Trojan system32\cmcfg3.dll

Leroy -  
philae83 Messages postés 12854 Statut Contributeur sécurité -
Bonjour,

Chers Membres de la communauté underground, bonsoir.

Je me trouve ce soir confronter a un problème que je n’arrive pas a résoudre – ce probleme c'est le Trojan horse Generic9.AATD
Mon anti-virus, AVG 7.5, le situe a cet endroit : "C:\WINDOWS\system32\cmcfg3.dll"
Il le supprime, mais au redémarrage, celui-ci redevient actif.
J’imagine que Hijackthis pourrais mettre utile pour son éradication, mais ne sachant pas l’utiliser je préfère vous demander conseil. Je vous remercie de votre aide et vous joint ci-dessous le rapport Hijack.

ps : J'ai reussi a me débarasser d'un autre virus qui a partir d'une recherche google me renvoyais sur une page search-daily. Malgré cela mon Pc patine dans la semoule (presque 10 minutes pour redémarrer). Une solution ?!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:32, on 09/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\WLAN Card Utilities\Center.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\leroy\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer fourni par Yahoo! France
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {F08CDB2D-0228-4B1C-97A2-9BCABB6E5513} - C:\WINDOWS\system32\cmcfg3.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Control Center] C:\Program Files\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Norton Save and Restore] "C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/fr/check/qdiagh.cab?326
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13880 bytes
Configuration: Windows XP
Firefox 2.0.0.11

81 réponses

  • 1
  • 2
  • 3
  • 4
  • 5
Résumé de la discussion

Un cheval de Troie nommé Generic9.AATD est identifié sur le système à l’emplacement C:\WINDOWS\system32\cmcfg3.dll, réapparaissant après chaque redémarrage malgré les suppressions par l’antivirus et les vérifications. La meilleure réponse suggère de désinstaller AVG 7.5, désactiver Norton, puis exécuter ComboFix afin d’éliminer les éléments suspects et générer un nouveau point de restauration. Le rapport ComboFix et les suppressions indiquent la suppression de fichiers temporaires et de composants liés au malware, ainsi que la suppression de modules indésirables et de programmes résiduels. En cas de rechute, il peut être nécessaire de vérifier les extensions de navigateur et de nettoyer les points de restauration, afin d’éviter une réinfection.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonsoir

    tu as 2 antivirus ??? AVG 7.5 et SYMANTEC

    Désinstalle l'un des 2

    je regarde ton rapport plus en détail

    donc

    * Télécharge combofix.exe (par sUBs) sur ton Bureau
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    IMPORTANT

    *désactive ton antivirus, antispyware, et spybot (résident) durant l'utilisation de ComboFix . Merci. Tu réactives ensuite
    puis

    * Double clique combofix.exe.

    * Tape sur la touche Y (Yes) pour démarrer le scan.

    * Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    0
  2. Marxes Messages postés 38 Statut Membre
     
    J'ai désinstaller AVG 7.5, désactiver norton, et j'ai fait le scan avec combofix, voila le rapport:
    (Désolé c'était un peu long mais mon ordinateur a vraiment du mal- Merci encore de ton aide)

