon.dll
    Sun Aug 19 17:24:47 2007 => Scanning File C:\WINDOWS\system32\aaclient.dll
    Sun Aug 19 17:24:47 2007 => Scanning File C:\WINDOWS\system32\access.cpl
    Sun Aug 19 17:24:47 2007 => Scanning File C:\WINDOWS\system32\acctres.dll
    Sun Aug 19 17:24:47 2007 => Scanning File C:\WINDOWS\system32\accwiz.exe
    Sun Aug 19 17:24:47 2007 => Scanning File C:\WINDOWS\system32\acelpdec.ax
    Sun Aug 19 17:24:47 2007 => Scanning File C:\WINDOWS\system32\acledit.dll
    Sun Aug 19 17:24:48 2007 => Scanning File C:\WINDOWS\system32\aclui.dll
    Sun Aug 19 17:24:48 2007 => Scanning File C:\WINDOWS\system32\acode.tbl
    Sun Aug 19 17:24:48 2007 => Scanning File C:\WINDOWS\system32\activeds.dll
    Sun Aug 19 17:24:48 2007 => Scanning File C:\WINDOWS\system32\activeds.tlb
    Sun Aug 19 17:24:48 2007 => Scanning File C:\WINDOWS\system32\actmovie.exe
    Sun Aug 19 17:24:48 2007 => Scanning File C:\WINDOWS\system32\actskin4.ocx
    Sun Aug 19 17:24:48 2007 => Scanning File C:\WINDOWS\system32\actxprxy.dll
    Sun Aug 19 17:24:48 2007 => Scanning File C:\WINDOWS\system32\admparse.dll
    Sun Aug 19 17:24:49 2007 => Scanning File C:\WINDOWS\system32\adptif.dll
    Sun Aug 19 17:24:49 2007 => Scanning File C:\WINDOWS\system32\adsldp.dll
    Sun Aug 19 17:24:49 2007 => Scanning File C:\WINDOWS\system32\adsldpc.dll
    Sun Aug 19 17:24:49 2007 => Scanning File C:\WINDOWS\system32\adsmsext.dll
    Sun Aug 19 17:24:49 2007 => Scanning File C:\WINDOWS\system32\adsnds.dll
    Sun Aug 19 17:24:49 2007 => Scanning File C:\WINDOWS\system32\adsnt.dll
    Sun Aug 19 17:24:49 2007 => Scanning File C:\WINDOWS\system32\adsnw.dll
    Sun Aug 19 17:24:49 2007 => Scanning File C:\WINDOWS\system32\advapi32.dll
    Sun Aug 19 17:24:49 2007 => Scanning File C:\WINDOWS\system32\advpack.dll
    Sun Aug 19 17:24:49 2007 => Scanning File C:\WINDOWS\system32\advpack.dll.mui
    Sun Aug 19 17:24:49 2007 => Scanning File C:\WINDOWS\system32\ahui.exe
    Sun Aug 19 17:24:50 2007 => Scanning File C:\WINDOWS\system32\alg.exe
    Sun Aug 19 17:24:50 2007 => Scanning File C:\WINDOWS\system32\alrsvc.dll
    Sun Aug 19 17:24:50 2007 => Scanning File C:\WINDOWS\system32\ALSndMgr.cpl
    Sun Aug 19 17:24:50 2007 => Scanning File C:\WINDOWS\system32\amcompat.tlb
    Sun Aug 19 17:24:50 2007 => Scanning File C:\WINDOWS\system32\amstream.dll
    Sun Aug 19 17:24:50 2007 => Scanning File C:\WINDOWS\system32\ansi.sys
    Sun Aug 19 17:24:50 2007 => Scanning File C:\WINDOWS\system32\apcups.dll
    Sun Aug 19 17:24:50 2007 => Scanning File C:\WINDOWS\system32\append.exe
    Sun Aug 19 17:24:50 2007 => Scanning File C:\WINDOWS\system32\apphelp.dll
    Sun Aug 19 17:24:50 2007 => Scanning File C:\WINDOWS\system32\appmgmts.dll
    Sun Aug 19 17:24:51 2007 => Scanning File C:\WINDOWS\system32\appmgr.dll
    Sun Aug 19 17:24:51 2007 => Scanning File C:\WINDOWS\system32\appwiz.cpl
    Sun Aug 19 17:24:51 2007 => Scanning File C:\WINDOWS\system32\arp.exe
    Sun Aug 19 17:24:51 2007 => Scanning File C:\WINDOWS\system32\arphr.tbl
    Sun Aug 19 17:24:51 2007 => Scanning File C:\WINDOWS\system32\arptr.tbl
    Sun Aug 19 17:24:51 2007 => Scanning File C:\WINDOWS\system32\array30.tab
    Sun Aug 19 17:24:51 2007 => Scanning File C:\WINDOWS\system32\arrayhw.tab
