cheval de troie win32.trojandownloader.smallRésolu/Fermé

Question

Bonjour,

J'ai chopé le cheval de troie win32.trojandownloader.small !

Le fichier infecté est c:\windows\system32\khfdbyw.dll que je n'arrive pas à supprimer. J'ai essayé de le supprimer par des logiciels au reboot au reboot, ça ne fonctionne pas non plus...
Et dans Hijackthis, lorsque  je fais "delete a file on reboot", je n'ai aucune fenêtre qui s'ouvre...

A l'aide !

Merci d'avance

Utilisateur anonyme · Answer

Slt !

Generalement mieux vaut suprimmer un troyen avec l'anti virus ^^"

Essaye de lancer un scan avec ton anti-virus et voit ce qu'il trouve .

A+

Gaëtan · Answer

ok,
j'ai lancé l'anti-virus...

j'ai trouvé ça sur Internet :
KHFDBYW.DLL
AUTOMATED MALWARE PROFILE, ANALYSIS, REMOVAL AND SIGNATURE INFORMATION:
DEFINITION OF: KHFDBYW.DLL

    * Safety Rating: Known Spyware, do not run
    * Spyware Family: Part of Spyware group - SpywareQuake
    * Determination: Automatically determined using Prevx centralized heuristics
    * Malware Form: EXPLOIT
    * Additional Info: Bogus antispyware application

Apparemment, il bugue les applications antispyware !!! ça doit être pour ça que je n'ai pas accès à "delete a file on reboot" dans hijackthis !

Utilisateur anonyme · Answer

Y a t'il une option 'quarantaine' quand le scan se termine ?  

Si oui met les en quarantaines.

A+

Gaëtan · Answer

Le fichier khfdbyw.dll est utilisé par le processus winlogon.exe

Utilisateur anonyme · Answer

As tu une idée d'a quel logiciel "winlogon.exe" et rattaché ? 
Essaye de trouver.

A+

Gaëtan · Answer

winlogon.exe est un processus servant à gérer l'ouverture et la fermeture des sessions. Je ne peux pas le désactiver...

Utilisateur anonyme · Answer

Oui en effet.. mais tu n'a pas répondu a ma question ! As tu mis les autres fichiers trouvés en quarantaines ?

a+

Gaëtan · Answer

avast edition familiale n'a rien trouvé...
le cheval de troie est juste trouvé par ad-aware

Utilisateur anonyme · Answer

... ce n'est pas un cheval de troie puisque ad-aware ne cherche que des spywares...

vire le avec ad-aware. 

Et t'inquiete pas si c'été un troyen ton anti-virus l'auré trouvé.

A+

Gaëtan · Answer

ad-aware le classe en malware. Il arrive à le mettre en quarantaine mais n'arrive pas à le supprier...

Utilisateur anonyme · Answer

Essaye d'ouvrir la liste des objets mis en quarantaines normalement en cliquant sur le malware tu as l'option suprimer en bas a droite. 



A+

Gaëtan · Answer

j'aimerais bien le virer ce malware parce qu'il ralentit pas mal mon pc...

Utilisateur anonyme · Answer

Devellope un peu , comment sa tu peux pas le suprimer , qu'est-ce qui va pas ... etc..

A+

FillPCA · Answer

Bonjour,

Un antivirus ne pourra rien faire. Il faudrait un rapport Hijackthis mais ça ressemble à du Vundo.
FillPCA

Gaëtan · Answer

je n'arrive pas à supprimer le fichier infecté puisque c'est un .dll
la connexion Internet est plus lente, le démarrage du pc aussi, explorer.exe veut se connecter à internet, un autre service aussi (détectés par Zone Alarm) , je refuse leurs connexions...

Gaëtan · Answer

Voici le rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:41, on 25/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wallpaper\Wallpaper.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://news.google.com/topstories?hl=fr&gl=FR&ceid=FR:fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] "C:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb001YYFR
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - 
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093333169531
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www2.photoweb.fr/telechargement/Photoweb_uploader.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Gaëtan · Answer

besoin d'aide svp...

FillPCA · Answer

Re,

    *  Télécharge Vundofix  (par Atribune) sur ton Bureau : http://www.atribune.org/ccount/click.php?id=4
    * Double-clique VundoFix.exe afin de le lancer.
    * Clique sur le bouton Scan for Vundo.
    * Lorsque le scan est complété, clique sur le bouton Remove Vundo (uniquement si des fichiers infectieux sont trouvés).
    * Une invite te demandera si tu veux supprimer les fichiers, clique YES.
    * Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    * Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK.
    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

FillPCA

Gaëtan · Answer

Vudofix n'a rien trouvé...
Seul ad-aware le trouve...

FillPCA · Answer

Re,

1/     *  Télécharge DiagHelp.zip sur ton bureau(Merci Malekal) : http://www.malekal.com/download/DiagHelp.zip
 Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php
    * Ne double-clique pas dessus !! Fais un clic droit sur le fichier et extraire tout.
    * Un nouveau dossier chercher va être créé.
    * Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
    * Une fenêtre va s'ouvrir, choisis l'option 1
    * L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.
    * Pendant l'analyse après le rapport CATCHME sur l'écran rouge, tu dois appuyer sue entrée pour que l'outil continue ses recherches. Suis les consignes écrites.
    * Une fenêtre avec le rapport s'ouvre alors. Copie/colle son contenu. (Il se trouve aussi ici : c:\resultat.txt)
    * Double-clique sur ce fichier, Fais CTRL+A puis CTRL+C.
    * Dans ta prochaine réponse, colle le rapport en faisant CTRL+V.

2/     *  Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
    * Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
    * Ouvre le dossier SReng2 et double-clique sur SREng.exe.
    * Clique sur "smart scan".
    * Clique sur le bouton "scan".
    * Quand l'analyse est terminée, clique sur le bouton "save reports".
    * Sauvegarde alors le rapport sur ton bureau.
    * Copie/colle le contenu du rapport  SREnglLOG.log dans ta prochaine réponse.

3/     *  Télécharge PCA (d'Evosla) : http://ww25.evosla.com/pca_cpt.php?agr=pca_securite
    * Dézippe-le dans un répertoire dédié comme c:\PCA au moyen d'un clic droit (Extraire...),
    * Clique sur l'onglet  "diagnostic du PC" puis "analyser".
    * Laisse l'analyse se dérouler. Cela ne prend que quelques secondes.
    * Clique sur "enregistrer le rapport" en bas à droite et sauvegarde-le sur le bureau.
    * Edite le contenu de ce rapport dans ta prochaine réponse. Il se nomme PCA_LOG.txt

Par contre, je ne pourrai sans doute regarder cela que dans l'après-midi ou en soirée.

FillPCA

Gaëtan · Answer

ok, je lance tout ça et on se recontacte plus tard...

Merci d'avance

Gaëtan · Answer

Rapport DiagHelp : DiagHelp version v1.4 - http://www.malekal.com excute le 25/11/2007 à 10:53:39,79 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->25/11/2007 10:53:34 C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->25/11/2007 10:53:30 C:\WINDOWS\prefetch\QUICKZIP.EXE-16A26BCA.pf -->25/11/2007 10:52:33 C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->25/11/2007 10:52:18 C:\WINDOWS\prefetch\FXSVR2.EXE-14513BBA.pf -->25/11/2007 10:51:56 C:\WINDOWS\prefetch\ALBUMDB2.EXE-0EEB0F05.pf -->25/11/2007 10:51:55 C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->25/11/2007 10:50:44 C:\WINDOWS\prefetch\VUNDOFIX.EXE-26E4122B.pf -->25/11/2007 10:37:33 C:\WINDOWS\prefetch\RUNDLL32.EXE-268BFF96.pf -->25/11/2007 10:36:36 C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->25/11/2007 10:20:48 C:\WINDOWS\System32\drivers\USBCRFT.SYS -->25/11/2007 10:03:39 C:\WINDOWS\System32\drivers\sptd.sys -->23/11/2007 18:59:16 C:\WINDOWS\System32\drivers\aswmon.sys -->25/10/2007 18:05:36 C:\WINDOWS\System32\drivers\aswmon2.sys -->25/10/2007 18:05:20 C:\WINDOWS\System32\drivers\aswRdr.sys -->25/10/2007 18:03:19 C:\WINDOWS\System32\drivers\aswTdi.sys -->25/10/2007 18:01:34 C:\WINDOWS\System32\drivers\aavmker4.sys -->25/10/2007 17:58:49 C:\WINDOWS\System32\wyadd.ini -->25/11/2007 10:53:38 C:\WINDOWS\System32\wyadd.ini2 -->25/11/2007 10:51:34 C:\WINDOWS\System32\wpa.dbl -->25/11/2007 10:05:21 C:\WINDOWS\System32\vsconfig.xml -->25/11/2007 10:04:36 C:\WINDOWS\System32\ddayw.dll -->24/11/2007 19:11:42 C:\WINDOWS\System32\Thumbs.db -->24/11/2007 15:19:05 C:\WINDOWS\System32\crehcjid.dll -->23/11/2007 22:08:30 C:\WINDOWS\System32\96.tmp -->23/11/2007 21:29:44 C:\WINDOWS\System32\131.tmp -->23/11/2007 21:29:13 C:\WINDOWS\System32\12F.tmp -->23/11/2007 21:27:14 C:\WINDOWS\System32\12D.tmp -->23/11/2007 21:26:56 C:\WINDOWS\System32\12B.tmp -->23/11/2007 21:26:32 C:\WINDOWS\System32\129.tmp -->23/11/2007 21:26:11 C:\WINDOWS\System32\127.tmp -->23/11/2007 21:25:51 C:\WINDOWS\System32\125.tmp -->23/11/2007 21:25:30 C:\WINDOWS\System32\123.tmp -->23/11/2007 21:25:08 C:\WINDOWS\System32\121.tmp -->23/11/2007 21:24:47 C:\WINDOWS\System32\11F.tmp -->23/11/2007 21:24:25 C:\WINDOWS\System32\11D.tmp -->23/11/2007 21:24:06 C:\WINDOWS\System32\11B.tmp -->23/11/2007 21:23:46 C:\WINDOWS\System32\119.tmp -->23/11/2007 21:23:24 C:\WINDOWS\System32\117.tmp -->23/11/2007 21:23:02 C:\WINDOWS\System32\115.tmp -->23/11/2007 21:22:42 C:\WINDOWS\System32\113.tmp -->23/11/2007 21:22:21 C:\WINDOWS\System32\111.tmp -->23/11/2007 21:21:58 C:\WINDOWS\0.log -->25/11/2007 10:04:24 C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt -->25/11/2007 10:04:14 C:\WINDOWS\WindowsUpdate.log -->25/11/2007 10:04:07 C:\WINDOWS\wiadebug.log -->25/11/2007 10:03:58 C:\WINDOWS\wiaservc.log -->25/11/2007 10:03:55 C:\WINDOWS\bootstat.dat -->25/11/2007 10:02:53 C:\WINDOWS\SchedLgU.Txt -->24/11/2007 23:57:54 C:\WINDOWS\Thumbs.db -->24/11/2007 20:10:56 C:\WINDOWS\win.ini -->24/11/2007 19:17:30 C:\WINDOWS\NeroDigital.ini -->19/11/2007 22:21:27 C:\WINDOWS\system.ini -->11/11/2007 12:35:09 C:\WINDOWS\ODBC.INI -->01/11/2007 10:34:19 C:\WINDOWS\yesmessenger.ini -->07/07/2007 15:20:28 C:\WINDOWS\explorer.exe -->13/06/2007 14:22:28 C:\WINDOWS\setupapi.log.1.old -->09/04/2007 20:54:01 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 1536 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x44080000 0xcf000 7.00.6000.16544 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16544 C:\WINDOWS\system32\iertutil.dll 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x10000000 0xa3000 C:\WINDOWS\system32\ddayw.dll 0x44160000 0x124000 7.00.6000.16544 C:\WINDOWS\system32\urlmon.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x44360000 0x5cb000 7.00.6000.16544 C:\WINDOWS\system32\ieframe.dll 0x13420000 0x1a000 11.00.5721.5145 C:\PROGRA~1\WINDOW~2\wmpband.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x01240000 0x15000 C:\WINDOWS\system32\khfdbyw.dll 0x442b0000 0x3c000 7.00.6000.16544 C:\WINDOWS\system32\webcheck.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x00e60000 0x1bbbb c:\program files\fichiers communs\microsoft shared\web folders\ibm00002.dll 0x1c000000 0x6000 C:\WINDOWS\HKNTDLL.dll 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x02d40000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll 0x62350000 0x53000 2.00.0500.0000 C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll 0x60400000 0x18000 2.00.0500.0000 C:\Program Files\OpenOffice.org 2.3\program\uwinapi.dll 0x61e70000 0x8e000 4.05.2003.0120 C:\Program Files\OpenOffice.org 2.3\program\stlport_vc7145.dll 0x03110000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x03470000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x7f840000 0x32000 8.04.0001.1092 C:\WINDOWS\system32\lvcodec2.dll 0x58580000 0x4000 1.01.0001.0005 C:\WINDOWS\system32 ssoft32.acm 0x73ac0000 0x7000 1.03.0003.0007 C:\WINDOWS\system32 sd32.dll 0x011d0000 0x1b000 1.09.0005.0022 C:\Program Files\GiPo@Utilities\GiPo@MoveOnBoot\mboot.dll 0x03ce0000 0x83d000 6.14.0011.6375 C:\WINDOWS\system32 vcpl.dll 0x74bf0000 0x2c000 4.02.5406.0000 C:\WINDOWS\system32\OLEACC.dll 0x02150000 0x45000 6.14.0011.6375 C:\WINDOWS\system32\NVRSFR.DLL 0x028e0000 0x5b000 6.14.0011.6375 C:\WINDOWS\system32 vapi.dll 0x02b30000 0x1d000 4.03.0020.0001 C:\Program Files\Ahead\InCD\incdshx.dll 0x03640000 0x73000 6.14.0010.11122 C:\WINDOWS\system32 vshell.dll 0x52200000 0xb000 7.00.0337.0000 C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll 0x011b0000 0x4000 5.03.0017.0000 C:\Program Files\Zone Labs\ZoneAlarm\zlavscan_Loc040c.dll 0x64f00000 0x12000 4.07.1074.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll 0x02b70000 0x24000 8.04.0001.1092 C:\Program Files\Logitech\Video\Namespc2.dll 0x7c140000 0x103000 7.10.3077.0000 C:\WINDOWS\system32\MFC71.DLL 0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL 0x017e0000 0x8000 8.04.0001.1092 C:\Program Files\Logitech\Video\AlbuDBps.dll 0x5a500000 0x4e000 8.01.0178.0000 C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll 0x16210000 0x27e000 5.02.5721.5145 C:\WINDOWS\system32\wpdshext.dll 0x07160000 0x46000 5.02.5721.5145 C:\WINDOWS\system32\Audiodev.dll 0x15110000 0x25a000 11.00.5721.5145 C:\WINDOWS\system32\WMVCore.DLL 0x11c70000 0x39000 11.00.5721.5145 C:\WINDOWS\system32\WMASF.DLL ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 584 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x021c0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x10000000 0x15000 C:\WINDOWS\system32\khfdbyw.dll 0x44160000 0x124000 7.00.6000.16544 C:\WINDOWS\system32\urlmon.dll 0x43e00000 0x45000 7.00.6000.16544 C:\WINDOWS\system32\iertutil.dll 0x44080000 0xcf000 7.00.6000.16544 C:\WINDOWS\system32\WININET.dll 0x012c0000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll Le volume dans le lecteur C s'appelle BOOT Le numéro de série du volume est 646C-6A9F Répertoire de C:\WINDOWS\system32 19/08/2004 15:09 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 58 795 773 952 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle BOOT Le numéro de série du volume est 646C-6A9F Répertoire de C:\WINDOWS\Downloaded Program Files 23/09/2005 10:42 . 23/09/2005 10:42 .. 25/06/2004 16:14 65 desktop.ini 14/10/1997 17:52 697 DirectAnimation Java Classes.osd 08/09/2004 21:38 1 271 erma.inf 16/03/2004 19:13 365 f3initialsetup1.0.0.8-2.inf 20/01/2000 14:25 1 162 Microsoft XML Parser for Java.osd 08/12/2003 13:58 3 759 swflash.inf 13/09/2005 10:36 406 telechargement-photoweb.inf 14/09/2005 11:27 1 871 872 telechargement-photoweb.ocx 03/08/2004 13:51 293 wuweb.inf 9 fichier(s) 1 879 890 octets Total des fichiers listés : 9 fichier(s) 1 879 890 octets 2 Rép(s) 58 795 778 048 octets libres Recherche de rootkit! (Merci S!Ri) [b]xpdx présent[/b] Possible infection Rustock, l'utilisation d'un scanneur rootkit est recommandé Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:enabled:Assistance à distance" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger" "C:\Program Files\AOL 9.0\AOL.exe"="C:\Program Files\AOL 9.0\AOL.exe:*:enabled:AOL 9.0" "C:\Program Files\AOL 9.0\WAOL.exe"="C:\Program Files\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0" "C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)" "C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)" "C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console" "C:\Program Files\CA\eTrust Antivirus\InocIT.exe"="C:\Program Files\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner" "C:\Program Files\CA\eTrust Antivirus\Realmon.exe"="C:\Program Files\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor" "C:\Program Files\CA\eTrust Antivirus\InoRpc.exe"="C:\Program Files\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server" "C:\WINDOWS\system32\usmt\migwiz.exe"="C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistant Transfert de fichiers et de paramètres" "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Disabled:backWeb-7288971" "C:\Program Files\Infogrames\Grand Prix 4\GP4.exe"="C:\Program Files\Infogrames\Grand Prix 4\GP4.exe:*:Enabled:GP4" "C:\Program Files\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare" "C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service" "C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service" "C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:enabled:Assistance à distance" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:enabled:Windows Messenger" "C:\Program Files\AOL 9.0\AOL.exe"="C:\Program Files\AOL 9.0\AOL.exe:*:enabled:AOL 9.0" "C:\Program Files\AOL 9.0\WAOL.exe"="C:\Program Files\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0" "C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)" "C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)" "C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console" "C:\Program Files\CA\eTrust Antivirus\InocIT.exe"="C:\Program Files\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner" "C:\Program Files\CA\eTrust Antivirus\Realmon.exe"="C:\Program Files\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor" "C:\Program Files\CA\eTrust Antivirus\InoRpc.exe"="C:\Program Files\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Export de la clef SharedTaskScheduler [SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-25 11:11:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:ed,94,61,d5,3f,ba,6b,4e,24,9e,e7,40,f0,69,34,8e,71,0c,04,fd,77,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,94,c3,98,d9,55,65,c6,b5,f4,d8,46,61,68,77,71,94,7a,.. "khjeh"=hex:08,a3,78,eb,e9,40,2b,8b,63,86,ed,2e,2d,5b,6c,70,b0,7b,35,94,bd,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:3a,f3,95,8e,79,7f,d9,08,4e,75,87,c3,9a,08,57,d8,2a,86,41,2c,53,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xpdx] "Type"=dword:00000001 "Start"=dword:00000001 "ErrorControl"=dword:00000000 "ImagePath"=str(2):"\??\C:\WINDOWS\system32\xpdx.sys" "DisplayName"="xpdx system driver" "Group"="Base" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xpdx\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:ed,94,61,d5,3f,ba,6b,4e,24,9e,e7,40,f0,69,34,8e,71,0c,04,fd,77,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,94,c3,98,d9,55,65,c6,b5,f4,d8,46,61,68,77,71,94,7a,.. "khjeh"=hex:08,a3,78,eb,e9,40,2b,8b,63,86,ed,2e,2d,5b,6c,70,b0,7b,35,94,bd,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:3a,f3,95,8e,79,7f,d9,08,4e,75,87,c3,9a,08,57,d8,2a,86,41,2c,53,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\xpdx] "Type"=dword:00000001 "Start"=dword:00000001 "ErrorControl"=dword:00000000 "ImagePath"=str(2):"\??\C:\WINDOWS\system32\xpdx.sys" "DisplayName"="xpdx system driver" "Group"="Base" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\xpdx\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 196 - Dit.exe 224 - zHotkey.exe 232 - AGRSMMSG.exe 244 - LVCOMSX.EXE 352 - ashDisp.exe 396 - zlclient.exe 520 - rundll32.exe 548 - ctfmon.exe 556 - csrss.exe 584 - winlogon.exe 628 - services.exe 640 - lsass.exe 768 - mdm.exe 816 - svchost.exe 868 - Wallpaper.exe 900 - svchost.exe 908 - svchost.exe 976 - svchost.exe 984 - Rainlendar2.exe 1056 - svchost.exe 1084 - wmpnscfg.exe 1176 - daemon.exe 1208 - svchost.exe 1260 - svchost.exe 1328 - LogWatNT.exe 1524 - ashServ.exe 1536 - explorer.exe 2024 - nvsvc32.exe 2044 - rundll32.exe 2152 - svchost.exe 2256 - vsmon.exe 2536 - wmpnetwk.exe 3032 - ashMaiSv.exe 3052 - cmd.exe 3140 - ashWebSv.exe 3368 - alg.exe 3772 - firefox.exe Total number of processes = 38 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32 toskrnl.exe 806FD000 - \WINDOWS\system32\hal.dll F7D2E000 - \WINDOWS\system32\KDCOM.DLL F7C3E000 - \WINDOWS\system32\BOOTVID.dll F7725000 - sptd.sys F7D30000 - \WINDOWS\System32\Drivers\WMILIB.SYS F770D000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS F76DE000 - ACPI.sys F76CD000 - pci.sys F782E000 - ohci1394.sys F783E000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS F784E000 - isapnp.sys F7DF6000 - pciide.sys F7AAE000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS F785E000 - MountMgr.sys F76AE000 - ftdisk.sys F7AB6000 - PartMgr.sys F786E000 - VolSnap.sys F7696000 - atapi.sys F787E000 - disk.sys F788E000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS F7676000 - fltmgr.sys F7664000 - sr.sys F789E000 - PxHelp20.sys F764D000 - KSecDD.sys F75C0000 - Ntfs.sys F7593000 - NDIS.sys F757F000 - srescan.sys F7564000 - Mup.sys F78CE000 - \SystemRoot\System32\DRIVERS ic1394.sys F6ACE000 - \SystemRoot\System32\DRIVERS\intelppm.sys F63D4000 - \SystemRoot\system32\DRIVERS v4_mini.sys F63C0000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F639C000 - \SystemRoot\System32\DRIVERS\HDAudBus.sys F7B8E000 - \SystemRoot\System32\DRIVERS\usbuhci.sys F6379000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS F7B96000 - \SystemRoot\System32\DRIVERS\usbehci.sys F6274000 - \SystemRoot\system32\DRIVERS\AGRSM.sys F7B9E000 - \SystemRoot\System32\Drivers\Modem.SYS F6ABE000 - \SystemRoot\System32\DRIVERS\fetnd5b.sys F7BA6000 - \SystemRoot\System32\DRIVERS\fdc.sys F6263000 - \SystemRoot\System32\DRIVERS\serial.sys F7514000 - \SystemRoot\System32\DRIVERS\serenum.sys F624F000 - \SystemRoot\System32\DRIVERS\parport.sys F6AAE000 - \SystemRoot\System32\DRIVERS\i8042prt.sys F7BAE000 - \SystemRoot\System32\DRIVERS\mouclass.sys F7BB6000 - \SystemRoot\System32\DRIVERS\kbdclass.sys F6A9E000 - \SystemRoot\System32\DRIVERS\imapi.sys F7510000 - \SystemRoot\system32\drivers\pfc.sys F6A8E000 - \SystemRoot\System32\DRIVERS\cdrom.sys F6A7E000 - \SystemRoot\System32\DRIVERS edbook.sys F622C000 - \SystemRoot\System32\DRIVERS\ks.sys F7BBE000 - \SystemRoot\System32\Drivers\incdrm.SYS F7BC6000 - \SystemRoot\System32\DRIVERS\InCDPass.sys F61C6000 - \SystemRoot\System32\Drivers\accworei.SYS F7F4A000 - \SystemRoot\System32\DRIVERS\audstub.sys F790E000 - \SystemRoot\System32\DRIVERS asl2tp.sys F7CF2000 - \SystemRoot\System32\DRIVERS distapi.sys F61AF000 - \SystemRoot\System32\DRIVERS diswan.sys F791E000 - \SystemRoot\System32\DRIVERS aspppoe.sys F792E000 - \SystemRoot\System32\DRIVERS aspptp.sys F7C26000 - \SystemRoot\System32\DRIVERS\TDI.SYS F7C2E000 - \SystemRoot\System32\DRIVERS\ptilink.sys F7C36000 - \SystemRoot\System32\DRIVERS aspti.sys F793E000 - \SystemRoot\System32\DRIVERS ermdd.sys F7D78000 - \SystemRoot\System32\DRIVERS\swenum.sys F6156000 - \SystemRoot\System32\DRIVERS\update.sys F7CFE000 - \SystemRoot\System32\DRIVERS\mssmbios.sys F794E000 - \SystemRoot\System32\Drivers\NDProxy.SYS F47E4000 - \SystemRoot\system32\drivers\cmudax.sys F47C0000 - \SystemRoot\system32\drivers\portcls.sys F796E000 - \SystemRoot\system32\drivers\drmk.sys F797E000 - \SystemRoot\System32\DRIVERS\usbhub.sys F7D8A000 - \SystemRoot\System32\DRIVERS\USBD.SYS F7534000 - \SystemRoot\system32\drivers\MODEMCSA.sys F7AEE000 - \SystemRoot\System32\DRIVERS\flpydisk.sys F7D92000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7EDA000 - \SystemRoot\System32\Drivers\Null.SYS F7D94000 - \SystemRoot\System32\Drivers\Beep.SYS F79BE000 - \??\C:\WINDOWS\system32\xpdx.sys F79CE000 - \SystemRoot\system32\drivers\lvusbsta.sys F7524000 - \SystemRoot\system32\DRIVERS\usbscan.sys F7B0E000 - \SystemRoot\System32\DRIVERS\HIDPARSE.SYS F7B16000 - \SystemRoot\System32\drivers\vga.sys F7D9A000 - \SystemRoot\System32\Drivers\mnmdd.SYS F7D9C000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F74F8000 - \SystemRoot\System32\Drivers\InCDrec.SYS F43BA000 - \SystemRoot\System32\Drivers\InCDfs.SYS F7B1E000 - \SystemRoot\System32\Drivers\Msfs.SYS F7B26000 - \SystemRoot\System32\Drivers\Npfs.SYS F74F4000 - \SystemRoot\System32\DRIVERS asacd.sys F43A7000 - \SystemRoot\System32\DRIVERS\ipsec.sys F79DE000 - \SystemRoot\System32\DRIVERS\msgpc.sys F434F000 - \SystemRoot\System32\DRIVERS cpip.sys F79EE000 - \SystemRoot\System32\Drivers\aswTdi.SYS F432E000 - \SystemRoot\System32\DRIVERS\ipnat.sys F79FE000 - \SystemRoot\System32\DRIVERS\wanarp.sys F4266000 - \SystemRoot\System32\DRIVERS etbt.sys F41DF000 - \SystemRoot\System32\vsdatant.sys F7A0E000 - \SystemRoot\System32\DRIVERS\arp1394.sys F41BD000 - \SystemRoot\System32\drivers\afd.sys F7A1E000 - \SystemRoot\System32\DRIVERS etbios.sys F4192000 - \SystemRoot\System32\DRIVERS dbss.sys F4123000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys F7A3E000 - \SystemRoot\System32\Drivers\Fips.SYS F7B3E000 - \SystemRoot\System32\Drivers\Aavmker4.SYS F6141000 - \??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS F7B46000 - \SystemRoot\System32\DRIVERS\USBSTOR.SYS F7B6E000 - \SystemRoot\System32\DRIVERS\usbccgp.sys F4043000 - \SystemRoot\system32\DRIVERS\LVCM.sys F3F18000 - \SystemRoot\system32\DRIVERS\lvsvf2.sys F7A9E000 - \SystemRoot\system32\DRIVERS\STREAM.SYS F6AEE000 - \SystemRoot\system32\drivers\usbaudio.sys F3DE1000 - \SystemRoot\System32\Drivers\Fastfat.SYS F3DC9000 - \SystemRoot\System32\Drivers\dump_atapi.sys F7D46000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F7540000 - \SystemRoot\System32\drivers\Dxapi.sys F7BFE000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F7F0C000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32 v4_disp.dll F6131000 - \SystemRoot\System32\DRIVERS disuio.sys BAD42000 - \SystemRoot\System32\Drivers\aswMon2.SYS BAAFD000 - \SystemRoot\system32\drivers\wdmaud.sys F3EC8000 - \SystemRoot\system32\drivers\sysaudio.sys F3ED8000 - \SystemRoot\System32\Drivers\Cdfs.SYS BA782000 - \SystemRoot\System32\DRIVERS\mrxdav.sys F7DE8000 - \SystemRoot\System32\Drivers\ParVdm.SYS BA6F1000 - \SystemRoot\System32\Drivers\HTTP.sys BA50F000 - \SystemRoot\System32\DRIVERS\srv.sys BA4DB000 - \SystemRoot\System32\DRIVERS\secdrv.sys BA18B000 - \SystemRoot\System32\Drivers\aswRdr.SYS F7E46000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 134 Liste des programmes installes Ad-Aware SE Personal Adobe Flash Player ActiveX Adobe Reader 8.1.1 - Français Agere Systems PCI Soft Modem AtomTime98 v2.2 avast! Antivirus C-Media High Definition Audio Driver CA Licensing CCleaner (remove only) Correctif pour Lecteur Windows Media 11 (KB939683) Correctif pour Windows XP (KB914440) Correctif Windows XP - KB834707 Correctif Windows XP - KB867282 Correctif Windows XP - KB873333 Correctif Windows XP - KB873339 Correctif Windows XP - KB885250 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB885884 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB887742 Correctif Windows XP - KB887797 Correctif Windows XP - KB888113 Correctif Windows XP - KB888302 Correctif Windows XP - KB890047 Correctif Windows XP - KB890175 Correctif Windows XP - KB890859 Correctif Windows XP - KB890923 Correctif Windows XP - KB891781 Correctif Windows XP - KB893066 Correctif Windows XP - KB893086 Cosmo Player 2.1 (38329) Creatix V.92 Data Fax Modem Encyclopédie Universelle Larousse EPSON TWAIN 5 Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP Free - Kit de connexion GiPo@MoveOnBoot 1.9.5 Google Earth Grand Prix 4 GTK+ 2.4.14 runtime environment HijackThis 2.0.2 Home Cinema Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) InCD Information sur votre PC IrfanView (remove only) J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 4 J2SE Runtime Environment 5.0 Update 6 Java 2 Runtime Environment, SE v1.4.1_01 Java Web Start Java(TM) 6 Update 2 Java(TM) 6 Update 3 Java(TM) SE Runtime Environment 6 Update 1 Language pack for Ad-Aware SE Lecteur Windows Media 11 Logiciel QuickCam de Logitech Macromedia Shockwave Player Medion Flash XL 2.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft FrontPage Client - French Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Premium Microsoft User-Mode Driver Framework Feature Pack 1.0 Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Step by Step Interactive Training (KB898458) Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653) Mise à jour de sécurité pour Windows XP (KB883939) Mise à jour de sécurité pour Windows XP (KB890046) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896422) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB896688) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899588) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB903235) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB905915) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB908531) Mise à jour de sécurité pour Windows XP (KB911280) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911567) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912812) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913446) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB916281) Mise à jour de sécurité pour Windows XP (KB917159) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB918899) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920214) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB921503) Mise à jour de sécurité pour Windows XP (KB921883) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour de sécurité pour Windows XP (KB922760) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923694) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924496) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925454) Mise à jour de sécurité pour Windows XP (KB925486) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB929123) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour de sécurité pour Windows XP (KB933729) Mise à jour de sécurité pour Windows XP (KB935839) Mise à jour de sécurité pour Windows XP (KB935840) Mise à jour de sécurité pour Windows XP (KB936021) Mise à jour de sécurité pour Windows XP (KB938829) Mise à jour de sécurité pour Windows XP (KB941202) Mise à jour de sécurité pour Windows XP (KB943460) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB896727) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB900930) Mise à jour pour Windows XP (KB904942) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB929338) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB931836) Mise à jour pour Windows XP (KB933360) Mise à jour pour Windows XP (KB936357) Mise à jour pour Windows XP (KB938828) MozBackup 1.4.7 Mozilla Firefox (2.0.0.9) Mozilla Thunderbird (2.0.0.9) MSN MSXML 4.0 SP2 (KB936181) Multimedia Keyboard Driver Nero Suite NVIDIA Drivers OpenOffice.org 2.3 Picasa 2 PowerDVD PowerProducer Programme de gestion Camera de Logitech® Quick Zip 4.60.017b QuickTime QuickTime Rainlendar2 (remove only) RealPlayer Remove DivX Codec SAGEM F@st 800-908 Shareaza version 2.2.1.0 Shockwave SiSoftware Sandra Lite XIIc UltraBackup 4.25 Utilitaire de sauvegarde Windows Viewpoint Media Player Visionneuse Journal Windows Microsoft Wallpaper WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Messenger Windows Media Connect Windows Media Connect Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 ZoneAlarm Le volume dans le lecteur C s'appelle BOOT Le numéro de série du volume est 646C-6A9F Répertoire de C:\Program Files 24/11/2007 22:20 . 24/11/2007 22:20 .. 21/02/2005 14:42 a2 free 16/08/2007 21:05 Adobe 19/10/2005 16:18 Ahead 10/02/2007 10:38 Alwil Software 24/11/2007 19:43 a-squared Free 18/11/2007 11:17 Astase 15/09/2005 19:29 AtomTime 28/03/2005 17:12 Borland 27/12/2004 19:42 CA 12/11/2007 21:54 CCleaner 04/01/2006 10:27 Common Files 27/12/2004 22:10 CosmoSoftware 03/11/2004 05:22 CyberLink 23/11/2007 19:01 DAEMON Tools 27/12/2004 22:01 directx 23/12/2004 21:59 DivX 22/09/2005 09:30 eMule 24/11/2007 20:32 Enigma Software Group 12/01/2006 22:09 eoRezo 24/11/2007 22:20 Fichiers communs 04/06/2005 10:40 Free.fr 24/11/2007 22:20 GiPo@Utilities 03/11/2007 13:33 Google 27/12/2004 20:03 Grisoft 25/06/2004 18:58 HighMAT CD Writing Wizard 03/11/2004 05:22 Home Cinema 09/01/2005 15:56 Infogrames 25/06/2004 16:54 Intel 09/10/2007 20:12 Internet Explorer 27/01/2005 19:18 IrfanView 20/10/2007 08:35 Java 07/12/2005 10:38 Java Web Start 04/11/2007 11:40 Kodak EasyShare software 21/02/2005 10:57 KONAMI 27/12/2004 22:07 Larousse 18/01/2005 22:24 Lavasoft 27/12/2004 22:27 Logitech 25/06/2004 18:24 Make bootable flashcards 07/12/2005 10:38 Messenger 01/11/2007 10:33 microsoft frontpage 01/11/2007 10:33 Microsoft Office 03/01/2006 17:55 Midnight Racing 07/12/2005 10:38 Movie Maker 18/11/2007 10:30 MozBackup 25/11/2007 11:07 Mozilla Firefox 23/11/2007 19:40 Mozilla Thunderbird 12/08/2005 10:12 MSN 25/06/2004 16:13 MSN Gaming Zone 20/03/2007 19:52 MSN Messenger 11/11/2007 10:49 MSXML 4.0 25/06/2004 17:24 MUSICMATCH 25/10/2004 17:59 NetMeeting 25/10/2004 18:08 Online Services 30/09/2007 12:05 OpenOffice.org 2.3 13/06/2007 22:31 Outlook Express 04/11/2007 09:00 Picasa2 11/01/2006 17:43 QuickTime 07/03/2007 19:33 QuickZip4 13/05/2007 10:30 Rainlendar2 08/07/2004 16:00 Real 29/10/2005 10:55 SAGEM 25/10/2004 16:59 Services en ligne 11/12/2005 19:05 Shareaza 06/11/2007 13:33 SiSoftware 03/05/2005 14:03 SmartGenealogy_V18 24/11/2007 11:24 Trend Micro 03/11/2004 05:28 Viewpoint 10/11/2007 11:10 Wallpaper 04/01/2006 09:08 WAR Soldiers 25/06/2004 17:35 Windows Journal Viewer 07/12/2005 10:38 Windows Media Connect 10/12/2006 21:57 Windows Media Connect 2 10/12/2006 22:10 Windows Media Player 25/10/2004 17:59 Windows NT 08/03/2007 15:53 WinZip 25/06/2004 16:14 xerox 07/07/2007 15:25 YesMessenger 28/03/2005 16:56 Zone Labs 0 fichier(s) 0 octets 80 Rép(s) 58 794 655 744 octets libres Le volume dans le lecteur C s'appelle BOOT Le numéro de série du volume est 646C-6A9F Répertoire de C:\Program Files\fichiers communs 24/11/2007 22:20 . 24/11/2007 22:20 .. 16/08/2007 21:06 Adobe 09/08/2004 15:45 Ahead 27/12/2004 19:43 AOL 01/11/2007 10:33 Designer 05/05/2005 18:24 DirectX 24/11/2007 22:20 Gibinsoft Shared 29/12/2004 21:45 GTK 14/09/2004 13:43 InstallShield 09/05/2005 08:59 Java 27/12/2004 22:27 Logitech 01/11/2007 10:33 Microsoft Shared 25/06/2004 16:13 MSSoap 08/07/2004 16:01 Nullsoft 27/12/2004 21:55 ODBC 23/03/2006 21:00 Real 25/06/2004 16:13 Services 25/06/2004 17:11 SpeechEngines 13/06/2007 22:31 System 23/03/2006 21:00 xing shared 0 fichier(s) 0 octets 21 Rép(s) 58 794 651 648 octets libres Le volume dans le lecteur C s'appelle BOOT Le numéro de série du volume est 646C-6A9F Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 23/11/2007 20:54 . 23/11/2007 20:54 .. 27/12/2004 21:55 1033 30/09/2007 12:24 1036 23/11/2007 20:54 129 421 ibm00001.dll 23/11/2007 20:54 113 595 ibm00002.dll 15/02/2001 05:45 1 318 912 MSONSEXT.DLL 03/06/1999 13:09 122 937 MSOWS409.DLL 07/03/2001 08:00 127 033 MSOWS40c.DLL 22/01/2001 03:25 86 016 PKMWS.DLL 6 fichier(s) 1 897 914 octets 4 Rép(s) 58 794 651 648 octets libres Le volume dans le lecteur C s'appelle BOOT Le numéro de série du volume est 646C-6A9F Répertoire de C:\Program Files\common files 04/01/2006 10:27 . 04/01/2006 10:27 .. 04/01/2006 10:27 EasyInfo 0 fichier(s) 0 octets 3 Rép(s) 58 794 651 648 octets libres Le volume dans le lecteur C s'appelle BOOT Le numéro de série du volume est 646C-6A9F Répertoire de C:\ 23/11/2007 20:54 50 176 d.exe 23/11/2007 20:54 105 176 mwjqxanu.exe 23/11/2007 20:54 20 992 opnvmwvi.exe 23/11/2007 20:53 58 368 pgdxf.exe 24/05/2001 11:59 162 304 UNWISE.EXE 5 fichier(s) 397 016 octets 0 Rép(s) 58 794 651 648 octets libres c:\Documents and Settings\Gaëtan\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe c:\Documents and Settings\Gaëtan\Application Data\EoRezo mp.exe c:\Documents and Settings\Gaëtan\Application Data\Microsoft\Installer\{9F185C48-595B-401A-A1D6-AAB324890DC4}\IconCBE855212.exe c:\Documents and Settings\Gaëtan\Bureau\HJTInstall.exe c:\Documents and Settings\Gaëtan\Bureau\VundoFix.exe c:\Documents and Settings\Gaëtan\Bureau\Windows-KB890830-V1.35.exe c:\Documents and Settings\Gaëtan\Mes documents\Firetune\FireTune.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Everest 3.50 Ultimate\everestultimate350.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO\appli microshop\microshop.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO\Cryptage\bin\Cryptage.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO\Cryptage\obj\Debug\Cryptage.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO\microshop console\principale\bin\principale.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO\microshop console\principale\obj\Debug\principale.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO\microshop console\principale\obj\Release\principale.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO\microshop windows\appliWindows.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO estAdoConnecté\WindowsApplication7\bin\WindowsApplication7.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO estAdoConnecté\WindowsApplication7\obj\Debug\WindowsApplication7.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO estAdodéConnecté\WindowsApplication7\bin\WindowsApplication7.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO estAdodéConnecté\WindowsApplication7\obj\Debug\WindowsApplication7.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO\TestMVC\TestMVC_appli_console\bin\TestMVC_appli.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO\TestMVC\TestMVC_appli_console\obj\Debug\TestMVC_appli.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO p InputBox\bin p InputBox.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO p InputBox\obj\Debug p InputBox.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\RUP Complet\RUP_Eval\applet\AppletJreConsole.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\TP QCM\jakarta-tomcat-4.1.31-LE-jdk14.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\TP QCM\jdk-1_5_0_07-windows-i586-p.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\TP QCM\StarUML-5.0-with-cm.exe c:\Documents and Settings\Gaëtan\Mes documents\Moins importants\Mes vidéos\LineRider_beta.exe c:\Documents and Settings\Gaëtan\Mes documents\Moins importants\Scanner Marie-Chantal\sj652fr.exe c:\Documents and Settings\Gaëtan\Mes documents\Moins importants\Scanner Marie-Chantal\sj700fr.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\USMT\iconlib.dll c:\Documents and Settings\Gaëtan\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\Gaëtan\Application Data\Mozilla\Firefox\Profiles\wa5km24g.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll c:\Documents and Settings\Gaëtan\Application Data\Mozilla\Firefox\Profiles\wa5km24g.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll c:\Documents and Settings\Gaëtan\Application Data\SystemRequirementsLab\SRLProxyI.dll c:\Documents and Settings\Gaëtan\Application Data\SystemRequirementsLab\SRLProxyJ.dll c:\Documents and Settings\Gaëtan\Application Data\SystemRequirementsLab\SRLProxyK.dll c:\Documents and Settings\Gaëtan\Application Data\SystemRequirementsLab\SRLProxyL.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