    ComboFix 07-12-08.1 - leroy 2007-12-09 20:34:33.1 - NTFSx86
    Running from: C:\Documents and Settings\leroy\Bureau\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Redemption.ECF
    C:\WINDOWS\system32\_000008_.tmp.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-09 to 2007-12-09 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-08 16:30 . 2007-12-08 16:33 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AVG7
    2007-12-08 13:51 . 2007-12-08 13:51 <REP> d-------- C:\VundoFix Backups
    2007-12-07 20:12 . 2007-12-07 20:12 <REP> d-------- C:\Program Files\Lavasoft
    2007-12-07 20:12 . 2007-12-07 20:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-12-07 20:10 . 2007-12-07 20:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-12-06 13:34 . 2007-05-29 13:55 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
    2007-12-06 13:34 . 2007-05-29 13:55 10,592 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.cat
    2007-12-06 13:34 . 2007-05-29 13:55 705 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.inf
    2007-12-05 18:46 . 2007-12-05 18:46 <REP> d-------- C:\Program Files\The Weather Channel FW
    2007-12-05 11:48 . 2007-12-05 11:48 <REP> d-------- C:\Program Files\Alwil Software
    2007-12-04 21:40 . 2007-12-05 18:46 <REP> d-------- C:\Program Files\a-squared Free
    2007-12-03 19:23 . 2007-12-03 19:24 <REP> d-------- C:\Program Files\iTunes
    2007-12-03 19:16 . 2007-12-08 23:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2007-12-03 19:16 . 2007-12-03 19:16 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-12-03 19:09 . 2007-12-03 19:09 <REP> d-------- C:\Program Files\Apple Software Update
    2007-12-02 18:36 . 2007-12-02 18:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2007-12-02 18:35 . 2007-06-21 21:54 75,248 --a------ C:\WINDOWS\zllsputility.exe
    2007-12-02 18:35 . 2007-06-21 21:55 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
    2007-12-02 18:35 . 2007-06-21 21:55 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
    2007-12-02 18:35 . 2007-06-21 21:55 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
    2007-12-02 18:35 . 2007-06-21 21:55 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
    2007-12-02 18:35 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2007-12-02 18:35 . 2007-12-02 18:40 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2007-12-02 18:34 . 2007-12-02 18:34 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2007-12-02 18:34 . 2007-12-02 18:34 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2007-12-02 18:33 . 2007-12-09 20:48 22,186,016 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-12-02 18:33 . 2007-12-09 20:46 261,044 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2007-12-02 18:33 . 2007-05-31 00:03 110,360 --a------ C:\WINDOWS\system32\drivers\kl1.sys
    2007-12-02 18:31 . 2007-12-02 20:01 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
    2007-12-02 18:31 . 2007-06-21 21:54 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
    2007-12-02 18:31 . 2007-12-09 20:48 58,727 --a------ C:\WINDOWS\system32\vsconfig.xml
    2007-12-02 18:28 . 2007-12-09 20:48 <REP> d-------- C:\WINDOWS\Internet Logs
    2007-12-02 15:56 . 2007-12-09 08:00 <REP> d-------- C:\Documents and Settings\leroy\Application Data\AVG7
    2007-12-02 15:55 . 2007-12-02 15:55 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-12-02 15:54 . 2007-12-09 20:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2007-12-02 15:24 . 2007-12-02 15:24 <REP> d-------- C:\Program Files\ZNsoft Corporation
    2007-12-02 15:24 . 2004-10-06 12:08 606,208 --a------ C:\WINDOWS\system32\BtnPlus1.ocx
    2007-12-02 15:24 . 2004-10-06 12:24 471,040 --a------ C:\WINDOWS\system32\FraPlus1.ocx
    2007-12-02 15:24 . 2000-10-01 23:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
    2007-12-02 15:24 . 1997-05-01 00:00 57,856 --a------ C:\WINDOWS\system32\DrvFacts.ocx
    2007-12-02 05:13 . 2007-12-02 05:13 <REP> d-------- C:\Program Files\CCleaner
    2007-12-01 03:02 . 2007-12-01 03:02 <REP> d-------- C:\Program Files\Windows Live Favorites
    2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
    2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
    2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
    2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
    2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
    2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
    2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
    2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
    2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
    2007-11-29 16:29 . 2007-11-29 16:29 <REP> d-------- C:\WINDOWS\Applian FLV Player
    2007-11-29 16:29 . 2007-11-29 16:29 <REP> d-------- C:\Program Files\FLV Player
    2007-11-28 00:50 . 2007-12-08 14:59 <REP> d-------- C:\Program Files\eMule
    2007-11-27 19:33 . 2007-01-12 23:50 215,144 --a------ C:\WINDOWS\pw32a0.dll
    2007-11-27 19:30 . 2007-12-06 13:28 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-11-27 19:30 . 2007-12-06 13:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-11-26 11:56 . 2007-11-26 11:56 335 --a------ C:\WINDOWS\mozregistry.dat
    2007-11-25 19:06 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\KORG\Voisinage r‚seau
    2007-11-25 19:06 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\KORG\Voisinage d'impression
    2007-11-25 19:06 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\KORG\ModŠles
    2007-11-25 19:06 . 2007-11-25 19:07 <REP> dr-h----- C:\Documents and Settings\KORG\Mes documents
    2007-11-25 19:06 . 2005-10-26 11:52 <REP> dr-h----- C:\Documents and Settings\KORG\Menu D‚marrer
    2007-11-25 19:06 . 2007-11-25 19:07 <REP> dr-h----- C:\Documents and Settings\KORG\Favoris
    2007-11-25 19:06 . 2007-12-09 20:27 <REP> d--h----- C:\Documents and Settings\KORG\Bureau
    2007-11-25 16:15 . 2007-11-25 16:15 1,156 --a------ C:\WINDOWS\mozver.dat
    2007-11-25 14:49 . 2007-11-25 14:49 <REP> d-------- C:\Program Files\Lavalys
    2007-11-25 03:16 . 2007-11-25 03:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2007-11-25 01:55 . 2007-11-25 01:56 <REP> d-------- C:\WINDOWS\system32\NtmsData
    2007-11-25 00:52 . 2007-11-25 00:52 2 --a------ C:\WINDOWS\msoffice.ini
    2007-11-25 00:27 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\PH2\Voisinage r‚seau
    2007-11-25 00:27 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\PH2\Voisinage d'impression
    2007-11-25 00:27 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\PH2\ModŠles
    2007-11-25 00:27 . 2007-11-25 00:34 <REP> dr------- C:\Documents and Settings\PH2\Mes documents
    2007-11-25 00:27 . 2005-10-26 11:52 <REP> dr------- C:\Documents and Settings\PH2\Menu D‚marrer
    2007-11-25 00:27 . 2007-11-25 00:28 <REP> dr------- C:\Documents and Settings\PH2\Favoris
    2007-11-25 00:27 . 2007-11-25 00:27 <REP> d-------- C:\Documents and Settings\PH2\Bureau
    2007-11-24 22:45 . 2007-11-24 22:45 <REP> d-------- C:\Program Files\Windows Resource Kits
    2007-11-24 00:01 . 2007-11-24 00:01 0 --a------ C:\Documents and Settings\Administrateur\Application Data\wklnhst.dat
    2007-11-23 23:50 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2007-11-23 23:50 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2007-11-23 23:50 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2007-11-23 23:50 . 2005-10-26 03:58 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2007-11-23 23:50 . 2005-10-26 11:52 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2007-11-23 23:50 . 2005-10-26 03:58 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2007-11-23 23:50 . 2007-12-09 20:27 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2007-11-23 23:50 . 2005-10-26 04:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
    2007-11-23 23:50 . 2005-10-26 04:25 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
    2007-11-23 19:46 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2007-11-23 19:46 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
    2007-11-23 19:45 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2007-11-23 19:45 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
    2007-11-23 19:45 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
    2007-11-23 19:45 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
    2007-11-23 19:45 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2007-11-23 19:45 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-09 19:50 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-12-09 19:16 5,894 ----a-w C:\Documents and Settings\leroy\Application Data\wklnhst.dat
    2007-12-07 23:46 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-12-07 23:46 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-12-06 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-12-06 12:29 --------- d-----w C:\Program Files\Symantec
    2007-12-06 12:28 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-12-03 18:23 --------- d-----w C:\Program Files\iPod
    2007-12-03 18:19 --------- d-----w C:\Program Files\QuickTime
    2007-12-03 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-12-01 02:04 --------- d-----w C:\Program Files\Windows Live Toolbar
    2007-11-28 14:17 --------- d-----w C:\Program Files\Java
    2007-11-27 21:56 --------- d-----w C:\Program Files\Google
    2007-11-27 18:55 --------- d-----w C:\Program Files\Norton Save and Restore
    2007-11-27 18:42 --------- d-----w C:\Program Files\Norton Internet Security
    2007-11-25 13:11 --------- d-----w C:\Program Files\Yahoo!
    2007-11-25 13:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-25 13:10 --------- d-----w C:\Program Files\HPQ
    2007-11-25 13:10 --------- d-----w C:\Program Files\Fichiers communs\AOL
    2007-11-25 10:51 --------- d-----w C:\Program Files\Easy Internet signup
    2007-11-24 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
    2007-11-07 13:28 68,248 ----a-w C:\Documents and Settings\leroy\Application Data\GDIPFONTCACHEV1.DAT
    2007-11-07 00:45 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-11-06 03:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
    2007-11-06 03:03 --------- d-----w C:\Program Files\MSN Messenger
    2007-10-24 08:49 5,120 ----a-w C:\WINDOWS\system32\drivers\quxuobjf.dat
    2007-10-24 08:49 18,688 ----a-w C:\WINDOWS\system32\drivers\ylfiqyhy.dat
    2007-01-28 15:51 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2006-09-08 01:50 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F08CDB2D-0228-4B1C-97A2-9BCABB6E5513}]
    2004-08-05 09:00 109568 --a------ C:\WINDOWS\system32\cmcfg3.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 09:00]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 20:05]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 21:50]
    "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 09:59]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-09-03 00:04]
    "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 15:17]
    "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 13:26]
    "Control Center"="C:\Program Files\WLAN Card Utilities\Center.exe" [2005-02-18 16:49]
    "WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2001-10-09 13:28]
    "Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2004-07-11 19:56]
    "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2001-10-05 16:51]
    "Norton Save and Restore"="C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe" [2007-03-26 15:45]
    "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 18:22]
    "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
    "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 09:00]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    C:\Program Files\Google\Google Talk\googletalk.exe /autostart

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2005-02-16 22:11 49152 --a------ C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2007-09-26 14:42 267064 --a------ C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
    2004-10-14 12:54 253952 --a------ c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
    2001-07-25 09:00 192568 --a------ C:\Program Files\Microsoft Money\System\Money Express.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
    2001-07-25 09:00 245810 --a------ C:\Program Files\Microsoft Money\System\Activation.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    C:\Program Files\MSN Messenger\msnmsgr.exe /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicasaNet]
    C:\Program Files\Hello\Hello.exe -b

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c943251-9d1f-11dc-8718-0014a577d395}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

    *Newly Created Service* - COMHOST
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-12-08 06:41:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-12-07 19:00:01 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - KORG.job"
    "2007-12-09 19:20:13 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
    -> C:\DOCUME~1\leroy\LOCALS~1\Temp\qqgtjsrb.dll
    .
    **************************************************************************

    catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-09 20:50:20
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe???????????????|?????? ???B?????????????hLC? ??????

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-09 20:57:01 - machine was rebooted
    .
    --- E O F ---
    0
  3. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    re

    plusieurs choses

    déjà as tu désinstallé l'un des 2 antivirus ?

    ensuite

    * IMPORTANT

    télécharge ERUNT pour sauvegarder ta base de registre avant de faire les manips ci dessous
    https://www.zebulon.fr/telechargements/utilitaires/systeme-utilitaires/erunt.html
    tuto
    http://pageperso.aol.fr/loraline60/tuto_erunt.htm

    ensuite

    rend toi sur VIRUS TOTAL pour faire analyser les fichiers ci dessous
    http://www.virustotal.com/en/indexf.html

    Tuto : http://pageperso.aol.fr/loraline60/virus_total.htm

    au préalable fait ceci :

    -démarrer
    
    -poste de travail ou autre dossier
    
    -menu outils
    
    -options de dossier
    
    -onglet affichage
    
    puis
    
    - activer la case : Afficher les fichiers et dossiers cachés
    
    - désactiver la case : Masquer les extensions des fichiers dont le type est connu
    
    - désactiver  la case : Masquer les fichier protégés du système d'exploitation
    
    Puis  - Appliquer


    C:\WINDOWS\system32\drivers\fidbox.dat
    C:\WINDOWS\system32\drivers\fidbox.idx
    C:\WINDOWS\pw32a0.dll

    tu posteras les rapports générés ici ensuite

    et

    * Télécharge CCleaner.

    https://www.pcastuces.com/logitheque/ccleaner.htm

    Installe le dans un répertoire dédié.