    Sun Aug 19 17:24:51 2007 => Scanning File C:\WINDOWS\system32\asctrls.ocx
    Sun Aug 19 17:24:51 2007 => Scanning File C:\WINDOWS\system32\asferror.dll
    Sun Aug 19 17:24:52 2007 => Scanning File C:\WINDOWS\system32\asr_fmt.exe
    Sun Aug 19 17:24:52 2007 => Scanning File C:\WINDOWS\system32\asr_ldm.exe
    Sun Aug 19 17:24:52 2007 => Scanning File C:\WINDOWS\system32\asr_pfu.exe
    Sun Aug 19 17:24:52 2007 => Scanning File C:\WINDOWS\system32\aswBoot.exe
    Sun Aug 19 17:24:52 2007 => Scanning File C:\WINDOWS\system32\asycfilt.dll
    Sun Aug 19 17:24:52 2007 => Scanning File C:\WINDOWS\system32\at.exe
    Sun Aug 19 17:24:52 2007 => Scanning File C:\WINDOWS\system32\atkctrs.dll
    Sun Aug 19 17:24:52 2007 => Scanning File C:\WINDOWS\system32\atl.dll
    Sun Aug 19 17:24:52 2007 => Scanning File C:\WINDOWS\system32\atl71.dll
    Sun Aug 19 17:24:52 2007 => Scanning File C:\WINDOWS\system32\atmadm.exe
    Sun Aug 19 17:24:52 2007 => Scanning File C:\WINDOWS\system32\atmfd.dll
    Sun Aug 19 17:24:52 2007 => Scanning File C:\WINDOWS\system32\atmlib.dll
    Sun Aug 19 17:24:52 2007 => Scanning File C:\WINDOWS\system32\atmpvcno.dll
    Sun Aug 19 17:24:52 2007 => Scanning File C:\WINDOWS\system32\atrace.dll
    Sun Aug 19 17:24:53 2007 => Scanning File C:\WINDOWS\system32\attrib.exe
    Sun Aug 19 17:24:53 2007 => Scanning File C:\WINDOWS\system32\audiodev.dll
    Sun Aug 19 17:24:53 2007 => Scanning File C:\WINDOWS\system32\audiosrv.dll
    Sun Aug 19 17:24:53 2007 => Scanning File C:\WINDOWS\system32\auditusr.exe
    Sun Aug 19 17:24:53 2007 => Scanning File C:\WINDOWS\system32\authz.dll
    Sun Aug 19 17:24:53 2007 => Scanning File C:\WINDOWS\system32\autochk.exe
    Sun Aug 19 17:24:53 2007 => Scanning File C:\WINDOWS\system32\autoconv.exe
    Sun Aug 19 17:24:53 2007 => Scanning File C:\WINDOWS\system32\autodisc.dll
    Sun Aug 19 17:24:53 2007 => Scanning File C:\WINDOWS\system32\AUTOEXEC.NT
    Sun Aug 19 17:24:53 2007 => Scanning File C:\WINDOWS\system32\autofmt.exe
    Sun Aug 19 17:24:54 2007 => Scanning File C:\WINDOWS\system32\autolfn.exe
    Sun Aug 19 17:24:54 2007 => Scanning File C:\WINDOWS\system32\AVASTSS.scr
    Sun Aug 19 17:24:54 2007 => Scanning File C:\WINDOWS\system32\avicap.dll
    Sun Aug 19 17:24:54 2007 => Scanning File C:\WINDOWS\system32\avicap32.dll
    Sun Aug 19 17:24:54 2007 => Scanning File C:\WINDOWS\system32\avifil32.dll
    Sun Aug 19 17:24:54 2007 => Scanning File C:\WINDOWS\system32\avifile.dll
    Sun Aug 19 17:24:54 2007 => Scanning File C:\WINDOWS\system32\avmeter.dll
    Sun Aug 19 17:24:54 2007 => Scanning File C:\WINDOWS\system32\avtapi.dll
    Sun Aug 19 17:24:54 2007 => Scanning File C:\WINDOWS\system32\avwav.dll
    Sun Aug 19 17:24:55 2007 => Scanning File C:\WINDOWS\system32\axaltocm.dll
    Sun Aug 19 17:24:55 2007 => Scanning File C:\WINDOWS\system32\basecsp.dll
    Sun Aug 19 17:24:55 2007 => Scanning File C:\WINDOWS\system32\basesrv.dll
    Sun Aug 19 17:24:55 2007 => Scanning File C:\WINDOWS\system32\batmeter.dll
    Sun Aug 19 17:24:55 2007 => Scanning File C:\WINDOWS\system32\batt.dll
    Sun Aug 19 17:24:55 2007 => Scanning File C:\WINDOWS\system32\bcsprsrc.dll
    Sun Aug 19 17:24:55 2007 => Scanning File C:\WINDOWS\system32\bidispl.dll