Gaëtan · Answer

Résultats SReng : [CODE] 2007-11-25,11:21:04 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed Follow item(s) have been choosed: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Runing Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Process Privileges Scan Boot Items Registry [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Publisher] <"C:\Program Files\Rainlendar2\Rainlendar2.exe"> [] <"C:\Program Files\Wallpaper\Wallpaper.exe" Starter> [N/A] <"C:\Program Files\Windows Media Player\WMPNSCFG.exe"> [(Verified)Microsoft Windows Component Publisher] <"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033> [(Verified)DAEMON Tools Code Signing Services] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [Ahead Software Gmbh] [N/A] [ICSI Technology Ltd.] [] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [Logitech Inc.] <"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."] <> [N/A] <> [N/A] <> [N/A] <"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"> [(Verified)Check Point Software Technologies Ltd.] [(Verified)ALWIL Software] <"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"> [(Verified)Check Point Software Technologies Ltd.] <"RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Publisher] <"nwiz.exe" /install> [] <"RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468}> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crehcjid] <°€€> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfdbyw] [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\°€€] <°€€> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32 egsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32 hemeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; C:\Documents and Settings\Gaëtan\Local Settings\Temporary Internet Files\Content.IE5\E27ODY7W\Diddl_Scr[1].exe> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; C:\sj652\hpupdate.exe 3400C> [N/A] <; C:\Program Files\Ahead\InCD\InCD.exe> [Nero AG] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; C:\Program Files\Logitech\Video\ISStart.exe > [Logitech Inc.] <; C:\Program Files\Logitech\Video\LogiTray.exe> [Logitech Inc.] <; "C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <; C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S> [N/A] <; C:\Program Files\Windows Media Player\WMPNSCFG.exe> [(Verified)Microsoft Windows XP Publisher] ================================== Startup Folders N/A ================================== Services [Gestion d'applications / AppMgmt][Stopped/Manual Start] %SystemRoot%\System32\appmgmts.dll> [avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"> [avast! Antivirus / avast! Antivirus][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"> [avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service> [avast! Web Scanner / avast! Web Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service> [Client de licence CA / CA_LIC_CLNT][Stopped/Manual Start] [Serveur de licence CA / CA_LIC_SRVR][Stopped/Manual Start] [Google Updater Service / gusvc][Stopped/Manual Start] <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"> [InstallDriver Table Manager / IDriverT][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"> [InCD Helper / InCDsrv][Running/Auto Start] [Event Log Watch / LogWatch][Running/Auto Start] [Machine Debug Manager / MDM][Running/Auto Start] <"C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"> [NtmlSvc / NtmlSvc][Running/Auto Start] C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.dll> [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] [SiSoftware Database Agent Service / SandraDataSrv][Stopped/Manual Start] [SiSoftware Sandra Agent Service / SandraTheSrv][Stopped/Manual Start] [TrueVector Internet Monitor / vsmon][Running/Auto Start] [Windows Media Connect (WMC) / WmcCds][Stopped/Manual Start] [Aide de Windows Media Connect (WMC) / WmcCdsLs][Stopped/Manual Start] ================================== Drivers [General Purpose USB Driver (adildr.sys) / ADILOADER][Stopped/Auto Start] [USB ADSL LAN Adapter / adiusbae][Stopped/Manual Start] [USB ADSL WAN Adapter / adiusbaw][Stopped/Manual Start] [Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start] [Card Reader Filter / CardReaderFilter][Running/Manual Start] <\??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS> [C-Media High Definition Audio Interface / cmudax][Running/Manual Start]

[Pilote de la carte EtherLink XL 90XB/C 3Com / EL90XBC][Stopped/Manual Start] <3Com Corporation> [Carte réseau virtuelle FreeBox USB / fbxusb][Stopped/Manual Start] [VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start] [Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start] [Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start] [InCDPass / InCDPass][Running/System Start] [Logitech USB Monitor Filter / LVUSBSta][Running/Manual Start] [NTSIM / NTSIM][Stopped/Manual Start] <\??\C:\WINDOWS\System32 tsim.sys> [nv / nv][Running/Manual Start] [Padus ASPI Shell / pfc][Running/Manual Start] [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [Logitech QuickCam Communicate / QCMerced][Running/Manual Start] <> [Secdrv / Secdrv][Running/Auto Start] [Pilote de filtrage Sony USB (SONYPVU1) / SONYPVU1][Stopped/Manual Start] [sptd / sptd][Running/Boot Start] <\SystemRoot\System32\Drivers\sptd.sys> [srescan / srescan][Running/Boot Start] <\SystemRoot\system32\ZoneLabs\srescan.sys> [UKBFLT / UKBFLT][Stopped/Manual Start] [vsdatant / vsdatant][Running/System Start] [WAN Miniport (ATW) / wanatw][Stopped/Manual Start] [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start] ================================== Browser Add-ons [Aide pour le lien d'Adobe PDF Reader] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [] {30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468} [EoBho Class] {64F56FC1-1272-44CD-BA6E-39723696E350} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [] {E5975936-6F0A-458D-9C14-99F1B034999C} [Java Plug-in 1.6.0_03] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [Real.com] {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [] {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} [Shockwave ActiveX Control] {166B1BCA-3F9C-11CF-8075-444553540000} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [telechargement-photoweb] {68C1822F-F5C7-4404-A73F-03C10E0E94DA} [Java Plug-in 1.6.0_03] {8AD9C840-044E-11D1-B3E9-00805F499D93} [Java Plug-in 1.5.0_04] {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} [Java Plug-in 1.5.0_06] {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [Java Plug-in 1.5.0_10] {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [Java Plug-in 1.6.0_01] {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [Java Plug-in 1.6.0_02] {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [Java Plug-in 1.6.0_03] {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [Java Plug-in 1.6.0_03] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [QuickTime Object] {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [Aide pour le lien d'Adobe PDF Reader] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [XML DOM Document] {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A> [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [] {30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [EoBho Class] {64F56FC1-1272-44CD-BA6E-39723696E350} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [QuickTimeCheck Class] {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} [] {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [] {E5975936-6F0A-458D-9C14-99F1B034999C} [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A> [XML DOM Document] {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A> [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A> [&Recherche AOL Toolbar] [&Search] ================================== Running Processes [PID: 488 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 556 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 584 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5] [C:\WINDOWS\system32\khfdbyw.dll] [N/A, ] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 628 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [PID: 640 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\ddayw.dll] [N/A, ] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [PID: 816 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 908 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 976 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [PID: 1020 / SYSTEM][C:\Program Files\Ahead\InCD\InCDsrv.exe] [Nero AG, 4, 3, 20, 1] [C:\Program Files\Fichiers communs\Ahead\Lib\DriveLocker.dll] [Ahead Software AG, 1, 0, 0, 17] [C:\Program Files\Ahead\InCD\incdshx.dll] [Nero AG, 4, 3, 20, 1] [PID: 1208 / SERVICE RÉSEAU][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1260 / SERVICE LOCAL][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [PID: 1404 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1074, 0] [PID: 1524 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1074, 0] [c:\program files\fichiers communs\microsoft shared\web folders\ibm00002.dll] [N/A, ] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [PID: 1536 / Gaëtan][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\ddayw.dll] [N/A, ] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\PROGRA~1\WINDOW~2\wmpband.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\khfdbyw.dll] [N/A, ] [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [c:\program files\fichiers communs\microsoft shared\web folders\ibm00002.dll] [N/A, ] [C:\WINDOWS\HKNTDLL.dll] [N/A, ] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll] [Sun Microsystems, Inc., 2.03] [C:\Program Files\OpenOffice.org 2.3\program\uwinapi.dll] [Sun Microsystems, Inc., 2.03] [C:\Program Files\OpenOffice.org 2.3\program\stlport_vc7145.dll] [STLport Consulting, Inc., 4.5.2003.0120] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0] [C:\WINDOWS\system32\lvcodec2.dll] [Logitech Inc., 8.4.1.1092] [C:\WINDOWS\system32 ssoft32.acm] [DSP GROUP, INC., 1.01] [C:\WINDOWS\system32 sd32.dll] [, ] [C:\Program Files\GiPo@Utilities\GiPo@MoveOnBoot\mboot.dll] [Gibin Software House (http://www.gibinsoft.net), 1, 9, 5, 22] [C:\WINDOWS\system32 vcpl.dll] [NVIDIA Corporation, 6.14.11.6375] [C:\WINDOWS\system32\NVRSFR.DLL] [NVIDIA Corporation, 6.14.11.6375] [C:\WINDOWS\system32 vapi.dll] [NVIDIA Corporation, 6.14.11.6375] [C:\Program Files\Ahead\InCD\incdshx.dll] [Nero AG, 4, 3, 20, 1] [C:\WINDOWS\system32 vshell.dll] [, ] [C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll] [Zone Labs, LLC, 7.0.337.000] [C:\Program Files\Zone Labs\ZoneAlarm\zlavscan_Loc040c.dll] [Zone Labs Inc., 5.3.017.000] [C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Logitech\Video\Namespc2.dll] [Logitech Inc., 8.4.1.1092] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Logitech\Video\AlbuDBps.dll] [Logitech Inc., 8.4.1.1092] [C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00] [C:\WINDOWS\system32\wpdshext.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [PID: 1820 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\CNBJMON2.DLL] [Microsoft Corporation, 5.1.2600.2079 built by: xpsp(skatari)] [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL] [Microsoft Corporation, 5.2.3790.120 (srv03_qfe.031205-1652)] [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\UNIDRV.DLL] [Microsoft Corporation, 5.2.3790.184 (srv03_qfe.040410-1236)] [C:\WINDOWS\system32\icm32.dll] [Microsoft Corporation, 5.1.2600.2709 (xpsp_sp2_gdr.050628-1518)] [PID: 2044 / Gaëtan][C:\WINDOWS\system32\RunDll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system\cmicnfg.cpl] [C-Media Corporation, 1, 0, 43, 4] [C:\WINDOWS\System32\udaprop.dll] [C-Media Corporation, 1.0.2.3] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [c:\program files\fichiers communs\microsoft shared\web folders\ibm00002.dll] [N/A, ] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [PID: 196 / Gaëtan][C:\WINDOWS\Dit.exe] [ICSI Technology Ltd., V2.01.0402] [c:\program files\fichiers communs\microsoft shared\web folders\ibm00002.dll] [N/A, ] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [PID: 224 / Gaëtan][C:\WINDOWS\zHotkey.exe] [, 3, 0, 0, 7] [C:\WINDOWS\HKNTDLL.dll] [N/A, ] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [c:\program files\fichiers communs\microsoft shared\web folders\ibm00002.dll] [N/A, ] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [PID: 232 / Gaëtan][C:\WINDOWS\AGRSMMSG.exe] [Agere Systems, 2.1.51 2.1.51 03/04/2005 12:01:54] [c:\program files\fichiers communs\microsoft shared\web folders\ibm00002.dll] [N/A, ] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [PID: 244 / Gaëtan][C:\WINDOWS\system32\LVCOMSX.EXE] [Logitech Inc., 8.4.1.1092] [C:\WINDOWS\system32\lvmaenum.dll] [Logitech Inc., 8.4.1.1092] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [c:\program files\fichiers communs\microsoft shared\web folders\ibm00002.dll] [N/A, ] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\lvcomcx.dll] [Logitech Inc., 8.4.1.1092] [PID: 272 / Gaëtan][C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.30.5] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [PID: 352 / Gaëtan][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1074, 0] [c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1074, 0] [c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1074, 0] [c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)] [c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1074, 0] [c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1074, 0] [c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1074, 0] [c:\program files\fichiers communs\microsoft shared\web folders\ibm00002.dll] [N/A, ] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [PID: 520 / Gaëtan][C:\WINDOWS\system32\RUNDLL32.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\NvMcTray.dll] [NVIDIA Corporation, 6.14.11.6375] [C:\WINDOWS\system32 vapi.dll] [NVIDIA Corporation, 6.14.11.6375] [C:\WINDOWS\system32\NVRSFR.DLL] [NVIDIA Corporation, 6.14.11.6375] [c:\program files\fichiers communs\microsoft shared\web folders\ibm00002.dll] [N/A, ] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [PID: 548 / Gaëtan][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\program files\fichiers communs\microsoft shared\web folders\ibm00002.dll] [N/A, ] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [PID: 984 / Gaëtan][C:\Program Files\Rainlendar2\Rainlendar2.exe] [, 2, 0, 2, 0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll] [N/A, ] [c:\program files\fichiers communs\microsoft shared\web folders\ibm00002.dll] [N/A, ] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [PID: 1056 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 868 / Gaëtan][C:\Program Files\Wallpaper\Wallpaper.exe] [, 5.00.0003] [C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9782] [C:\WINDOWS\system32\VB6FR.DLL] [Microsoft Corporation, 6.00.8988] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\comdlg32.ocx] [Microsoft Corporation, 6.00.8418] [c:\program files\fichiers communs\microsoft shared\web folders\ibm00002.dll] [N/A, ] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [PID: 1084 / Gaëtan][C:\Program Files\Windows Media Player\WMPNSCFG.exe] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\Program Files\Windows Media Player\wmpnssci.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [c:\program files\fichiers communs\microsoft shared\web folders\ibm00002.dll] [N/A, ] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [PID: 1176 / Gaëtan][C:\Program Files\DAEMON Tools\daemon.exe] [DT Soft Ltd., 4.09.0.0] [C:\Program Files\DAEMON Tools\daemon.dll] [DT Soft Ltd., 4.09.1.0] [C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll] [, 1.1.3.0] [C:\Program Files\DAEMON Tools\Plugins\Images\bwtmount.dll] [DT Soft Ltd., 1.00.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images\ccdmount.dll] [DT Soft Ltd., 1.10.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images\cuemount.dll] [DT Soft Ltd., 1.02.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images\iszmount.dll] [DT Soft Ltd., 1.02.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images\mdsmount.dll] [DT Soft Ltd., 1.22.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images rgmount.dll] [DT Soft Ltd., 1.12.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images\pdimount.dll] [DT Soft Ltd., 1.01.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images\pfcmount.dll] [DT Soft Ltd., 1.00.0.0] [C:\Program Files\DAEMON Tools\pfctoc.dll] [Padus(R), Inc., 1, 0, 0, 12] [c:\program files\fichiers communs\microsoft shared\web folders\ibm00002.dll] [N/A, ] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [PID: 1328 / SYSTEM][C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe] [Computer Associates, 1.52] [C:\Program Files\CA\SharedComponents\CA_LIC\lic98.dll] [Computer Associates, 01.52] [PID: 768 / SYSTEM][C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe] [Microsoft Corporation, 7.10.3077] [C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\1036\mdmui.dll] [Microsoft Corporation, 7.10.3077] [c:\program files\fichiers communs\microsoft shared\web folders\ibm00002.dll] [N/A, ] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [PID: 900 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [c:\program files\fichiers communs\microsoft shared\web folders\ibm00002.dll] [N/A, ] [PID: 2024 / SYSTEM][C:\WINDOWS\system32 vsvc32.exe] [NVIDIA Corporation, 6.14.11.6375] [C:\WINDOWS\system32 vapi.dll] [NVIDIA Corporation, 6.14.11.6375] [c:\program files\fichiers communs\microsoft shared\web folders\ibm00002.dll] [N/A, ] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [PID: 2152 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\escwiad.dll] [SEIKO EPSON CORP., 1.00] [PID: 2536 / SERVICE RÉSEAU][C:\Program Files\Windows Media Player\WMPNetwk.exe] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\wmpmde.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\MFPlat.DLL] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\wmpps.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [PID: 3032 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 7, 1074, 0] [c:\program files\fichiers communs\microsoft shared\web folders\ibm00002.dll] [N/A, ] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [PID: 3140 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1074, 0] [PID: 3368 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3552 / Gaëtan][C:\Documents and Settings\Gaëtan\Bureau\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [c:\program files\fichiers communs\microsoft shared\web folders\ibm00002.dll] [N/A, ] [C:\Documents and Settings\Gaëtan\Bureau\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== File Associations .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock Provider N/A ================================== Autorun.Inf N/A ================================== HOSTS File 127.0.0.1 localhost ================================== Process Privileges Scan Special Privilege Enabled: SeLoadDriverPrivilege [PID = 196, C:\WINDOWS\DIT.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 224, C:\WINDOWS\ZHOTKEY.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 244, C:\WINDOWS\SYSTEM32\LVCOMSX.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 984, C:\PROGRAM FILES\RAINLENDAR2\RAINLENDAR2.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 868, C:\PROGRAM FILES\WALLPAPER\WALLPAPER.EXE] Special Privilege Enabled: SeDebugPrivilege [PID = 3552, C:\DOCUMENTS AND SETTINGS\GAËTAN\BUREAU\SRENGPS.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3552, C:\DOCUMENTS AND SETTINGS\GAËTAN\BUREAU\SRENGPS.EXE] ================================== API HOOK N/A ================================== Hidden Process N/A ================================== [/CODE]

Gaëtan · Answer

Résultats PCA :

# PCA Sécurité V 1.0.2, (fichier LOG).
# Rapport du  :25/11/2007 11:24:57
Microsoft Windows XP  Service Pack 2
 
==>> Processus <==
\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Wallpaper\Wallpaper.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PCA\pca.exe
 
//pages de démarrage et de recherche d'Internet Explorer
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Start Page = https://www.msn.com/fr-fr/?ocid=iehp
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
RO - HKCU\Software\Microsoft\Internet Explorer\Main\Start Page = https://news.google.com/topstories?hl=fr&gl=FR&ceid=FR:fr
RO - HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
//applications lancées depuis system.ini,win.ini 
//03 - Browser Helper Objects (BHOs)
02 - BHO:  - {00A6FAF1-072E-44cf-8957-5838F569A31D} - 
02 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
02 - BHO:  - {30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468} - C:\WINDOWS\system32\khfdbyw.dll
02 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL
02 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
02 - BHO:  - {7E853D72-626A-48EC-A868-BA8D5E23E045} - 
02 - BHO:  - {E5975936-6F0A-458D-9C14-99F1B034999C} - C:\WINDOWS\system32\ddayw.dll
//04 - applications chargées automatiquement
04 - HKLM\..\RUN: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe
04 - HKLM\..\RUN: [Cmaudio] - RunDll32 cmicnfg.cpl,CMICtrlWnd
04 - HKLM\..\RUN: [Dit] - Dit.exe
04 - HKLM\..\RUN: [CHotkey] - zHotkey.exe
04 - HKLM\..\RUN: [AGRSMMSG] - AGRSMMSG.exe
04 - HKLM\..\RUN: [LVCOMSX] - C:\WINDOWS\system32\LVCOMSX.EXE
04 - HKLM\..\RUN: [SunJavaUpdateSched] - "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
04 - HKLM\..\RUN: [EoEngine] - 
04 - HKLM\..\RUN: [EoWeather] - 
04 - HKLM\..\RUN: [EoClock] - 
04 - HKLM\..\RUN: [Zone Labs Client] - "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
04 - HKLM\..\RUN: [avast!] - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
04 - HKLM\..\RUN: [ZoneAlarm Client] - "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
04 - HKLM\..\RUN: [NvCplDaemon] - "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKLM\..\RUN: [nwiz] - "nwiz.exe" /install
04 - HKLM\..\RUN: [NvMediaCenter] - "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
04 - HKLM\..\RUN: [Adobe Reader Speed Launcher] - ; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
04 - HKLM\..\RUN: [HP Update 3400C] - ; C:\sj652\hpupdate.exe 3400C
04 - HKLM\..\RUN: [InCD] - ; C:\Program Files\Ahead\InCD\InCD.exe
04 - HKLM\..\RUN: [LogitechVideoRepair] - ; C:\Program Files\Logitech\Video\ISStart.exe 
04 - HKLM\..\RUN: [LogitechVideoTray] - ; C:\Program Files\Logitech\Video\LogiTray.exe
04 - HKLM\..\RUN: [QuickTime Task] - ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
04 - HKLU\..\RUN: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
04 - HKLU\..\RUN: [Rainlendar2] - "C:\Program Files\Rainlendar2\Rainlendar2.exe"
04 - HKLU\..\RUN: [Wallpaper] - "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
04 - HKLU\..\RUN: [WMPNSCFG] - ; C:\Program Files\Windows Media Player\WMPNSCFG.exe
04 - HKLU\..\RUN: [DAEMON Tools] - "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
04 - HKLU\..\RUN: [Diddl_Scr.exe] - ; C:\Documents and Settings\Gaëtan\Local Settings\Temporary Internet Files\Content.IE5\E27ODY7W\Diddl_Scr[1].exe
04 - HKLU\..\RUN: [LogitechSoftwareUpdate] - ; "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
04 - HKLU\..\RUN: [Uniblue RegistryBooster 2] - ; C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
04 - HKUS\S-1-5-18\..\RUN: [CTFMON.EXE] - C:\WINDOWS\system32\NeroCheck.exe
04 - HKUS\S-1-5-19\..\RUN: [CTFMON.EXE] - C:\WINDOWS\system32\NeroCheck.exe
04 - HKUS\S-1-5-20\..\RUN: [CTFMON.EXE] - C:\WINDOWS\system32\NeroCheck.exe
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [ctfmon.exe] - C:\WINDOWS\system32\NeroCheck.exe
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [Rainlendar2] - RunDll32 cmicnfg.cpl,CMICtrlWnd
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [Wallpaper] - Dit.exe
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [WMPNSCFG] - zHotkey.exe
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [DAEMON Tools] - AGRSMMSG.exe
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [Diddl_Scr.exe] - C:\WINDOWS\system32\LVCOMSX.EXE
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [LogitechSoftwareUpdate] - "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [Uniblue RegistryBooster 2] - 
//05 - Accès au panneau de contrôle d'Internet Explorer (control.ini) 
//06-  interdiction à l' accès au options (Internet Explorer) 
//07 -  blocage de l'exécution de Regedit 
//08 - lignes supplémentaires dans le menu contextuel d'Internet Explorer
08 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
08 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb001YYFR
//09 - boutons situés sur la barre d'outils principale d'Internet Explorer
09 - Extra button:  - CmdMapping - 
09 - Extra 'Tools' menuitem:  - CmdMapping - 
09 - Extra button:  - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
09 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
09 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 
09 - Extra 'Tools' menuitem:  - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 
09 - Extra button:  - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
09 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
//O10 - Pirates de Winsock
//O11 - Onglet supplémentaire dans les options avancées d'Internet Explorer) 
O11 - Options group: [INTERNATIONAL] - International*
//O12 - IE plugins
O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS
pqtplugin.dll
O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS
pqtplugin2.dll
O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS
pqtplugin3.dll
//013 : DefaultPrefix 
//014 - Option : (Rétablir les paramètres Web) 
//015 - Zone de confiance d'Internet Explorer
//O16 - Objets ActiveX
O16 - DPF :   - DirectAnimation Java Classes - 
O16 - DPF :   - Microsoft XML Parser for Java - 
O16 - DPF :  Shockwave ActiveX Control - {166B1BCA-3F9C-11CF-8075-444553540000} - C:\WINDOWS\system32\macromed\Director\SwDir.dll
O16 - DPF :  WUWebControl Class - {6414512B-B978-451D-A0D8-FCFDF33E833C} - C:\WINDOWS\system32\wuweb.dll
O16 - DPF :  telechargement-photoweb - {68C1822F-F5C7-4404-A73F-03C10E0E94DA} - C:\WINDOWS\Downloaded Program Files	elechargement-photoweb.ocx
O16 - DPF :  Shockwave Flash Object - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx
//O17 - piratage de domaine Lop.com
//O18 - protocoles additionnels
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - 
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
//O19 - feuille de style de l'utilisateur
//O20 - valeur de Registre AppInit_DLLs et les sous-clés Winlogon Notify
//O21 - ShellServiceObjectDelayLoad
//O22 - SharedTaskScheduler
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\System32\browseui.dll
//O23 - services de XP,NT, 2000, et 2003
O23 - Service: [Service de la passerelle de la couche Application] - %SystemRoot%\System32\alg.exe
O23 - Service: [avast! iAVS4 Control Service] - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
O23 - Service: [avast! Antivirus] - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
O23 - Service: [avast! Mail Scanner] - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
O23 - Service: [avast! Web Scanner] - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
O23 - Service: [Client de licence CA] - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: [Serveur de licence CA] - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: [Gestionnaire de l'Album] - %SystemRoot%\system32\clipsrv.exe
O23 - Service: [Application système COM+] - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: [Fax] - %systemroot%\system32\fxssvc.exe
O23 - Service: [Google Updater Service] - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
O23 - Service: [InstallDriver Table Manager] - "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: [Service COM de gravage de CD IMAPI] - 
O23 - Service: [InCD Helper] - 
O23 - Service: [Event Log Watch] - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: [Machine Debug Manager] - "C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"
O23 - Service: [Partage de Bureau à distance NetMeeting] - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: [Distributed Transaction Coordinator] - C:\WINDOWS\system32\msdtc.exe
O23 - Service: [] - %SystemRoot%\System32\svchost.exe -k netsvcs
O23 - Service: [NVIDIA Display Driver Service] - %SystemRoot%\system32
vsvc32.exe
O23 - Service: [Gestionnaire de session d'aide sur le Bureau à distance] - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: [Localisateur d'appels de procédure distante (RPC)] - %SystemRoot%\System32\locator.exe
O23 - Service: [QoS RSVP] - %SystemRoot%\System32svp.exe
O23 - Service: [SiSoftware Database Agent Service] - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: [SiSoftware Sandra Agent Service] - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: [Spouleur d'impression] - %SystemRoot%\system32\spoolsv.exe
O23 - Service: [MS Software Shadow Copy Provider] - C:\WINDOWS\System32\dllhost.exe /Processid:{DB0CDB63-F5CF-4D8E-910E-E037CBFB0C95}
O23 - Service: [Journaux et alertes de performance] - %SystemRoot%\system32\smlogsvc.exe
O23 - Service: [Onduleur] - %SystemRoot%\System32\ups.exe
O23 - Service: [Service Messenger Sharing Folders USN Journal Reader] - "C:\Program Files\MSN Messenger\usnsvc.exe"
O23 - Service: [TrueVector Internet Monitor] - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
O23 - Service: [Cliché instantané de volume] - %SystemRoot%\System32\vssvc.exe
O23 - Service: [Windows Media Connect (WMC)] - c:\program files\windows media connect\mswmccds.exe
O23 - Service: [Aide de Windows Media Connect (WMC)] - C:\Program Files\Windows Media Connect\mswmcls.exe
O23 - Service: [Carte de performance WMI] - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: [Service Partage réseau du Lecteur Windows Media] - "C:\Program Files\Windows Media Player\WMPNetwk.exe"

FillPCA · Answer

Re,

J'ai quelques minutes. Il y a bien infection.