    Décoche pendant l'installation

    --- les deux cases "Ajouter l'option ... "

    --- Contrôler les mises à jour

    --- Ajouter la Barre d'Outils Yahoo! CCleaner

    * Lance Ccleaner pour un nettoyage complet.

    puis

    Sélectionne le texte suivant :

    File::
    C:\DOCUMENTS & SETTING\leroy\LOCALS  SETTINGS\Temp\qqgtjsrb.dll 
    C:\WINDOWS\system32\drivers\quxuobjf.dat 
    C:\WINDOWS\system32\drivers\ylfiqyhy.dat
    C:\WINDOWS\system32\cmcfg3.dll 
    
    registry::
    [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F08CDB2D-0228-4B1C-97A2-9BCABB6E5513}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c9432 51-9d1f-11dc-8718-0014a577d395}]


    # Copie le texte sélectionné (CTRL+C).
    # Ouvre le bloc-note (programme>Accessoire>bloc-note).
    # Colle le texte copié dans ce bloc-note (CTRL+V).
    # Sauvegarde ce fichier sous le nom de CFScript.txt
    # Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

    # Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    # Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    # Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
    # Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    tu reviens avec les rapports de :
    virus total
    combofix.txt
    un nouveau rapport hijackthis (avec un AV de désinstallé)
    0
  4. Marxes Messages postés 38 Statut Membre
     
    re,

    J'ai fait l'analyse des dossiers que tu ma demandé sur VirusTotal, fidbox.dat et fidbox.idx mon amené vers
    une page blanche avec ce message: "0 bytes size received / Se ha recibido un archivo vacio"
    Etrange, la taille de fidbox.dat fait 21MO et Fidox.idx 254KO...

    Quand au dernier,pw32a0.dll, il semble hors de cause, résultat 0/32 (0%) :

    Fichier pw32a0.dll reçu le 2007.12.09 23:40:33 (CET)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé
    NON TROUVE ARRETE
    Résultat: 0/32 (0%)

    Je te confirme que j'ai enlevé l'antivirus AVG 7.5, sauvegarder ma base de registre avec ERUNT, fait le
    nettoyage avec CCleaner.

    Ci-joint le rapports Combofix et Hijackthis.

    ComboFix 07-12-08.1 - Leroy 2007-12-10 0:27:09.2 - NTFSx86
    Running from: C:\Documents and Settings\Leroy\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Leroy\Bureau\CFScript.txt
    * Created a new restore point

    FILE
    C:\DOCUMENTS & SETTING\leroy\LOCALS SETTINGS\Temp\qqgtjsrb.dll
    C:\WINDOWS\system32\cmcfg3.dll
    C:\WINDOWS\system32\drivers\quxuobjf.dat
    C:\WINDOWS\system32\drivers\ylfiqyhy.dat
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\cmcfg3.dll
    C:\WINDOWS\system32\drivers\quxuobjf.dat
    C:\WINDOWS\system32\drivers\ylfiqyhy.dat

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-09 to 2007-12-09 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-10 00:08 . 2007-12-10 00:08 <REP> d-------- C:\Hijackthis
    2007-12-09 20:57 . <REP> C:\Documents and Settings\InvitÚ\Local Settings
    2007-12-09 20:57 . <REP> C:\Documents and Settings\InvitÚ\Local Settings
    2007-12-08 16:30 . 2007-12-08 16:33 <REP> d-------- C:\Documents and

    Settings\Administrateur\Application Data\AVG7
    2007-12-08 13:51 . 2007-12-08 13:51 <REP> d-------- C:\VundoFix Backups
    2007-12-07 20:12 . 2007-12-07 20:12 <REP> d-------- C:\Program Files\Lavasoft
    2007-12-07 20:12 . 2007-12-07 20:12 <REP> d-------- C:\Documents and Settings\All

    Users\Application Data\Lavasoft
    2007-12-07 20:10 . 2007-12-07 20:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise

    Installation Wizard
    2007-12-06 13:34 . 2007-05-29 13:55 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
    2007-12-06 13:34 . 2007-05-29 13:55 10,592 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.cat
    2007-12-06 13:34 . 2007-05-29 13:55 705 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.inf
    2007-12-05 18:46 . 2007-12-05 18:46 <REP> d-------- C:\Program Files\The Weather Channel FW
    2007-12-05 11:48 . 2007-12-05 11:48 <REP> d-------- C:\Program Files\Alwil Software
    2007-12-04 21:40 . 2007-12-05 18:46 <REP> d-------- C:\Program Files\a-squared Free
    2007-12-03 19:23 . 2007-12-03 19:24 <REP> d-------- C:\Program Files\iTunes
    2007-12-03 19:16 . 2007-12-09 20:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2007-12-03 19:16 . 2007-12-03 19:16 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-12-03 19:09 . 2007-12-03 19:09 <REP> d-------- C:\Program Files\Apple Software Update
    2007-12-02 18:36 . 2007-12-02 18:36 <REP> d-------- C:\Documents and Settings\All

    Users\Application Data\MailFrontier
    2007-12-02 18:35 . 2007-06-21 21:54 75,248 --a------ C:\WINDOWS\zllsputility.exe
    2007-12-02 18:35 . 2007-06-21 21:55 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
    2007-12-02 18:35 . 2007-06-21 21:55 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
    2007-12-02 18:35 . 2007-06-21 21:55 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
    2007-12-02 18:35 . 2007-06-21 21:55 17,808 --a------

    C:\WINDOWS\system32\imslsp_install_loc040c.dll
    2007-12-02 18:35 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2007-12-02 18:35 . 2007-12-02 18:40 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2007-12-02 18:34 . 2007-12-02 18:34 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2007-12-02 18:34 . 2007-12-02 18:34 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2007-12-02 18:33 . 2007-12-10 00:36 22,233,120 --ahs----

    C:\WINDOWS\system32\drivers\fidbox.dat
    2007-12-02 18:33 . 2007-12-10 00:34 261,596 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2007-12-02 18:33 . 2007-05-31 00:03 110,360 --a------ C:\WINDOWS\system32\drivers\kl1.sys
    2007-12-02 18:31 . 2007-12-02 20:01 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
    2007-12-02 18:31 . 2007-06-21 21:54 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
    2007-12-02 18:31 . 2007-12-10 00:35 58,727 --a------ C:\WINDOWS\system32\vsconfig.xml
    2007-12-02 18:28 . 2007-12-10 00:20 <REP> d-------- C:\WINDOWS\Internet Logs
    2007-12-02 15:56 . 2007-12-09 08:00 <REP> d-------- C:\Documents and Settings\Leroy\Application

    Data\AVG7
    2007-12-02 15:55 . 2007-12-02 15:55 <REP> d-------- C:\Documents and

    Settings\LocalService\Application Data\AVG7
    2007-12-02 15:54 . 2007-12-09 20:26 <REP> d-------- C:\Documents and Settings\All

    Users\Application Data\avg7
    2007-12-02 15:24 . 2007-12-02 15:24 <REP> d-------- C:\Program Files\ZNsoft Corporation
    2007-12-02 15:24 . 2004-10-06 12:08 606,208 --a------ C:\WINDOWS\system32\BtnPlus1.ocx
    2007-12-02 15:24 . 2004-10-06 12:24 471,040 --a------ C:\WINDOWS\system32\FraPlus1.ocx
    2007-12-02 15:24 . 2000-10-01 23:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
    2007-12-02 15:24 . 1997-05-01 00:00 57,856 --a------ C:\WINDOWS\system32\DrvFacts.ocx
    2007-12-01 03:02 . 2007-12-01 03:02 <REP> d-------- C:\Program Files\Windows Live Favorites
    2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
    2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
    2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
    2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
    2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
    2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
    2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
    2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
    2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
    2007-11-29 16:29 . 2007-11-29 16:29 <REP> d-------- C:\WINDOWS\Applian FLV Player
    2007-11-29 16:29 . 2007-11-29 16:29 <REP> d-------- C:\Program Files\FLV Player
    2007-11-28 00:50 . 2007-12-08 14:59 <REP> d-------- C:\Program Files\eMule
    2007-11-27 19:33 . 2007-01-12 23:50 215,144 --a------ C:\WINDOWS\pw32a0.dll
    2007-11-27 19:30 . 2007-12-06 13:28 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-11-27 19:30 . 2007-12-06 13:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-11-26 11:56 . 2007-11-26 11:56 335 --a------ C:\WINDOWS\mozregistry.dat
    2007-11-25 19:06 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\Korg\Voisinage

    r‚seau
    2007-11-25 19:06 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\Korg\Voisinage

    d'impression
    2007-11-25 19:06 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\Korg\ModŠles
    2007-11-25 19:06 . 2007-11-25 19:07 <REP> dr-h----- C:\Documents and Settings\Korg\Mes documents
    2007-11-25 19:06 . 2005-10-26 11:52 <REP> dr-h----- C:\Documents and Settings\Korg\Menu D‚marrer
    2007-11-25 19:06 . 2007-11-25 19:07 <REP> dr-h----- C:\Documents and Settings\Korg\Favoris
    2007-11-25 19:06 . 2007-12-09 20:27 <REP> d--h----- C:\Documents and Settings\Korg\Bureau
    2007-11-25 16:15 . 2007-11-25 16:15 1,156 --a------ C:\WINDOWS\mozver.dat
    2007-11-25 14:49 . 2007-11-25 14:49 <REP> d-------- C:\Program Files\Lavalys
    2007-11-25 03:16 . 2007-11-25 03:16 <REP> d-------- C:\Documents and Settings\All