    Sun Aug 19 17:24:55 2007 => Scanning File C:\WINDOWS\system32\big5.nls
    Sun Aug 19 17:24:55 2007 => Scanning File C:\WINDOWS\system32\bios1.rom
    Sun Aug 19 17:24:55 2007 => Scanning File C:\WINDOWS\system32\bios4.rom
    Sun Aug 19 17:24:55 2007 => Scanning File C:\WINDOWS\system32\bitsprx2.dll
    Sun Aug 19 17:24:55 2007 => Scanning File C:\WINDOWS\system32\bitsprx3.dll
    Sun Aug 19 17:24:55 2007 => Scanning File C:\WINDOWS\system32\blackbox.dll
    Sun Aug 19 17:24:56 2007 => Scanning File C:\WINDOWS\system32\blastcln.exe
    Sun Aug 19 17:24:56 2007 => Scanning File C:\WINDOWS\system32\bootcfg.exe
    Sun Aug 19 17:24:56 2007 => Scanning File C:\WINDOWS\system32\bootok.exe
    Sun Aug 19 17:24:56 2007 => Scanning File C:\WINDOWS\system32\bootvid.dll
    Sun Aug 19 17:24:56 2007 => Scanning File C:\WINDOWS\system32\bootvrfy.exe
    Sun Aug 19 17:24:56 2007 => Scanning File C:\WINDOWS\system32\bopomofo.nls
    Sun Aug 19 17:24:56 2007 => Scanning File C:\WINDOWS\system32\bopomofo.uce
    Sun Aug 19 17:24:56 2007 => Scanning File C:\WINDOWS\system32\browselc.dll
    Sun Aug 19 17:24:56 2007 => Scanning File C:\WINDOWS\system32\browser.dll
    Sun Aug 19 17:24:57 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
    Sun Aug 19 17:24:57 2007 => Scanning File C:\WINDOWS\system32\browsewm.dll
    Sun Aug 19 17:24:57 2007 => Scanning File C:\WINDOWS\system32\bthci.dll
    Sun Aug 19 17:24:57 2007 => Scanning File C:\WINDOWS\system32\bthprops.cpl
    Sun Aug 19 17:24:57 2007 => Scanning File C:\WINDOWS\system32\bthserv.dll
    Sun Aug 19 17:24:57 2007 => Scanning File C:\WINDOWS\system32\btpanui.dll
    Sun Aug 19 17:24:57 2007 => Scanning File C:\WINDOWS\system32\cabinet.dll
    Sun Aug 19 17:24:57 2007 => Scanning File C:\WINDOWS\system32\cabview.dll
    Sun Aug 19 17:24:57 2007 => Scanning File C:\WINDOWS\system32\cacls.exe
    Sun Aug 19 17:24:57 2007 => Scanning File C:\WINDOWS\system32\calc.exe
    Sun Aug 19 17:24:57 2007 => Scanning File C:\WINDOWS\system32\camocx.dll
    Sun Aug 19 17:24:57 2007 => Scanning File C:\WINDOWS\system32\capesnpn.dll
    Sun Aug 19 17:24:58 2007 => Scanning File C:\WINDOWS\system32\capicom.dll
    Sun Aug 19 17:24:58 2007 => Scanning File C:\WINDOWS\system32\cards.dll
    Sun Aug 19 17:24:58 2007 => Scanning File C:\WINDOWS\system32\catsrv.dll
    Sun Aug 19 17:24:58 2007 => Scanning File C:\WINDOWS\system32\catsrvps.dll
    Sun Aug 19 17:24:58 2007 => Scanning File C:\WINDOWS\system32\catsrvut.dll
    Sun Aug 19 17:24:58 2007 => Scanning File C:\WINDOWS\system32\ccfgnt.dll
    Sun Aug 19 17:24:58 2007 => Scanning File C:\WINDOWS\system32\cdfview.dll
    Sun Aug 19 17:24:59 2007 => Scanning File C:\WINDOWS\system32\cdm.dll
    Sun Aug 19 17:24:59 2007 => Scanning File C:\WINDOWS\system32\cdmodem.dll
    Sun Aug 19 17:24:59 2007 => Scanning File C:\WINDOWS\system32\cdosys.dll
    Sun Aug 19 17:24:59 2007 => Scanning File C:\WINDOWS\system32\cdplayer.exe.manifest
    Sun Aug 19 17:24:59 2007 => Scanning File C:\WINDOWS\system32\certcli.dll
    Sun Aug 19 17:24:59 2007 => Scanning File C:\WINDOWS\system32\certmgr.dll
    Sun Aug 19 17:25:00 2007 => Scanning File C:\WINDOWS\system32\certmgr.msc
    Sun Aug 19 17:25:00 2007 => Scanning File C:
    0
  8. rudyrital Messages postés 6233 Statut Membre 131
     