    *  Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    * Double clique combofix.exe et suis les invites.
    * Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

Edite le rapport Combofix, puis à nouveau diaghelp, SREng et PCA.

A ce soir.

FillPCA

Gaëtan · Answer

Rapport ComboFix : ComboFix 07-11-19.3 - Gaëtan 2007-11-25 12:16:54.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.621 [GMT 1:00] Running from: C:\Documents and Settings\Gaëtan\Bureau\ComboFix.exe * Created a new restore point . Incapable d'obtenir les privilèges Système (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\d.exe C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00001.dll C:\Program Files\Fichiers communs\microsoft shared\web folders\ibm00002.dll C:\WINDOWS\system32\8_exception.nls C:\WINDOWS\system32\ddayw.dll C:\WINDOWS\system32\wyadd.ini C:\WINDOWS\system32\wyadd.ini2 C:\WINDOWS\system32\xpdx.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_NTMLSVC -------\NtmlSvc -------\poof -------\xpdx ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-25 to 2007-11-25 )))))))))))))))))))))))))))))))))))) . 2007-11-25 11:23 d-------- C:\PCA 2007-11-25 10:52 d-------- C:\Diaghelp 2007-11-24 22:36 d-------- C:\VundoFix Backups 2007-11-24 22:28 d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2007-11-24 20:25 d-------- C:\Program Files\Enigma Software Group 2007-11-24 19:15 164 --a------ C:\install.dat 2007-11-24 13:49 d-------- C:\Program Files\a-squared Free 2007-11-24 11:24 d-------- C:\Program Files\Trend Micro 2007-11-23 22:08 71,680 --a------ C:\WINDOWS\system32\96.tmp 2007-11-23 21:29 71,680 --a------ C:\WINDOWS\system32\131.tmp 2007-11-23 21:29 71,680 --a------ C:\WINDOWS\system32\12F.tmp 2007-11-23 21:27 71,680 --a------ C:\WINDOWS\system32\12D.tmp 2007-11-23 21:26 71,680 --a------ C:\WINDOWS\system32\12B.tmp 2007-11-23 21:26 71,680 --a------ C:\WINDOWS\system32\129.tmp 2007-11-23 21:26 71,680 --a------ C:\WINDOWS\system32\127.tmp 2007-11-23 21:25 71,680 --a------ C:\WINDOWS\system32\125.tmp 2007-11-23 21:25 71,680 --a------ C:\WINDOWS\system32\123.tmp 2007-11-23 21:25 71,680 --a------ C:\WINDOWS\system32\121.tmp 2007-11-23 21:24 71,680 --a------ C:\WINDOWS\system32\11F.tmp 2007-11-23 21:24 71,680 --a------ C:\WINDOWS\system32\11D.tmp 2007-11-23 21:24 71,680 --a------ C:\WINDOWS\system32\11B.tmp 2007-11-23 21:23 71,680 --a------ C:\WINDOWS\system32\119.tmp 2007-11-23 21:23 71,680 --a------ C:\WINDOWS\system32\117.tmp 2007-11-23 21:23 71,680 --a------ C:\WINDOWS\system32\115.tmp 2007-11-23 21:22 71,680 --a------ C:\WINDOWS\system32\113.tmp 2007-11-23 21:22 71,680 --a------ C:\WINDOWS\system32\111.tmp 2007-11-23 21:21 71,680 --a------ C:\WINDOWS\system32\10F.tmp 2007-11-23 21:21 71,680 --a------ C:\WINDOWS\system32\10D.tmp 2007-11-23 21:21 71,680 --a------ C:\WINDOWS\system32\10B.tmp 2007-11-23 21:20 71,680 --a------ C:\WINDOWS\system32\109.tmp 2007-11-23 21:20 71,680 --a------ C:\WINDOWS\system32\107.tmp 2007-11-23 21:20 71,680 --a------ C:\WINDOWS\system32\105.tmp 2007-11-23 21:19 71,680 --a------ C:\WINDOWS\system32\FF.tmp 2007-11-23 21:19 71,680 --a------ C:\WINDOWS\system32\103.tmp 2007-11-23 21:19 71,680 --a------ C:\WINDOWS\system32\101.tmp 2007-11-23 21:18 71,680 --a------ C:\WINDOWS\system32\FD.tmp 2007-11-23 21:18 71,680 --a------ C:\WINDOWS\system32\FB.tmp 2007-11-23 21:18 71,680 --a------ C:\WINDOWS\system32\F9.tmp 2007-11-23 21:17 71,680 --a------ C:\WINDOWS\system32\F7.tmp 2007-11-23 21:17 71,680 --a------ C:\WINDOWS\system32\F5.tmp 2007-11-23 21:17 71,680 --a------ C:\WINDOWS\system32\F3.tmp 2007-11-23 21:16 71,680 --a------ C:\WINDOWS\system32\F1.tmp 2007-11-23 21:16 71,680 --a------ C:\WINDOWS\system32\EF.tmp 2007-11-23 21:15 71,680 --a------ C:\WINDOWS\system32\ED.tmp 2007-11-23 21:15 71,680 --a------ C:\WINDOWS\system32\EB.tmp 2007-11-23 21:15 71,680 --a------ C:\WINDOWS\system32\E9.tmp 2007-11-23 21:14 71,680 --a------ C:\WINDOWS\system32\E7.tmp 2007-11-23 21:14 71,680 --a------ C:\WINDOWS\system32\E5.tmp 2007-11-23 21:14 71,680 --a------ C:\WINDOWS\system32\E3.tmp 2007-11-23 21:13 71,680 --a------ C:\WINDOWS\system32\E1.tmp 2007-11-23 21:13 71,680 --a------ C:\WINDOWS\system32\DF.tmp 2007-11-23 21:13 71,680 --a------ C:\WINDOWS\system32\DD.tmp 2007-11-23 21:12 71,680 --a------ C:\WINDOWS\system32\DB.tmp 2007-11-23 21:12 71,680 --a------ C:\WINDOWS\system32\D9.tmp 2007-11-23 21:12 71,680 --a------ C:\WINDOWS\system32\D7.tmp 2007-11-23 21:11 71,680 --a------ C:\WINDOWS\system32\D5.tmp 2007-11-23 21:11 71,680 --a------ C:\WINDOWS\system32\D3.tmp 2007-11-23 21:11 71,680 --a------ C:\WINDOWS\system32\D1.tmp 2007-11-23 21:10 71,680 --a------ C:\WINDOWS\system32\CF.tmp 2007-11-23 21:10 71,680 --a------ C:\WINDOWS\system32\CD.tmp 2007-11-23 21:10 71,680 --a------ C:\WINDOWS\system32\CB.tmp 2007-11-23 21:09 71,680 --a------ C:\WINDOWS\system32\C9.tmp 2007-11-23 21:09 71,680 --a------ C:\WINDOWS\system32\C7.tmp 2007-11-23 21:08 71,680 --a------ C:\WINDOWS\system32\C5.tmp 2007-11-23 21:08 71,680 --a------ C:\WINDOWS\system32\C3.tmp 2007-11-23 21:07 71,680 --a------ C:\WINDOWS\system32\C1.tmp 2007-11-23 21:07 71,680 --a------ C:\WINDOWS\system32\BF.tmp 2007-11-23 21:07 71,680 --a------ C:\WINDOWS\system32\BD.tmp 2007-11-23 21:06 71,680 --a------ C:\WINDOWS\system32\BB.tmp 2007-11-23 21:06 71,680 --a------ C:\WINDOWS\system32\B9.tmp 2007-11-23 21:06 71,680 --a------ C:\WINDOWS\system32\B7.tmp 2007-11-23 21:05 71,680 --a------ C:\WINDOWS\system32\B5.tmp 2007-11-23 21:05 71,680 --a------ C:\WINDOWS\system32\B3.tmp 2007-11-23 21:05 71,680 --a------ C:\WINDOWS\system32\B1.tmp 2007-11-23 21:04 71,680 --a------ C:\WINDOWS\system32\AF.tmp 2007-11-23 21:04 71,680 --a------ C:\WINDOWS\system32\AD.tmp 2007-11-23 21:04 71,680 --a------ C:\WINDOWS\system32\AB.tmp 2007-11-23 21:03 71,680 --a------ C:\WINDOWS\system32\A9.tmp 2007-11-23 21:03 71,680 --a------ C:\WINDOWS\system32\A7.tmp 2007-11-23 21:02 71,680 --a------ C:\WINDOWS\system32\A5.tmp 2007-11-23 21:02 71,680 --a------ C:\WINDOWS\system32\A3.tmp 2007-11-23 21:02 71,680 --a------ C:\WINDOWS\system32\A1.tmp 2007-11-23 21:01 71,680 --a------ C:\WINDOWS\system32\9F.tmp 2007-11-23 21:01 71,680 --a------ C:\WINDOWS\system32\9D.tmp 2007-11-23 21:01 71,680 --a------ C:\WINDOWS\system32\9B.tmp 2007-11-23 21:00 71,680 --a------ C:\WINDOWS\system32\99.tmp 2007-11-23 21:00 71,680 --a------ C:\WINDOWS\system32\97.tmp 2007-11-23 21:00 71,680 --a------ C:\WINDOWS\system32\95.tmp 2007-11-23 20:59 71,680 --a------ C:\WINDOWS\system32\93.tmp 2007-11-23 20:59 71,680 --a------ C:\WINDOWS\system32\91.tmp 2007-11-23 20:59 71,680 --a------ C:\WINDOWS\system32\8F.tmp 2007-11-23 20:58 71,680 --a------ C:\WINDOWS\system32\8D.tmp 2007-11-23 20:58 71,680 --a------ C:\WINDOWS\system32\8B.tmp 2007-11-23 20:58 71,680 --a------ C:\WINDOWS\system32\89.tmp 2007-11-23 20:57 71,680 --a------ C:\WINDOWS\system32\84.tmp 2007-11-23 20:57 71,680 --a------ C:\WINDOWS\system32\7E.tmp 2007-11-23 20:56 71,680 --a------ C:\WINDOWS\system32\7C.tmp 2007-11-23 20:56 71,680 --a------ C:\WINDOWS\system32\7A.tmp 2007-11-23 20:56 71,680 --a------ C:\WINDOWS\system32\78.tmp 2007-11-23 20:56 71,680 --a------ C:\WINDOWS\system32\76.tmp . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-25 11:23 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS 2007-11-23 18:40 --------- d-----w C:\Program Files\Mozilla Thunderbird 2007-11-04 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak 2007-11-04 10:40 --------- d-----w C:\Program Files\Kodak EasyShare software 2007-11-03 12:33 --------- d-----w C:\Program Files\Google 2007-11-01 09:33 --------- d-----w C:\Program Files\microsoft frontpage 2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-25 17:05 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-25 16:24 815,480 ----a-w C:\WINDOWS\system32\aswBoot.exe 2007-10-25 16:14 95,608 -c--a-w C:\WINDOWS\system32\AVASTSS.scr 2007-10-20 07:35 --------- d-----w C:\Program Files\Java 2007-10-04 17:16 356,352 ----a-w C:\WINDOWS\system32 vudisp.exe 2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32 vwddi.dll 2007-10-04 16:14 81,920 ----a-w C:\WINDOWS\system32 vmctray.dll 2007-10-04 16:14 8,491,008 ----a-w C:\WINDOWS\system32 vcpl.dll 2007-10-04 16:14 753,664 ----a-w C:\WINDOWS\system32 vcplui.exe 2007-10-04 16:14 6,854,464 ----a-w C:\WINDOWS\system32\drivers v4_mini.sys 2007-10-04 16:14 6,750,208 ----a-w C:\WINDOWS\system32 voglnt.dll 2007-10-04 16:14 6,344,704 ----a-w C:\WINDOWS\system32 vdisps.dll 2007-10-04 16:14 5,783,424 ----a-w C:\WINDOWS\system32 v4_disp.dll 2007-10-04 16:14 5,509,120 ----a-w C:\WINDOWS\system32 vdispsr.dll 2007-10-04 16:14 466,944 ----a-w C:\WINDOWS\system32 vshell.dll 2007-10-04 16:14 458,752 ----a-w C:\WINDOWS\system32 vmccssr.dll 2007-10-04 16:14 45,056 ----a-w C:\WINDOWS\system32 vmccsrs.dll 2007-10-04 16:14 442,368 ----a-w C:\WINDOWS\system32 vappbar.exe 2007-10-04 16:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe 2007-10-04 16:14 364,544 ----a-w C:\WINDOWS\system32 vapi.dll 2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32 vcodins.dll 2007-10-04 16:14 36,864 ----a-w C:\WINDOWS\system32 vcod.dll 2007-10-04 16:14 335,872 ----a-w C:\WINDOWS\system32 vwrses.dll 2007-10-04 16:14 335,872 ----a-w C:\WINDOWS\system32 vwrsel.dll 2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32 vwrsfr.dll 2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32 vwrsesm.dll 2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32 vrshe.dll 2007-10-04 16:14 327,680 ----a-w C:\WINDOWS\system32 vrsar.dll 2007-10-04 16:14 323,584 ----a-w C:\WINDOWS\system32 vwrspt.dll 2007-10-04 16:14 323,584 ----a-w C:\WINDOWS\system32 vwrsit.dll 2007-10-04 16:14 319,488 ----a-w C:\WINDOWS\system32 vwrsptb.dll 2007-10-04 16:14 319,488 ----a-w C:\WINDOWS\system32 vwrsnl.dll 2007-10-04 16:14 315,392 ----a-w C:\WINDOWS\system32 vwrsru.dll 2007-10-04 16:14 315,392 ----a-w C:\WINDOWS\system32 vwrshu.dll 2007-10-04 16:14 311,296 ----a-w C:\WINDOWS\system32 vwrsde.dll 2007-10-04 16:14 307,200 ----a-w C:\WINDOWS\system32 vexpbar.dll 2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32 vwrstr.dll 2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32 vwrssl.dll 2007-10-04 16:14 303,104 ----a-w C:\WINDOWS\system32 vwrsfi.dll 2007-10-04 16:14 3,629,056 ----a-w C:\WINDOWS\system32 vvitvsr.dll 2007-10-04 16:14 3,551,232 ----a-w C:\WINDOWS\system32 vvitvs.dll 2007-10-04 16:14 3,334,144 ----a-w C:\WINDOWS\system32 vgames.dll 2007-10-04 16:14 3,166,208 ----a-w C:\WINDOWS\system32 vgamesr.dll 2007-10-04 16:14 299,008 ----a-w C:\WINDOWS\system32 vwrssk.dll 2007-10-04 16:14 299,008 ----a-w C:\WINDOWS\system32 vwrsno.dll 2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32 vwrssv.dll 2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32 vwrspl.dll 2007-10-04 16:14 294,912 ----a-w C:\WINDOWS\system32 vwrsda.dll 2007-10-04 16:14 290,816 ----a-w C:\WINDOWS\system32 vwrsth.dll 2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32 vwrseng.dll 2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32 vwrscs.dll 2007-10-04 16:14 286,720 ----a-w C:\WINDOWS\system32 vnt4cpl.dll 2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32 vwrsar.dll 2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32 vrsfr.dll 2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32 vrses.dll 2007-10-04 16:14 282,624 ----a-w C:\WINDOWS\system32 vrsel.dll 2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32 vwrshe.dll 2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32 vrsit.dll 2007-10-04 16:14 278,528 ----a-w C:\WINDOWS\system32 vrsde.dll 2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32 vrspt.dll 2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32 vrsnl.dll 2007-10-04 16:14 274,432 ----a-w C:\WINDOWS\system32 vrsesm.dll 2007-10-04 16:14 270,336 ----a-w C:\WINDOWS\system32 vrsru.dll 2007-10-04 16:14 266,240 ----a-w C:\WINDOWS\system32 vrsptb.dll 2007-10-04 16:14 266,240 ----a-w C:\WINDOWS\system32 vrsja.dll 2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32 vrstr.dll 2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32 vrssl.dll 2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32 vrssk.dll 2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32 vrsko.dll 2007-10-04 16:14 258,048 ----a-w C:\WINDOWS\system32 vrshu.dll 2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32 vrsth.dll 2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32 vrssv.dll 2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32 vrspl.dll 2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32 vrsno.dll 2007-10-04 16:14 253,952 ----a-w C:\WINDOWS\system32 vrsda.dll 2007-10-04 16:14 249,856 ----a-w C:\WINDOWS\system32 vrsfi.dll 2007-10-04 16:14 249,856 ----a-w C:\WINDOWS\system32 vrscs.dll 2007-10-04 16:14 245,760 ----a-w C:\WINDOWS\system32 vrseng.dll 2007-10-04 16:14 229,376 ----a-w C:\WINDOWS\system32 vmccs.dll 2007-10-04 16:14 225,280 ----a-w C:\WINDOWS\system32 vrszhc.dll 2007-10-04 16:14 212,992 ----a-w C:\WINDOWS\system32 vwrsja.dll 2007-10-04 16:14 2,854,912 ----a-w C:\WINDOWS\system32 vmoblsr.dll 2007-10-04 16:14 2,441,216 ----a-w C:\WINDOWS\system32 vwssr.dll 2007-10-04 16:14 2,371,584 ----a-w C:\WINDOWS\system32 vwss.dll 2007-10-04 16:14 196,608 ----a-w C:\WINDOWS\system32 vwrsko.dll 2007-10-04 16:14 188,416 ----a-w C:\WINDOWS\system32 vmccss.dll 2007-10-04 16:14 167,936 ----a-w C:\WINDOWS\system32 vwrszht.dll 2007-10-04 16:14 163,840 ----a-w C:\WINDOWS\system32 vwrszhc.dll 2007-10-04 16:14 155,716 ----a-w C:\WINDOWS\system32 vsvc32.exe 2007-10-04 16:14 147,456 ----a-w C:\WINDOWS\system32 vcolor.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468}] 2007-11-23 20:53 34304 --a------ C:\WINDOWS\system32\khfdbyw.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09] "Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-01-01 14:31] "Wallpaper"="C:\Program Files\Wallpaper\Wallpaper.exe" [2007-08-21 00:27] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29] "Diddl_Scr.exe"="C:\Documents and Settings\Gaëtan\Local Settings\Temporary Internet Files\Content.IE5\E27ODY7W\Diddl_Scr[1].exe" [] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 12:06] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "Cmaudio"="RunDll32 cmicnfg.cpl" [] "Dit"="Dit.exe" [2004-04-02 12:31 C:\WINDOWS\Dit.exe] "CHotkey"="zHotkey.exe" [2004-05-17 18:30 C:\WINDOWS\zHotkey.exe] "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 C:\WINDOWS\AGRSMMSG.exe] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "EoEngine"="" [] "EoWeather"="" [] "EoClock"="" [] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02] "NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32 undll32.exe] "nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32 wiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32 undll32.exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51] "HP Update 3400C"="C:\sj652\hpupdate.exe" [2002-02-01 13:33] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 11:01] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 12:31] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 12:24] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-11 17:43] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09] [hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468}"= C:\WINDOWS\system32\khfdbyw.dll [2007-11-23 20:53 34304] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\crehcjid] °€€ [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\khfdbyw] khfdbyw.dll 2007-11-23 20:53 34304 C:\WINDOWS\system32\khfdbyw.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\°€€] °€€ [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] "Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddayw.dll R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe R3 CardReaderFilter;Card Reader Filter;\??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys S3 CA_LIC_CLNT;Client de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe S3 CA_LIC_SRVR;Serveur de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys S3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d88632f-269b-11d9-b2c3-000c76adb999}] \Shell\AutoRun\command - @%systemroot%\explorer.exe /e,. [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1540b92a-2cb5-11d9-9c60-00110949a3d1}] \Shell\AutoRun\command - @%systemroot%\explorer.exe /e,. [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46e21b24-2d4e-11d9-9c66-00110949a3d1}] \Shell\AutoRun\command - @%systemroot%\explorer.exe /e,. . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-25 12:24:14 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-25 12:25:52 - machine was rebooted . --- E O F ---