    Users\Application Data\Kaspersky Lab Setup Files
    2007-11-25 01:55 . 2007-11-25 01:56 <REP> d-------- C:\WINDOWS\system32\NtmsData
    2007-11-25 00:52 . 2007-11-25 00:52 2 --a------ C:\WINDOWS\msoffice.ini
    2007-11-25 00:27 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\PH2\Voisinage

    r‚seau
    2007-11-25 00:27 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\PH2\Voisinage

    d'impression
    2007-11-25 00:27 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\PH2\ModŠles
    2007-11-25 00:27 . 2007-11-25 00:34 <REP> dr------- C:\Documents and Settings\PH2\Mes documents
    2007-11-25 00:27 . 2005-10-26 11:52 <REP> dr------- C:\Documents and Settings\PH2\Menu D‚marrer
    2007-11-25 00:27 . 2007-11-25 00:28 <REP> dr------- C:\Documents and Settings\PH2\Favoris
    2007-11-25 00:27 . 2007-11-25 00:27 <REP> d-------- C:\Documents and Settings\PH2\Bureau
    2007-11-24 22:45 . 2007-11-24 22:45 <REP> d-------- C:\Program Files\Windows Resource Kits
    2007-11-24 00:01 . 2007-11-24 00:01 0 --a------ C:\Documents and

    Settings\Administrateur\Application Data\wklnhst.dat
    2007-11-23 23:50 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and

    Settings\Administrateur\Voisinage r‚seau
    2007-11-23 23:50 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and

    Settings\Administrateur\Voisinage d'impression
    2007-11-23 23:50 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and

    Settings\Administrateur\ModŠles
    2007-11-23 23:50 . 2005-10-26 03:58 <REP> dr------- C:\Documents and Settings\Administrateur\Mes

    documents
    2007-11-23 23:50 . 2005-10-26 11:52 <REP> dr------- C:\Documents and Settings\Administrateur\Menu

    D‚marrer
    2007-11-23 23:50 . 2005-10-26 03:58 <REP> dr------- C:\Documents and

    Settings\Administrateur\Favoris
    2007-11-23 23:50 . 2007-12-09 20:27 <REP> d-------- C:\Documents and

    Settings\Administrateur\Bureau
    2007-11-23 23:50 . 2005-10-26 04:27 <REP> d-------- C:\Documents and

    Settings\Administrateur\Application Data\Symantec
    2007-11-23 23:50 . 2005-10-26 04:25 <REP> d-------- C:\Documents and

    Settings\Administrateur\Application Data\Apple Computer
    2007-11-23 19:46 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2007-11-23 19:46 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
    2007-11-23 19:45 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2007-11-23 19:45 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
    2007-11-23 19:45 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
    2007-11-23 19:45 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
    2007-11-23 19:45 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2007-11-23 19:45 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M

    ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-09 23:37 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-12-09 19:16 5,894 ----a-w C:\Documents and Settings\Leroy\Application Data\wklnhst.dat
    2007-12-07 23:46 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
    2007-12-07 23:46 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
    2007-12-06 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-12-06 12:29 --------- d-----w C:\Program Files\Symantec
    2007-12-06 12:28 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-12-03 18:23 --------- d-----w C:\Program Files\iPod
    2007-12-03 18:19 --------- d-----w C:\Program Files\QuickTime
    2007-12-03 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple

    Computer
    2007-12-01 02:04 --------- d-----w C:\Program Files\Windows Live Toolbar
    2007-11-28 14:17 --------- d-----w C:\Program Files\Java
    2007-11-27 21:56 --------- d-----w C:\Program Files\Google
    2007-11-27 18:55 --------- d-----w C:\Program Files\Norton Save and Restore
    2007-11-27 18:42 --------- d-----w C:\Program Files\Norton Internet Security
    2007-11-25 13:11 --------- d-----w C:\Program Files\Yahoo!
    2007-11-25 13:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-25 13:10 --------- d-----w C:\Program Files\HPQ
    2007-11-25 13:10 --------- d-----w C:\Program Files\Fichiers communs\AOL
    2007-11-25 10:51 --------- d-----w C:\Program Files\Easy Internet signup
    2007-11-24 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
    2007-11-07 13:28 68,248 ----a-w C:\Documents and Settings\Leroy\Application Data\GDIPFONTCACHEV1.DAT
    2007-11-07 00:45 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-11-06 03:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows

    Live Toolbar
    2007-11-06 03:03 --------- d-----w C:\Program Files\MSN Messenger
    2007-01-28 15:51 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2006-09-08 01:50 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2007-12-09_20.51.56.18 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-03-06 14:27:46 162,816 ----a-w C:\WINDOWS\erdnt\[u]0[/u]9-12-2007\ERDNT.EXE
    + 2007-12-09 22:00:05 6,225,920 ----a-w

    C:\WINDOWS\erdnt\[u]0[/u]9-12-2007\Users\[u]0[/u]0000001\ntuser.dat
    + 2007-12-09 22:00:05 147,456 ----a-w C:\WINDOWS\erdnt\[u]0[/u]9-12-2007\Users\[u]0[/u]0000002\UsrClass.dat
    + 2007-12-09 23:38:33 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_bc0.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg

    )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 09:00]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 20:05]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 21:50]
    "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04

    09:59]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-09-03 00:04]
    "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 15:17]
    "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 13:26]
    "Control Center"="C:\Program Files\WLAN Card Utilities\Center.exe" [2005-02-18 16:49]
    "WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2001-10-09 13:28]
    "Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2004-07-11 19:56]
    "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works

    Shared\WkUFind.exe" [2001-10-05 16:51]
    "Norton Save and Restore"="C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe" [2007-03-26 15:45]
    "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 18:22]
    "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
    "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec

    Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 14:42]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 09:00]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    C:\Program Files\Google\Google Talk\googletalk.exe /autostart

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2005-02-16 22:11 49152 --a------ C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2007-09-26 14:42 267064 --a------ C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
    2004-10-14 12:54 253952 --a------ c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
    2001-07-25 09:00 192568 --a------ C:\Program Files\Microsoft Money\System\Money Express.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
    2001-07-25 09:00 245810 --a------ C:\Program Files\Microsoft Money\System\Activation.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    C:\Program Files\MSN Messenger\msnmsgr.exe /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicasaNet]
    C:\Program Files\Hello\Hello.exe -b

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c943251-9d1f-11dc-8718-0

    014a577d395}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

    *Newly Created Service* - COMHOST
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-12-08 06:41:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-12-07 19:00:01 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - Korg.job"
    "2007-12-09 23:20:03 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
    -> C:\DOCUME~1\Leroy\LOCALS~1\Temp\qqgtjsrb.dll
    .
    **************************************************************************

    catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-10 00:38:07
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe??????????8????|?????? ???B?????????????hLC?

    ??????