    fait un scan ici
    https://www.bitdefender.fr/

    * En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
    * Dans la nouvelle fenêtre, clique sur j‘accepte
    * Accepte le contrôle Active X et Installe le. Le scanner se charge
    * La fenêtre change encore, clique sur ’cliquez ici pour scanner’
    * Les signatures se chargent, etc.

    tuto en image :
    http://pageperso.aol.fr/rginformatique/mapage/defender.htm

    copie colle le résultat ici
    0
  9. rudyrital Messages postés 6233 Statut Membre 131
     
    ou en sont tes soucis, comment ce porte le PC ?
    0
  10. EvanE74
     
    Bonjour.

    Pour le moment pas de problème.
    Acun ralenticement, pb d'alerte virus ou de programme ce lancant tous seul.
    Donc ca va.

    Merci pour tous.

    PS : si toute fois je constat un pb je crérait une nouvelle discution.

    Encore Merci
    0
  11. rudyrital Messages postés 6233 Statut Membre 131
     
    remet un nouveau log hijackthis que je verifie si tout est ok :)
    0
  12. EvanE74
     
    Bonjour :

    Voici

    Logfile of HijackThis v1.99.1
    Scan saved at 13:25:55, on 21/08/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\OpenVPN\bin\openvpn-gui.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Protector Suite QL\psqltray.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    C:\WINDOWS\system32\IFXSPMGT.exe
    C:\WINDOWS\system32\IFXTCS.exe
    C:\WINDOWS\system32\IfxPsdSv.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
    C:\Program Files\Infineon\Security Platform Software\SpTna.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
    O4 - HKLM\..\Run: [IFXSPMGT] C:\WINDOWS\system32\IFXSPMGT.exe /NotifyLogon
    O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
    O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7FF265C3-FEA0-46EC-82BE-5EFC302E948F}: NameServer = 194.51.3.56 10.11.12.14
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: psfus - C:\WINDOWS\system32\psqlpwd.dll
    O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\IFXSPMGT.exe
    O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\IFXTCS.exe
    O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
    O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe
    0
  13. rudyrital Messages postés 6233 Statut Membre 131
     