Gaëtan · Answer

Rapport DiagHelp : DiagHelp version v1.4 - http://www.malekal.com excute le 25/11/2007 à 12:47:57,23 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->25/11/2007 12:47:55 C:\WINDOWS\prefetch\FXSVR2.EXE-14513BBA.pf -->25/11/2007 12:47:39 C:\WINDOWS\prefetch\ALBUMDB2.EXE-0EEB0F05.pf -->25/11/2007 12:47:39 C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->25/11/2007 12:47:33 C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->25/11/2007 12:46:38 C:\WINDOWS\prefetch\UPDCLIENT.EXE-215FC96B.pf -->25/11/2007 12:45:13 C:\WINDOWS\prefetch\FIREFOX.EXE-28641590.pf -->25/11/2007 12:44:46 C:\WINDOWS\prefetch\AD-AWARE.EXE-2ED3360E.pf -->25/11/2007 12:30:08 C:\WINDOWS\prefetch\REGEDIT.EXE-1B606482.pf -->25/11/2007 12:25:57 C:\WINDOWS\prefetch\SORT.EXE-194AE83C.pf -->25/11/2007 12:25:37 C:\WINDOWS\System32\drivers\USBCRFT.SYS -->25/11/2007 12:23:59 C:\WINDOWS\System32\drivers\sptd.sys -->23/11/2007 18:59:16 C:\WINDOWS\System32\drivers\aswmon.sys -->25/10/2007 18:05:36 C:\WINDOWS\System32\drivers\aswmon2.sys -->25/10/2007 18:05:20 C:\WINDOWS\System32\drivers\aswRdr.sys -->25/10/2007 18:03:19 C:\WINDOWS\System32\drivers\aswTdi.sys -->25/10/2007 18:01:34 C:\WINDOWS\System32\drivers\aavmker4.sys -->25/10/2007 17:58:49 C:\WINDOWS\System32\wpa.dbl -->25/11/2007 12:25:19 C:\WINDOWS\System32\vsconfig.xml -->25/11/2007 12:24:49 C:\WINDOWS\System32\Thumbs.db -->24/11/2007 15:19:05 C:\WINDOWS\System32\crehcjid.dll -->23/11/2007 22:08:30 C:\WINDOWS\System32\96.tmp -->23/11/2007 21:29:44 C:\WINDOWS\System32\131.tmp -->23/11/2007 21:29:13 C:\WINDOWS\System32\12F.tmp -->23/11/2007 21:27:14 C:\WINDOWS\System32\12D.tmp -->23/11/2007 21:26:56 C:\WINDOWS\System32\12B.tmp -->23/11/2007 21:26:32 C:\WINDOWS\System32\129.tmp -->23/11/2007 21:26:11 C:\WINDOWS\System32\127.tmp -->23/11/2007 21:25:51 C:\WINDOWS\System32\125.tmp -->23/11/2007 21:25:30 C:\WINDOWS\System32\123.tmp -->23/11/2007 21:25:08 C:\WINDOWS\System32\121.tmp -->23/11/2007 21:24:47 C:\WINDOWS\System32\11F.tmp -->23/11/2007 21:24:25 C:\WINDOWS\System32\11D.tmp -->23/11/2007 21:24:06 C:\WINDOWS\System32\11B.tmp -->23/11/2007 21:23:46 C:\WINDOWS\System32\119.tmp -->23/11/2007 21:23:24 C:\WINDOWS\System32\117.tmp -->23/11/2007 21:23:02 C:\WINDOWS\System32\115.tmp -->23/11/2007 21:22:42 C:\WINDOWS\System32\113.tmp -->23/11/2007 21:22:21 C:\WINDOWS\System32\111.tmp -->23/11/2007 21:21:58 C:\WINDOWS\System32\10F.tmp -->23/11/2007 21:21:37 C:\WINDOWS\System32\10D.tmp -->23/11/2007 21:21:16 C:\WINDOWS\System32\10B.tmp -->23/11/2007 21:20:57 C:\WINDOWS\Thumbs.db -->25/11/2007 12:27:47 C:\WINDOWS\0.log -->25/11/2007 12:24:40 C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt -->25/11/2007 12:24:24 C:\WINDOWS\WindowsUpdate.log -->25/11/2007 12:24:12 C:\WINDOWS\wiadebug.log -->25/11/2007 12:23:40 C:\WINDOWS\wiaservc.log -->25/11/2007 12:23:29 C:\WINDOWS\bootstat.dat -->25/11/2007 12:23:03 C:\WINDOWS\SchedLgU.Txt -->25/11/2007 12:22:09 C:\WINDOWS\win.ini -->24/11/2007 19:17:30 C:\WINDOWS\NeroDigital.ini -->19/11/2007 22:21:27 C:\WINDOWS\system.ini -->11/11/2007 12:35:09 C:\WINDOWS\catchme.exe -->08/11/2007 16:59:01 C:\WINDOWS\ODBC.INI -->01/11/2007 10:34:19 C:\WINDOWS\yesmessenger.ini -->07/07/2007 15:20:28 C:\WINDOWS\NirCmd.exe -->17/06/2007 00:11:58 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 1720 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x44080000 0xcf000 7.00.6000.16544 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16544 C:\WINDOWS\system32\iertutil.dll 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x13420000 0x1a000 11.00.5721.5145 C:\PROGRA~1\WINDOW~2\wmpband.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x44360000 0x5cb000 7.00.6000.16544 C:\WINDOWS\system32\ieframe.dll 0x44160000 0x124000 7.00.6000.16544 C:\WINDOWS\system32\urlmon.dll 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x10000000 0x15000 C:\WINDOWS\system32\khfdbyw.dll 0x442b0000 0x3c000 7.00.6000.16544 C:\WINDOWS\system32\webcheck.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x025b0000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x02880000 0x8000 8.04.0001.1092 C:\Program Files\Logitech\Video\AlbuDBps.dll 0x02e20000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x7f840000 0x32000 8.04.0001.1092 C:\WINDOWS\system32\lvcodec2.dll 0x58580000 0x4000 1.01.0001.0005 C:\WINDOWS\system32 ssoft32.acm 0x73ac0000 0x7000 1.03.0003.0007 C:\WINDOWS\system32 sd32.dll 0x1c000000 0x6000 C:\WINDOWS\HKNTDLL.dll 0x62350000 0x53000 2.00.0500.0000 C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll 0x60400000 0x18000 2.00.0500.0000 C:\Program Files\OpenOffice.org 2.3\program\uwinapi.dll 0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\OpenOffice.org 2.3\program\MSVCR71.dll 0x61e70000 0x8e000 4.05.2003.0120 C:\Program Files\OpenOffice.org 2.3\program\stlport_vc7145.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\OpenOffice.org 2.3\program\MSVCP71.dll 0x01990000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 580 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x01260000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x10000000 0x15000 C:\WINDOWS\system32\khfdbyw.dll 0x44160000 0x124000 7.00.6000.16544 C:\WINDOWS\system32\urlmon.dll 0x43e00000 0x45000 7.00.6000.16544 C:\WINDOWS\system32\iertutil.dll 0x44080000 0xcf000 7.00.6000.16544 C:\WINDOWS\system32\WININET.dll 0x01250000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll Le volume dans le lecteur C s'appelle BOOT Le numéro de série du volume est 646C-6A9F Répertoire de C:\WINDOWS\system32 19/08/2004 15:09 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 58 725 654 528 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle BOOT Le numéro de série du volume est 646C-6A9F Répertoire de C:\WINDOWS\Downloaded Program Files 23/09/2005 10:42 . 23/09/2005 10:42 .. 25/06/2004 16:14 65 desktop.ini 14/10/1997 17:52 697 DirectAnimation Java Classes.osd 08/09/2004 21:38 1 271 erma.inf 16/03/2004 19:13 365 f3initialsetup1.0.0.8-2.inf 20/01/2000 14:25 1 162 Microsoft XML Parser for Java.osd 08/12/2003 13:58 3 759 swflash.inf 13/09/2005 10:36 406 telechargement-photoweb.inf 14/09/2005 11:27 1 871 872 telechargement-photoweb.ocx 03/08/2004 13:51 293 wuweb.inf 9 fichier(s) 1 879 890 octets Total des fichiers listés : 9 fichier(s) 1 879 890 octets 2 Rép(s) 58 725 650 432 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 Export de la clef SharedTaskScheduler [SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-25 12:49:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:ed,94,61,d5,3f,ba,6b,4e,24,9e,e7,40,f0,69,34,8e,71,0c,04,fd,77,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,94,c3,98,d9,55,65,c6,b5,f4,d8,46,61,68,77,71,94,7a,.. "khjeh"=hex:08,a3,78,eb,e9,40,2b,8b,63,86,ed,2e,2d,5b,6c,70,b0,7b,35,94,bd,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:3a,f3,95,8e,79,7f,d9,08,4e,75,87,c3,9a,08,57,d8,2a,86,41,2c,53,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:ed,94,61,d5,3f,ba,6b,4e,24,9e,e7,40,f0,69,34,8e,71,0c,04,fd,77,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,94,c3,98,d9,55,65,c6,b5,f4,d8,46,61,68,77,71,94,7a,.. "khjeh"=hex:08,a3,78,eb,e9,40,2b,8b,63,86,ed,2e,2d,5b,6c,70,b0,7b,35,94,bd,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:3a,f3,95,8e,79,7f,d9,08,4e,75,87,c3,9a,08,57,d8,2a,86,41,2c,53,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 200 - ashMaiSv.exe 324 - svchost.exe 388 - LogWatNT.exe 424 - mdm.exe 520 - nvsvc32.exe 556 - csrss.exe 580 - winlogon.exe 624 - services.exe 636 - lsass.exe 792 - svchost.exe 840 - svchost.exe 908 - svchost.exe 1096 - svchost.exe 1208 - ashServ.exe 1280 - ashWebSv.exe 1720 - explorer.exe 1944 - svchost.exe 2128 - vsmon.exe 2352 - alg.exe 2648 - rundll32.exe 2680 - zHotkey.exe 2692 - AGRSMMSG.exe 2700 - LVCOMSX.EXE 2784 - zlclient.exe 2792 - wmpnetwk.exe 2832 - ashDisp.exe 3208 - ctfmon.exe 3220 - Rainlendar2.exe 3248 - Wallpaper.exe 4656 - cmd.exe 5888 - firefox.exe -905486918 - --[Hidden]-- Total number of processes = 33 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32 toskrnl.exe 806FD000 - \WINDOWS\system32\hal.dll F7D2E000 - \WINDOWS\system32\KDCOM.DLL F7C3E000 - \WINDOWS\system32\BOOTVID.dll F7725000 - sptd.sys F7D30000 - \WINDOWS\System32\Drivers\WMILIB.SYS F770D000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS F76DE000 - ACPI.sys F76CD000 - pci.sys F782E000 - ohci1394.sys F783E000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS F784E000 - isapnp.sys F7DF6000 - pciide.sys F7AAE000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS F785E000 - MountMgr.sys F76AE000 - ftdisk.sys F7AB6000 - PartMgr.sys F786E000 - VolSnap.sys F7696000 - atapi.sys F787E000 - disk.sys F788E000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS F7676000 - fltmgr.sys F7664000 - sr.sys F789E000 - PxHelp20.sys F764D000 - KSecDD.sys F75C0000 - Ntfs.sys F7593000 - NDIS.sys F78AE000 - ComboFix.sys F757F000 - srescan.sys F7564000 - Mup.sys F78DE000 - \SystemRoot\System32\DRIVERS ic1394.sys F6B9D000 - \SystemRoot\System32\DRIVERS\intelppm.sys F6483000 - \SystemRoot\system32\DRIVERS v4_mini.sys F646F000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F644B000 - \SystemRoot\System32\DRIVERS\HDAudBus.sys F7B9E000 - \SystemRoot\System32\DRIVERS\usbuhci.sys F6428000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS F7BA6000 - \SystemRoot\System32\DRIVERS\usbehci.sys F6323000 - \SystemRoot\system32\DRIVERS\AGRSM.sys F7BAE000 - \SystemRoot\System32\Drivers\Modem.SYS F6B8D000 - \SystemRoot\System32\DRIVERS\fetnd5b.sys F7BB6000 - \SystemRoot\System32\DRIVERS\fdc.sys F6312000 - \SystemRoot\System32\DRIVERS\serial.sys F751C000 - \SystemRoot\System32\DRIVERS\serenum.sys F62FE000 - \SystemRoot\System32\DRIVERS\parport.sys F6B7D000 - \SystemRoot\System32\DRIVERS\i8042prt.sys F7BBE000 - \SystemRoot\System32\DRIVERS\mouclass.sys F7BC6000 - \SystemRoot\System32\DRIVERS\kbdclass.sys F6B6D000 - \SystemRoot\System32\DRIVERS\imapi.sys F7518000 - \SystemRoot\system32\drivers\pfc.sys F6B5D000 - \SystemRoot\System32\DRIVERS\cdrom.sys F6B4D000 - \SystemRoot\System32\DRIVERS edbook.sys F62DB000 - \SystemRoot\System32\DRIVERS\ks.sys F7BCE000 - \SystemRoot\System32\Drivers\incdrm.SYS F7BD6000 - \SystemRoot\System32\DRIVERS\InCDPass.sys F6275000 - \SystemRoot\System32\Drivers\a0te1kof.SYS F7F2F000 - \SystemRoot\System32\DRIVERS\audstub.sys F791E000 - \SystemRoot\System32\DRIVERS asl2tp.sys F6DB1000 - \SystemRoot\System32\DRIVERS distapi.sys F61F7000 - \SystemRoot\System32\DRIVERS diswan.sys F792E000 - \SystemRoot\System32\DRIVERS aspppoe.sys F793E000 - \SystemRoot\System32\DRIVERS aspptp.sys F7AC6000 - \SystemRoot\System32\DRIVERS\TDI.SYS F7AEE000 - \SystemRoot\System32\DRIVERS\ptilink.sys F7AF6000 - \SystemRoot\System32\DRIVERS aspti.sys F794E000 - \SystemRoot\System32\DRIVERS ermdd.sys F7D6A000 - \SystemRoot\System32\DRIVERS\swenum.sys F619E000 - \SystemRoot\System32\DRIVERS\update.sys F7CF6000 - \SystemRoot\System32\DRIVERS\mssmbios.sys F795E000 - \SystemRoot\System32\Drivers\NDProxy.SYS F4873000 - \SystemRoot\system32\drivers\cmudax.sys F484F000 - \SystemRoot\system32\drivers\portcls.sys F797E000 - \SystemRoot\system32\drivers\drmk.sys F799E000 - \SystemRoot\System32\DRIVERS\usbhub.sys F7D7C000 - \SystemRoot\System32\DRIVERS\USBD.SYS F7D2A000 - \SystemRoot\system32\drivers\MODEMCSA.sys F7B1E000 - \SystemRoot\System32\DRIVERS\flpydisk.sys F7D80000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7F37000 - \SystemRoot\System32\Drivers\Null.SYS F7D82000 - \SystemRoot\System32\Drivers\Beep.SYS F7B2E000 - \SystemRoot\System32\DRIVERS\HIDPARSE.SYS F7B36000 - \SystemRoot\System32\drivers\vga.sys F7D86000 - \SystemRoot\System32\Drivers\mnmdd.SYS F7D88000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F7530000 - \SystemRoot\System32\Drivers\InCDrec.SYS F474E000 - \SystemRoot\System32\Drivers\InCDfs.SYS F7B3E000 - \SystemRoot\System32\Drivers\Msfs.SYS F7B46000 - \SystemRoot\System32\Drivers\Npfs.SYS F752C000 - \SystemRoot\System32\DRIVERS asacd.sys F473B000 - \SystemRoot\System32\DRIVERS\ipsec.sys F7A1E000 - \SystemRoot\System32\DRIVERS\msgpc.sys F46E3000 - \SystemRoot\System32\DRIVERS cpip.sys F7A2E000 - \SystemRoot\System32\Drivers\aswTdi.SYS F46C2000 - \SystemRoot\System32\DRIVERS\ipnat.sys F7A3E000 - \SystemRoot\System32\DRIVERS\wanarp.sys F469A000 - \SystemRoot\System32\DRIVERS etbt.sys F463B000 - \SystemRoot\System32\vsdatant.sys F7A4E000 - \SystemRoot\System32\DRIVERS\arp1394.sys F4619000 - \SystemRoot\System32\drivers\afd.sys F7A5E000 - \SystemRoot\System32\DRIVERS etbios.sys F45EE000 - \SystemRoot\System32\DRIVERS dbss.sys F457F000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys F7A7E000 - \SystemRoot\System32\Drivers\Fips.SYS F7B5E000 - \SystemRoot\System32\Drivers\Aavmker4.SYS F6DC9000 - \??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS F7B66000 - \SystemRoot\System32\DRIVERS\USBSTOR.SYS F7A8E000 - \SystemRoot\system32\drivers\lvusbsta.sys F6DC1000 - \SystemRoot\system32\DRIVERS\usbscan.sys F7B76000 - \SystemRoot\System32\DRIVERS\usbccgp.sys F438A000 - \SystemRoot\system32\DRIVERS\LVCM.sys F425F000 - \SystemRoot\system32\DRIVERS\lvsvf2.sys F7A9E000 - \SystemRoot\system32\DRIVERS\STREAM.SYS F790E000 - \SystemRoot\system32\drivers\usbaudio.sys F419C000 - \SystemRoot\System32\Drivers\Fastfat.SYS F4184000 - \SystemRoot\System32\Drivers\dump_atapi.sys F7DBE000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F617A000 - \SystemRoot\System32\drivers\Dxapi.sys F7B96000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F7E74000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32 v4_disp.dll BAF98000 - \SystemRoot\System32\DRIVERS disuio.sys BAE32000 - \SystemRoot\System32\Drivers\aswMon2.SYS BAB9D000 - \SystemRoot\system32\drivers\wdmaud.sys BAC92000 - \SystemRoot\system32\drivers\sysaudio.sys BA98A000 - \SystemRoot\System32\DRIVERS\mrxdav.sys F7DC0000 - \SystemRoot\System32\Drivers\ParVdm.SYS BA921000 - \SystemRoot\System32\Drivers\HTTP.sys BA8A7000 - \SystemRoot\System32\DRIVERS\srv.sys BA976000 - \SystemRoot\System32\DRIVERS\secdrv.sys BA6F7000 - \SystemRoot\System32\Drivers\Cdfs.SYS BA47F000 - \SystemRoot\System32\Drivers\aswRdr.SYS BA7BB000 - \??\C:\DOCUME~1\GATAN~1\LOCALS~1\Temp\catchme.sys B9E21000 - \SystemRoot\system32\drivers\kmixer.sys F7ED6000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 136 Liste des programmes installes Ad-Aware SE Personal Adobe Flash Player ActiveX Adobe Reader 8.1.1 - Français Agere Systems PCI Soft Modem AtomTime98 v2.2 avast! Antivirus C-Media High Definition Audio Driver CA Licensing CCleaner (remove only) Correctif pour Lecteur Windows Media 11 (KB939683) Correctif pour Windows XP (KB914440) Correctif Windows XP - KB834707 Correctif Windows XP - KB867282 Correctif Windows XP - KB873333 Correctif Windows XP - KB873339 Correctif Windows XP - KB885250 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB885884 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB887742 Correctif Windows XP - KB887797 Correctif Windows XP - KB888113 Correctif Windows XP - KB888302 Correctif Windows XP - KB890047 Correctif Windows XP - KB890175 Correctif Windows XP - KB890859 Correctif Windows XP - KB890923 Correctif Windows XP - KB891781 Correctif Windows XP - KB893066 Correctif Windows XP - KB893086 Cosmo Player 2.1 (38329) Creatix V.92 Data Fax Modem Encyclopédie Universelle Larousse EPSON TWAIN 5 Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP Free - Kit de connexion Google Earth Grand Prix 4 GTK+ 2.4.14 runtime environment HijackThis 2.0.2 Home Cinema Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) InCD Information sur votre PC IrfanView (remove only) J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 4 J2SE Runtime Environment 5.0 Update 6 Java 2 Runtime Environment, SE v1.4.1_01 Java Web Start Java(TM) 6 Update 2 Java(TM) 6 Update 3 Java(TM) SE Runtime Environment 6 Update 1 Language pack for Ad-Aware SE Lecteur Windows Media 11 Logiciel QuickCam de Logitech Macromedia Shockwave Player Medion Flash XL 2.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft FrontPage Client - French Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Premium Microsoft User-Mode Driver Framework Feature Pack 1.0 Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Step by Step Interactive Training (KB898458) Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653) Mise à jour de sécurité pour Windows XP (KB883939) Mise à jour de sécurité pour Windows XP (KB890046) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896422) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB896688) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899588) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB903235) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB905915) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB908531) Mise à jour de sécurité pour Windows XP (KB911280) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911567) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912812) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913446) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB916281) Mise à jour de sécurité pour Windows XP (KB917159) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB918899) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920214) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB921503) Mise à jour de sécurité pour Windows XP (KB921883) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour de sécurité pour Windows XP (KB922760) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923694) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924496) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925454) Mise à jour de sécurité pour Windows XP (KB925486) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB929123) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour de sécurité pour Windows XP (KB933729) Mise à jour de sécurité pour Windows XP (KB935839) Mise à jour de sécurité pour Windows XP (KB935840) Mise à jour de sécurité pour Windows XP (KB936021) Mise à jour de sécurité pour Windows XP (KB938829) Mise à jour de sécurité pour Windows XP (KB941202) Mise à jour de sécurité pour Windows XP (KB943460) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB896727) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB900930) Mise à jour pour Windows XP (KB904942) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB929338) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB931836) Mise à jour pour Windows XP (KB933360) Mise à jour pour Windows XP (KB936357) Mise à jour pour Windows XP (KB938828) MozBackup 1.4.7 Mozilla Firefox (2.0.0.9) Mozilla Thunderbird (2.0.0.9) MSN MSXML 4.0 SP2 (KB936181) Multimedia Keyboard Driver Nero Suite NVIDIA Drivers OpenOffice.org 2.3 Picasa 2 PowerDVD PowerProducer Programme de gestion Camera de Logitech® Quick Zip 4.60.017b QuickTime QuickTime Rainlendar2 (remove only) RealPlayer Remove DivX Codec SAGEM F@st 800-908 Shareaza version 2.2.1.0 Shockwave SiSoftware Sandra Lite XIIc UltraBackup 4.25 Utilitaire de sauvegarde Windows Viewpoint Media Player Visionneuse Journal Windows Microsoft Wallpaper WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Messenger Windows Media Connect Windows Media Connect Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 ZoneAlarm Le volume dans le lecteur C s'appelle BOOT Le numéro de série du volume est 646C-6A9F Répertoire de C:\Program Files 25/11/2007 12:11 . 25/11/2007 12:11 .. 21/02/2005 14:42 a2 free 16/08/2007 21:05 Adobe 19/10/2005 16:18 Ahead 10/02/2007 10:38 Alwil Software 24/11/2007 19:43 a-squared Free 18/11/2007 11:17 Astase 15/09/2005 19:29 AtomTime 28/03/2005 17:12 Borland 27/12/2004 19:42 CA 12/11/2007 21:54 CCleaner 04/01/2006 10:27 Common Files 27/12/2004 22:10 CosmoSoftware 03/11/2004 05:22 CyberLink 23/11/2007 19:01 DAEMON Tools 27/12/2004 22:01 directx 23/12/2004 21:59 DivX 22/09/2005 09:30 eMule 24/11/2007 20:32 Enigma Software Group 12/01/2006 22:09 eoRezo 25/11/2007 12:11 Fichiers communs 04/06/2005 10:40 Free.fr 03/11/2007 13:33 Google 27/12/2004 20:03 Grisoft 25/06/2004 18:58 HighMAT CD Writing Wizard 03/11/2004 05:22 Home Cinema 09/01/2005 15:56 Infogrames 25/06/2004 16:54 Intel 09/10/2007 20:12 Internet Explorer 27/01/2005 19:18 IrfanView 20/10/2007 08:35 Java 07/12/2005 10:38 Java Web Start 04/11/2007 11:40 Kodak EasyShare software 21/02/2005 10:57 KONAMI 27/12/2004 22:07 Larousse 18/01/2005 22:24 Lavasoft 27/12/2004 22:27 Logitech 25/06/2004 18:24 Make bootable flashcards 07/12/2005 10:38 Messenger 01/11/2007 10:33 microsoft frontpage 01/11/2007 10:33 Microsoft Office 03/01/2006 17:55 Midnight Racing 07/12/2005 10:38 Movie Maker 18/11/2007 10:30 MozBackup 25/11/2007 12:44 Mozilla Firefox 23/11/2007 19:40 Mozilla Thunderbird 12/08/2005 10:12 MSN 25/06/2004 16:13 MSN Gaming Zone 20/03/2007 19:52 MSN Messenger 11/11/2007 10:49 MSXML 4.0 25/06/2004 17:24 MUSICMATCH 25/10/2004 17:59 NetMeeting 25/10/2004 18:08 Online Services 30/09/2007 12:05 OpenOffice.org 2.3 13/06/2007 22:31 Outlook Express 04/11/2007 09:00 Picasa2 11/01/2006 17:43 QuickTime 07/03/2007 19:33 QuickZip4 13/05/2007 10:30 Rainlendar2 08/07/2004 16:00 Real 29/10/2005 10:55 SAGEM 25/10/2004 16:59 Services en ligne 11/12/2005 19:05 Shareaza 06/11/2007 13:33 SiSoftware 03/05/2005 14:03 SmartGenealogy_V18 24/11/2007 11:24 Trend Micro 03/11/2004 05:28 Viewpoint 10/11/2007 11:10 Wallpaper 04/01/2006 09:08 WAR Soldiers 25/06/2004 17:35 Windows Journal Viewer 07/12/2005 10:38 Windows Media Connect 10/12/2006 21:57 Windows Media Connect 2 10/12/2006 22:10 Windows Media Player 25/10/2004 17:59 Windows NT 08/03/2007 15:53 WinZip 25/06/2004 16:14 xerox 07/07/2007 15:25 YesMessenger 28/03/2005 16:56 Zone Labs 0 fichier(s) 0 octets 79 Rép(s) 58 717 028 352 octets libres Le volume dans le lecteur C s'appelle BOOT Le numéro de série du volume est 646C-6A9F Répertoire de C:\Program Files\fichiers communs 25/11/2007 12:11 . 25/11/2007 12:11 .. 16/08/2007 21:06 Adobe 09/08/2004 15:45 Ahead 27/12/2004 19:43 AOL 01/11/2007 10:33 Designer 05/05/2005 18:24 DirectX 29/12/2004 21:45 GTK 14/09/2004 13:43 InstallShield 09/05/2005 08:59 Java 27/12/2004 22:27 Logitech 01/11/2007 10:33 Microsoft Shared 25/06/2004 16:13 MSSoap 08/07/2004 16:01 Nullsoft 27/12/2004 21:55 ODBC 23/03/2006 21:00 Real 25/06/2004 16:13 Services 25/06/2004 17:11 SpeechEngines 13/06/2007 22:31 System 23/03/2006 21:00 xing shared 0 fichier(s) 0 octets 20 Rép(s) 58 717 024 256 octets libres Le volume dans le lecteur C s'appelle BOOT Le numéro de série du volume est 646C-6A9F Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 25/11/2007 12:19 . 25/11/2007 12:19 .. 27/12/2004 21:55 1033 30/09/2007 12:24 1036 15/02/2001 05:45 1 318 912 MSONSEXT.DLL 03/06/1999 13:09 122 937 MSOWS409.DLL 07/03/2001 08:00 127 033 MSOWS40c.DLL 22/01/2001 03:25 86 016 PKMWS.DLL 4 fichier(s) 1 654 898 octets 4 Rép(s) 58 717 024 256 octets libres Le volume dans le lecteur C s'appelle BOOT Le numéro de série du volume est 646C-6A9F Répertoire de C:\Program Files\common files 04/01/2006 10:27 . 04/01/2006 10:27 .. 04/01/2006 10:27 EasyInfo 0 fichier(s) 0 octets 3 Rép(s) 58 717 024 256 octets libres Le volume dans le lecteur C s'appelle BOOT Le numéro de série du volume est 646C-6A9F Répertoire de C:\ 23/11/2007 20:54 105 176 mwjqxanu.exe 23/11/2007 20:54 20 992 opnvmwvi.exe 23/11/2007 20:53 58 368 pgdxf.exe 24/05/2001 11:59 162 304 UNWISE.EXE 4 fichier(s) 346 840 octets 0 Rép(s) 58 717 024 256 octets libres c:\Documents and Settings\Gaëtan\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe c:\Documents and Settings\Gaëtan\Application Data\EoRezo mp.exe c:\Documents and Settings\Gaëtan\Bureau\ComboFix.exe c:\Documents and Settings\Gaëtan\Bureau\HJTInstall.exe c:\Documents and Settings\Gaëtan\Mes documents\Firetune\FireTune.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Everest 3.50 Ultimate\everestultimate350.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO\appli microshop\microshop.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO\Cryptage\bin\Cryptage.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO\Cryptage\obj\Debug\Cryptage.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO\microshop console\principale\bin\principale.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO\microshop console\principale\obj\Debug\principale.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO\microshop console\principale\obj\Release\principale.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO\microshop windows\appliWindows.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO estAdoConnecté\WindowsApplication7\bin\WindowsApplication7.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO estAdoConnecté\WindowsApplication7\obj\Debug\WindowsApplication7.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO estAdodéConnecté\WindowsApplication7\bin\WindowsApplication7.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO estAdodéConnecté\WindowsApplication7\obj\Debug\WindowsApplication7.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO\TestMVC\TestMVC_appli_console\bin\TestMVC_appli.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO\TestMVC\TestMVC_appli_console\obj\Debug\TestMVC_appli.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO p InputBox\bin p InputBox.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO p InputBox\obj\Debug p InputBox.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\RUP Complet\RUP_Eval\applet\AppletJreConsole.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\TP QCM\jakarta-tomcat-4.1.31-LE-jdk14.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\TP QCM\jdk-1_5_0_07-windows-i586-p.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\TP QCM\StarUML-5.0-with-cm.exe c:\Documents and Settings\Gaëtan\Mes documents\Moins importants\Mes vidéos\LineRider_beta.exe c:\Documents and Settings\Gaëtan\Mes documents\Moins importants\Scanner Marie-Chantal\sj652fr.exe c:\Documents and Settings\Gaëtan\Mes documents\Moins importants\Scanner Marie-Chantal\sj700fr.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\USMT\iconlib.dll c:\Documents and Settings\Gaëtan\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\Gaëtan\Application Data\Mozilla\Firefox\Profiles\wa5km24g.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll c:\Documents and Settings\Gaëtan\Application Data\Mozilla\Firefox\Profiles\wa5km24g.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll c:\Documents and Settings\Gaëtan\Application Data\SystemRequirementsLab\SRLProxyI.dll c:\Documents and Settings\Gaëtan\Application Data\SystemRequirementsLab\SRLProxyJ.dll c:\Documents and Settings\Gaëtan\Application Data\SystemRequirementsLab\SRLProxyK.dll c:\Documents and Settings\Gaëtan\Application Data\SystemRequirementsLab\SRLProxyL.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_STEPH-GAËTAN.tar.gz a l'adresse http://upload.malekal.com

Gaëtan · Answer

Rapport SReng : [CODE] 2007-11-25,12:57:13 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed Follow item(s) have been choosed: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Runing Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Process Privileges Scan Boot Items Registry [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Publisher] <"C:\Program Files\Rainlendar2\Rainlendar2.exe"> [] <"C:\Program Files\Wallpaper\Wallpaper.exe" Starter> [N/A] <; C:\Program Files\Windows Media Player\WMPNSCFG.exe> [(Verified)Microsoft Windows Component Publisher] <"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033> [(Verified)DAEMON Tools Code Signing Services] <; C:\Documents and Settings\Gaëtan\Local Settings\Temporary Internet Files\Content.IE5\E27ODY7W\Diddl_Scr[1].exe> [N/A] <; "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot> [N/A] <; C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [Ahead Software Gmbh] [N/A] [ICSI Technology Ltd.] [] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [Logitech Inc.] <"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."] <> [N/A] <> [N/A] <> [N/A] <"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"> [(Verified)Check Point Software Technologies Ltd.] [(Verified)ALWIL Software] <"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"> [(Verified)Check Point Software Technologies Ltd.] <"RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <"nwiz.exe" /install> [] <"RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"] <; C:\sj652\hpupdate.exe 3400C> [N/A] <; C:\Program Files\Ahead\InCD\InCD.exe> [Nero AG] <; C:\Program Files\Logitech\Video\ISStart.exe > [Logitech Inc.] <; C:\Program Files\Logitech\Video\LogiTray.exe> [Logitech Inc.] <; "C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468}> [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crehcjid] <°€€> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfdbyw] [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\°€€] <°€€> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32 egsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32 hemeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}] [(Verified)Microsoft Windows Publisher] ================================== Startup Folders N/A ================================== Services [Gestion d'applications / AppMgmt][Stopped/Manual Start] %SystemRoot%\System32\appmgmts.dll> [avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"> [avast! Antivirus / avast! Antivirus][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"> [avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service> [avast! Web Scanner / avast! Web Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service> [Client de licence CA / CA_LIC_CLNT][Stopped/Manual Start] [Serveur de licence CA / CA_LIC_SRVR][Stopped/Manual Start] [Google Updater Service / gusvc][Stopped/Manual Start] <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"> [InstallDriver Table Manager / IDriverT][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"> [InCD Helper / InCDsrv][Running/Auto Start] [Event Log Watch / LogWatch][Running/Auto Start] [Machine Debug Manager / MDM][Running/Auto Start] <"C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"> [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] [SiSoftware Database Agent Service / SandraDataSrv][Stopped/Manual Start] [SiSoftware Sandra Agent Service / SandraTheSrv][Stopped/Manual Start] [TrueVector Internet Monitor / vsmon][Running/Auto Start] [Windows Media Connect (WMC) / WmcCds][Stopped/Manual Start] [Aide de Windows Media Connect (WMC) / WmcCdsLs][Stopped/Manual Start] ================================== Drivers [General Purpose USB Driver (adildr.sys) / ADILOADER][Stopped/Auto Start] [USB ADSL LAN Adapter / adiusbae][Stopped/Manual Start] [USB ADSL WAN Adapter / adiusbaw][Stopped/Manual Start] [Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start] [Card Reader Filter / CardReaderFilter][Running/Manual Start] <\??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS> [catchme / catchme][Running/Manual Start] <\??\C:\DOCUME~1\GATAN~1\LOCALS~1\Temp\catchme.sys> [C-Media High Definition Audio Interface / cmudax][Running/Manual Start]

[Pilote de la carte EtherLink XL 90XB/C 3Com / EL90XBC][Stopped/Manual Start] <3Com Corporation> [Carte réseau virtuelle FreeBox USB / fbxusb][Stopped/Manual Start] [VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start] [Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start] [Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start] [InCDPass / InCDPass][Running/System Start] [Logitech USB Monitor Filter / LVUSBSta][Running/Manual Start] [NTSIM / NTSIM][Stopped/Manual Start] <\??\C:\WINDOWS\System32 tsim.sys> [nv / nv][Running/Manual Start] [Padus ASPI Shell / pfc][Running/Manual Start] [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [Logitech QuickCam Communicate / QCMerced][Running/Manual Start] <> [Secdrv / Secdrv][Running/Auto Start] [Pilote de filtrage Sony USB (SONYPVU1) / SONYPVU1][Stopped/Manual Start] [sptd / sptd][Running/Boot Start] <\SystemRoot\System32\Drivers\sptd.sys> [srescan / srescan][Running/Boot Start] <\SystemRoot\system32\ZoneLabs\srescan.sys> [UKBFLT / UKBFLT][Stopped/Manual Start] [vsdatant / vsdatant][Running/System Start] [WAN Miniport (ATW) / wanatw][Stopped/Manual Start] [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start] [xpdx system driver / xpdx][Stopped/Manual Start] <2 - Le fichier spécifié est introuvable. > ================================== Browser Add-ons [Aide pour le lien d'Adobe PDF Reader] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [] {30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468} [EoBho Class] {64F56FC1-1272-44CD-BA6E-39723696E350} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [Java Plug-in 1.6.0_03] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [Real.com] {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [] {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} [Shockwave ActiveX Control] {166B1BCA-3F9C-11CF-8075-444553540000} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [telechargement-photoweb] {68C1822F-F5C7-4404-A73F-03C10E0E94DA} [Java Plug-in 1.6.0_03] {8AD9C840-044E-11D1-B3E9-00805F499D93} [Java Plug-in 1.5.0_04] {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} [Java Plug-in 1.5.0_06] {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [Java Plug-in 1.5.0_10] {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [Java Plug-in 1.6.0_01] {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [Java Plug-in 1.6.0_02] {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [Java Plug-in 1.6.0_03] {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [Java Plug-in 1.6.0_03] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [QuickTime Object] {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [Aide pour le lien d'Adobe PDF Reader] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [XML DOM Document] {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A> [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [] {30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [EoBho Class] {64F56FC1-1272-44CD-BA6E-39723696E350} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [QuickTimeCheck Class] {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} [] {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A> [XML DOM Document] {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A> [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A> [&Recherche AOL Toolbar] [&Search] ================================== Running Processes [PID: 488 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 556 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 580 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5] [C:\WINDOWS\system32\khfdbyw.dll] [N/A, ] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 624 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)] [PID: 636 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 792 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 840 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 908 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [PID: 928 / SYSTEM][C:\Program Files\Ahead\InCD\InCDsrv.exe] [Nero AG, 4, 3, 20, 1] [C:\Program Files\Fichiers communs\Ahead\Lib\DriveLocker.dll] [Ahead Software AG, 1, 0, 0, 17] [C:\Program Files\Ahead\InCD\incdshx.dll] [Nero AG, 4, 3, 20, 1] [PID: 1012 / SERVICE RÉSEAU][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1096 / SERVICE LOCAL][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [PID: 1160 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1074, 0] [PID: 1208 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1074, 0] [PID: 1648 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\CNBJMON2.DLL] [Microsoft Corporation, 5.1.2600.2079 built by: xpsp(skatari)] [PID: 1720 / Gaëtan][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\PROGRA~1\WINDOW~2\wmpband.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\khfdbyw.dll] [N/A, ] [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Logitech\Video\AlbuDBps.dll] [Logitech Inc., 8.4.1.1092] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0] [C:\WINDOWS\system32\lvcodec2.dll] [Logitech Inc., 8.4.1.1092] [C:\WINDOWS\system32 ssoft32.acm] [DSP GROUP, INC., 1.01] [C:\WINDOWS\system32 sd32.dll] [, ] [C:\WINDOWS\HKNTDLL.dll] [N/A, ] [C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll] [Sun Microsystems, Inc., 2.03] [C:\Program Files\OpenOffice.org 2.3\program\uwinapi.dll] [Sun Microsystems, Inc., 2.03] [C:\Program Files\OpenOffice.org 2.3\program\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\OpenOffice.org 2.3\program\stlport_vc7145.dll] [STLport Consulting, Inc., 4.5.2003.0120] [C:\Program Files\OpenOffice.org 2.3\program\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0] [C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll] [Zone Labs, LLC, 7.0.337.000] [C:\Program Files\Zone Labs\ZoneAlarm\zlavscan_Loc040c.dll] [Zone Labs Inc., 5.3.017.000] [C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 7, 1074, 0] [PID: 324 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 388 / SYSTEM][C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe] [Computer Associates, 1.52] [C:\Program Files\CA\SharedComponents\CA_LIC\lic98.dll] [Computer Associates, 01.52] [PID: 424 / SYSTEM][C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe] [Microsoft Corporation, 7.10.3077] [C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\1036\mdmui.dll] [Microsoft Corporation, 7.10.3077] [PID: 520 / SYSTEM][C:\WINDOWS\system32 vsvc32.exe] [NVIDIA Corporation, 6.14.11.6375] [C:\WINDOWS\system32 vapi.dll] [NVIDIA Corporation, 6.14.11.6375] [PID: 1944 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\escwiad.dll] [SEIKO EPSON CORP., 1.00] [PID: 2648 / Gaëtan][C:\WINDOWS\system32\RunDll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system\cmicnfg.cpl] [C-Media Corporation, 1, 0, 43, 4] [C:\WINDOWS\System32\udaprop.dll] [C-Media Corporation, 1.0.2.3] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 2672 / Gaëtan][C:\WINDOWS\Dit.exe] [ICSI Technology Ltd., V2.01.0402] [PID: 2680 / Gaëtan][C:\WINDOWS\zHotkey.exe] [, 3, 0, 0, 7] [C:\WINDOWS\HKNTDLL.dll] [N/A, ] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 2692 / Gaëtan][C:\WINDOWS\AGRSMMSG.exe] [Agere Systems, 2.1.51 2.1.51 03/04/2005 12:01:54] [PID: 2700 / Gaëtan][C:\WINDOWS\system32\LVCOMSX.EXE] [Logitech Inc., 8.4.1.1092] [C:\WINDOWS\system32\lvmaenum.dll] [Logitech Inc., 8.4.1.1092] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\lvcomcx.dll] [Logitech Inc., 8.4.1.1092] [PID: 2740 / Gaëtan][C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.30.5] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [PID: 2792 / SERVICE RÉSEAU][C:\Program Files\Windows Media Player\WMPNetwk.exe] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\wmpmde.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\MFPlat.DLL] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\wmpps.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [PID: 2832 / Gaëtan][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1074, 0] [c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1074, 0] [c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1074, 0] [c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)] [c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1074, 0] [c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1074, 0] [c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1074, 0] [PID: 3064 / Gaëtan][C:\WINDOWS\system32\RUNDLL32.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\NvMcTray.dll] [NVIDIA Corporation, 6.14.11.6375] [C:\WINDOWS\system32 vapi.dll] [NVIDIA Corporation, 6.14.11.6375] [C:\WINDOWS\system32\NVRSFR.DLL] [NVIDIA Corporation, 6.14.11.6375] [PID: 3208 / Gaëtan][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3220 / Gaëtan][C:\Program Files\Rainlendar2\Rainlendar2.exe] [, 2, 0, 2, 0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll] [N/A, ] [PID: 3248 / Gaëtan][C:\Program Files\Wallpaper\Wallpaper.exe] [, 5.00.0003] [C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9782] [C:\WINDOWS\system32\VB6FR.DLL] [Microsoft Corporation, 6.00.8988] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\comdlg32.ocx] [Microsoft Corporation, 6.00.8418] [PID: 3276 / Gaëtan][C:\Program Files\DAEMON Tools\daemon.exe] [DT Soft Ltd., 4.09.0.0] [C:\Program Files\DAEMON Tools\daemon.dll] [DT Soft Ltd., 4.09.1.0] [C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll] [, 1.1.3.0] [C:\Program Files\DAEMON Tools\Plugins\Images\bwtmount.dll] [DT Soft Ltd., 1.00.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images\ccdmount.dll] [DT Soft Ltd., 1.10.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images\cuemount.dll] [DT Soft Ltd., 1.02.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images\iszmount.dll] [DT Soft Ltd., 1.02.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images\mdsmount.dll] [DT Soft Ltd., 1.22.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images rgmount.dll] [DT Soft Ltd., 1.12.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images\pdimount.dll] [DT Soft Ltd., 1.01.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images\pfcmount.dll] [DT Soft Ltd., 1.00.0.0] [C:\Program Files\DAEMON Tools\pfctoc.dll] [Padus(R), Inc., 1, 0, 0, 12] [PID: 200 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 7, 1074, 0] [PID: 1280 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1074, 0] [PID: 2352 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 7900 / Gaëtan][C:\Program Files\QuickZip4\QuickZip.exe] [N/A, ] [C:\WINDOWS\system32\Msdmo.dll] [, ] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\khfdbyw.dll] [N/A, ] [PID: 4504 / Gaëtan][C:\DOCUME~1\GATAN~1\LOCALS~1\Temp\QZTEMP\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] ================================== File Associations .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock Provider N/A ================================== Autorun.Inf N/A ================================== HOSTS File 127.0.0.1 localhost ================================== Process Privileges Scan Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2672, C:\WINDOWS\DIT.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2680, C:\WINDOWS\ZHOTKEY.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2700, C:\WINDOWS\SYSTEM32\LVCOMSX.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3220, C:\PROGRAM FILES\RAINLENDAR2\RAINLENDAR2.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3248, C:\PROGRAM FILES\WALLPAPER\WALLPAPER.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 7900, C:\PROGRAM FILES\QUICKZIP4\QUICKZIP.EXE] ================================== API HOOK N/A ================================== Hidden Process N/A ================================== [/CODE]

Gaëtan · Answer

Rapport PCA :

# PCA Sécurité V 1.0.2, (fichier LOG).
# Rapport du  :25/11/2007 12:54:04
Microsoft Windows XP  Service Pack 2
 
==>> Processus <==
\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Wallpaper\Wallpaper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\Video\AlbumDB2.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PCA\pca.exe
 