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-12-10 0:43:56 - machine was rebooted
    C:\ComboFix2.txt ... 2007-12-09 20:57
    .
    --- E O F ---

    RAPPORT HIJACKTHIS

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:25:54, on 10/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\WLAN Card Utilities\Center.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
    C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HPQ\SHARED\HPQWMI.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Program Files\Microsoft Money\System\urlmap.exe
    C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    C:\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

    http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program

    Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers

    communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec

    Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

    Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

    Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers

    communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

    files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

    Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows

    Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft

    Money\System\mnyviewer.dll
    O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital

    Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program

    Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers

    communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live

    Toolbar\msntb.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [Control Center] C:\Program Files\WLAN Card Utilities\Center.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works

    Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Norton Save and Restore] "C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec

    Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers

    communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live

    Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://C:\Program

    Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program

    Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

    Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft

    Money\System\mnyviewer.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

    C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

    https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) -

    http://h30155.www3.hp.com/ediags/hpfix/aio/fr/check/qdiagh.cab?326
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device

    Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers

    communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers

    communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program

    Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec

    Shared\VAScanner\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

    Updater\GoogleUpdaterService.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program

    Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers

    communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program

    Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company

    - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program

    Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec

    Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and

    Restore\Agent\VProSvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program

    Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec

    Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers

    communs\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonjour

    petite précision avant de continuer

    leroy = Marxes ?

    edit : j'ai la réponse à ma question (MP), je regarderais plus tard tes rapports, n'ayant pas assez de tps devant moi pour l'instant.

    à plus tard
    0
  7. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    me revoilà
    J'ai fait l'analyse des dossiers que tu ma demandé sur VirusTotal, fidbox.dat et fidbox.idx mon amené vers
    une page blanche avec ce message: "0 bytes size received / Se ha recibido un archivo vacio"
    Etrange, la taille de fidbox.dat fait 21MO et Fidox.idx 254KO... 


    Etrange effectivement. Essaye ici
    https://virusscan.jotti.org/

    tu feras également analyser
    C:\Documents and Settings\Administrateur\Application Data\wklnhst.dat

    * télécharge ce tools et laisse toi guider.
    http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

    puis

    * Télécharge clean.zip de Malekal (merci Malekal).
    http://www.malekal.com/download/clean.zip
    * Dézippe-le sur le bureau.
    * Ouvre le dossier jaune nommé clean sur ton bureau.
    * Double-clique sur clean.cmd
    * Choisis l'option 1 et copie sur le bureau le rapport généré. Il doit normalement aussi se trouver là : c:\rapport_clean.txt
    * Clique sur Q pour quitter le programme.

    et

    * télécharge AVG Anti-Spyware (ewido)

    https://www.avg.com/en-ww/free-antivirus-download

    * tu l'installes

    * lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente

    puis

    redémarre en mode sans échec
    mode d'emploi :
    http://pageperso.aol.fr/loraline60/mode_sans_echec.htm

    Lance AVG Anti-Spyware

    Clique sur le bouton Analyse (de la barre d'outils)

    puis fait dans l'ordre stp. Tu sauvegardes le rapport APRES avoir mis les actions.

    Puis sur l'onglet Paramètres,
    sous : "Comment réagir "clique sur Actions recommandées. Sélectionne Quarantaine.

    Reviens à l'onglet Analyse. Clique sur Analyse complète du système.

    A la fin du scan, choisis l'option 3

    "Appliquer toutes les actions " en bas.

    Clique sur "Enregistrer le rapport".

    Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

    redémarre normalement

    et

    * lance hijackthis "do a system scan only" puis coche ces lignes :

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

    * toutes applications fermées et hors connexion, clique sur fix checked

    * reviens avec tous les rapports

    0
  8. Marxes Messages postés 38 Statut Membre
     
    Bonsoir philae,

    Voila les nouvelles, pour commencer, le fichier fidbox.dat et fidbox.idx me semble vraiment suspect et ce pour deux raisons, ces deux fichiers sont les deux seuls a etre en mode fichier cachée dans ce dossier, et le résultat de Virusscan.org me donne une page blanche avec ce résultat "The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file" Or j'ai essayer d'analyser d'autre fichier qui se trouvait dans le même répertoire et cela fonctionne sans probleme !
    cerise sur le gateau, le fichier wklnhst.dat me donne la meme page blanche, c'est grave docteur ?!

    Voila l'analyse de Clean :

    10/12/2007 a 18:02:20,96

    *** Recherche des fichiers dans C:

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32

    *** Recherche des fichiers dans C:\Program Files
    "C:\Program Files\Free Offers from Freeze.com" FOUND
    "C:\Program Files\Viewpoint\" FOUND

    Voici le rapport AVG Anti-spyware (Un trojan en dernière ligne!!!)

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 21:23:45 10/12/2007

    + Résultat de l'analyse:

    C:\Documents and Settings\PH\Cookies\Korg@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@americanexpress.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@planetout.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@112.2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@aoleusearch.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@clubmed.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@karavel.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@aavalue[2].txt -> TrackingCookie.Aavalue : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@eztracks.aavalue[2].txt -> TrackingCookie.Aavalue : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@rotator.its.adjuggler[1].txt -> TrackingCookie.Adjuggler : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
    :mozilla.31:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
    :mozilla.45:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@casalemedia[1].txt -> TrackingCookie.Casalemedia : Nettoyé.
    :mozilla.46:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@c.enhance[1].txt -> TrackingCookie.Enhance : Nettoyé.
    :mozilla.53:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé.
    :mozilla.122:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@ehg-citenumerique.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@ehg-fxcm.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@ehg-neuftelecom.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@searchportal.information[1].txt -> TrackingCookie.Information : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@vad.mainentrypoint[1].txt -> TrackingCookie.Mainentrypoint : Nettoyé.
    :mozilla.125:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@search.msn[1].txt -> TrackingCookie.Msn : Nettoyé.
    :mozilla.7:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
    :mozilla.40:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@data2.perf.overture[2].txt -> TrackingCookie.Overture : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@questionmarket[2].txt -> TrackingCookie.Questionmarket : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@revenue[1].txt -> TrackingCookie.Revenue : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@revsci[2].txt -> TrackingCookie.Revsci : Nettoyé.
    :mozilla.10:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.11:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.12:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.13:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.14:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.15:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.9:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@counter1.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé.
    :mozilla.27:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.28:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.29:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.30:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@tacoda[2].txt -> TrackingCookie.Tacoda : Nettoyé.
    :mozilla.132:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@web-stat[2].txt -> TrackingCookie.Web-stat : Nettoyé.
    :mozilla.126:C:\Documents and Settings\Leroy\Application Data\Mozilla\Firefox\Profiles\ywfz8mzh.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@yadro[1].txt -> TrackingCookie.Yadro : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
    C:\Documents and Settings\PH\Cookies\Korg@zedo[2].txt -> TrackingCookie.Zedo : Nettoyé.
    C:\qoobox\Quarantine\catchme2007-12-10_ 03733.45.zip/quxuobjf.dat -> Trojan.Agent.cid : Nettoyé.

    Fin du rapport

    Seulement voila, j'ai un petit probleme, après l'analyse d'AVG j'ai donc redemarrer... et maintenant je n'ai plus accès a rien...
    il n'arrive meme pas a lire un fichier txt, aucun programme ne s'ouvre...

    Une solution ?! restauration du registre ?!

    a plus tard.

    ps : Je peux faire un rapport Hijack en mode sans echec si tu veux, et continuer la procedure que tu m'as donné...
    ( je te contact en ce moment depuis un autre pc ...)
    0
  9. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonjour

    bien lu ton MP à l'instant. Tu n'as effectué que les dernières manips que je t'ai données ? à savoir Clean.zip et AVG ? c'est étrange, ce n'est pas ça qui aurait pu planter qq chose.

    Poste un rapport hijackthis en MSE pour l'instant.
    ps : Je peux faire un rapport Hijack en mode sans echec si tu veux, et continuer la procedure que tu m'as donné... 


    la dernière tu l'as faite non ?
    0
  10. Marxes Messages postés 38 Statut Membre
     
    Je vais faire une analyse avec Hijack en MSE je te l'envoie le plus rapidement possible...