    Supprime tout les programme qu’on a utiliser en faisant ceci :

    Lance OTmoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe téléchargé sur ton bureau.

    Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargé).
    NOTE : Normalement, ton Firewall (pare-feu) devrait te demander si _OTmoveIt peut accéder a Internet, Autorise-le.

    Une liste apparaît dans la partie gauche d'_OTmoveIt.
    Un message apparaît pour confirmer le nettoyage. Confirme
    Redémarre le PC

    Supprime ceux qui reste manuellement

    Je te conseil aussi de faire une défragmentation de ton disque dur.

    Pour finir quelques conseils de base :

    * Ne pas télécharger n'importe quoi éviter les programmes gratuit genre smileys ...etc.

    * Toujours analyser les fichiers télécharger depuis un peer to peer (émule , kazza ... Etc.) avant de les exécuter

    * Ne pas ouvrir les pièces jointes d'un expéditeur inconnu et toujours les analysé avant de les ouvrir

    * Toujours analysé les fichiers reçu via MSN ou autre avec ton antivirus

    * Ne pas cliqué sur des lien louche dans MSN

    * Passe reglierement les antispyware (adaware , spybot , avg .. Etc.) pense a les mettre ajour avant de les lancé c'est très important

    * fait un scan en ligne de temps en temps avec bit defender

    * Supprime régulièrement les fichiers inutiles (fichiers temporaire , cookies .. Etc.) a l'aide de CCleaner https://www.malekal.com/tutoriel-ccleaner/

    * Utiliser le navigateur Mozzilla il est plus sure http://www.mozilla-europe.org/fr/products/firefox/ ( Ne pas supprimer Internet explorer!)

    -Maintenant que ton ordinateur est propre je te conseille de créer un point de restauration comme ça en cas de problème (virus , plantage ..etc.) tu pourra tjr revenir en arrière
    https://www.malekal.com/la-restauration-du-systeme-sous-windows-xp-2/#mozTocId447452
    a+++

    Bon surf ;)

    Ps : les liens

    Antispywares et autres :

    *Ad-Aware (gratuit)
    Téléchargement :
    http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/11643.html

    Tuto :
    http://perso.orange.fr/rginformatique/section%20virus/adawrevid.asf

    *Spybot (gratuit) :
    Téléchargement :
    http://telecharger.01net.com/windows/Internet/internet_utlitaire/fiches/26157.html
    voir demo d utilisation (merci Balltrap)
    http://perso.orange.fr/rginformatique/section%20virus/demo%20spybot.htm

    * AVG AS

    AVG anti spyware
    https://www.01net.com/telecharger/
    Met le a jour avant de lancer le scan.
    Tuto :
    http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

    Nettoyeurs (de fichiers inutiles) et autres :

    *Ccleaner (gratuit)
    Téléchargement :
    https://www.01net.com/
    Tuto :
    https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

    Lors de l’installation, [décoche] l’option qui t’installerait la barre Yahoo !

    *https://www.bitdefender.fr/

    * En bas, à gauche de la fenêtre, clique sur Bit Defender SCAN ONLINE
    * Dans la nouvelle fenêtre, clique sur j‘accepte
    * Accepte le contrôle Active X et Installe le. Le scanner se charge
    * La fenêtre change encore, clique sur ’cliquez ici pour scanner’
    * Les signatures se chargent, etc.

    tuto en image :
    http://pageperso.aol.fr/rginformatique/mapage/defender.htm

    0
  14. rudyrital Messages postés 6233 Statut Membre 131
     
    de rien :)

    classe ce topic comme resolut ;)
    0