//pages de démarrage et de recherche d'Internet Explorer
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Start Page = https://www.msn.com/fr-fr/?ocid=iehp
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
RO - HKCU\Software\Microsoft\Internet Explorer\Main\Start Page = https://news.google.com/topstories?hl=fr&gl=FR&ceid=FR:fr
RO - HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
//applications lancées depuis system.ini,win.ini 
//03 - Browser Helper Objects (BHOs)
02 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
02 - BHO:  - {30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468} - C:\WINDOWS\system32\khfdbyw.dll
02 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL
02 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
02 - BHO:  - {7E853D72-626A-48EC-A868-BA8D5E23E045} - 
//04 - applications chargées automatiquement
04 - HKLM\..\RUN: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe
04 - HKLM\..\RUN: [Cmaudio] - RunDll32 cmicnfg.cpl,CMICtrlWnd
04 - HKLM\..\RUN: [Dit] - Dit.exe
04 - HKLM\..\RUN: [CHotkey] - zHotkey.exe
04 - HKLM\..\RUN: [AGRSMMSG] - AGRSMMSG.exe
04 - HKLM\..\RUN: [LVCOMSX] - C:\WINDOWS\system32\LVCOMSX.EXE
04 - HKLM\..\RUN: [SunJavaUpdateSched] - "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
04 - HKLM\..\RUN: [EoEngine] - 
04 - HKLM\..\RUN: [EoWeather] - 
04 - HKLM\..\RUN: [EoClock] - 
04 - HKLM\..\RUN: [Zone Labs Client] - "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
04 - HKLM\..\RUN: [avast!] - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
04 - HKLM\..\RUN: [ZoneAlarm Client] - "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
04 - HKLM\..\RUN: [NvCplDaemon] - "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKLM\..\RUN: [nwiz] - "nwiz.exe" /install
04 - HKLM\..\RUN: [NvMediaCenter] - "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
04 - HKLM\..\RUN: [Adobe Reader Speed Launcher] - ; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
04 - HKLM\..\RUN: [HP Update 3400C] - ; C:\sj652\hpupdate.exe 3400C
04 - HKLM\..\RUN: [InCD] - ; C:\Program Files\Ahead\InCD\InCD.exe
04 - HKLM\..\RUN: [LogitechVideoRepair] - ; C:\Program Files\Logitech\Video\ISStart.exe 
04 - HKLM\..\RUN: [LogitechVideoTray] - ; C:\Program Files\Logitech\Video\LogiTray.exe
04 - HKLM\..\RUN: [QuickTime Task] - ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
04 - HKLU\..\RUN: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
04 - HKLU\..\RUN: [Rainlendar2] - "C:\Program Files\Rainlendar2\Rainlendar2.exe"
04 - HKLU\..\RUN: [Wallpaper] - "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
04 - HKLU\..\RUN: [WMPNSCFG] - ; C:\Program Files\Windows Media Player\WMPNSCFG.exe
04 - HKLU\..\RUN: [DAEMON Tools] - "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
04 - HKLU\..\RUN: [Diddl_Scr.exe] - ; C:\Documents and Settings\Gaëtan\Local Settings\Temporary Internet Files\Content.IE5\E27ODY7W\Diddl_Scr[1].exe
04 - HKLU\..\RUN: [LogitechSoftwareUpdate] - ; "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
04 - HKLU\..\RUN: [Uniblue RegistryBooster 2] - ; C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
04 - HKUS\S-1-5-18\..\RUN: [CTFMON.EXE] - C:\WINDOWS\system32\NeroCheck.exe
04 - HKUS\S-1-5-19\..\RUN: [CTFMON.EXE] - C:\WINDOWS\system32\NeroCheck.exe
04 - HKUS\S-1-5-20\..\RUN: [CTFMON.EXE] - C:\WINDOWS\system32\NeroCheck.exe
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [ctfmon.exe] - C:\WINDOWS\system32\NeroCheck.exe
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [Rainlendar2] - RunDll32 cmicnfg.cpl,CMICtrlWnd
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [Wallpaper] - Dit.exe
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [WMPNSCFG] - zHotkey.exe
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [DAEMON Tools] - AGRSMMSG.exe
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [Diddl_Scr.exe] - C:\WINDOWS\system32\LVCOMSX.EXE
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [LogitechSoftwareUpdate] - "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [Uniblue RegistryBooster 2] - 
//05 - Accès au panneau de contrôle d'Internet Explorer (control.ini) 
//06-  interdiction à l' accès au options (Internet Explorer) 
//07 -  blocage de l'exécution de Regedit 
//08 - lignes supplémentaires dans le menu contextuel d'Internet Explorer
08 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
08 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb001YYFR
//09 - boutons situés sur la barre d'outils principale d'Internet Explorer
09 - Extra button:  - CmdMapping - 
09 - Extra 'Tools' menuitem:  - CmdMapping - 
09 - Extra button:  - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
09 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
09 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 
09 - Extra 'Tools' menuitem:  - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 
09 - Extra button:  - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
09 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
//O10 - Pirates de Winsock
//O11 - Onglet supplémentaire dans les options avancées d'Internet Explorer) 
O11 - Options group: [INTERNATIONAL] - International*
//O12 - IE plugins
O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS
pqtplugin.dll
O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS
pqtplugin2.dll
O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS
pqtplugin3.dll
//013 : DefaultPrefix 
//014 - Option : (Rétablir les paramètres Web) 
//015 - Zone de confiance d'Internet Explorer
//O16 - Objets ActiveX
O16 - DPF :   - DirectAnimation Java Classes - 
O16 - DPF :   - Microsoft XML Parser for Java - 
O16 - DPF :  Shockwave ActiveX Control - {166B1BCA-3F9C-11CF-8075-444553540000} - C:\WINDOWS\system32\macromed\Director\SwDir.dll
O16 - DPF :  WUWebControl Class - {6414512B-B978-451D-A0D8-FCFDF33E833C} - C:\WINDOWS\system32\wuweb.dll
O16 - DPF :  telechargement-photoweb - {68C1822F-F5C7-4404-A73F-03C10E0E94DA} - C:\WINDOWS\Downloaded Program Files	elechargement-photoweb.ocx
O16 - DPF :  Shockwave Flash Object - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx
//O17 - piratage de domaine Lop.com
//O18 - protocoles additionnels
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - 
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
//O19 - feuille de style de l'utilisateur
//O20 - valeur de Registre AppInit_DLLs et les sous-clés Winlogon Notify
//O21 - ShellServiceObjectDelayLoad
//O22 - SharedTaskScheduler
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\System32\browseui.dll
//O23 - services de XP,NT, 2000, et 2003
O23 - Service: [Service de la passerelle de la couche Application] - %SystemRoot%\System32\alg.exe
O23 - Service: [avast! iAVS4 Control Service] - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
O23 - Service: [avast! Antivirus] - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
O23 - Service: [avast! Mail Scanner] - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
O23 - Service: [avast! Web Scanner] - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
O23 - Service: [Client de licence CA] - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: [Serveur de licence CA] - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: [Gestionnaire de l'Album] - %SystemRoot%\system32\clipsrv.exe
O23 - Service: [Application système COM+] - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: [Fax] - %systemroot%\system32\fxssvc.exe
O23 - Service: [Google Updater Service] - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
O23 - Service: [InstallDriver Table Manager] - "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: [Service COM de gravage de CD IMAPI] - 
O23 - Service: [InCD Helper] - 
O23 - Service: [Event Log Watch] - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: [Machine Debug Manager] - "C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"
O23 - Service: [Partage de Bureau à distance NetMeeting] - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: [Distributed Transaction Coordinator] - C:\WINDOWS\system32\msdtc.exe
O23 - Service: [NVIDIA Display Driver Service] - %SystemRoot%\system32
vsvc32.exe
O23 - Service: [Gestionnaire de session d'aide sur le Bureau à distance] - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: [Localisateur d'appels de procédure distante (RPC)] - %SystemRoot%\System32\locator.exe
O23 - Service: [QoS RSVP] - %SystemRoot%\System32svp.exe
O23 - Service: [SiSoftware Database Agent Service] - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: [SiSoftware Sandra Agent Service] - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: [Spouleur d'impression] - %SystemRoot%\system32\spoolsv.exe
O23 - Service: [MS Software Shadow Copy Provider] - C:\WINDOWS\System32\dllhost.exe /Processid:{DB0CDB63-F5CF-4D8E-910E-E037CBFB0C95}
O23 - Service: [Journaux et alertes de performance] - %SystemRoot%\system32\smlogsvc.exe
O23 - Service: [Uninterruptible Power Supply] - %SystemRoot%\System32\ups.exe
O23 - Service: [Service Messenger Sharing Folders USN Journal Reader] - "C:\Program Files\MSN Messenger\usnsvc.exe"
O23 - Service: [TrueVector Internet Monitor] - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
O23 - Service: [Cliché instantané de volume] - %SystemRoot%\System32\vssvc.exe
O23 - Service: [Windows Media Connect (WMC)] - c:\program files\windows media connect\mswmccds.exe
O23 - Service: [Aide de Windows Media Connect (WMC)] - C:\Program Files\Windows Media Connect\mswmcls.exe
O23 - Service: [Carte de performance WMI] - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: [Service Partage réseau du Lecteur Windows Media] - "C:\Program Files\Windows Media Player\WMPNetwk.exe"

Gaëtan · Answer

J'ai relancé ad-aware, j'ai toujours le malware c:\windows\systeme32\khfdbyw.dll.
Par contre, Combofix a fait son effet puisque le pc est redevenu rapide...
Mais j'aimerais bien virer ce .dll et les clés dans le registre qui vont avec...

Gaëtan · Answer

A chaque démarrage, Zone Alarm m'informe que l'Explorateur Windows essaie de se connecter à Internet...
Je refuse la connexion...

FillPCA · Answer

Re,

    *  Sélectionne le texte suivant :


    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-note (programme>Accessoire>bloc-note).
    * Colle le texte copié dans ce bloc-note (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468}] 
[HKLM\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\crehcjid] 
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\khfdbyw]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\°€€] 

File::
C:\install.dat
C:\WINDOWS\system32\96.tmp
C:\WINDOWS\system32\131.tmp
C:\WINDOWS\system32\12F.tmp
C:\WINDOWS\system32\12D.tmp
C:\WINDOWS\system32\12B.tmp
C:\WINDOWS\system32\129.tmp
C:\WINDOWS\system32\127.tmp
C:\WINDOWS\system32\125.tmp
C:\WINDOWS\system32\123.tmp
C:\WINDOWS\system32\121.tmp
C:\WINDOWS\system32\11F.tmp
C:\WINDOWS\system32\11D.tmp
C:\WINDOWS\system32\11B.tmp
C:\WINDOWS\system32\119.tmp
C:\WINDOWS\system32\117.tmp
C:\WINDOWS\system32\115.tmp
C:\WINDOWS\system32\113.tmp
C:\WINDOWS\system32\111.tmp
C:\WINDOWS\system32\10F.tmp
C:\WINDOWS\system32\10D.tmp
C:\WINDOWS\system32\10B.tmp
C:\WINDOWS\system32\109.tmp
C:\WINDOWS\system32\107.tmp
C:\WINDOWS\system32\105.tmp
C:\WINDOWS\system32\FF.tmp
C:\WINDOWS\system32\103.tmp
C:\WINDOWS\system32\101.tmp
C:\WINDOWS\system32\FD.tmp
C:\WINDOWS\system32\FB.tmp
C:\WINDOWS\system32\F9.tmp
C:\WINDOWS\system32\F7.tmp
C:\WINDOWS\system32\F5.tmp
C:\WINDOWS\system32\F3.tmp
C:\WINDOWS\system32\F1.tmp
C:\WINDOWS\system32\EF.tmp
C:\WINDOWS\system32\ED.tmp
C:\WINDOWS\system32\EB.tmp
C:\WINDOWS\system32\E9.tmp
C:\WINDOWS\system32\E7.tmp
C:\WINDOWS\system32\E5.tmp
C:\WINDOWS\system32\E3.tmp
C:\WINDOWS\system32\E1.tmp
C:\WINDOWS\system32\DF.tmp
C:\WINDOWS\system32\DD.tmp
C:\WINDOWS\system32\DB.tmp
C:\WINDOWS\system32\D9.tmp
C:\WINDOWS\system32\D7.tmp
C:\WINDOWS\system32\D5.tmp
C:\WINDOWS\system32\D3.tmp
C:\WINDOWS\system32\D1.tmp
C:\WINDOWS\system32\CF.tmp
C:\WINDOWS\system32\CD.tmp
C:\WINDOWS\system32\CB.tmp
C:\WINDOWS\system32\C9.tmp
C:\WINDOWS\system32\C7.tmp
C:\WINDOWS\system32\C5.tmp
C:\WINDOWS\system32\C3.tmp
 C:\WINDOWS\system32\C1.tmp
C:\WINDOWS\system32\BF.tmp
C:\WINDOWS\system32\BD.tmp
C:\WINDOWS\system32\BB.tmp
C:\WINDOWS\system32\B9.tmp
C:\WINDOWS\system32\B7.tmp
C:\WINDOWS\system32\B5.tmp
C:\WINDOWS\system32\B3.tmp
C:\WINDOWS\system32\B1.tmp
C:\WINDOWS\system32\AF.tmp
C:\WINDOWS\system32\AD.tmp
C:\WINDOWS\system32\AB.tmp
C:\WINDOWS\system32\A9.tmp
C:\WINDOWS\system32\A7.tmp
C:\WINDOWS\system32\A5.tmp
C:\WINDOWS\system32\A3.tmp
C:\WINDOWS\system32\A1.tmp
C:\WINDOWS\system32\9F.tmp
C:\WINDOWS\system32\9D.tmp
C:\WINDOWS\system32\9B.tmp
C:\WINDOWS\system32\99.tmp
C:\WINDOWS\system32\97.tmp
C:\WINDOWS\system32\95.tmp
C:\WINDOWS\system32\93.tmp
C:\WINDOWS\system32\91.tmp
C:\WINDOWS\system32\8F.tmp
C:\WINDOWS\system32\8D.tmp
C:\WINDOWS\system32\8B.tmp
C:\WINDOWS\system32\89.tmp
C:\WINDOWS\system32\84.tmp
C:\WINDOWS\system32\7E.tmp
C:\WINDOWS\system32\7C.tmp
C:\WINDOWS\system32\7A.tmp
C:\WINDOWS\system32\78.tmp
C:\WINDOWS\system32\76.tmp
C:\WINDOWS\system32\khfdbyw.dll
C:\WINDOWS\System32\crehcjid.dll
C:\mwjqxanu.exe
C:\opnvmwvi.exe
C:\pgdxf.exe

    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
      Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Edite le rapport Combofix, un rapport SRENg et un rapport PCA.

FillPCA

Gaëtan · Answer

Ok merci, je fais ça tout de suite...

A tout à l'heure

Gaëtan · Answer

Rapport ComboFix : ComboFix 07-11-19.3 - Gaëtan 2007-11-25 18:03:07.2 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.646 [GMT 1:00] Running from: C:\Documents and Settings\Gaëtan\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Gaëtan\Bureau\CFScript.txt * Created a new restore point FILE C:\install.dat C:\mwjqxanu.exe C:\opnvmwvi.exe C:\pgdxf.exe C:\WINDOWS\system32\101.tmp C:\WINDOWS\system32\103.tmp C:\WINDOWS\system32\105.tmp C:\WINDOWS\system32\107.tmp C:\WINDOWS\system32\109.tmp C:\WINDOWS\system32\10B.tmp C:\WINDOWS\system32\10D.tmp C:\WINDOWS\system32\10F.tmp C:\WINDOWS\system32\111.tmp C:\WINDOWS\system32\113.tmp C:\WINDOWS\system32\115.tmp C:\WINDOWS\system32\117.tmp C:\WINDOWS\system32\119.tmp C:\WINDOWS\system32\11B.tmp C:\WINDOWS\system32\11D.tmp C:\WINDOWS\system32\11F.tmp C:\WINDOWS\system32\121.tmp C:\WINDOWS\system32\123.tmp C:\WINDOWS\system32\125.tmp C:\WINDOWS\system32\127.tmp C:\WINDOWS\system32\129.tmp C:\WINDOWS\system32\12B.tmp C:\WINDOWS\system32\12D.tmp C:\WINDOWS\system32\12F.tmp C:\WINDOWS\system32\131.tmp C:\WINDOWS\system32\76.tmp C:\WINDOWS\system32\78.tmp C:\WINDOWS\system32\7A.tmp C:\WINDOWS\system32\7C.tmp C:\WINDOWS\system32\7E.tmp C:\WINDOWS\system32\84.tmp C:\WINDOWS\system32\89.tmp C:\WINDOWS\system32\8B.tmp C:\WINDOWS\system32\8D.tmp C:\WINDOWS\system32\8F.tmp C:\WINDOWS\system32\91.tmp C:\WINDOWS\system32\93.tmp C:\WINDOWS\system32\95.tmp C:\WINDOWS\system32\96.tmp C:\WINDOWS\system32\97.tmp C:\WINDOWS\system32\99.tmp C:\WINDOWS\system32\9B.tmp C:\WINDOWS\system32\9D.tmp C:\WINDOWS\system32\9F.tmp C:\WINDOWS\system32\A1.tmp C:\WINDOWS\system32\A3.tmp C:\WINDOWS\system32\A5.tmp C:\WINDOWS\system32\A7.tmp C:\WINDOWS\system32\A9.tmp C:\WINDOWS\system32\AB.tmp C:\WINDOWS\system32\AD.tmp C:\WINDOWS\system32\AF.tmp C:\WINDOWS\system32\B1.tmp C:\WINDOWS\system32\B3.tmp C:\WINDOWS\system32\B5.tmp C:\WINDOWS\system32\B7.tmp C:\WINDOWS\system32\B9.tmp C:\WINDOWS\system32\BB.tmp C:\WINDOWS\system32\BD.tmp C:\WINDOWS\system32\BF.tmp C:\WINDOWS\system32\C1.tmp C:\WINDOWS\system32\C3.tmp C:\WINDOWS\system32\C5.tmp C:\WINDOWS\system32\C7.tmp C:\WINDOWS\system32\C9.tmp C:\WINDOWS\system32\CB.tmp C:\WINDOWS\system32\CD.tmp C:\WINDOWS\system32\CF.tmp C:\WINDOWS\System32\crehcjid.dll C:\WINDOWS\system32\D1.tmp C:\WINDOWS\system32\D3.tmp C:\WINDOWS\system32\D5.tmp C:\WINDOWS\system32\D7.tmp C:\WINDOWS\system32\D9.tmp C:\WINDOWS\system32\DB.tmp C:\WINDOWS\system32\DD.tmp C:\WINDOWS\system32\DF.tmp C:\WINDOWS\system32\E1.tmp C:\WINDOWS\system32\E3.tmp C:\WINDOWS\system32\E5.tmp C:\WINDOWS\system32\E7.tmp C:\WINDOWS\system32\E9.tmp C:\WINDOWS\system32\EB.tmp C:\WINDOWS\system32\ED.tmp C:\WINDOWS\system32\EF.tmp C:\WINDOWS\system32\F1.tmp C:\WINDOWS\system32\F3.tmp C:\WINDOWS\system32\F5.tmp C:\WINDOWS\system32\F7.tmp C:\WINDOWS\system32\F9.tmp C:\WINDOWS\system32\FB.tmp C:\WINDOWS\system32\FD.tmp C:\WINDOWS\system32\FF.tmp C:\WINDOWS\system32\khfdbyw.dll . Incapable d'obtenir les privilèges Système (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\install.dat C:\mwjqxanu.exe C:\opnvmwvi.exe C:\pgdxf.exe C:\WINDOWS\system32\101.tmp C:\WINDOWS\system32\103.tmp C:\WINDOWS\system32\105.tmp C:\WINDOWS\system32\107.tmp C:\WINDOWS\system32\109.tmp C:\WINDOWS\system32\10B.tmp C:\WINDOWS\system32\10D.tmp C:\WINDOWS\system32\10F.tmp C:\WINDOWS\system32\111.tmp C:\WINDOWS\system32\113.tmp C:\WINDOWS\system32\115.tmp C:\WINDOWS\system32\117.tmp C:\WINDOWS\system32\119.tmp C:\WINDOWS\system32\11B.tmp C:\WINDOWS\system32\11D.tmp C:\WINDOWS\system32\11F.tmp C:\WINDOWS\system32\121.tmp C:\WINDOWS\system32\123.tmp C:\WINDOWS\system32\125.tmp C:\WINDOWS\system32\127.tmp C:\WINDOWS\system32\129.tmp C:\WINDOWS\system32\12B.tmp C:\WINDOWS\system32\12D.tmp C:\WINDOWS\system32\12F.tmp C:\WINDOWS\system32\131.tmp C:\WINDOWS\system32\76.tmp C:\WINDOWS\system32\78.tmp C:\WINDOWS\system32\7A.tmp C:\WINDOWS\system32\7C.tmp C:\WINDOWS\system32\7E.tmp C:\WINDOWS\system32\84.tmp C:\WINDOWS\system32\89.tmp C:\WINDOWS\system32\8B.tmp C:\WINDOWS\system32\8D.tmp C:\WINDOWS\system32\8F.tmp C:\WINDOWS\system32\91.tmp C:\WINDOWS\system32\93.tmp C:\WINDOWS\system32\95.tmp C:\WINDOWS\system32\96.tmp C:\WINDOWS\system32\97.tmp C:\WINDOWS\system32\99.tmp C:\WINDOWS\system32\9B.tmp C:\WINDOWS\system32\9D.tmp C:\WINDOWS\system32\9F.tmp C:\WINDOWS\system32\A1.tmp C:\WINDOWS\system32\A3.tmp C:\WINDOWS\system32\A5.tmp C:\WINDOWS\system32\A7.tmp C:\WINDOWS\system32\A9.tmp C:\WINDOWS\system32\AB.tmp C:\WINDOWS\system32\AD.tmp C:\WINDOWS\system32\AF.tmp C:\WINDOWS\system32\B1.tmp C:\WINDOWS\system32\B3.tmp C:\WINDOWS\system32\B5.tmp C:\WINDOWS\system32\B7.tmp C:\WINDOWS\system32\B9.tmp C:\WINDOWS\system32\BB.tmp C:\WINDOWS\system32\BD.tmp C:\WINDOWS\system32\BF.tmp C:\WINDOWS\system32\C1.tmp C:\WINDOWS\system32\C3.tmp C:\WINDOWS\system32\C5.tmp C:\WINDOWS\system32\C7.tmp C:\WINDOWS\system32\C9.tmp C:\WINDOWS\system32\CB.tmp C:\WINDOWS\system32\CD.tmp C:\WINDOWS\system32\CF.tmp C:\WINDOWS\System32\crehcjid.dll C:\WINDOWS\system32\D1.tmp C:\WINDOWS\system32\D3.tmp C:\WINDOWS\system32\D5.tmp C:\WINDOWS\system32\D7.tmp C:\WINDOWS\system32\D9.tmp C:\WINDOWS\system32\DB.tmp C:\WINDOWS\system32\DD.tmp C:\WINDOWS\system32\DF.tmp C:\WINDOWS\system32\E1.tmp C:\WINDOWS\system32\E3.tmp C:\WINDOWS\system32\E5.tmp C:\WINDOWS\system32\E7.tmp C:\WINDOWS\system32\E9.tmp C:\WINDOWS\system32\EB.tmp C:\WINDOWS\system32\ED.tmp C:\WINDOWS\system32\EF.tmp C:\WINDOWS\system32\F1.tmp C:\WINDOWS\system32\F3.tmp C:\WINDOWS\system32\F5.tmp C:\WINDOWS\system32\F7.tmp C:\WINDOWS\system32\F9.tmp C:\WINDOWS\system32\FB.tmp C:\WINDOWS\system32\FD.tmp C:\WINDOWS\system32\FF.tmp C:\WINDOWS\system32\khfdbyw.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\poof ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-10-25 to 2007-11-25 )))))))))))))))))))))))))))))))))))) . 2007-11-25 12:25 C:\Documents and Settings\GaÙtan\Local Settings 2007-11-25 12:25 C:\Documents and Settings\GaÙtan\Local Settings 2007-11-25 11:23 d-------- C:\PCA 2007-11-25 10:52 d-------- C:\Diaghelp 2007-11-24 22:36 d-------- C:\VundoFix Backups 2007-11-24 22:28 d-------- C:\Documents and Settings\All Users\Application Data\Prevx 2007-11-24 20:25 d-------- C:\Program Files\Enigma Software Group 2007-11-24 13:49 d-------- C:\Program Files\a-squared Free 2007-11-24 11:24 d-------- C:\Program Files\Trend Micro 2007-11-23 20:56 71,680 --a------ C:\WINDOWS\system32\74.tmp 2007-11-23 20:55 71,680 --a------ C:\WINDOWS\system32\72.tmp 2007-11-23 20:55 71,680 --a------ C:\WINDOWS\system32\70.tmp 2007-11-23 20:55 71,680 --a------ C:\WINDOWS\system32\6E.tmp 2007-11-23 20:55 71,680 --a------ C:\WINDOWS\system32\6C.tmp 2007-11-23 20:55 71,680 --a------ C:\WINDOWS\system32\6A.tmp 2007-11-23 19:02 d--hs---- C:\WINDOWS\ftpcache 2007-11-23 19:01 d-------- C:\Program Files\DAEMON Tools 2007-11-23 18:59 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-11-22 22:41 d-------- C:\WINDOWS view 2007-11-22 22:41 140,158 --a------ C:\WINDOWS\system32 vapps.xml 2007-11-22 22:41 17,525 --a------ C:\WINDOWS\system32 vdisp.nvu 2007-11-22 22:40 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2007-11-22 22:39 d-------- C:\NVIDIA 2007-11-18 11:17 d-------- C:\Program Files\Astase 2007-11-18 10:30 d-------- C:\Program Files\MozBackup 2007-11-12 21:54 d-------- C:\Program Files\CCleaner 2007-11-11 16:20 d-------- C:\WINDOWS\system32\NtmsData 2007-11-11 12:03 17,920 --ahs---- C:\WINDOWS\system32\Thumbs.db 2007-11-11 10:49 d-------- C:\Program Files\MSXML 4.0 2007-11-10 11:10 d-------- C:\Program Files\Wallpaper 2007-11-06 13:33 d-------- C:\Program Files\SiSoftware 2007-11-04 11:38 d-------- C:\WINDOWS\SxsCaPendDel 2007-11-03 15:33 43,296 --ah----- C:\WINDOWS\system32\mlfcache.dat 2007-11-03 13:25 d-------- C:\Program Files\Picasa2 2007-11-01 10:33 d-------- C:\WINDOWS\ShellNew . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-25 16:53 13,440 ----a-w C:\WINDOWS\system32\drivers\USBCRFT.SYS 2007-11-23 18:40 --------- d-----w C:\Program Files\Mozilla Thunderbird 2007-11-04 10:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak 2007-11-04 10:40 --------- d-----w C:\Program Files\Kodak EasyShare software 2007-11-03 12:33 --------- d-----w C:\Program Files\Google 2007-11-01 09:33 --------- d-----w C:\Program Files\microsoft frontpage 2007-10-25 17:05 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-25 17:05 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-25 17:03 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-25 17:01 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-25 16:58 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-20 07:35 --------- d-----w C:\Program Files\Java 2007-10-04 16:14 6,854,464 ----a-w C:\WINDOWS\system32\drivers v4_mini.sys 2007-09-30 11:05 --------- d-----w C:\Program Files\OpenOffice.org 2.3 . ((((((((((((((((((((((((((((( snapshot@2007-11-25_12.25.01.14 ))))))))))))))))))))))))))))))))))))))))) . + 2007-11-25 17:09:45 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_52c.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09] "Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-01-01 14:31] "Wallpaper"="C:\Program Files\Wallpaper\Wallpaper.exe" [2007-08-21 00:27] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 23:29] "Diddl_Scr.exe"="C:\Documents and Settings\Gaëtan\Local Settings\Temporary Internet Files\Content.IE5\E27ODY7W\Diddl_Scr[1].exe" [] "LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2004-10-08 12:06] "Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50] "Cmaudio"="RunDll32 cmicnfg.cpl" [] "Dit"="Dit.exe" [2004-04-02 12:31 C:\WINDOWS\Dit.exe] "CHotkey"="zHotkey.exe" [2004-05-17 18:30 C:\WINDOWS\zHotkey.exe] "AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 11:01 C:\WINDOWS\AGRSMMSG.exe] "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 11:52] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "EoEngine"="" [] "EoWeather"="" [] "EoClock"="" [] "Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20] "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02] "NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32 undll32.exe] "nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32 wiz.exe] "NvMediaCenter"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32 undll32.exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51] "HP Update 3400C"="C:\sj652\hpupdate.exe" [2002-02-01 13:33] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-07-25 11:01] "LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 12:31] "LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 12:24] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-11 17:43] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\°€€] °€€ R2 LogWatch;Event Log Watch;C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe R3 CardReaderFilter;Card Reader Filter;\??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS R3 cmudax;C-Media High Definition Audio Interface;C:\WINDOWS\system32\drivers\cmudax.sys S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys S3 CA_LIC_CLNT;Client de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe S3 CA_LIC_SRVR;Serveur de licence CA;C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys S3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d88632f-269b-11d9-b2c3-000c76adb999}] \Shell\AutoRun\command - @%systemroot%\explorer.exe /e,. [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1540b92a-2cb5-11d9-9c60-00110949a3d1}] \Shell\AutoRun\command - @%systemroot%\explorer.exe /e,. [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46e21b24-2d4e-11d9-9c66-00110949a3d1}] \Shell\AutoRun\command - @%systemroot%\explorer.exe /e,. . ************************************************************************** catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-25 18:10:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-25 18:11:28 - machine was rebooted . --- E O F ---