    Merci.

    ps : J'ai suivi la procédure que tu m'as donné, rien d'autre.
    0
  11. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    ok on va voir ça.
    0
  12. Marxes Messages postés 38 Statut Membre
     
    Voila le rapport :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:26:39, on 11/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Safe mode

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Hijackthis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.search.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.search.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: Vue HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [Control Center] C:\Program Files\WLAN Card Utilities\Center.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Norton Save and Restore] "C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Pages liées - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/fr/check/qdiagh.cab?326
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Norton Save and Restore - Symantec Corporation - C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  13. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    oui tu peux les cocher, elles sont superflues, non infectieuses

    cela ne dit pas d'où provient ton problème. le reste du rapport est propre

    essaye de lancer combo, en MSE je ne sais pas ce que ça donne. poste le rapport si tu peux stp

    0
  14. Marxes Messages postés 38 Statut Membre
     
    Ok je viens de cocher les lignes dans Hijack, maintenant je fait le scan de combofix en MSE.
    On aura le résultat dans 5 / 10 minutes

    Ps : On a une solution alternative pour revenir a la configuration d'origine ?! (Erunt ?)
    0
  15. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    oui tu as la sauvegarde d'erunt que tu pourras utiliser pour voir ce que ça donne

    mais avant j'irai quand même glaner qq renseignements histoire de
    0
  16. Marxes Messages postés 38 Statut Membre
     
    Voila, le résultat combofix:

    ComboFix 07-12-08.1 - Leroy 2007-12-11 16:44:45.3 - NTFSx86 MINIMAL
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.222 [GMT 1:00]
    Running from: C:\Documents and Settings\Leroy\Bureau\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2007-11-11 to 2007-12-11 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-10 18:20 . 2007-12-10 18:20 <REP> d-------- C:\Documents and Settings\Leroy\Application Data\Grisoft
    2007-12-10 18:19 . 2007-12-10 18:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-12-10 18:19 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-12-10 18:03 . 2007-12-10 18:03 23,570,258 --a------ C:\upload_moi_B-DOG.tar.gz
    2007-12-10 00:08 . 2007-12-11 16:43 <REP> d-------- C:\Hijackthis
    2007-12-08 16:30 . 2007-12-08 16:33 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AVG7
    2007-12-08 13:51 . 2007-12-08 13:51 <REP> d-------- C:\VundoFix Backups
    2007-12-07 20:12 . 2007-12-07 20:12 <REP> d-------- C:\Program Files\Lavasoft
    2007-12-07 20:12 . 2007-12-07 20:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
    2007-12-06 13:34 . 2007-05-29 13:55 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
    2007-12-06 13:34 . 2007-05-29 13:55 10,592 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.cat
    2007-12-06 13:34 . 2007-05-29 13:55 705 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.inf
    2007-12-05 18:46 . 2007-12-05 18:46 <REP> d-------- C:\Program Files\The Weather Channel FW
    2007-12-05 11:48 . 2007-12-05 11:48 <REP> d-------- C:\Program Files\Alwil Software
    2007-12-04 21:40 . 2007-12-05 18:46 <REP> d-------- C:\Program Files\a-squared Free
    2007-12-03 19:23 . 2007-12-03 19:24 <REP> d-------- C:\Program Files\iTunes
    2007-12-03 19:16 . 2007-12-10 21:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2007-12-03 19:16 . 2007-12-03 19:16 1,409 --a------ C:\WINDOWS\QTFont.for
    2007-12-03 19:09 . 2007-12-03 19:09 <REP> d-------- C:\Program Files\Apple Software Update
    2007-12-02 18:36 . 2007-12-02 18:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
    2007-12-02 18:35 . 2007-06-21 21:54 75,248 --a------ C:\WINDOWS\zllsputility.exe
    2007-12-02 18:35 . 2007-06-21 21:55 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
    2007-12-02 18:35 . 2007-06-21 21:55 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
    2007-12-02 18:35 . 2007-06-21 21:55 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
    2007-12-02 18:35 . 2007-06-21 21:55 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
    2007-12-02 18:35 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
    2007-12-02 18:35 . 2007-12-02 18:40 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
    2007-12-02 18:34 . 2007-12-02 18:34 75,932 --a------ C:\WINDOWS\system32\drivers\klick.dat
    2007-12-02 18:34 . 2007-12-02 18:34 74,396 --a------ C:\WINDOWS\system32\drivers\klin.dat
    2007-12-02 18:33 . 2007-12-10 21:48 22,339,616 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
    2007-12-02 18:33 . 2007-12-10 18:30 262,820 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
    2007-12-02 18:33 . 2007-05-31 00:03 110,360 --a------ C:\WINDOWS\system32\drivers\kl1.sys
    2007-12-02 18:31 . 2007-12-02 20:01 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
    2007-12-02 18:31 . 2007-06-21 21:54 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
    2007-12-02 18:31 . 2007-12-10 21:57 58,727 --a------ C:\WINDOWS\system32\vsconfig.xml
    2007-12-02 18:28 . 2007-12-10 21:54 <REP> d-------- C:\WINDOWS\Internet Logs
    2007-12-02 15:56 . 2007-12-09 08:00 <REP> d-------- C:\Documents and Settings\Leroy\Application Data\AVG7
    2007-12-02 15:55 . 2007-12-02 15:55 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-12-02 15:54 . 2007-12-09 20:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2007-12-02 15:24 . 2007-12-02 15:24 <REP> d-------- C:\Program Files\ZNsoft Corporation
    2007-12-02 15:24 . 2004-10-06 12:08 606,208 --a------ C:\WINDOWS\system32\BtnPlus1.ocx
    2007-12-02 15:24 . 2004-10-06 12:24 471,040 --a------ C:\WINDOWS\system32\FraPlus1.ocx
    2007-12-02 15:24 . 2000-10-01 23:00 119,568 --a------ C:\WINDOWS\system32\VB6FR.DLL
    2007-12-02 15:24 . 1997-05-01 00:00 57,856 --a------ C:\WINDOWS\system32\DrvFacts.ocx
    2007-12-01 03:02 . 2007-12-01 03:02 <REP> d-------- C:\Program Files\Windows Live Favorites
    2007-11-30 23:57 . 2007-11-30 23:57 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
    2007-11-30 23:57 . 2007-11-30 23:57 279,088 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
    2007-11-30 23:57 . 2007-11-30 23:57 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
    2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspx.cat
    2007-11-30 23:57 . 2007-11-30 23:57 10,549 --a------ C:\WINDOWS\system32\drivers\srtspl.cat
    2007-11-30 23:57 . 2007-11-30 23:57 10,545 --a------ C:\WINDOWS\system32\drivers\srtsp.cat
    2007-11-30 23:57 . 2007-11-30 23:57 1,430 --a------ C:\WINDOWS\system32\drivers\srtspl.inf
    2007-11-30 23:57 . 2007-11-30 23:57 1,421 --a------ C:\WINDOWS\system32\drivers\srtspx.inf
    2007-11-30 23:57 . 2007-11-30 23:57 1,415 --a------ C:\WINDOWS\system32\drivers\srtsp.inf
    2007-11-29 16:29 . 2007-11-29 16:29 <REP> d-------- C:\WINDOWS\Applian FLV Player
    2007-11-29 16:29 . 2007-11-29 16:29 <REP> d-------- C:\Program Files\FLV Player
    2007-11-28 00:50 . 2007-12-08 14:59 <REP> d-------- C:\Program Files\eMule
    2007-11-27 19:33 . 2007-01-12 23:50 215,144 --a------ C:\WINDOWS\pw32a0.dll
    2007-11-27 19:30 . 2007-12-06 13:28 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
    2007-11-27 19:30 . 2007-12-06 13:28 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
    2007-11-26 11:56 . 2007-11-26 11:56 335 --a------ C:\WINDOWS\mozregistry.dat
    2007-11-25 19:06 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\Korg\Voisinage réseau
    2007-11-25 19:06 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\Korg\Voisinage d'impression
    2007-11-25 19:06 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\Korg\Modèles
    2007-11-25 19:06 . 2007-11-25 19:07 <REP> dr-h----- C:\Documents and Settings\Korg\Mes documents
    2007-11-25 19:06 . 2005-10-26 11:52 <REP> dr-h----- C:\Documents and Settings\Korg\Menu Démarrer
    2007-11-25 19:06 . 2007-11-25 19:07 <REP> dr-h----- C:\Documents and Settings\Korg\Favoris
    2007-11-25 19:06 . 2007-12-09 20:27 <REP> d--h----- C:\Documents and Settings\Korg\Bureau
    2007-11-25 16:15 . 2007-11-25 16:15 1,156 --a------ C:\WINDOWS\mozver.dat
    2007-11-25 14:49 . 2007-11-25 14:49 <REP> d-------- C:\Program Files\Lavalys
    2007-11-25 03:16 . 2007-11-25 03:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2007-11-25 01:55 . 2007-11-25 01:56 <REP> d-------- C:\WINDOWS\system32\NtmsData
    2007-11-25 00:52 . 2007-11-25 00:52 2 --a------ C:\WINDOWS\msoffice.ini
    2007-11-25 00:27 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\PH2\Voisinage réseau
    2007-11-25 00:27 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\PH2\Voisinage d'impression
    2007-11-25 00:27 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\PH2\Modèles
    2007-11-25 00:27 . 2007-11-25 00:34 <REP> dr------- C:\Documents and Settings\PH2\Mes documents
    2007-11-25 00:27 . 2005-10-26 11:52 <REP> dr------- C:\Documents and Settings\PH2\Menu Démarrer
    2007-11-25 00:27 . 2007-11-25 00:28 <REP> dr------- C:\Documents and Settings\PH2\Favoris
    2007-11-25 00:27 . 2007-11-25 00:27 <REP> d-------- C:\Documents and Settings\PH2\Bureau
    2007-11-24 22:45 . 2007-11-24 22:45 <REP> d-------- C:\Program Files\Windows Resource Kits
    2007-11-24 00:01 . 2007-11-24 00:01 0 --a------ C:\Documents and Settings\Administrateur\Application Data\wklnhst.dat
    2007-11-23 23:50 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
    2007-11-23 23:50 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2007-11-23 23:50 . 2005-10-26 11:52 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
    2007-11-23 23:50 . 2005-10-26 03:58 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
    2007-11-23 23:50 . 2005-10-26 11:52 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
    2007-11-23 23:50 . 2005-10-26 03:58 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
    2007-11-23 23:50 . 2007-12-09 20:27 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2007-11-23 23:50 . 2005-10-26 04:27 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
    2007-11-23 23:50 . 2005-10-26 04:25 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Apple Computer
    2007-11-23 19:46 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2007-11-23 19:46 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
    2007-11-23 19:45 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2007-11-23 19:45 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\dllcache\hidserv.dll
    2007-11-23 19:45 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
    2007-11-23 19:45 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
    2007-11-23 19:45 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2007-11-23 19:45 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-10 20:48 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-12-09 19:16 5,894 ----a-w C:\Documents and Settings\Leroy\Application Data\wklnhst.dat
    2007-12-06 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2007-12-06 12:29 --------- d-----w C:\Program Files\Symantec
    2007-12-06 12:28 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
    2007-12-06 12:28 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-12-03 18:23 --------- d-----w C:\Program Files\iPod
    2007-12-03 18:19 --------- d-----w C:\Program Files\QuickTime
    2007-12-03 18:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
    2007-12-01 02:04 --------- d-----w C:\Program Files\Windows Live Toolbar
    2007-11-28 14:17 --------- d-----w C:\Program Files\Java
    2007-11-27 21:56 --------- d-----w C:\Program Files\Google
    2007-11-27 18:55 --------- d-----w C:\Program Files\Norton Save and Restore
    2007-11-27 18:42 --------- d-----w C:\Program Files\Norton Internet Security
    2007-11-25 13:11 --------- d-----w C:\Program Files\Yahoo!
    2007-11-25 13:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-25 13:10 --------- d-----w C:\Program Files\HPQ
    2007-11-25 13:10 --------- d-----w C:\Program Files\Fichiers communs\AOL
    2007-11-25 10:51 --------- d-----w C:\Program Files\Easy Internet signup
    2007-11-24 23:53 --------- d-----w C:\Documents and Settings\Invité\Application Data\AOL
    2007-11-24 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
    2007-11-07 13:28 68,248 ----a-w C:\Documents and Settings\Leroy\Application Data\GDIPFONTCACHEV1.DAT
    2007-11-07 00:45 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
    2007-11-06 03:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
    2007-11-06 03:03 --------- d-----w C:\Program Files\MSN Messenger
    2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
    2007-09-14 12:28 55,560 ----a-w C:\WINDOWS\system32\adssite-remove.exe
    2007-01-28 15:51 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2006-12-28 17:36 424 ----a-w C:\Documents and Settings\Invité\Application Data\wklnhst.dat
    2006-09-08 01:50 774,144 ----a-w C:\Program Files\RngInterstitial.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2007-12-09_20.51.56.18 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2005-03-06 14:27:46 162,816 ----a-w C:\WINDOWS\erdnt\[u]0[/u]9-12-2007\ERDNT.EXE
    + 2007-12-09 22:00:05 6,225,920 ----a-w C:\WINDOWS\erdnt\[u]0[/u]9-12-2007\Users\[u]0[/u]0000001\ntuser.dat
    + 2007-12-09 22:00:05 147,456 ----a-w C:\WINDOWS\erdnt\[u]0[/u]9-12-2007\Users\[u]0[/u]0000002\UsrClass.dat
    + 2005-03-06 14:27:46 162,816 ----a-w C:\WINDOWS\erdnt\10-12-2007\ERDNT.EXE
    + 2007-12-10 16:22:52 7,286,784 ----a-w C:\WINDOWS\erdnt\10-12-2007\Users\[u]0[/u]0000001\ntuser.dat
    + 2007-12-10 16:22:52 147,456 ----a-w C:\WINDOWS\erdnt\10-12-2007\Users\[u]0[/u]0000002\UsrClass.dat
    + 2005-03-06 14:27:46 162,816 ----a-w C:\WINDOWS\erdnt\AutoBackup\10-12-2007\ERDNT.EXE
    + 2007-12-10 00:19:30 7,286,784 ----a-w C:\WINDOWS\erdnt\AutoBackup\10-12-2007\Users\[u]0[/u]0000001\ntuser.dat
    + 2007-12-10 00:19:34 147,456 ----a-w C:\WINDOWS\erdnt\AutoBackup\10-12-2007\Users\[u]0[/u]0000002\UsrClass.dat
    + 2005-03-06 14:27:46 162,816 ----a-w C:\WINDOWS\erdnt\AutoBackup\2007-12-10\ERDNT.EXE
    + 2007-12-09 23:44:35 6,230,016 ----a-w C:\WINDOWS\erdnt\AutoBackup\2007-12-10\Users\[u]0[/u]0000001\ntuser.dat
    + 2007-12-09 23:44:39 147,456 ----a-w C:\WINDOWS\erdnt\AutoBackup\2007-12-10\Users\[u]0[/u]0000002\UsrClass.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-27 20:05]
    "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 21:50]
    "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 09:59]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-09-03 00:04]
    "eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-10-11 15:17]
    "Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2005-08-01 13:26]
    "Control Center"="C:\Program Files\WLAN Card Utilities\Center.exe" [2005-02-18 16:49]
    "WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2001-10-09 13:28]
    "Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2004-07-11 19:56]
    "Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2001-10-05 16:51]
    "Norton Save and Restore"="C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe" [2007-03-26 15:45]
    "osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-05 18:22]
    "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-06-21 21:54]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []

    C:\Documents and Settings\Rob\Menu D‚marrer\Programmes\D‚marrage\
    ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [2005-03-06 15:26:48]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe [2004-11-04 18:28:24]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoSMBalloonTip"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    C:\Program Files\Google\Google Talk\googletalk.exe /autostart

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2005-02-16 22:11 49152 --a------ C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2007-09-26 14:42 267064 --a------ C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
    2004-10-14 12:54 253952 --a------ c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyAgent]
    2001-07-25 09:00 192568 --a------ C:\Program Files\Microsoft Money\System\Money Express.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
    2001-07-25 09:00 245810 --a------ C:\Program Files\Microsoft Money\System\Activation.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    C:\Program Files\MSN Messenger\msnmsgr.exe /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PicasaNet]
    C:\Program Files\Hello\Hello.exe -b

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
    C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet

    S0 wynohuqt;wynohuqt;C:\WINDOWS\system32\drivers\ylfiqyhy.dat
    S1 V2IMount;V2IMount;C:\WINDOWS\system32\drivers\V2IMount.sys
    S2 Norton Save and Restore;Norton Save and Restore;C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
    S2 Planificateur LiveUpdate automatique;Planificateur LiveUpdate automatique;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
    S3 ASNDIS5;ASNDIS5 Protocol Driver;\??\C:\PROGRA~1\WLANCA~1\ASNDIS5.SYS
    S3 HSFHWATI;HSFHWATI;C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
    S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c943251-9d1f-11dc-8718-0014a577d395}]
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

    *Newly Created Service* - COMHOST
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-12-08 06:41:15 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2007-12-07 19:00:01 C:\WINDOWS\Tasks\Norton Internet Security - Analyse système complète - Korg.job"
    - C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/TASK:
    "2007-12-10 17:20:26 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
    - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
    .
    **************************************************************************

    catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-11 16:49:51
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????0?0?9?0??????? ???B?????????????hLC? ??????