Gaëtan · Answer

Rapport DiagHelp : DiagHelp version v1.4 - http://www.malekal.com excute le 25/11/2007 à 18:14:47,68 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->25/11/2007 18:14:42 C:\WINDOWS\prefetch\FXSVR2.EXE-14513BBA.pf -->25/11/2007 18:12:48 C:\WINDOWS\prefetch\ALBUMDB2.EXE-0EEB0F05.pf -->25/11/2007 18:12:48 C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->25/11/2007 18:12:42 C:\WINDOWS\prefetch\WGATRAY.EXE-0ED38BED.pf -->25/11/2007 18:11:51 C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->25/11/2007 18:11:39 C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->25/11/2007 18:11:33 C:\WINDOWS\prefetch\REGEDIT.EXE-1B606482.pf -->25/11/2007 18:11:30 C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->25/11/2007 18:11:16 C:\WINDOWS\prefetch\AVAST.SETUP-032170A8.pf -->25/11/2007 18:11:12 C:\WINDOWS\System32\drivers\USBCRFT.SYS -->25/11/2007 17:53:24 C:\WINDOWS\System32\drivers\sptd.sys -->23/11/2007 18:59:16 C:\WINDOWS\System32\drivers\aswmon.sys -->25/10/2007 18:05:36 C:\WINDOWS\System32\drivers\aswmon2.sys -->25/10/2007 18:05:20 C:\WINDOWS\System32\drivers\aswRdr.sys -->25/10/2007 18:03:19 C:\WINDOWS\System32\drivers\aswTdi.sys -->25/10/2007 18:01:34 C:\WINDOWS\System32\drivers\aavmker4.sys -->25/10/2007 17:58:49 C:\WINDOWS\System32\wpa.dbl -->25/11/2007 18:11:49 C:\WINDOWS\System32\vsconfig.xml -->25/11/2007 18:11:02 C:\WINDOWS\System32\Thumbs.db -->24/11/2007 15:19:05 C:\WINDOWS\System32\74.tmp -->23/11/2007 20:55:54 C:\WINDOWS\System32\72.tmp -->23/11/2007 20:55:44 C:\WINDOWS\System32\70.tmp -->23/11/2007 20:55:34 C:\WINDOWS\System32\6E.tmp -->23/11/2007 20:55:25 C:\WINDOWS\System32\6C.tmp -->23/11/2007 20:55:15 C:\WINDOWS\System32\6A.tmp -->23/11/2007 20:55:00 C:\WINDOWS\System32 vapps.xml -->22/11/2007 22:43:11 C:\WINDOWS\System32\CONFIG.NT -->19/11/2007 21:04:19 C:\WINDOWS\System32\mlfcache.dat -->03/11/2007 15:33:13 C:\WINDOWS\System32\FNTCACHE.DAT -->02/11/2007 12:47:34 C:\WINDOWS\System32\MRT.exe -->02/11/2007 00:12:58 C:\WINDOWS\System32\xpsp3res.dll -->29/10/2007 16:07:16 C:\WINDOWS\System32\PerfStringBackup.INI -->28/10/2007 09:41:42 C:\WINDOWS\System32\perfh00C.dat -->28/10/2007 09:41:42 C:\WINDOWS\System32\perfh009.dat -->28/10/2007 09:41:42 C:\WINDOWS\System32\perfc00C.dat -->28/10/2007 09:41:42 C:\WINDOWS\System32\perfc009.dat -->28/10/2007 09:41:42 C:\WINDOWS\System32\shell32.dll -->25/10/2007 17:43:25 C:\WINDOWS\System32\aswBoot.exe -->25/10/2007 17:24:45 C:\WINDOWS\System32\AVASTSS.scr -->25/10/2007 17:14:25 C:\WINDOWS\System32\jupdate-1.6.0_03-b05.log -->20/10/2007 08:35:04 C:\WINDOWS\System32\NVUNINST.EXE -->04/10/2007 18:16:48 C:\WINDOWS\Thumbs.db -->25/11/2007 18:12:40 C:\WINDOWS\0.log -->25/11/2007 18:10:57 C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt -->25/11/2007 18:10:38 C:\WINDOWS\WindowsUpdate.log -->25/11/2007 18:10:35 C:\WINDOWS\wiadebug.log -->25/11/2007 18:10:15 C:\WINDOWS\wiaservc.log -->25/11/2007 18:10:02 C:\WINDOWS\bootstat.dat -->25/11/2007 18:09:39 C:\WINDOWS\SchedLgU.Txt -->25/11/2007 18:08:39 C:\WINDOWS\win.ini -->24/11/2007 19:17:30 C:\WINDOWS\NeroDigital.ini -->19/11/2007 22:21:27 C:\WINDOWS\system.ini -->11/11/2007 12:35:09 C:\WINDOWS\catchme.exe -->08/11/2007 16:59:01 C:\WINDOWS\ODBC.INI -->01/11/2007 10:34:19 C:\WINDOWS\yesmessenger.ini -->07/07/2007 15:20:28 C:\WINDOWS\NirCmd.exe -->17/06/2007 00:11:58 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 1460 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x44080000 0xcf000 7.00.6000.16544 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16544 C:\WINDOWS\system32\iertutil.dll 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll 0x13420000 0x1a000 11.00.5721.5145 C:\PROGRA~1\WINDOW~2\wmpband.dll 0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL 0x44360000 0x5cb000 7.00.6000.16544 C:\WINDOWS\system32\ieframe.dll 0x44160000 0x124000 7.00.6000.16544 C:\WINDOWS\system32\urlmon.dll 0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll 0x442b0000 0x3c000 7.00.6000.16544 C:\WINDOWS\system32\webcheck.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x01fe0000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x02810000 0x8000 8.04.0001.1092 C:\Program Files\Logitech\Video\AlbuDBps.dll 0x029c0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x7f840000 0x32000 8.04.0001.1092 C:\WINDOWS\system32\lvcodec2.dll 0x58580000 0x4000 1.01.0001.0005 C:\WINDOWS\system32 ssoft32.acm 0x73ac0000 0x7000 1.03.0003.0007 C:\WINDOWS\system32 sd32.dll 0x10000000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll 0x01b00000 0x28000 8.04.0001.1092 C:\WINDOWS\Twain_32\QuickCam\lvWIAext.dll 0x5a500000 0x4e000 8.01.0178.0000 C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll 0x022a0000 0x24000 8.04.0001.1092 C:\Program Files\Logitech\Video\Namespc2.dll 0x7c140000 0x103000 7.10.3077.0000 C:\WINDOWS\system32\MFC71.DLL 0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll 0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL 0x41f00000 0x7000 1.01.0000.3917 C:\WINDOWS\system32\asfsipc.dll 0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\system32\MSISIP.DLL 0x74e10000 0x10000 5.06.0000.8820 C:\WINDOWS\System32\wshext.dll 0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL 0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL 0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\System32\wshFR.DLL ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 576 Command line: winlogon.exe Base Size Version Path 0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe 0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll 0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x01290000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll 0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll Le volume dans le lecteur C s'appelle BOOT Le numéro de série du volume est 646C-6A9F Répertoire de C:\WINDOWS\system32 19/08/2004 15:09 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 58 616 926 208 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle BOOT Le numéro de série du volume est 646C-6A9F Répertoire de C:\WINDOWS\Downloaded Program Files 23/09/2005 10:42 . 23/09/2005 10:42 .. 25/06/2004 16:14 65 desktop.ini 14/10/1997 17:52 697 DirectAnimation Java Classes.osd 08/09/2004 21:38 1 271 erma.inf 16/03/2004 19:13 365 f3initialsetup1.0.0.8-2.inf 20/01/2000 14:25 1 162 Microsoft XML Parser for Java.osd 08/12/2003 13:58 3 759 swflash.inf 13/09/2005 10:36 406 telechargement-photoweb.inf 14/09/2005 11:27 1 871 872 telechargement-photoweb.ocx 03/08/2004 13:51 293 wuweb.inf 9 fichier(s) 1 879 890 octets Total des fichiers listés : 9 fichier(s) 1 879 890 octets 2 Rép(s) 58 616 922 112 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 Export de la clef SharedTaskScheduler [SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-25 18:15:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg] "s1"=dword:2df9c43f "s2"=dword:110480d0 "h0"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:ed,94,61,d5,3f,ba,6b,4e,24,9e,e7,40,f0,69,34,8e,71,0c,04,fd,77,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,94,c3,98,d9,55,65,c6,b5,f4,d8,46,61,68,77,71,94,7a,.. "khjeh"=hex:08,a3,78,eb,e9,40,2b,8b,63,86,ed,2e,2d,5b,6c,70,b0,7b,35,94,bd,.. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:3a,f3,95,8e,79,7f,d9,08,4e,75,87,c3,9a,08,57,d8,2a,86,41,2c,53,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4] "p0"="C:\Program Files\DAEMON Tools\" "h0"=dword:00000000 "khjeh"=hex:ed,94,61,d5,3f,ba,6b,4e,24,9e,e7,40,f0,69,34,8e,71,0c,04,fd,77,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001] "a0"=hex:20,01,00,00,94,c3,98,d9,55,65,c6,b5,f4,d8,46,61,68,77,71,94,7a,.. "khjeh"=hex:08,a3,78,eb,e9,40,2b,8b,63,86,ed,2e,2d,5b,6c,70,b0,7b,35,94,bd,.. [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40] "khjeh"=hex:3a,f3,95,8e,79,7f,d9,08,4e,75,87,c3,9a,08,57,d8,2a,86,41,2c,53,.. scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 552 - csrss.exe 576 - winlogon.exe 620 - services.exe 656 - lsass.exe 808 - svchost.exe 852 - svchost.exe 920 - svchost.exe 1020 - svchost.exe 1076 - svchost.exe 1156 - LogWatNT.exe 1164 - svchost.exe 1324 - ashServ.exe 1384 - mdm.exe 1460 - explorer.exe 2224 - nvsvc32.exe 2276 - svchost.exe 2448 - vsmon.exe 2572 - rundll32.exe 2608 - zHotkey.exe 2624 - AGRSMMSG.exe 2648 - LVCOMSX.EXE 2676 - jusched.exe 2692 - zlclient.exe 2724 - ashDisp.exe 2880 - ctfmon.exe 2920 - Rainlendar2.exe 3424 - wmpnetwk.exe 3688 - ashMaiSv.exe 3916 - ashWebSv.exe 3980 - alg.exe 5524 - wuauclt.exe 6100 - cmd.exe Total number of processes = 33 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32 toskrnl.exe 806FD000 - \WINDOWS\system32\hal.dll F7D2E000 - \WINDOWS\system32\KDCOM.DLL F7C3E000 - \WINDOWS\system32\BOOTVID.dll F7725000 - sptd.sys F7D30000 - \WINDOWS\System32\Drivers\WMILIB.SYS F770D000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS F76DE000 - ACPI.sys F76CD000 - pci.sys F782E000 - ohci1394.sys F783E000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS F784E000 - isapnp.sys F7DF6000 - pciide.sys F7AAE000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS F785E000 - MountMgr.sys F76AE000 - ftdisk.sys F7AB6000 - PartMgr.sys F786E000 - VolSnap.sys F7696000 - atapi.sys F787E000 - disk.sys F788E000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS F7676000 - fltmgr.sys F7664000 - sr.sys F789E000 - PxHelp20.sys F764D000 - KSecDD.sys F75C0000 - Ntfs.sys F7593000 - NDIS.sys F78AE000 - ComboFix.sys F757F000 - srescan.sys F7564000 - Mup.sys F78DE000 - \SystemRoot\System32\DRIVERS ic1394.sys F6D6E000 - \SystemRoot\System32\DRIVERS\intelppm.sys F6684000 - \SystemRoot\system32\DRIVERS v4_mini.sys F6670000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F664C000 - \SystemRoot\System32\DRIVERS\HDAudBus.sys F7BA6000 - \SystemRoot\System32\DRIVERS\usbuhci.sys F6629000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS F7BAE000 - \SystemRoot\System32\DRIVERS\usbehci.sys F6524000 - \SystemRoot\system32\DRIVERS\AGRSM.sys F7BB6000 - \SystemRoot\System32\Drivers\Modem.SYS F6D5E000 - \SystemRoot\System32\DRIVERS\fetnd5b.sys F7BBE000 - \SystemRoot\System32\DRIVERS\fdc.sys F6513000 - \SystemRoot\System32\DRIVERS\serial.sys F7530000 - \SystemRoot\System32\DRIVERS\serenum.sys F64FF000 - \SystemRoot\System32\DRIVERS\parport.sys F6D4E000 - \SystemRoot\System32\DRIVERS\i8042prt.sys F7BC6000 - \SystemRoot\System32\DRIVERS\mouclass.sys F7BCE000 - \SystemRoot\System32\DRIVERS\kbdclass.sys F6D3E000 - \SystemRoot\System32\DRIVERS\imapi.sys F752C000 - \SystemRoot\system32\drivers\pfc.sys F6D2E000 - \SystemRoot\System32\DRIVERS\cdrom.sys F6D1E000 - \SystemRoot\System32\DRIVERS edbook.sys F64DC000 - \SystemRoot\System32\DRIVERS\ks.sys F7BD6000 - \SystemRoot\System32\Drivers\incdrm.SYS F7BDE000 - \SystemRoot\System32\DRIVERS\InCDPass.sys F6476000 - \SystemRoot\System32\Drivers\acc8cqyf.SYS F7EC6000 - \SystemRoot\System32\DRIVERS\audstub.sys F793E000 - \SystemRoot\System32\DRIVERS asl2tp.sys F6E57000 - \SystemRoot\System32\DRIVERS distapi.sys F63F8000 - \SystemRoot\System32\DRIVERS diswan.sys F794E000 - \SystemRoot\System32\DRIVERS aspppoe.sys F795E000 - \SystemRoot\System32\DRIVERS aspptp.sys F7AC6000 - \SystemRoot\System32\DRIVERS\TDI.SYS F7AEE000 - \SystemRoot\System32\DRIVERS\ptilink.sys F7AF6000 - \SystemRoot\System32\DRIVERS aspti.sys F796E000 - \SystemRoot\System32\DRIVERS ermdd.sys F7D64000 - \SystemRoot\System32\DRIVERS\swenum.sys F639F000 - \SystemRoot\System32\DRIVERS\update.sys F6E4B000 - \SystemRoot\System32\DRIVERS\mssmbios.sys F797E000 - \SystemRoot\System32\Drivers\NDProxy.SYS F4A94000 - \SystemRoot\system32\drivers\cmudax.sys F4A70000 - \SystemRoot\system32\drivers\portcls.sys F799E000 - \SystemRoot\system32\drivers\drmk.sys F79BE000 - \SystemRoot\System32\DRIVERS\usbhub.sys F7D74000 - \SystemRoot\System32\DRIVERS\USBD.SYS F7D1E000 - \SystemRoot\system32\drivers\MODEMCSA.sys F7B26000 - \SystemRoot\System32\DRIVERS\flpydisk.sys F7D78000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7EA4000 - \SystemRoot\System32\Drivers\Null.SYS F7D7A000 - \SystemRoot\System32\Drivers\Beep.SYS F7B36000 - \SystemRoot\System32\DRIVERS\HIDPARSE.SYS F7B3E000 - \SystemRoot\System32\drivers\vga.sys F7D7E000 - \SystemRoot\System32\Drivers\mnmdd.SYS F7D80000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F7540000 - \SystemRoot\System32\Drivers\InCDrec.SYS F49EF000 - \SystemRoot\System32\Drivers\InCDfs.SYS F7B46000 - \SystemRoot\System32\Drivers\Msfs.SYS F7B4E000 - \SystemRoot\System32\Drivers\Npfs.SYS F753C000 - \SystemRoot\System32\DRIVERS asacd.sys F49DC000 - \SystemRoot\System32\DRIVERS\ipsec.sys F79FE000 - \SystemRoot\System32\DRIVERS\msgpc.sys F4984000 - \SystemRoot\System32\DRIVERS cpip.sys F7A0E000 - \SystemRoot\System32\Drivers\aswTdi.SYS F4963000 - \SystemRoot\System32\DRIVERS\ipnat.sys F7A1E000 - \SystemRoot\System32\DRIVERS\wanarp.sys F489B000 - \SystemRoot\System32\DRIVERS etbt.sys F483C000 - \SystemRoot\System32\vsdatant.sys F7A2E000 - \SystemRoot\System32\DRIVERS\arp1394.sys F481A000 - \SystemRoot\System32\drivers\afd.sys F7A3E000 - \SystemRoot\System32\DRIVERS etbios.sys F47EF000 - \SystemRoot\System32\DRIVERS dbss.sys F4758000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys F7A5E000 - \SystemRoot\System32\Drivers\Fips.SYS F7B5E000 - \SystemRoot\System32\Drivers\Aavmker4.SYS F7504000 - \??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS F7B66000 - \SystemRoot\System32\DRIVERS\USBSTOR.SYS F6D9E000 - \SystemRoot\system32\drivers\lvusbsta.sys F74F8000 - \SystemRoot\system32\DRIVERS\usbscan.sys F7B7E000 - \SystemRoot\System32\DRIVERS\usbccgp.sys F458B000 - \SystemRoot\system32\DRIVERS\LVCM.sys F4460000 - \SystemRoot\system32\DRIVERS\lvsvf2.sys F6D8E000 - \SystemRoot\system32\DRIVERS\STREAM.SYS F6D7E000 - \SystemRoot\system32\drivers\usbaudio.sys F443D000 - \SystemRoot\System32\Drivers\Fastfat.SYS F4425000 - \SystemRoot\System32\Drivers\dump_atapi.sys F7DB6000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys F5CD3000 - \SystemRoot\System32\drivers\Dxapi.sys F7B96000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F7F4A000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32 v4_disp.dll BAF00000 - \SystemRoot\System32\DRIVERS disuio.sys BACCA000 - \SystemRoot\System32\Drivers\aswMon2.SYS BAA85000 - \SystemRoot\system32\drivers\wdmaud.sys BABFA000 - \SystemRoot\system32\drivers\sysaudio.sys BA912000 - \SystemRoot\System32\DRIVERS\mrxdav.sys F7D6A000 - \SystemRoot\System32\Drivers\ParVdm.SYS BA8A9000 - \SystemRoot\System32\Drivers\HTTP.sys BA767000 - \SystemRoot\System32\DRIVERS\srv.sys BA889000 - \SystemRoot\System32\DRIVERS\secdrv.sys BA6B7000 - \SystemRoot\System32\Drivers\Cdfs.SYS BA01C000 - \SystemRoot\System32\Drivers\aswRdr.SYS B9D8C000 - \??\C:\DOCUME~1\GATAN~1\LOCALS~1\Temp\catchme.sys B9D61000 - \SystemRoot\system32\drivers\kmixer.sys F7EC5000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 136 Liste des programmes installes Ad-Aware SE Personal Adobe Flash Player ActiveX Adobe Reader 8.1.1 - Français Agere Systems PCI Soft Modem AtomTime98 v2.2 avast! Antivirus C-Media High Definition Audio Driver CA Licensing CCleaner (remove only) Correctif pour Lecteur Windows Media 11 (KB939683) Correctif pour Windows XP (KB914440) Correctif Windows XP - KB834707 Correctif Windows XP - KB867282 Correctif Windows XP - KB873333 Correctif Windows XP - KB873339 Correctif Windows XP - KB885250 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB885884 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB887742 Correctif Windows XP - KB887797 Correctif Windows XP - KB888113 Correctif Windows XP - KB888302 Correctif Windows XP - KB890047 Correctif Windows XP - KB890175 Correctif Windows XP - KB890859 Correctif Windows XP - KB890923 Correctif Windows XP - KB891781 Correctif Windows XP - KB893066 Correctif Windows XP - KB893086 Cosmo Player 2.1 (38329) Creatix V.92 Data Fax Modem Encyclopédie Universelle Larousse EPSON TWAIN 5 Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP Free - Kit de connexion Google Earth Grand Prix 4 GTK+ 2.4.14 runtime environment HijackThis 2.0.2 Home Cinema Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB926239) InCD Information sur votre PC IrfanView (remove only) J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 4 J2SE Runtime Environment 5.0 Update 6 Java 2 Runtime Environment, SE v1.4.1_01 Java Web Start Java(TM) 6 Update 2 Java(TM) 6 Update 3 Java(TM) SE Runtime Environment 6 Update 1 Language pack for Ad-Aware SE Lecteur Windows Media 11 Logiciel QuickCam de Logitech Macromedia Shockwave Player Medion Flash XL 2.0 Microsoft Compression Client Pack 1.0 for Windows XP Microsoft FrontPage Client - French Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Premium Microsoft User-Mode Driver Framework Feature Pack 1.0 Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Step by Step Interactive Training (KB898458) Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653) Mise à jour de sécurité pour Windows XP (KB883939) Mise à jour de sécurité pour Windows XP (KB890046) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896422) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB896688) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899588) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB903235) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB905915) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB908531) Mise à jour de sécurité pour Windows XP (KB911280) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911567) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912812) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913446) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB916281) Mise à jour de sécurité pour Windows XP (KB917159) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918118) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB918899) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920214) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB921503) Mise à jour de sécurité pour Windows XP (KB921883) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour de sécurité pour Windows XP (KB922760) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923694) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924496) Mise à jour de sécurité pour Windows XP (KB924667) Mise à jour de sécurité pour Windows XP (KB925454) Mise à jour de sécurité pour Windows XP (KB925486) Mise à jour de sécurité pour Windows XP (KB925902) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour de sécurité pour Windows XP (KB926436) Mise à jour de sécurité pour Windows XP (KB927779) Mise à jour de sécurité pour Windows XP (KB927802) Mise à jour de sécurité pour Windows XP (KB928255) Mise à jour de sécurité pour Windows XP (KB928843) Mise à jour de sécurité pour Windows XP (KB929123) Mise à jour de sécurité pour Windows XP (KB930178) Mise à jour de sécurité pour Windows XP (KB931261) Mise à jour de sécurité pour Windows XP (KB931784) Mise à jour de sécurité pour Windows XP (KB932168) Mise à jour de sécurité pour Windows XP (KB933729) Mise à jour de sécurité pour Windows XP (KB935839) Mise à jour de sécurité pour Windows XP (KB935840) Mise à jour de sécurité pour Windows XP (KB936021) Mise à jour de sécurité pour Windows XP (KB938829) Mise à jour de sécurité pour Windows XP (KB941202) Mise à jour de sécurité pour Windows XP (KB943460) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB896727) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB900930) Mise à jour pour Windows XP (KB904942) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mise à jour pour Windows XP (KB927891) Mise à jour pour Windows XP (KB929338) Mise à jour pour Windows XP (KB930916) Mise à jour pour Windows XP (KB931836) Mise à jour pour Windows XP (KB933360) Mise à jour pour Windows XP (KB936357) Mise à jour pour Windows XP (KB938828) MozBackup 1.4.7 Mozilla Firefox (2.0.0.9) Mozilla Thunderbird (2.0.0.9) MSN MSXML 4.0 SP2 (KB936181) Multimedia Keyboard Driver Nero Suite NVIDIA Drivers OpenOffice.org 2.3 Picasa 2 PowerDVD PowerProducer Programme de gestion Camera de Logitech® Quick Zip 4.60.017b QuickTime QuickTime Rainlendar2 (remove only) RealPlayer Remove DivX Codec SAGEM F@st 800-908 Shareaza version 2.2.1.0 Shockwave SiSoftware Sandra Lite XIIc UltraBackup 4.25 Utilitaire de sauvegarde Windows Viewpoint Media Player Visionneuse Journal Windows Microsoft Wallpaper WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Live Messenger Windows Media Connect Windows Media Connect Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 ZoneAlarm Le volume dans le lecteur C s'appelle BOOT Le numéro de série du volume est 646C-6A9F Répertoire de C:\Program Files 25/11/2007 12:11 . 25/11/2007 12:11 .. 21/02/2005 14:42 a2 free 16/08/2007 21:05 Adobe 19/10/2005 16:18 Ahead 10/02/2007 10:38 Alwil Software 24/11/2007 19:43 a-squared Free 18/11/2007 11:17 Astase 15/09/2005 19:29 AtomTime 28/03/2005 17:12 Borland 27/12/2004 19:42 CA 12/11/2007 21:54 CCleaner 04/01/2006 10:27 Common Files 27/12/2004 22:10 CosmoSoftware 03/11/2004 05:22 CyberLink 23/11/2007 19:01 DAEMON Tools 27/12/2004 22:01 directx 23/12/2004 21:59 DivX 22/09/2005 09:30 eMule 24/11/2007 20:32 Enigma Software Group 12/01/2006 22:09 eoRezo 25/11/2007 12:11 Fichiers communs 04/06/2005 10:40 Free.fr 03/11/2007 13:33 Google 27/12/2004 20:03 Grisoft 25/06/2004 18:58 HighMAT CD Writing Wizard 03/11/2004 05:22 Home Cinema 09/01/2005 15:56 Infogrames 25/06/2004 16:54 Intel 09/10/2007 20:12 Internet Explorer 27/01/2005 19:18 IrfanView 20/10/2007 08:35 Java 07/12/2005 10:38 Java Web Start 04/11/2007 11:40 Kodak EasyShare software 21/02/2005 10:57 KONAMI 27/12/2004 22:07 Larousse 18/01/2005 22:24 Lavasoft 27/12/2004 22:27 Logitech 25/06/2004 18:24 Make bootable flashcards 07/12/2005 10:38 Messenger 01/11/2007 10:33 microsoft frontpage 01/11/2007 10:33 Microsoft Office 03/01/2006 17:55 Midnight Racing 07/12/2005 10:38 Movie Maker 18/11/2007 10:30 MozBackup 25/11/2007 17:54 Mozilla Firefox 23/11/2007 19:40 Mozilla Thunderbird 12/08/2005 10:12 MSN 25/06/2004 16:13 MSN Gaming Zone 20/03/2007 19:52 MSN Messenger 11/11/2007 10:49 MSXML 4.0 25/06/2004 17:24 MUSICMATCH 25/10/2004 17:59 NetMeeting 25/10/2004 18:08 Online Services 30/09/2007 12:05 OpenOffice.org 2.3 13/06/2007 22:31 Outlook Express 04/11/2007 09:00 Picasa2 11/01/2006 17:43 QuickTime 07/03/2007 19:33 QuickZip4 13/05/2007 10:30 Rainlendar2 08/07/2004 16:00 Real 29/10/2005 10:55 SAGEM 25/10/2004 16:59 Services en ligne 11/12/2005 19:05 Shareaza 06/11/2007 13:33 SiSoftware 03/05/2005 14:03 SmartGenealogy_V18 24/11/2007 11:24 Trend Micro 03/11/2004 05:28 Viewpoint 10/11/2007 11:10 Wallpaper 04/01/2006 09:08 WAR Soldiers 25/06/2004 17:35 Windows Journal Viewer 07/12/2005 10:38 Windows Media Connect 10/12/2006 21:57 Windows Media Connect 2 10/12/2006 22:10 Windows Media Player 25/10/2004 17:59 Windows NT 08/03/2007 15:53 WinZip 25/06/2004 16:14 xerox 07/07/2007 15:25 YesMessenger 28/03/2005 16:56 Zone Labs 0 fichier(s) 0 octets 79 Rép(s) 58 599 636 992 octets libres Le volume dans le lecteur C s'appelle BOOT Le numéro de série du volume est 646C-6A9F Répertoire de C:\Program Files\fichiers communs 25/11/2007 12:11 . 25/11/2007 12:11 .. 16/08/2007 21:06 Adobe 09/08/2004 15:45 Ahead 27/12/2004 19:43 AOL 01/11/2007 10:33 Designer 05/05/2005 18:24 DirectX 29/12/2004 21:45 GTK 14/09/2004 13:43 InstallShield 09/05/2005 08:59 Java 27/12/2004 22:27 Logitech 01/11/2007 10:33 Microsoft Shared 25/06/2004 16:13 MSSoap 08/07/2004 16:01 Nullsoft 27/12/2004 21:55 ODBC 23/03/2006 21:00 Real 25/06/2004 16:13 Services 25/06/2004 17:11 SpeechEngines 13/06/2007 22:31 System 23/03/2006 21:00 xing shared 0 fichier(s) 0 octets 20 Rép(s) 58 599 632 896 octets libres Le volume dans le lecteur C s'appelle BOOT Le numéro de série du volume est 646C-6A9F Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 25/11/2007 12:19 . 25/11/2007 12:19 .. 27/12/2004 21:55 1033 30/09/2007 12:24 1036 15/02/2001 05:45 1 318 912 MSONSEXT.DLL 03/06/1999 13:09 122 937 MSOWS409.DLL 07/03/2001 08:00 127 033 MSOWS40c.DLL 22/01/2001 03:25 86 016 PKMWS.DLL 4 fichier(s) 1 654 898 octets 4 Rép(s) 58 599 632 896 octets libres Le volume dans le lecteur C s'appelle BOOT Le numéro de série du volume est 646C-6A9F Répertoire de C:\Program Files\common files 04/01/2006 10:27 . 04/01/2006 10:27 .. 04/01/2006 10:27 EasyInfo 0 fichier(s) 0 octets 3 Rép(s) 58 599 632 896 octets libres Le volume dans le lecteur C s'appelle BOOT Le numéro de série du volume est 646C-6A9F Répertoire de C:\ 24/05/2001 11:59 162 304 UNWISE.EXE 1 fichier(s) 162 304 octets 0 Rép(s) 58 599 632 896 octets libres c:\Documents and Settings\Gaëtan\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe c:\Documents and Settings\Gaëtan\Application Data\EoRezo mp.exe c:\Documents and Settings\Gaëtan\Bureau\ComboFix.exe c:\Documents and Settings\Gaëtan\Bureau\HJTInstall.exe c:\Documents and Settings\Gaëtan\Mes documents\Firetune\FireTune.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Everest 3.50 Ultimate\everestultimate350.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO\appli microshop\microshop.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO\Cryptage\bin\Cryptage.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO\Cryptage\obj\Debug\Cryptage.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO\microshop console\principale\bin\principale.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO\microshop console\principale\obj\Debug\principale.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO\microshop console\principale\obj\Release\principale.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO\microshop windows\appliWindows.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO estAdoConnecté\WindowsApplication7\bin\WindowsApplication7.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO estAdoConnecté\WindowsApplication7\obj\Debug\WindowsApplication7.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO estAdodéConnecté\WindowsApplication7\bin\WindowsApplication7.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO estAdodéConnecté\WindowsApplication7\obj\Debug\WindowsApplication7.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO\TestMVC\TestMVC_appli_console\bin\TestMVC_appli.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO\TestMVC\TestMVC_appli_console\obj\Debug\TestMVC_appli.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO p InputBox\bin p InputBox.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\Module II - POO p InputBox\obj\Debug p InputBox.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\RUP Complet\RUP_Eval\applet\AppletJreConsole.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\TP QCM\jakarta-tomcat-4.1.31-LE-jdk14.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\TP QCM\jdk-1_5_0_07-windows-i586-p.exe c:\Documents and Settings\Gaëtan\Mes documents\Importants\Gaëtan\GGaudin\TP QCM\StarUML-5.0-with-cm.exe c:\Documents and Settings\Gaëtan\Mes documents\Moins importants\Mes vidéos\LineRider_beta.exe c:\Documents and Settings\Gaëtan\Mes documents\Moins importants\Scanner Marie-Chantal\sj652fr.exe c:\Documents and Settings\Gaëtan\Mes documents\Moins importants\Scanner Marie-Chantal\sj700fr.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\USMT\iconlib.dll c:\Documents and Settings\Gaëtan\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\Gaëtan\Application Data\Mozilla\Firefox\Profiles\wa5km24g.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll c:\Documents and Settings\Gaëtan\Application Data\Mozilla\Firefox\Profiles\wa5km24g.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll c:\Documents and Settings\Gaëtan\Application Data\SystemRequirementsLab\SRLProxyI.dll c:\Documents and Settings\Gaëtan\Application Data\SystemRequirementsLab\SRLProxyJ.dll c:\Documents and Settings\Gaëtan\Application Data\SystemRequirementsLab\SRLProxyK.dll c:\Documents and Settings\Gaëtan\Application Data\SystemRequirementsLab\SRLProxyL.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_STEPH-GAËTAN.tar.gz a l'adresse http://upload.malekal.com

Gaëtan · Answer

Rapport SReng : [CODE] 2007-11-25,18:21:15 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed Follow item(s) have been choosed: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Runing Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Process Privileges Scan Boot Items Registry [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Publisher] <"C:\Program Files\Rainlendar2\Rainlendar2.exe"> [] <"C:\Program Files\Wallpaper\Wallpaper.exe" Starter> [N/A] <; C:\Program Files\Windows Media Player\WMPNSCFG.exe> [(Verified)Microsoft Windows Component Publisher] <"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033> [(Verified)DAEMON Tools Code Signing Services] <; C:\Documents and Settings\Gaëtan\Local Settings\Temporary Internet Files\Content.IE5\E27ODY7W\Diddl_Scr[1].exe> [N/A] <; "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot> [N/A] <; C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [Ahead Software Gmbh] [N/A] [ICSI Technology Ltd.] [] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [Logitech Inc.] <"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."] <> [N/A] <> [N/A] <> [N/A] <"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"> [(Verified)Check Point Software Technologies Ltd.] [(Verified)ALWIL Software] <"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"> [(Verified)Check Point Software Technologies Ltd.] <"RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Publisher] <"nwiz.exe" /install> [] <"RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Hardware Compatibility Publisher] <; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"] <; C:\sj652\hpupdate.exe 3400C> [N/A] <; C:\Program Files\Ahead\InCD\InCD.exe> [Nero AG] <; C:\Program Files\Logitech\Video\ISStart.exe > [Logitech Inc.] <; C:\Program Files\Logitech\Video\LogiTray.exe> [Logitech Inc.] <; "C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows XP Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\°€€] <°€€> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32 egsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32 hemeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}] [(Verified)Microsoft Windows Publisher] ================================== Startup Folders N/A ================================== Services [Gestion d'applications / AppMgmt][Stopped/Manual Start] %SystemRoot%\System32\appmgmts.dll> [avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"> [avast! Antivirus / avast! Antivirus][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"> [avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service> [avast! Web Scanner / avast! Web Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service> [Client de licence CA / CA_LIC_CLNT][Stopped/Manual Start] [Serveur de licence CA / CA_LIC_SRVR][Stopped/Manual Start] [Google Updater Service / gusvc][Stopped/Manual Start] <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"> [InstallDriver Table Manager / IDriverT][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"> [InCD Helper / InCDsrv][Running/Auto Start] [Event Log Watch / LogWatch][Running/Auto Start] [Machine Debug Manager / MDM][Running/Auto Start] <"C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"> [NVIDIA Display Driver Service / NVSvc][Running/Auto Start] [SiSoftware Database Agent Service / SandraDataSrv][Stopped/Manual Start] [SiSoftware Sandra Agent Service / SandraTheSrv][Stopped/Manual Start] [TrueVector Internet Monitor / vsmon][Running/Auto Start] [Windows Media Connect (WMC) / WmcCds][Stopped/Manual Start] [Aide de Windows Media Connect (WMC) / WmcCdsLs][Stopped/Manual Start] ================================== Drivers [General Purpose USB Driver (adildr.sys) / ADILOADER][Stopped/Auto Start] [USB ADSL LAN Adapter / adiusbae][Stopped/Manual Start] [USB ADSL WAN Adapter / adiusbaw][Stopped/Manual Start] [Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start] [Card Reader Filter / CardReaderFilter][Running/Manual Start] <\??\C:\WINDOWS\system32\Drivers\USBCRFT.SYS> [catchme / catchme][Running/Manual Start] <\??\C:\DOCUME~1\GATAN~1\LOCALS~1\Temp\catchme.sys> [C-Media High Definition Audio Interface / cmudax][Running/Manual Start]

[Pilote de la carte EtherLink XL 90XB/C 3Com / EL90XBC][Stopped/Manual Start] <3Com Corporation> [Carte réseau virtuelle FreeBox USB / fbxusb][Stopped/Manual Start] [VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start] [Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start] [Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start] [InCDPass / InCDPass][Running/System Start] [Logitech USB Monitor Filter / LVUSBSta][Running/Manual Start] [NTSIM / NTSIM][Stopped/Manual Start] <\??\C:\WINDOWS\System32 tsim.sys> [nv / nv][Running/Manual Start] [Padus ASPI Shell / pfc][Running/Manual Start] [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [Logitech QuickCam Communicate / QCMerced][Running/Manual Start] <> [Secdrv / Secdrv][Running/Auto Start] [Pilote de filtrage Sony USB (SONYPVU1) / SONYPVU1][Stopped/Manual Start] [sptd / sptd][Running/Boot Start] <\SystemRoot\System32\Drivers\sptd.sys> [srescan / srescan][Running/Boot Start] <\SystemRoot\system32\ZoneLabs\srescan.sys> [UKBFLT / UKBFLT][Stopped/Manual Start] [vsdatant / vsdatant][Running/System Start] [WAN Miniport (ATW) / wanatw][Stopped/Manual Start] [World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start] ================================== Browser Add-ons [Aide pour le lien d'Adobe PDF Reader] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [EoBho Class] {64F56FC1-1272-44CD-BA6E-39723696E350} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [Java Plug-in 1.6.0_03] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [Real.com] {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [] {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} [Shockwave ActiveX Control] {166B1BCA-3F9C-11CF-8075-444553540000} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [telechargement-photoweb] {68C1822F-F5C7-4404-A73F-03C10E0E94DA} [Java Plug-in 1.6.0_03] {8AD9C840-044E-11D1-B3E9-00805F499D93} [Java Plug-in 1.5.0_04] {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} [Java Plug-in 1.5.0_06] {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [Java Plug-in 1.5.0_10] {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [Java Plug-in 1.6.0_01] {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [Java Plug-in 1.6.0_02] {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [Java Plug-in 1.6.0_03] {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [Java Plug-in 1.6.0_03] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [QuickTime Object] {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [Aide pour le lien d'Adobe PDF Reader] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [XML DOM Document] {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A> [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [EoBho Class] {64F56FC1-1272-44CD-BA6E-39723696E350} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [QuickTimeCheck Class] {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} [] {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A> [XML DOM Document] {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A> [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A> [&Recherche AOL Toolbar] [&Search] ================================== Running Processes [PID: 476 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 552 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 576 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 620 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)] [PID: 656 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 808 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 852 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 920 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [PID: 940 / SYSTEM][C:\Program Files\Ahead\InCD\InCDsrv.exe] [Nero AG, 4, 3, 20, 1] [C:\Program Files\Fichiers communs\Ahead\Lib\DriveLocker.dll] [Ahead Software AG, 1, 0, 0, 17] [C:\Program Files\Ahead\InCD\incdshx.dll] [Nero AG, 4, 3, 20, 1] [PID: 1020 / SERVICE RÉSEAU][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1164 / SERVICE LOCAL][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [PID: 1252 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1074, 0] [PID: 1324 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1074, 0] [PID: 1460 / Gaëtan][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\PROGRA~1\WINDOW~2\wmpband.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Logitech\Video\AlbuDBps.dll] [Logitech Inc., 8.4.1.1092] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0] [C:\WINDOWS\system32\lvcodec2.dll] [Logitech Inc., 8.4.1.1092] [C:\WINDOWS\system32 ssoft32.acm] [DSP GROUP, INC., 1.01] [C:\WINDOWS\system32 sd32.dll] [, ] [PID: 1660 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\CNBJMON2.DLL] [Microsoft Corporation, 5.1.2600.2079 built by: xpsp(skatari)] [PID: 1076 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1156 / SYSTEM][C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe] [Computer Associates, 1.52] [C:\Program Files\CA\SharedComponents\CA_LIC\lic98.dll] [Computer Associates, 01.52] [PID: 1384 / SYSTEM][C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe] [Microsoft Corporation, 7.10.3077] [C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\1036\mdmui.dll] [Microsoft Corporation, 7.10.3077] [PID: 2224 / SYSTEM][C:\WINDOWS\system32 vsvc32.exe] [NVIDIA Corporation, 6.14.11.6375] [C:\WINDOWS\system32 vapi.dll] [NVIDIA Corporation, 6.14.11.6375] [PID: 2276 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\escwiad.dll] [SEIKO EPSON CORP., 1.00] [PID: 2572 / Gaëtan][C:\WINDOWS\system32\RunDll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system\cmicnfg.cpl] [C-Media Corporation, 1, 0, 43, 4] [C:\WINDOWS\System32\udaprop.dll] [C-Media Corporation, 1.0.2.3] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 2596 / Gaëtan][C:\WINDOWS\Dit.exe] [ICSI Technology Ltd., V2.01.0402] [PID: 2608 / Gaëtan][C:\WINDOWS\zHotkey.exe] [, 3, 0, 0, 7] [C:\WINDOWS\HKNTDLL.dll] [N/A, ] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 2624 / Gaëtan][C:\WINDOWS\AGRSMMSG.exe] [Agere Systems, 2.1.51 2.1.51 03/04/2005 12:01:54] [PID: 2648 / Gaëtan][C:\WINDOWS\system32\LVCOMSX.EXE] [Logitech Inc., 8.4.1.1092] [C:\WINDOWS\system32\lvmaenum.dll] [Logitech Inc., 8.4.1.1092] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\lvcomcx.dll] [Logitech Inc., 8.4.1.1092] [PID: 2676 / Gaëtan][C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.30.5] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [PID: 2724 / Gaëtan][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1074, 0] [c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1074, 0] [c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1074, 0] [c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)] [c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1074, 0] [c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1074, 0] [c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1074, 0] [PID: 2792 / Gaëtan][C:\WINDOWS\system32\RUNDLL32.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\NvMcTray.dll] [NVIDIA Corporation, 6.14.11.6375] [C:\WINDOWS\system32 vapi.dll] [NVIDIA Corporation, 6.14.11.6375] [C:\WINDOWS\system32\NVRSFR.DLL] [NVIDIA Corporation, 6.14.11.6375] [PID: 2880 / Gaëtan][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2920 / Gaëtan][C:\Program Files\Rainlendar2\Rainlendar2.exe] [, 2, 0, 2, 0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Rainlendar2\plugins\iCalendarPlugin.dll] [N/A, ] [PID: 2932 / Gaëtan][C:\Program Files\Wallpaper\Wallpaper.exe] [, 5.00.0003] [C:\WINDOWS\system32\MSVBVM60.DLL] [Microsoft Corporation, 6.00.9782] [C:\WINDOWS\system32\VB6FR.DLL] [Microsoft Corporation, 6.00.8988] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\comdlg32.ocx] [Microsoft Corporation, 6.00.8418] [PID: 2960 / Gaëtan][C:\Program Files\DAEMON Tools\daemon.exe] [DT Soft Ltd., 4.09.0.0] [C:\Program Files\DAEMON Tools\daemon.dll] [DT Soft Ltd., 4.09.1.0] [C:\Program Files\DAEMON Tools\Plugins\Images\bw5mount.dll] [, 1.1.3.0] [C:\Program Files\DAEMON Tools\Plugins\Images\bwtmount.dll] [DT Soft Ltd., 1.00.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images\ccdmount.dll] [DT Soft Ltd., 1.10.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images\cuemount.dll] [DT Soft Ltd., 1.02.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images\iszmount.dll] [DT Soft Ltd., 1.02.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images\mdsmount.dll] [DT Soft Ltd., 1.22.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images rgmount.dll] [DT Soft Ltd., 1.12.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images\pdimount.dll] [DT Soft Ltd., 1.01.0.0] [C:\Program Files\DAEMON Tools\Plugins\Images\pfcmount.dll] [DT Soft Ltd., 1.00.0.0] [C:\Program Files\DAEMON Tools\pfctoc.dll] [Padus(R), Inc., 1, 0, 0, 12] [PID: 3424 / SERVICE RÉSEAU][C:\Program Files\Windows Media Player\WMPNetwk.exe] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\wmpmde.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\MFPlat.DLL] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\wmpps.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [PID: 3688 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 7, 1074, 0] [PID: 3916 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 7, 1074, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1074, 0] [PID: 3980 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 7680 / Gaëtan][C:\Program Files\QuickZip4\QuickZip.exe] [N/A, ] [C:\WINDOWS\system32\Msdmo.dll] [, ] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [PID: 4696 / Gaëtan][C:\DOCUME~1\GATAN~1\LOCALS~1\Temp\QZTEMP\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)] ================================== File Associations .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock Provider N/A ================================== Autorun.Inf N/A ================================== HOSTS File 127.0.0.1 localhost ================================== Process Privileges Scan Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2596, C:\WINDOWS\DIT.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2608, C:\WINDOWS\ZHOTKEY.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2648, C:\WINDOWS\SYSTEM32\LVCOMSX.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2920, C:\PROGRAM FILES\RAINLENDAR2\RAINLENDAR2.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2932, C:\PROGRAM FILES\WALLPAPER\WALLPAPER.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 7680, C:\PROGRAM FILES\QUICKZIP4\QUICKZIP.EXE] ================================== API HOOK N/A ================================== Hidden Process N/A ================================== [/CODE]

Gaëtan · Answer

Rapport PCA :

# PCA Sécurité V 1.0.2, (fichier LOG).
# Rapport du  :25/11/2007 18:21:56
Microsoft Windows XP  Service Pack 2
 
==>> Processus <==
\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Wallpaper\Wallpaper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Logitech\Video\AlbumDB2.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PCA\pca.exe
 
//pages de démarrage et de recherche d'Internet Explorer
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Start Page = https://www.msn.com/fr-fr/?ocid=iehp
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
RO - HKCU\Software\Microsoft\Internet Explorer\Main\Start Page = https://news.google.com/topstories?hl=fr&gl=FR&ceid=FR:fr
RO - HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
//applications lancées depuis system.ini,win.ini 
//03 - Browser Helper Objects (BHOs)
02 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
02 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL
02 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
02 - BHO:  - {7E853D72-626A-48EC-A868-BA8D5E23E045} - 
//04 - applications chargées automatiquement
04 - HKLM\..\RUN: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe
04 - HKLM\..\RUN: [Cmaudio] - RunDll32 cmicnfg.cpl,CMICtrlWnd
04 - HKLM\..\RUN: [Dit] - Dit.exe
04 - HKLM\..\RUN: [CHotkey] - zHotkey.exe
04 - HKLM\..\RUN: [AGRSMMSG] - AGRSMMSG.exe
04 - HKLM\..\RUN: [LVCOMSX] - C:\WINDOWS\system32\LVCOMSX.EXE
04 - HKLM\..\RUN: [SunJavaUpdateSched] - "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
04 - HKLM\..\RUN: [EoEngine] - 
04 - HKLM\..\RUN: [EoWeather] - 
04 - HKLM\..\RUN: [EoClock] - 
04 - HKLM\..\RUN: [Zone Labs Client] - "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
04 - HKLM\..\RUN: [avast!] - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
04 - HKLM\..\RUN: [ZoneAlarm Client] - "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
04 - HKLM\..\RUN: [NvCplDaemon] - "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKLM\..\RUN: [nwiz] - "nwiz.exe" /install
04 - HKLM\..\RUN: [NvMediaCenter] - "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
04 - HKLM\..\RUN: [Adobe Reader Speed Launcher] - ; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
04 - HKLM\..\RUN: [HP Update 3400C] - ; C:\sj652\hpupdate.exe 3400C
04 - HKLM\..\RUN: [InCD] - ; C:\Program Files\Ahead\InCD\InCD.exe
04 - HKLM\..\RUN: [LogitechVideoRepair] - ; C:\Program Files\Logitech\Video\ISStart.exe 
04 - HKLM\..\RUN: [LogitechVideoTray] - ; C:\Program Files\Logitech\Video\LogiTray.exe
04 - HKLM\..\RUN: [QuickTime Task] - ; "C:\Program Files\QuickTime\qttask.exe" -atboottime
04 - HKLU\..\RUN: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
04 - HKLU\..\RUN: [Rainlendar2] - "C:\Program Files\Rainlendar2\Rainlendar2.exe"
04 - HKLU\..\RUN: [Wallpaper] - "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
04 - HKLU\..\RUN: [WMPNSCFG] - ; C:\Program Files\Windows Media Player\WMPNSCFG.exe
04 - HKLU\..\RUN: [DAEMON Tools] - "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
04 - HKLU\..\RUN: [Diddl_Scr.exe] - ; C:\Documents and Settings\Gaëtan\Local Settings\Temporary Internet Files\Content.IE5\E27ODY7W\Diddl_Scr[1].exe
04 - HKLU\..\RUN: [LogitechSoftwareUpdate] - ; "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
04 - HKLU\..\RUN: [Uniblue RegistryBooster 2] - ; C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
04 - HKUS\S-1-5-18\..\RUN: [CTFMON.EXE] - C:\WINDOWS\system32\NeroCheck.exe
04 - HKUS\S-1-5-19\..\RUN: [CTFMON.EXE] - C:\WINDOWS\system32\NeroCheck.exe
04 - HKUS\S-1-5-20\..\RUN: [CTFMON.EXE] - C:\WINDOWS\system32\NeroCheck.exe
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [ctfmon.exe] - C:\WINDOWS\system32\NeroCheck.exe
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [Rainlendar2] - RunDll32 cmicnfg.cpl,CMICtrlWnd
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [Wallpaper] - Dit.exe
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [WMPNSCFG] - zHotkey.exe
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [DAEMON Tools] - AGRSMMSG.exe
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [Diddl_Scr.exe] - C:\WINDOWS\system32\LVCOMSX.EXE
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [LogitechSoftwareUpdate] - "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [Uniblue RegistryBooster 2] - 
//05 - Accès au panneau de contrôle d'Internet Explorer (control.ini) 
//06-  interdiction à l' accès au options (Internet Explorer) 
//07 -  blocage de l'exécution de Regedit 
//08 - lignes supplémentaires dans le menu contextuel d'Internet Explorer
08 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
08 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb001YYFR
//09 - boutons situés sur la barre d'outils principale d'Internet Explorer
09 - Extra button:  - CmdMapping - 
09 - Extra 'Tools' menuitem:  - CmdMapping - 
09 - Extra button:  - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
09 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
09 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 
09 - Extra 'Tools' menuitem:  - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 
09 - Extra button:  - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
09 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
//O10 - Pirates de Winsock
//O11 - Onglet supplémentaire dans les options avancées d'Internet Explorer) 
O11 - Options group: [INTERNATIONAL] - International*
//O12 - IE plugins
O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS
pqtplugin.dll
O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS
pqtplugin2.dll
O12 - IE plugins : C:\Program Files\Internet Explorer\PLUGINS
pqtplugin3.dll
//013 : DefaultPrefix 
//014 - Option : (Rétablir les paramètres Web) 
//015 - Zone de confiance d'Internet Explorer
//O16 - Objets ActiveX
O16 - DPF :   - DirectAnimation Java Classes - 
O16 - DPF :   - Microsoft XML Parser for Java - 
O16 - DPF :  Shockwave ActiveX Control - {166B1BCA-3F9C-11CF-8075-444553540000} - C:\WINDOWS\system32\macromed\Director\SwDir.dll
O16 - DPF :  WUWebControl Class - {6414512B-B978-451D-A0D8-FCFDF33E833C} - C:\WINDOWS\system32\wuweb.dll
O16 - DPF :  telechargement-photoweb - {68C1822F-F5C7-4404-A73F-03C10E0E94DA} - C:\WINDOWS\Downloaded Program Files	elechargement-photoweb.ocx
O16 - DPF :  Shockwave Flash Object - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx
//O17 - piratage de domaine Lop.com
//O18 - protocoles additionnels
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - 
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
//O19 - feuille de style de l'utilisateur
//O20 - valeur de Registre AppInit_DLLs et les sous-clés Winlogon Notify
//O21 - ShellServiceObjectDelayLoad
//O22 - SharedTaskScheduler
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\System32\browseui.dll
//O23 - services de XP,NT, 2000, et 2003
O23 - Service: [Service de la passerelle de la couche Application] - %SystemRoot%\System32\alg.exe
O23 - Service: [avast! iAVS4 Control Service] - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
O23 - Service: [avast! Antivirus] - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
O23 - Service: [avast! Mail Scanner] - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
O23 - Service: [avast! Web Scanner] - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
O23 - Service: [Client de licence CA] - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: [Serveur de licence CA] - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: [Gestionnaire de l'Album] - %SystemRoot%\system32\clipsrv.exe
O23 - Service: [Application système COM+] - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: [Fax] - %systemroot%\system32\fxssvc.exe
O23 - Service: [Google Updater Service] - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
O23 - Service: [InstallDriver Table Manager] - "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: [Service COM de gravage de CD IMAPI] - 
O23 - Service: [InCD Helper] - 
O23 - Service: [Event Log Watch] - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: [Machine Debug Manager] - "C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"
O23 - Service: [Partage de Bureau à distance NetMeeting] - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: [Distributed Transaction Coordinator] - C:\WINDOWS\system32\msdtc.exe
O23 - Service: [NVIDIA Display Driver Service] - %SystemRoot%\system32
vsvc32.exe
O23 - Service: [Gestionnaire de session d'aide sur le Bureau à distance] - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: [Localisateur d'appels de procédure distante (RPC)] - %SystemRoot%\System32\locator.exe
O23 - Service: [QoS RSVP] - %SystemRoot%\System32svp.exe
O23 - Service: [SiSoftware Database Agent Service] - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: [SiSoftware Sandra Agent Service] - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: [Spouleur d'impression] - %SystemRoot%\system32\spoolsv.exe
O23 - Service: [MS Software Shadow Copy Provider] - C:\WINDOWS\System32\dllhost.exe /Processid:{DB0CDB63-F5CF-4D8E-910E-E037CBFB0C95}
O23 - Service: [Journaux et alertes de performance] - %SystemRoot%\system32\smlogsvc.exe
O23 - Service: [Uninterruptible Power Supply] - %SystemRoot%\System32\ups.exe
O23 - Service: [Service Messenger Sharing Folders USN Journal Reader] - "C:\Program Files\MSN Messenger\usnsvc.exe"
O23 - Service: [TrueVector Internet Monitor] - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
O23 - Service: [Cliché instantané de volume] - %SystemRoot%\System32\vssvc.exe
O23 - Service: [Windows Media Connect (WMC)] - c:\program files\windows media connect\mswmccds.exe
O23 - Service: [Aide de Windows Media Connect (WMC)] - C:\Program Files\Windows Media Connect\mswmcls.exe
O23 - Service: [Carte de performance WMI] - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: [Service Partage réseau du Lecteur Windows Media] - "C:\Program Files\Windows Media Player\WMPNetwk.exe"

Gaëtan · Answer

J'ai relancé Ad-aware, il ne trouve plus aucun fichier infecté, tout est propre !!!
Super !!!
Merci beaucoup FillPCA, vraiment !!!
Si tu es de Nantes ou si tu viens sur Nantes, dis-le moi, je t'offrirais un verre avec plaisir...
et merci encore...

FillPCA · Answer

Re,

Je suis pas trop loin, mais du Finistère, donc pour boire un coup, ça fait pas mal de route.

Attends car il en reste.

J'examine ceci.

FillPCA

FillPCA · Answer

Re,

1. Télécharger The Avenger par Swandog46 sur votre Bureau : 
http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/
·	Click sur Avenger.zip pour ouvrir le fichier
·	Extraire avenger.exe sur votre bureau

2. Copier tout le texte de la boîte ci-dessous : mettre en surbrillance et appuyer sur les touches(Ctrl+C):


Registry keys to delete:
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\°€€] 

Files to delete:
C:\WINDOWS\system32\74.tmp
C:\WINDOWS\system32\72.tmp
C:\WINDOWS\system32\70.tmp
C:\WINDOWS\system32\6E.tmp
C:\WINDOWS\system32\6C.tmp
C:\WINDOWS\system32\6A.tmp 


Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.

3. Maintenant, lancer The Avenger en cliquant sur son icône du bureau.
·	Sous "Script file to execute" choisir "Input Script Manually".
·	Puis cliquer sur l'icône en forme de loupe qui va ouvrir une nouvelle fenêtre "View/edit script"
·	Dans cette fenêtre, coller le texte précedemment copié sur le bureau par les touches (Ctrl+V).
·	Cliquer Done
·	ensuite cliquer sur l'icône en forme de Feu Vert pour démarrer l'exécution du script
·	Répondre "Yes" deux fois quand demandé.
4. The Avenger va automatiquement faire ce qui suit:
·	Il va Re-démarrer le système. ( Dans les cas où le script contient un/des "Drivers to Unload", The Avenger re-démarrera votre système 2 fois.)
·	Pendant le re-démarrage, il apparaitra brièvement une fenêtre de commande de windows noire sur votre bureau, ceci est NORMAL.
·	Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
·	The Avenger aura également sauvegardé tous les fichiers, etc., que vous lui avez demandé de supprimer, les aura compactés (zipped) et tranféré l'archive zip ici C:\avenger\backup.zip.
5. Pour finir copier/coller le contenu du ficher c:\avenger.txt dans votre réponse avec un nouveau log HijackThis en utilisant REPONDRE

FillPCA

Gaëtan · Answer

Rapport Avenger :

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vjbxnhvp

*******************

Script file located at: \??\C:\Documents and Settings\uvlavlhv.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\74.tmp deleted successfully.
File C:\WINDOWS\system32\72.tmp deleted successfully.
File C:\WINDOWS\system32\70.tmp deleted successfully.
File C:\WINDOWS\system32\6E.tmp deleted successfully.
File C:\WINDOWS\system32\6C.tmp deleted successfully.
File C:\WINDOWS\system32\6A.tmp deleted successfully.


Could not open registry key [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\°€€] for deletion
Deletion of registry key [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\°€€] failed!
Status: 0xc000003b


Completed script processing.

*******************

Finished!  Terminate.

Gaëtan · Answer

Rapport HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:27, on 25/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Wallpaper\Wallpaper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://news.google.com/topstories?hl=fr&gl=FR&ceid=FR:fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] ; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Update 3400C] ; C:\sj652\hpupdate.exe 3400C
O4 - HKLM\..\Run: [InCD] ; C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] ; C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] ; C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] "C:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKCU\..\Run: [WMPNSCFG] ; C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Diddl_Scr.exe] ; C:\Documents and Settings\Gaëtan\Local Settings\Temporary Internet Files\Content.IE5\E27ODY7W\Diddl_Scr[1].exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] ; "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] ; C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb001YYFR
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - 
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093333169531
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www2.photoweb.fr/telechargement/Photoweb_uploader.cab
O20 - Winlogon Notify: °€€ - °€€ (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

FillPCA · Answer

Re,

Edite : J'ai modifié la procédure.

Oula. Elle est toujours là cette clé. 

1/ # Télécharge SDFix (créé par Andy Manchesta) et sauvegarde le sur ton Bureau : http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
# Imprime ceci.
# Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

    * Redémarre ton ordinateur.
    * Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (ou F5).
    * A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    * Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    * Choisis ton compte.

# Déroule la liste des instructions ci-dessous :

    * En mode sans échec, double-clique sur le fichier SDFix.exe et clique sur install,
    * Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le script.
    * Appuie sur Y pour commencer le script.
    * Il va supprimer les services de certains trojans, effectuera aussi quelques réparations du Registre et il te demandera d'appuyer sur une touche pour redémarrer.
    * Appuie sur une touche pour redémarrer le PC.
    * Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    * Après le chargement du Bureau, l'outil terminera son travail et affichera Finished
    * Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    * Enfin, ouvre le dossier de SDFix sur ton Bureau et copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

2/ Supprime combofix de ton bureau puis vide la corbeille.

3/ Ouvre PCA
# Clique sur l'onglet  "diagnostic du PC" puis "analyser".
# Laisse l'analyse se dérouler. Cela ne prend que quelques secondes.
# Clique sur "enregistrer le rapport" en bas à droite et sauvegarde-le sur le bureau.
# Edite le contenu de ce rapport dans ta prochaine réponse. Il se nomme PCA_LOG.txt
Coche cette ligne :

O20 - Winlogon Notify: °€€ - °€€ (file missing) 

Clique sur "réparer les éléments sélectionnés".

Edite le rapport Sdfix et un nouveau rapport PCA.

FillPCA

FillPCA

Gaëtan · Answer

Rapport SDFIX :

SDFix: Version 1.115

Run by Gaëtan on 25/11/2007 at 19:28

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services: 


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

Trojan Files Found:

C:\168482~1 - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 19:32:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ed,94,61,d5,3f,ba,6b,4e,24,9e,e7,40,f0,69,34,8e,71,0c,04,fd,77,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,94,c3,98,d9,55,65,c6,b5,f4,d8,46,61,68,77,71,94,7a,..
"khjeh"=hex:08,a3,78,eb,e9,40,2b,8b,63,86,ed,2e,2d,5b,6c,70,b0,7b,35,94,bd,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3a,f3,95,8e,79,7f,d9,08,4e,75,87,c3,9a,08,57,d8,2a,86,41,2c,53,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Lsa]
"LsaPid"=dword:00000280
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Watchdog\Display]
"ShutdownCount"=dword:000005c5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\ACPI\PNPA000\4&5d18f2df&0]
"Service"="azxsbejw"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Epoch]
"Epoch"=dword:00002cdc
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:ed,94,61,d5,3f,ba,6b,4e,24,9e,e7,40,f0,69,34,8e,71,0c,04,fd,77,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,94,c3,98,d9,55,65,c6,b5,f4,d8,46,61,68,77,71,94,7a,..
"khjeh"=hex:08,a3,78,eb,e9,40,2b,8b,63,86,ed,2e,2d,5b,6c,70,b0,7b,35,94,bd,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:3a,f3,95,8e,79,7f,d9,08,4e,75,87,c3,9a,08,57,d8,2a,86,41,2c,53,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{678671A2-811F-4382-B566-9C427F79943C}]
"LeaseObtainedTime"=dword:4749ba48
"T1"=dword:474e5788
"T2"=dword:4751cd78
"LeaseTerminatesTime"=dword:4752f4c8
"DhcpRetryTime"=dword:00049d3e
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{678671A2-811F-4382-B566-9C427F79943C}\Parameters\Tcpip]
"LeaseObtainedTime"=dword:4749ba48
"T1"=dword:474e5788
"T2"=dword:4751cd78
"LeaseTerminatesTime"=dword:4752f4c8

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat  3 Nov 2007     6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Fri 20 May 2005         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 10 Dec 2006             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 19 Aug 2005     2,160,128 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\Ga‰tan\~WRL1819.tmp"
Tue 28 Sep 2004     2,021,888 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL0032.tmp"
Fri  1 Oct 2004     2,782,720 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL0289.tmp"
Mon  4 Oct 2004     3,615,744 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL0355.tmp"
Tue  5 Oct 2004     3,646,976 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL0416.tmp"
Tue  5 Oct 2004     3,646,976 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL0594.tmp"
Fri  8 Oct 2004     4,808,192 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL0681.tmp"
Fri  1 Oct 2004     2,782,208 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL0908.tmp"
Sun  3 Oct 2004     3,547,136 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL0997.tmp"
Thu 30 Sep 2004     2,449,920 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL1084.tmp"
Mon 27 Sep 2004       876,544 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL1257.tmp"
Mon  4 Oct 2004     3,686,912 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL1367.tmp"
Mon  4 Oct 2004     3,613,184 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL1491.tmp"
Mon 20 Sep 2004        47,616 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL1792.tmp"
Sun  3 Oct 2004     2,827,776 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL2047.tmp"
Tue 21 Sep 2004       829,952 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL2254.tmp"
Wed 22 Sep 2004       846,848 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL2273.tmp"
Thu  7 Oct 2004     4,782,592 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL2377.tmp"
Thu 23 Sep 2004       847,872 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL2678.tmp"
Mon 27 Sep 2004       883,712 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL2933.tmp"
Sun 19 Sep 2004        45,568 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL3014.tmp"
Fri  8 Oct 2004     5,096,448 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL3542.tmp"
Wed 29 Sep 2004     4,167,168 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL4002.tmp"
Wed 29 Sep 2004     4,173,824 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL4055.tmp"
Fri  8 Oct 2004     6,900,224 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\M‚moire Agritourisme\~WRL4075.tmp"
Sun 29 Feb 2004        19,968 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\~WRL0928.tmp"
Sun 25 Jun 2006        54,520 A..H. --- "C:\Documents and Settings\All Users\Application Data\Microsoft\visualstudio\7.1\vs000223.tmp"
Tue 15 Jun 2004        56,832 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0001.tmp"
Fri 18 Jun 2004     1,883,136 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0003.tmp"
Thu 17 Jun 2004        70,656 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0004.tmp"
Fri 18 Jun 2004     2,665,984 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0107.tmp"
Thu 17 Jun 2004       749,056 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0119.tmp"
Thu 17 Jun 2004     1,652,736 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0318.tmp"
Thu 17 Jun 2004     1,882,624 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0361.tmp"
Fri 18 Jun 2004     1,908,224 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0385.tmp"
Fri 18 Jun 2004     1,896,448 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0402.tmp"
Fri 18 Jun 2004     1,890,304 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0403.tmp"
Fri 18 Jun 2004     1,890,304 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0436.tmp"
Fri 18 Jun 2004     1,882,624 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0452.tmp"
Fri 18 Jun 2004     1,891,840 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0498.tmp"
Fri 18 Jun 2004     2,667,008 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0541.tmp"
Fri 18 Jun 2004     1,894,400 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0577.tmp"
Fri 18 Jun 2004     2,666,496 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0590.tmp"
Thu 17 Jun 2004     1,652,224 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0614.tmp"
Fri 18 Jun 2004     1,891,840 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0673.tmp"
Thu 17 Jun 2004       749,056 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0694.tmp"
Fri 18 Jun 2004     1,909,760 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0765.tmp"
Fri 18 Jun 2004     2,667,520 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL0821.tmp"
Fri 18 Jun 2004     1,883,136 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1081.tmp"
Fri 18 Jun 2004     1,901,056 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1082.tmp"
Fri 18 Jun 2004     1,894,912 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1107.tmp"
Fri 18 Jun 2004     1,906,176 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1134.tmp"
Fri 18 Jun 2004     1,904,128 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1232.tmp"
Thu 17 Jun 2004       377,856 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1242.tmp"
Fri 18 Jun 2004     1,897,472 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1243.tmp"
Thu 17 Jun 2004       749,056 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1403.tmp"
Wed 16 Jun 2004        56,832 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1417.tmp"
Thu 17 Jun 2004     1,882,624 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1426.tmp"
Fri 18 Jun 2004     1,912,320 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1515.tmp"
Fri 18 Jun 2004     1,895,936 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1526.tmp"
Fri 18 Jun 2004     2,666,496 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1567.tmp"
Fri 18 Jun 2004     1,891,840 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1609.tmp"
Fri 18 Jun 2004     1,911,808 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1610.tmp"
Thu 17 Jun 2004        72,704 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1666.tmp"
Thu 17 Jun 2004     1,652,224 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1667.tmp"
Fri 18 Jun 2004     1,888,768 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1672.tmp"
Fri 18 Jun 2004     1,909,760 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1679.tmp"
Fri 18 Jun 2004     1,894,912 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1724.tmp"
Thu 17 Jun 2004        72,704 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1884.tmp"
Fri 18 Jun 2004     1,884,672 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL1938.tmp"
Fri 18 Jun 2004     1,906,688 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2012.tmp"
Fri 18 Jun 2004     1,908,736 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2079.tmp"
Wed 16 Jun 2004        59,904 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2216.tmp"
Fri 18 Jun 2004     1,891,328 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2232.tmp"
Fri 18 Jun 2004     1,894,400 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2238.tmp"
Thu 17 Jun 2004        54,272 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2270.tmp"
Fri 18 Jun 2004     1,896,448 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2292.tmp"
Wed 16 Jun 2004        60,416 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2393.tmp"
Fri 18 Jun 2004     1,894,912 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2487.tmp"
Fri 18 Jun 2004     1,888,256 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2494.tmp"
Fri 18 Jun 2004     1,891,328 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2603.tmp"
Fri 18 Jun 2004     1,900,544 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2652.tmp"
Fri 18 Jun 2004     1,904,640 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2778.tmp"
Fri 18 Jun 2004     1,882,624 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2866.tmp"
Thu 17 Jun 2004     1,882,624 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2892.tmp"
Thu 17 Jun 2004        72,704 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2919.tmp"
Fri 18 Jun 2004     1,909,760 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2920.tmp"
Fri 18 Jun 2004     1,886,208 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL2944.tmp"
Thu 17 Jun 2004        71,168 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3030.tmp"
Fri 18 Jun 2004     1,904,640 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3049.tmp"
Thu 17 Jun 2004     1,652,224 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3135.tmp"
Wed 16 Jun 2004        60,416 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3179.tmp"
Thu 17 Jun 2004     1,638,400 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3183.tmp"
Fri 18 Jun 2004     2,665,984 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3432.tmp"
Thu 17 Jun 2004     1,882,624 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3490.tmp"
Fri 18 Jun 2004     1,894,912 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3491.tmp"
Wed 16 Jun 2004        59,904 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3571.tmp"
Thu 17 Jun 2004        73,216 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3582.tmp"
Fri 18 Jun 2004     2,665,984 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3589.tmp"
Thu 17 Jun 2004        71,680 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3600.tmp"
Wed 16 Jun 2004        59,904 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3615.tmp"
Fri 18 Jun 2004     1,905,152 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3628.tmp"
Fri 18 Jun 2004     1,885,696 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3671.tmp"
Thu 17 Jun 2004        25,088 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3777.tmp"
Fri 18 Jun 2004     1,909,248 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3798.tmp"
Wed 16 Jun 2004        59,904 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3801.tmp"
Wed 16 Jun 2004        59,904 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3812.tmp"
Fri 18 Jun 2004     1,902,080 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3816.tmp"
Fri 18 Jun 2004     1,907,200 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3928.tmp"
Fri 18 Jun 2004     1,894,400 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL3933.tmp"
Thu 17 Jun 2004     1,653,248 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL4028.tmp"
Fri 18 Jun 2004     1,911,808 ...H. --- "C:\Documents and Settings\Ga‰tan\Mes documents\Importants\St‚phanie\Etude optionnelle\~WRL4076.tmp"

Finished!

Gaëtan · Answer

Rapport HiJackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:37:24, on 25/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Wallpaper\Wallpaper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://news.google.com/topstories?hl=fr&gl=FR&ceid=FR:fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] ; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Update 3400C] ; C:\sj652\hpupdate.exe 3400C
O4 - HKLM\..\Run: [InCD] ; C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] ; C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] ; C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] "C:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKCU\..\Run: [WMPNSCFG] ; C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Diddl_Scr.exe] ; C:\Documents and Settings\Gaëtan\Local Settings\Temporary Internet Files\Content.IE5\E27ODY7W\Diddl_Scr[1].exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] ; "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] ; C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb001YYFR
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - 
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093333169531
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www2.photoweb.fr/telechargement/Photoweb_uploader.cab
O20 - Winlogon Notify: °€€ - °€€ (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Gaëtan · Answer

Rapport PCA : (je ne peux pas cocher 020..., je n'ai pas accès) 

# PCA Sécurité V 1.0.2, (fichier LOG).
# Rapport du  :25/11/2007 19:47:00
Microsoft Windows XP  Service Pack 2
 
==>> Processus <==
\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Wallpaper\Wallpaper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PCA\pca.exe
 
//pages de démarrage et de recherche d'Internet Explorer
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Start Page = https://www.msn.com/fr-fr/?ocid=iehp
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
RO - HKCU\Software\Microsoft\Internet Explorer\Main\Start Page = https://news.google.com/topstories?hl=fr&gl=FR&ceid=FR:fr
RO - HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
//applications lancées depuis system.ini,win.ini 
//03 - Browser Helper Objects (BHOs)
02 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
02 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL
02 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
02 - BHO:  - {7E853D72-626A-48EC-A868-BA8D5E23E045} - 
//04 - applications chargées automatiquement
04 - HKLM\..\RUN: [NeroFilterCheck] - C:\WINDOWS\system32\NeroCheck.exe
04 - HKLM\..\RUN: [Cmaudio] - RunDll32 cmicnfg.cpl,CMICtrlWnd
04 - HKLM\..\RUN: [Dit] - Dit.exe
04 - HKLM\..\RUN: [CHotkey] - zHotkey.exe
04 - HKLM\..\RUN: [AGRSMMSG] - AGRSMMSG.exe
04 - HKLM\..\RUN: [LVCOMSX] - C:\WINDOWS\system32\LVCOMSX.EXE
04 - HKLM\..\RUN: [SunJavaUpdateSched] - "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
04 - HKLM\..\RUN: [EoEngine] - 
04 - HKLM\..\RUN: [EoWeather] - 
04 - HKLM\..\RUN: [EoClock] - 
04 - HKLM\..\RUN: [Zone Labs Client] - "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
04 - HKLM\..\RUN: [avast!] - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
04 - HKLM\..\RUN: [ZoneAlarm Client] - "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
04 - HKLM\..\RUN: [NvCplDaemon] - "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKLM\..\RUN: [nwiz] - "nwiz.exe" /install
04 - HKLM\..\RUN: [NvMediaCenter] - "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
04 - HKLM\..\RUN: [Adobe Reader Speed Launcher] - ; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
04 - HKLM\..\RUN: [HP Update 3400C] - ; C:\sj652\hpupdate.exe 3400C
04 - HKLM\..\RUN: [InCD] - ; C:\Program Files\Ahead\InCD\InCD.exe
04 - HKLM\..\RUN: [LogitechVideoRepair] - ; C:\Program Files\Logitech\Video\ISStart.exe 
04 - HKLM\..\RUN: [LogitechVideoTray] - ; C:\Program Files\Logitech\Video\LogiTray.exe
04 - HKLU\..\RUN: [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
04 - HKLU\..\RUN: [Rainlendar2] - "C:\Program Files\Rainlendar2\Rainlendar2.exe"
04 - HKLU\..\RUN: [Wallpaper] - "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
04 - HKLU\..\RUN: [WMPNSCFG] - ; C:\Program Files\Windows Media Player\WMPNSCFG.exe
04 - HKLU\..\RUN: [DAEMON Tools] - "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
04 - HKLU\..\RUN: [Diddl_Scr.exe] - ; C:\Documents and Settings\Gaëtan\Local Settings\Temporary Internet Files\Content.IE5\E27ODY7W\Diddl_Scr[1].exe
04 - HKLU\..\RUN: [LogitechSoftwareUpdate] - ; "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
04 - HKLU\..\RUN: [Uniblue RegistryBooster 2] - ; C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
04 - HKUS\S-1-5-18\..\RUN: [CTFMON.EXE] - C:\WINDOWS\system32\NeroCheck.exe
04 - HKUS\S-1-5-19\..\RUN: [CTFMON.EXE] - C:\WINDOWS\system32\NeroCheck.exe
04 - HKUS\S-1-5-20\..\RUN: [CTFMON.EXE] - C:\WINDOWS\system32\NeroCheck.exe
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [ctfmon.exe] - C:\WINDOWS\system32\NeroCheck.exe
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [Rainlendar2] - RunDll32 cmicnfg.cpl,CMICtrlWnd
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [Wallpaper] - Dit.exe
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [WMPNSCFG] - zHotkey.exe
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [DAEMON Tools] - AGRSMMSG.exe
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [Diddl_Scr.exe] - C:\WINDOWS\system32\LVCOMSX.EXE
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [LogitechSoftwareUpdate] - "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
04 - HKUS\S-1-5-21-2631429584-839550342-1198632125-1007\..\RUN: [Uniblue RegistryBooster 2] - 
//05 - Accès au panneau de contrôle d'Internet Explorer (control.ini) 
//06-  interdiction à l' accès au options (Internet Explorer) 
//07 -  blocage de l'exécution de Regedit 
//08 - lignes supplémentaires dans le menu contextuel d'Internet Explorer
08 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
08 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb001YYFR
//09 - boutons situés sur la barre d'outils principale d'Internet Explorer
09 - Extra button:  - CmdMapping - 
09 - Extra 'Tools' menuitem:  - CmdMapping - 
09 - Extra button:  - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
09 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
09 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 
09 - Extra 'Tools' menuitem:  - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - 
09 - Extra button:  - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
09 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
09 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
//O10 - Pirates de Winsock
//O11 - Onglet supplémentaire dans les options avancées d'Internet Explorer) 
O11 - Options group: [INTERNATIONAL] - International*
//O12 - IE plugins
//013 : DefaultPrefix 
//014 - Option : (Rétablir les paramètres Web) 
//015 - Zone de confiance d'Internet Explorer
//O16 - Objets ActiveX
O16 - DPF :   - DirectAnimation Java Classes - 
O16 - DPF :   - Microsoft XML Parser for Java - 
O16 - DPF :  Shockwave ActiveX Control - {166B1BCA-3F9C-11CF-8075-444553540000} - C:\WINDOWS\system32\macromed\Director\SwDir.dll
O16 - DPF :  WUWebControl Class - {6414512B-B978-451D-A0D8-FCFDF33E833C} - C:\WINDOWS\system32\wuweb.dll
O16 - DPF :  telechargement-photoweb - {68C1822F-F5C7-4404-A73F-03C10E0E94DA} - C:\WINDOWS\Downloaded Program Files	elechargement-photoweb.ocx
O16 - DPF :  Shockwave Flash Object - {D27CDB6E-AE6D-11CF-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx
//O17 - piratage de domaine Lop.com
//O18 - protocoles additionnels
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - 
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
//O19 - feuille de style de l'utilisateur
//O20 - valeur de Registre AppInit_DLLs et les sous-clés Winlogon Notify
//O21 - ShellServiceObjectDelayLoad
//O22 - SharedTaskScheduler
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\System32\browseui.dll
//O23 - services de XP,NT, 2000, et 2003
O23 - Service: [Service de la passerelle de la couche Application] - %SystemRoot%\System32\alg.exe
O23 - Service: [avast! iAVS4 Control Service] - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
O23 - Service: [avast! Antivirus] - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
O23 - Service: [avast! Mail Scanner] - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
O23 - Service: [avast! Web Scanner] - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
O23 - Service: [Client de licence CA] - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: [Serveur de licence CA] - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: [Gestionnaire de l'Album] - %SystemRoot%\system32\clipsrv.exe
O23 - Service: [Application système COM+] - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: [Fax] - %systemroot%\system32\fxssvc.exe
O23 - Service: [Google Updater Service] - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
O23 - Service: [InstallDriver Table Manager] - "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
O23 - Service: [Service COM de gravage de CD IMAPI] - 
O23 - Service: [InCD Helper] - 
O23 - Service: [Event Log Watch] - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: [Machine Debug Manager] - "C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe"
O23 - Service: [Partage de Bureau à distance NetMeeting] - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: [Distributed Transaction Coordinator] - C:\WINDOWS\system32\msdtc.exe
O23 - Service: [NVIDIA Display Driver Service] - %SystemRoot%\system32
vsvc32.exe
O23 - Service: [Gestionnaire de session d'aide sur le Bureau à distance] - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: [Localisateur d'appels de procédure distante (RPC)] - %SystemRoot%\System32\locator.exe
O23 - Service: [QoS RSVP] - %SystemRoot%\System32svp.exe
O23 - Service: [SiSoftware Database Agent Service] - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: [SiSoftware Sandra Agent Service] - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: [Spouleur d'impression] - %SystemRoot%\system32\spoolsv.exe
O23 - Service: [MS Software Shadow Copy Provider] - C:\WINDOWS\System32\dllhost.exe /Processid:{DB0CDB63-F5CF-4D8E-910E-E037CBFB0C95}
O23 - Service: [Journaux et alertes de performance] - %SystemRoot%\system32\smlogsvc.exe
O23 - Service: [Uninterruptible Power Supply] - %SystemRoot%\System32\ups.exe
O23 - Service: [Service Messenger Sharing Folders USN Journal Reader] - "C:\Program Files\MSN Messenger\usnsvc.exe"
O23 - Service: [TrueVector Internet Monitor] - C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service
O23 - Service: [Cliché instantané de volume] - %SystemRoot%\System32\vssvc.exe
O23 - Service: [Windows Media Connect (WMC)] - c:\program files\windows media connect\mswmccds.exe
O23 - Service: [Aide de Windows Media Connect (WMC)] - C:\Program Files\Windows Media Connect\mswmcls.exe
O23 - Service: [Carte de performance WMI] - C:\WINDOWS\System32\wbem\wmiapsrv.exe
O23 - Service: [Service Partage réseau du Lecteur Windows Media] - "C:\Program Files\Windows Media Player\WMPNetwk.exe"

FillPCA · Answer

Re,

1/     * Zippe le contenu de ce dossier : C:\Qoobox
    * Pour cela, ouvre le poste de travail>C:
    * Fais un clic droit sur _OTMoveIT puis choisis envoyer vers>dossier compressé.
    * Un fichier au format zip est alors créé.
    * Clique sur ce lien : http://upload.malekal.com/
    * Clique sur le bouton parcourir et indique le chemin du fichier zippé.
    * Clique enfin sur "envoyer le fichier".

2/ Supprime le fichier c:\Qoobox.zip

3/     *  Prière d'imprimer ces instructions, ou de les coller dans un fichier texte pour lecture en mode Sans Échec.

    * Télécharge Brute Force Uninstaller (de Merijn) : http://www.merijn.org/files/bfu.zip
    * Créé un nouveau dossier directement sur le C:\ et nomme-le BFU. Décompresse le fichier téléchargé dans ce nouveau dossier (C:\BFU).
    * Fais un clic droit ici : http://perso.orange.fr/Chercheur-perso/scripts/toolbar.bfu
et choisis "Enregistrer la cible sous..." afin de télécharger toolbar.bfu (de Chercheur). Sauvegarde dans le dossier créé (C:\BFU). **Note : si tu utlises Internet Explorer; lors de la sauvegarde, assure-toi que le champs "Type :" affiche "Tous les fichiers". Tu dois maintenant avoir deux fichiers dans le dossier C:\BFU : toolbar.bfu et BFU.exe (très important).
    * Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 ou F5 ; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.
    * Démarre le "Brute Force Uninstaller" en double-cliquant BFU.exe (du dossier C:\BFU).
          o Clique sur le petit dossier jaune, à la droite de la boîte Scriptline to execute, et double-clique sur : toolbar.bfu 
          o Il faut cocher en plus des réglages par défaut "show log after scrïpt ends"
          o Dans la boîte "Scriptline to execute", tu devrais maintenant voir ceci : C:\BFU	oolbar.bfu 
          o Clique sur Execute et laisse-le faire son travail.
          o Attendre que Complete script execution apparaîsse et clique sur OK.
          o Clique Exit pour fermer le programme BFU.
    * Redémarre normalement.

4/ Télécharge Ccleaner Basic https://www.ccleaner.com/ccleaner/download

Ouvre Ccleaner, clique sur "lancer le nettoyage".

5/ Télécharge AVGantispyware : https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.

Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware. 

6/     *  Fais un scan en ligne en cliquant ici : http://assiste.com.free.fr/...
    * Choisis Kaspersky.
    * Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
    * Réalise un scan complet du système.
    * Sauvegarde le rapport en mode texte à l'issue du scan.

7/ Edite le rapport AVGantispyware, le rapport BFU et un rapport Hijackthis.

FillPCA

Gaëtan · Answer

C'est lancé, je te donnerais les résultats demain soir...
A bientôt

FillPCA · Answer

Pas de problème. Demain, on l'achève.

FillPCA

Gaëtan · Answer

Rapport AVG Anti-Spyware :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	21:21:39 25/11/2007

 + Résultat de l'analyse:	



	Rien à signaler.



Fin du rapport

Gaëtan · Answer

Rapport Kaspersky :

-------------------------------------------------------------------------------
 KASPERSKY ONLINE SCANNER REPORT
 Monday, November 26, 2007 2:47:14 AM
 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
 Kaspersky Online Scanner version: 5.0.98.0
 Kaspersky Anti-Virus database last update: 25/11/2007
 Kaspersky Anti-Virus database records: 465550
-------------------------------------------------------------------------------

Scan Settings:
	Scan using the following antivirus database: extended
	Scan Archives: true
	Scan Mail Bases: true

Scan Target - My Computer:
	A:\
	C:\
	D:\
	E:\
	F:\
	G:\
	H:\
	I:\
	J:\
	K:\
	L:\

Scan Statistics:
	Total number of scanned objects: 84160
	Number of viruses found: 5
	Number of infected objects: 316
	Number of suspicious objects: 0
	Duration of the scan process: 02:06:05

Infected Object Name / Virus Name / Last Action
C:\!KillBox\khfdbyw.dll	Infected: not-a-virus:AdWare.Win32.Virtumonde.atj	skipped
C:\!KillBox\khfdbyw.dll( 1)	Infected: not-a-virus:AdWare.Win32.Virtumonde.atj	skipped
C:\!KillBox\khfdbyw.dll( 2)	Infected: not-a-virus:AdWare.Win32.Virtumonde.atj	skipped
C:\avenger\backup.zip/avenger/6A.tmp	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\avenger\backup.zip/avenger/6C.tmp	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\avenger\backup.zip/avenger/6E.tmp	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\avenger\backup.zip/avenger/70.tmp	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\avenger\backup.zip/avenger/72.tmp	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\avenger\backup.zip/avenger/74.tmp	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\avenger\backup.zip	ZIP: infected - 6	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat	Object is locked	skipped
C:\Documents and Settings\Gaëtan\.rainlendar2ainlendar2.log	Object is locked	skipped
C:\Documents and Settings\Gaëtan\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\Gaëtan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\Gaëtan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Gaëtan\Local Settings\Application Data\Mozilla\Firefox\Profiles\wa5km24g.default\Cache\_CACHE_001_	Object is locked	skipped
C:\Documents and Settings\Gaëtan\Local Settings\Application Data\Mozilla\Firefox\Profiles\wa5km24g.default\Cache\_CACHE_002_	Object is locked	skipped
C:\Documents and Settings\Gaëtan\Local Settings\Application Data\Mozilla\Firefox\Profiles\wa5km24g.default\Cache\_CACHE_003_	Object is locked	skipped
C:\Documents and Settings\Gaëtan\Local Settings\Application Data\Mozilla\Firefox\Profiles\wa5km24g.default\Cache\_CACHE_MAP_	Object is locked	skipped
C:\Documents and Settings\Gaëtan\Local Settings\Historique\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Gaëtan\Local Settings\Historique\History.IE5\MSHist012007112520071126\index.dat	Object is locked	skipped
C:\Documents and Settings\Gaëtan\Local Settings\Temp\Perflib_Perfdata_fb4.dat	Object is locked	skipped
C:\Documents and Settings\Gaëtan\Local Settings\Temp\~DF1BC2.tmp	Object is locked	skipped
C:\Documents and Settings\Gaëtan\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat	Object is locked	skipped
C:\Documents and Settings\Gaëtan\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Gaëtan\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\Gaëtan
tuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\LocalService
tuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\NetworkService
tuser.dat.LOG	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log
shield.log	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATAeport\Protection résidente.txt	Object is locked	skipped
C:\qoobox\Quarantine\C\d.exe.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\opnvmwvi.exe.vir	Infected: Trojan-Downloader.Win32.Injecter.ai	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\101.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\103.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\105.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\107.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\109.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\10B.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\10D.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\10F.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\111.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\113.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\115.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\117.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\119.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\11B.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\11D.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\11F.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\121.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\123.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\125.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\127.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\129.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\12B.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\12D.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\12F.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\131.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\76.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\78.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\7A.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\7C.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\7E.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\84.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\89.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\8B.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\8D.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\8F.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\91.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\93.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\95.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\96.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\97.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\99.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\9B.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\9D.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\9F.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\A1.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\A3.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\A5.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\A7.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\A9.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\AB.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\AD.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\AF.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\B1.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\B3.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\B5.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\B7.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\B9.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\BB.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\BD.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\BF.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\C1.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\C3.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\C5.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\C7.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\C9.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\CB.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\CD.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\CF.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\crehcjid.dll.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\D1.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\D3.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\D5.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\D7.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\D9.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\DB.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\DD.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\DF.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\E1.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\E3.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\E5.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\E7.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\E9.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\EB.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ED.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\EF.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\F1.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\F3.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\F5.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\F7.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\F9.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\FB.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\FD.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\FF.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox\Quarantine\catchme2007-11-25_180957.15.zip/khfdbyw.dll	Infected: not-a-virus:AdWare.Win32.Virtumonde.atj	skipped
C:\qoobox\Quarantine\catchme2007-11-25_180957.15.zip	ZIP: infected - 1	skipped
C:\qoobox.zip/qoobox/Quarantine/C/d.exe.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/opnvmwvi.exe.vir	Infected: Trojan-Downloader.Win32.Injecter.ai	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/101.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/103.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/105.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/107.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/109.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/10B.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/10D.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/10F.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/111.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/113.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/115.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/117.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/119.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/11B.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/11D.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/11F.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/121.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/123.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/125.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/127.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/129.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/12B.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/12D.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/12F.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/131.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/76.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/78.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/7A.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/7C.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/7E.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/84.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/89.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/8B.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/8D.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/8F.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/91.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/93.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/95.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/96.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/97.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/99.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/9B.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/9D.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/9F.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/A1.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/A3.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/A5.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/A7.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/A9.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/AB.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/AD.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/AF.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/B1.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/B3.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/B5.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/B7.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/B9.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/BB.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/BD.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/BF.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/C1.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/C3.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/C5.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/C7.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/C9.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/CB.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/CD.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/CF.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/crehcjid.dll.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/D1.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/D3.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/D5.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/D7.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/D9.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/DB.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/DD.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/DF.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/E1.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/E3.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/E5.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/E7.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/E9.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/EB.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/ED.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/EF.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/F1.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/F3.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/F5.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/F7.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/F9.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/FB.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/FD.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/C/WINDOWS/system32/FF.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\qoobox.zip/qoobox/Quarantine/catchme2007-11-25_180957.15.zip/khfdbyw.dll	Infected: not-a-virus:AdWare.Win32.Virtumonde.atj	skipped
C:\qoobox.zip/qoobox/Quarantine/catchme2007-11-25_180957.15.zip	Infected: not-a-virus:AdWare.Win32.Virtumonde.atj	skipped
C:\qoobox.zip	ZIP: infected - 97	skipped
C:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP744\A0110752.exe/data.rar/keygen.exe	Infected: not-a-virus:AdWare.Win32.Virtumonde.atj	skipped
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP744\A0110752.exe/data.rar/patch.exe	Infected: Trojan.Win32.Dialer.qn	skipped
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP744\A0110752.exe/data.rar/crack.exe	Infected: Trojan.Win32.Inject.ks	skipped
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP744\A0110752.exe/data.rar	Infected: Trojan.Win32.Inject.ks	skipped
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP744\A0110752.exe	RarSFX: infected - 4	skipped
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP744\A0110753.exe	Infected: Trojan.Win32.Dialer.qn	skipped
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP745\A0110761.dll	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP746\A0110786.dll	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP750\A0114302.exe	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP751\A0114418.exe	Infected: Trojan-Downloader.Win32.Injecter.ai	skipped
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP751\A0114420.dll	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP751\A0114424.dll	Infected: not-a-virus:AdWare.Win32.Virtumonde.atj	skipped
C:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP752\change.log	Object is locked	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/d.exe.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/opnvmwvi.exe.vir	Infected: Trojan-Downloader.Win32.Injecter.ai	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/101.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/103.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/105.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/107.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/109.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/10B.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/10D.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/10F.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/111.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/113.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/115.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/117.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/119.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/11B.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/11D.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/11F.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/121.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/123.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/125.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/127.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/129.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/12B.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/12D.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/12F.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/131.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/76.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/78.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/7A.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/7C.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/7E.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/84.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/89.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/8B.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/8D.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/8F.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/91.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/93.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/95.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/96.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/97.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/99.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/9B.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/9D.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/9F.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/A1.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/A3.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/A5.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/A7.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/A9.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/AB.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/AD.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/AF.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/B1.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/B3.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/B5.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/B7.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/B9.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/BB.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/BD.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/BF.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/C1.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/C3.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/C5.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/C7.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/C9.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/CB.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/CD.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/CF.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/crehcjid.dll.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/D1.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/D3.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/D5.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/D7.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/D9.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/DB.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/DD.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/DF.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/E1.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/E3.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/E5.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/E7.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/E9.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/EB.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/ED.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/EF.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/F1.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/F3.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/F5.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/F7.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/F9.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/FB.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/FD.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/C/WINDOWS/system32/FF.tmp.vir	Infected: Email-Worm.Win32.Locksky.bo	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2007-11-25_180957.15.zip/khfdbyw.dll	Infected: not-a-virus:AdWare.Win32.Virtumonde.atj	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar/qoobox/Quarantine/catchme2007-11-25_180957.15.zip	Infected: not-a-virus:AdWare.Win32.Virtumonde.atj	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz/upload_moi.tar	Infected: not-a-virus:AdWare.Win32.Virtumonde.atj	skipped
C:\upload_moi_STEPH-GAËTAN.tar.gz	GZIP: infected - 98	skipped
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt	Object is locked	skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt	Object is locked	skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB	Object is locked	skipped
C:\WINDOWS\Internet Logs\STEPH-GAËTAN.ldb	Object is locked	skipped
C:\WINDOWS\Internet Logs	vDebug.log	Object is locked	skipped
C:\WINDOWS\SchedLgU.Txt	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
C:\WINDOWS\Sti_Trace.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2	mp.edb	Object is locked	skipped
C:\WINDOWS\system32\config\Antivirus.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\default	Object is locked	skipped
C:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\Internet.evt	Object is locked	skipped
C:\WINDOWS\system32\config\SAM	Object is locked	skipped
C:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\software	Object is locked	skipped
C:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\system	Object is locked	skipped
C:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
C:\WINDOWS\system32\drivers\sptd.sys	Object is locked	skipped
C:\WINDOWS\system32\h323log.txt	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
C:\WINDOWS\Temp\Perflib_Perfdata_4ac.dat	Object is locked	skipped
C:\WINDOWS\Temp\ZLT034ef.TMP	Object is locked	skipped
C:\WINDOWS\Temp\ZLT034f2.TMP	Object is locked	skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt	Object is locked	skipped
C:\WINDOWS\wiadebug.log	Object is locked	skipped
C:\WINDOWS\wiaservc.log	Object is locked	skipped
C:\WINDOWS\WindowsUpdate.log	Object is locked	skipped
D:\System Volume Information\MountPointManagerRemoteDatabase	Object is locked	skipped
D:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP752\change.log	Object is locked	skipped
E:\System Volume Information\_restore{D53CC201-44D0-4F0E-8648-A9C972115350}\RP752\change.log	Object is locked	skipped

Scan process completed.

Gaëtan · Answer

Rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:56:55, on 26/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Wallpaper\Wallpaper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://news.google.com/topstories?hl=fr&gl=FR&ceid=FR:fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] ; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Update 3400C] ; C:\sj652\hpupdate.exe 3400C
O4 - HKLM\..\Run: [InCD] ; C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] ; C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] ; C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] "C:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKCU\..\Run: [WMPNSCFG] ; C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Diddl_Scr.exe] ; C:\Documents and Settings\Gaëtan\Local Settings\Temporary Internet Files\Content.IE5\E27ODY7W\Diddl_Scr[1].exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] ; "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] ; C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093333169531
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www2.photoweb.fr/telechargement/Photoweb_uploader.cab
O20 - Winlogon Notify: °€€ - °€€ (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Gaëtan · Answer

Rapport BFU (j'ai omis de le sauvegarder hier soir, je l'ai relancé ce soir) :

BFU v1.10.0
Windows XP SP2 (WinNT 5.01.2600 SP2)
Script started at 19:00:53, on 26/11/2007

Option Unload Explorer: Yes
Failed: DllUnregister C:\Program Files\Mozilla Firefox\plugins\NPND2FN.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Internet Explorer\msimg32.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\1.bin\NPND2FN.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\2.bin\NPND2FN.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\3.bin\NPND2FN.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\1.bin\ND2FNBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\2.bin\ND2FNBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\3.bin\ND2FNBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\4.bin\ND2FNBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\5.bin\ND2FNBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\6.bin\ND2FNBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Need2Find\bar\7.bin\ND2FNBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\INSTAFINK\instafink.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\RXToolBar\RXToolBar.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\RXToolBar\sfcont.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\1.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\2.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\3.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\4.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\5.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\6.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\7.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\8.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\9.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\a.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\b.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\c.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\d.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\e.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\f.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\i.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\bar\l.bin\*.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\3.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\4.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\5.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\6.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\7.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\8.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\9.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\a.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\b.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\c.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\d.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearch\SrchAstt\e.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearchWB\bar\1.bin\NPMYSRWB.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\MyWebSearchWB\bar\2.bin\NPMYSRWB.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\Uninstall My Web Search.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\MyTotalSearch\SrchAstt\1.bin\MTSSRCAS.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\MyTotalSearch\SrchAstt\2.bin\MTSSRCAS.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\MyTotalSearch\SrchAstt\3.bin\MTSSRCAS.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\MyTotalSearch\SrchAstt\4.bin\MTSSRCAS.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\MyTotalSearch\SrchAstt\5.bin\MTSSRCAS.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\MyTotalSearch\bar\1.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\MyTotalSearch\bar\5.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\mybar.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\installr\1.bin\myezsetp.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\1.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\2.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\3.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\4.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\5.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\6.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\7.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\8.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\9.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\a.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\b.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\c.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\mybar\d.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\srchastt\1.bin\mysrchas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\srchastt\2.bin\mysrchas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\srchastt\3.bin\mysrchas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mywaysa\srchasde\1.bin\desrcas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mywaysa\srchasde\desrcas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\1.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\2.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\3.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\4.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\5.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\6.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\7.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\8.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\9.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\10.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myway\SearchAt\11.bin\MWSSRCAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\myglobalsearch\bar\1.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myglobalsearch\bar\2.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myglobalsearch\bar\3.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\myglobalsearch\bar\4.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\AskTBar\bar\2.bin\ASKTBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\AskTBar\bar\4.bin\ASKTBAR.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\AskTBar\SrchAstt\3.bin\A5SRCHAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\AskTBar\SrchAstt\4.bin\A5SRCHAS.DLL|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\bar\1.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\bar\2.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\bar\3.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\bar\4.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\bar\5.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\bar\i.bin\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\installr\1.bin\s4ezsetp.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\srchastt\1.bin\mysrchas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\srchastt\2.bin\mysrchas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\srchastt\3.bin\mysrchas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\srchastt\4.bin\mysrchas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\mysearch\srchastt\5.bin\mysrchas.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.6.1.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.6.2.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.6.4.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.6.4.1\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.0.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.1.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.2.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.2.1\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.3.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.5.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.7.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.8.0.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.8.2.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.8.4.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.8.7.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\bin\4.7.3.0b2f.tmp\hbt*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\Bin.7.5.0\HbtWallpaper.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hbtools\hbtv\hbtvhelper.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.1.7.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.1.8.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.6.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.8.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.11.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.13.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.1.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.5.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.6.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.9.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.0.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.2.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.5.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.8.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.9.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.5.0.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.5.1.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.5.3.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.6.1.0\*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.1.7.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.1.8.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.6.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.8.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.11.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.2.13.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.1.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.5.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.6.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.3.9.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.0.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.2.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.5.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.8.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.4.9.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.5.0.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.5.1.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.5.3.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\hotbar\bin\4.6.1.0b24e.tmp\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\0.4.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.0.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.0.5.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.0.10.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.1.0.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.1.1.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\1.3.0.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShopperReports\Bin\2.0.20\ShprRprt.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\ShoppingReportBin\2.0.21\ShoppingReport.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\SmartShopper\Bin\1.0.9.0\SmrtShpr.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\smartshopper\bin\2.0.1\smrtshpr.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\shoppingreport\shoppingreport.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\SmartShopper\js.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\smartshopper\shoppingreport.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\SmartShopper\SmartShopper0.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\starware\bin\starware.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\starware305\bin\starware305.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\starware316\bin\starware316.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Starware343\bin\Starware343.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Starware343\bin\Starware347.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Starware354\bin\Starware354.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Starware370\bin\Starware370.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Starware343\bin\Starware390.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\minijuegos\bin\minijuegos.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\starware\bin\dlls\jokester.dll|1 (file not found)
Failed: DllUnregister C:\Program Files	emp\asearchassist.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\accoona\adesktopsearch.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\accoona\asearchassist.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\accoona\atl71.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\accoona\atoolbar.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\accoona\AToolbarCN.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\accoona\atts.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\accoona\mapidll.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\accoona\viewers\AThes.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\gamesbar\oberontb.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\vstoolbar\vstoolbar.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\vsadd-in\vsadd-in.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\8848\mysearch\0.9.4.2\pagerevisor.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\8848\mysearch\0.9.5.0\pagerevisor.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\8848\mysearch\0.9.7.6\pagerevisor.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\8848\mysearch\0.9.8.4\pagerevisor.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\8848\mysearch\pagerevisor.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\downloaded program files\hbinstie.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\Downloaded Program Files\instafin.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\Downloaded Program Files\mwsearch.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\Downloaded Program Files\pagerevisor.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\azentretien.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\cpu.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\iasada.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\zsettings.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\azentretien.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\hbhostie.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\iacad.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\iasad.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\iasada.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\lmhhmbhe.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32
n_bar*.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\winats*.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\windmy.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\winnb*.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\xcite.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\zolk.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\zolker*.dll|1 (file not found)
Failed: DllUnregister C:\WINDOWS\system32\ztoolb*.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Uninstall Fun Web Products.dll|1 (file not found)
Failed: DllUnregister C:\Documents and Settings\Gaëtan\Bureau\a7find.dll|1 (file not found)
Failed: DllUnregister C:\Documents and Settings\Gaëtan\Bureau\wmeayl32.dll|1 (file not found)
Failed: DllUnregister C:\msearch.dll|1 (file not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\hbtools (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\hotbar (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\searchtoolbarcorp (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\ShopperReports (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\ShopperReportss (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\SpamBlocker (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\SpamBlockerUtility (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\starware (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\starware305 (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\starware316 (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\starware343 (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\starware347 (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\starware354 (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\starware370 (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\starware390 (folder not found)
Failed: FolderDelete C:\Documents and Settings\Gaëtan\Application Data\HbTools_Icons (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\HbTools_Icons (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\hbtools (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\ShopperReports (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\starware (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\starware305 (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\starware316 (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\starware343 (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\starware347 (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\starware354 (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\starware370 (folder not found)
Failed: FolderDelete C:\Documents and Settings\All Users\Application Data\starware390 (folder not found)
Failed: FolderDelete C:\WINDOWS\system32\shoppingreport (folder not found)
Failed: FolderDelete C:\WINDOWS\system32\SmartShopper (folder not found)
Failed: FolderDelete C:\Program Files\accoona (folder not found)
Failed: FolderDelete C:\Program Files\AskTBar (folder not found)
Failed: FolderDelete C:\Program Files\FunWebProducts (folder not found)
Failed: FolderDelete C:\Program Files\GamesBar (folder not found)
Failed: FolderDelete C:\Program Files\hbinst (folder not found)
Failed: FolderDelete C:\Program Files\hbtools (folder not found)
Failed: FolderDelete C:\Program Files\HbTools_Icons (folder not found)
Failed: FolderDelete C:\Program Files\hotbar (folder not found)
Failed: FolderDelete C:\Program Files\INSTAFIN (folder not found)
Failed: FolderDelete C:\Program Files\INSTAFINK (folder not found)
Failed: FolderDelete C:\Program Files\minijuegos (folder not found)
Failed: FolderDelete C:\Program Files\myglobalsearch (folder not found)
Failed: FolderDelete C:\Program Files\mysearch (folder not found)
Failed: FolderDelete C:\Program Files\MyTotalSearch (folder not found)
Failed: FolderDelete C:\Program Files\myway (folder not found)
Failed: FolderDelete C:\Program Files\mywaysa (folder not found)
Failed: FolderDelete C:\Program Files\MyWebSearch (folder not found)
Failed: FolderDelete C:\Program Files\MyWebSearchWB (folder not found)
Failed: FolderDelete C:\Program Files\Need2Find (folder not found)
Failed: FolderDelete C:\Program Filesxtoolbar (folder not found)
Failed: FolderDelete C:\Program Files\ShopperReports (folder not found)
Failed: FolderDelete C:\Program Files\ShoppingReport (folder not found)
Failed: FolderDelete C:\Program Files\SmartShopper (folder not found)
Failed: FolderDelete C:\Program Files\SpamBlockerUtility (folder not found)
Failed: FolderDelete C:\Program Files\SpamBlockerUtility_Icons (folder not found)
Failed: FolderDelete C:\Program Files\starware (folder not found)
Failed: FolderDelete C:\Program Files\starware305 (folder not found)
Failed: FolderDelete C:\Program Files\starware316 (folder not found)
Failed: FolderDelete C:\Program Files\starware343 (folder not found)
Failed: FolderDelete C:\Program Files\starware347 (folder not found)
Failed: FolderDelete C:\Program Files\starware354 (folder not found)
Failed: FolderDelete C:\Program Files\starware370 (folder not found)
Failed: FolderDelete C:\Program Files\starware390 (folder not found)
Failed: FolderDelete C:\Program Files\vsadd-in (folder not found)
Failed: FolderDelete C:\Program Files\vstoolbar (folder not found)
Failed: FolderDelete C:\Program Files\YOUCOULDWINTHIS (folder not found)
Failed: FolderDelete C:\Program Files\8848 (folder not found)
Failed: FileDelete C:\DOCUME~1\GATAN~1\LOCALS~1\Temp\~DF8DAE.tmp (operation failed)
Script completed.

FillPCA · Answer

Salut,

Ouvre Hijackthis>"Do a scan only" et coche ceci :
O20 - Winlogon Notify: °€€ - °€€ (file missing) 

Clique sur fix/réparer.

Edite un nouveau rapport Hijackthis.

On passe ensuite à la dernière si tu me dis que ton pc se porte bien.

FillPCA

Gaëtan · Answer

Salut,
Merci encore pour ton aide, mon PC se porte beaucoup mieux !

Rapport Hijackthis :

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:21:56, on 26/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Wallpaper\Wallpaper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://news.google.com/topstories?hl=fr&gl=FR&ceid=FR:fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] ; "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Update 3400C] ; C:\sj652\hpupdate.exe 3400C
O4 - HKLM\..\Run: [InCD] ; C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] ; C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] ; C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Rainlendar2] "C:\Program Files\Rainlendar2\Rainlendar2.exe"
O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter
O4 - HKCU\..\Run: [WMPNSCFG] ; C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Diddl_Scr.exe] ; C:\Documents and Settings\Gaëtan\Local Settings\Temporary Internet Files\Content.IE5\E27ODY7W\Diddl_Scr[1].exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] ; "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] ; C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar	oolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093333169531
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www2.photoweb.fr/telechargement/Photoweb_uploader.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

FillPCA · Answer

Re,

C'est propre.

Supprime ceci : 
C:\qoobox.zip
C:\upload_moi_STEPH-GAËTAN.tar.gz

Vide ta corbeille.

Télécharge OTMoveIt  (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe
    *  Lance OTmoveIT.
    * Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargés).

NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder à internet, Autorise le.

    * Une liste apparaît dans la partie gauche d'OTmoveIT.
    * Un message apparaît pour confirmer le nettoyage. Confirme.
    * Les fichiers infectés qui se trouvent dans les quarantaines seront supprimés aussi.

Il est fortement recommandé d'avoir tous ses logiciels de sécurité à jour, afin d'éviter les failles par lesquelles s'engouffrent les infections.

Tu peux supprimer tous les logiciels que nous avons utilisés (Avenger, Combofix etc...) qui traitent des infections spécifiques et qui sont mis à jour régulièrement. Il est inutile de les garder sur ton PC. Vide ta corbeille ensuite.
Tu peux par contre, garder AVG Antispyware et CCleaner.

 /!\ Maintenant que ton PC n'est plus infecté, désactive puis réactive ta "Restauration du système" afin de créer un point de restauration sain.
Pour désactiver ou activer la Restauration du système, tu dois  ouvrir une session Administrateur sous Windows XP. 
Désactivation:
Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer et Ok. 
Activation:
Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs" 
> Appliquer et Ok. Redémarrer l'ordinateur.

Comment faire pour...(lettre A): https://forum.pcastuces.com/sujet.asp?f=25&s=3902 
Pour améliorer la sécurité de ton PC prend quelques instants pour lire:
Sécuriser son PC +WIFI (versions "hot" & "light"): https://forum.pcastuces.com/default.asp 

Dénonce ton infection pour faire condamner les auteurs.

Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être les plus nombreux possibles, alors rends compte de ton infection :
- Voir les règles du forum : https://malwarecomplaints.info/
- Après t'être enregistré à l'aide du bouton en haut se nommant "Register"
Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"

Tu as alors, sous forme de liste, un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).

*** Tes infections : Vundo, Email-Worm.Win32.Locksky, Trojan.Win32.Dialer.qn, Trojan.Win32.Inject.ks***
>> https://malwarecomplaints.info/
Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections, conforme au règle du forum (âge, ville, département etc..)
Indique aussi le nom du Forum qui t'a aidé : CCM 

Tu peux marquer ton sujet comme résolu en cliquant sur le bouton.

Je te conseille enfin de défragmenter ton PC : http://www.coupdepoucepc.com/modules/news/article.php?storyid=218

Bon surf !

FillPCA

Gaëtan · Answer

Encore merci pour tout !
Je n'y serais certainement pas arrivé sans ton aide...
C'est vraiment très sympa !
Bon surf à toi aussi !
Bye,
Gaëtan

FillPCA · Answer

Salut,

Content d'avoir pu t'être utile. Sois prudent !

FillPCA

Cheval de troie win32.trojandownloader.small

58 réponses

Discussions similaires

Newsletters