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-12-11 16:51:27
    C:\ComboFix2.txt ... 2007-12-10 00:45
    C:\ComboFix3.txt ... 2007-12-09 20:57
    .
    --- E O F ---

    Ps : Conclusion ?
    0
  17. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    toujours pas bon combo de toutes facons.
    peux tu mettre sur ton pc SRENG
    et me poster le rapport stp

    Télécharge SREng (par Smallfrogs) de ce lien:
    http://www.kztechs.com/eng/download.html
    Extrais tout son contenu sur ton Bureau
    Du dossier sreng2 qui se trouve maintenant sur ton Bureau, double clique sur SREng.exe afin de lancer l'outil
    Clique sur Smart Scan
    Ensuite, clique sur le bouton [Scan]

    Lorsque complété, clique sur le bouton [Save Reports]
    Sauvegarde le rapport sur ton Bureau
    Copie/colle le contenu du fichier SREnglLOG.log dans ta prochaine réponse, s'il te plaît.

    0
  18. Marxes Messages postés 38 Statut Membre
     
    Voila le rapport SReng :

    [CODE]

    2007-12-11,18:05:28

    System Repair Engineer 2.5.16.900
    Smallfrogs (http://www.KZTechs.com)

    Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

    Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File
    Process Privileges Scan

    Boot Items
    Registry
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <ATIPTA><"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"> [ATI Technologies, Inc.]
    <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <hpWirelessAssistant><C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe> [Hewlett-Packard Company]
    <ccApp><"C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"> [(Verified)Symantec Corporation]
    <eabconfg.cpl><C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start> [Hewlett-Packard ]
    <Cpqset><C:\Program Files\HPQ\Default Settings\cpqset.exe> []
    <Control Center><C:\Program Files\WLAN Card Utilities\Center.exe> []
    <WorksFUD><C:\Program Files\Microsoft Works\wkfud.exe> [Microsoft® Corporation]
    <Microsoft Works Portfolio><C:\Program Files\Microsoft Works\WksSb.exe /AllUsers> [Microsoft® Corporation]
    <Microsoft Works Update Detection><C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe> [Microsoft® Corporation]
    <Norton Save and Restore><"C:\Program Files\Norton Save and Restore\Agent\NSRTray.exe"> [(Verified)Symantec Corporation]
    <osCheck><"C:\Program Files\Norton Internet Security\osCheck.exe"> [(Verified)Symantec Corporation]
    <Symantec PIF AlertEng><"C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"> [N/A]
    <ZoneAlarm Client><"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"> [(Verified)Check Point Software Technologies Ltd.]
    <SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
    <!AVG Anti-Spyware><"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [(Verified)GRISOFT LTD]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><> [N/A]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [(Verified)GRISOFT LTD]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><C:\WINDOWS\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Publisher]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows XP Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{8E78C26E-2138-4383-9317-8B8616E2B98E}]
    <Personnalisation du navigateur><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Mise à jour du Bureau Windows><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <googletalk><; "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart> [Google]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <HP Software Update><; C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe> [Hewlett-Packard Co.]
    <iTunesHelper><; "C:\Program Files\iTunes\iTunesHelper.exe"> [(Verified)"Apple Computer, Inc."]
    <LSBWatcher><; c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe> [Hewlett-Packard Company]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <MoneyAgent><; "C:\Program Files\Microsoft Money\System\Money Express.exe"> [Microsoft Corporation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <MoneyStartUp10.0><; "C:\Program Files\Microsoft Money\System\Activation.exe"> [Microsoft Corporation]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <msnmsgr><; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <PicasaNet><; "C:\Program Files\Hello\Hello.exe" -b> [N/A]
    <QuickTime Task><; "C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.]
    <RealTray><; C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER> [N/A]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Yahoo! Pager><; "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet> [(Verified)Yahoo! Inc.]

    ==================================
    Startup Folders
    [HP Digital Imaging Monitor]
    <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk --> C:\PROGRA~1\Hp\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]><N>
    [ERUNT AutoBackup]
    <C:\Documents and Settings\Leroy\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk --> C:\PROGRA~1\ERUNT\AUTOBACK.EXE [N/A]><N>

    ==================================
    Services
    [Apple Mobile Device / Apple Mobile Device][Stopped/Auto Start]
    <"C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple, Inc.>
    [Gestion d'applications / AppMgmt][Stopped/Manual Start]
    <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
    [Service d'état ASP.NET / aspnet_state][Stopped/Manual Start]
    <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
    [Ati HotKey Poller / Ati HotKey Poller][Stopped/Auto Start]
    <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
    [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
    <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.>
    [Symantec Event Manager / ccEvtMgr][Stopped/Auto Start]
    <"C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon><Symantec Corporation>
    [Symantec Settings Manager / ccSetMgr][Stopped/Auto Start]
    <"C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon><Symantec Corporation>
    [Symantec Lic NetConnect service / CLTNetCnService][Stopped/Auto Start]
    <"C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon><Symantec Corporation>
    [COM Host / comHost][Stopped/Manual Start]
    <"C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe"><Symantec Corporation>
    [Google Updater Service / gusvc][Stopped/Manual Start]
    <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
    [HP WMI Interface / hpqwmi][Stopped/Manual Start]
    <C:\Program Files\HPQ\SHARED\HPQWMI.exe><Hewlett-Packard Development Company, L.P.>
    [InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
    <"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
    [Service de l'iPod / iPod Service][Stopped/Manual Start]
    <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
    [Validation de mot de passe Symantec IS / ISPwdSvc][Stopped/Manual Start]
    <"C:\Program Files\Norton Internet Security\isPwdSvc.exe"><Symantec Corporation>
    [LightScribeService Direct Disc Labeling Service / LightScribeService][Stopped/Auto Start]
    <"C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"><Hewlett-Packard Company>
    [LiveUpdate / LiveUpdate][Stopped/Manual Start]
    <"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"><Symantec Corporation>
    [LiveUpdate Notice Service Ex / LiveUpdate Notice Ex][Stopped/Auto Start]
    <"C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon><Symantec Corporation>
    [LiveUpdate Notice Service / LiveUpdate Notice Service][Stopped/Auto Start]
    <"C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"><Symantec Corporation>
    [Norton Save and Restore / Norton Save and Restore][Stopped/Auto Start]
    <C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe><Symantec Corporation>
    [Norton Protection Center Service / NSCService][Stopped/Disabled]
    <"C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE"><Symantec Corporation>
    [Planificateur LiveUpdate automatique / Planificateur LiveUpdate automatique][Stopped/Auto Start]
    <"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"><Symantec Corporation>
    [Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Manual Start]
    <C:\WINDOWS\system32\HPZipm12.exe><HP>
    [Symantec Core LC / Symantec Core LC][Stopped/Auto Start]
    <"C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe"><>
    [Symantec AppCore Service / SymAppCore][Stopped/Auto Start]
    <"C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe"><Symantec Corporation>
    [TrueVector Internet Monitor / vsmon][Stopped/Auto Start]
    <C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service><Zone Labs, LLC>

    ==================================
    Drivers
    [AliIde / AliIde][Running/Boot Start]
    <\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
    [Pilote de processeur AMD / AmdK8][Stopped/System Start]
    <system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
    [ASNDIS5 Protocol Driver / ASNDIS5][Stopped/Manual Start]
    <\??\C:\PROGRA~1\WLANCA~1\ASNDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
    [ati2mtag / ati2mtag][Stopped/Manual Start]
    <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
    [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Stopped/System Start]
    <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
    [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
    <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
    [Pilote pour carte réseau Broadcom 802.11 / BCM43XX][Stopped/Manual Start]
    <system32\DRIVERS\bcmwl5.sys><Broadcom Corporation>
    [Conexant AMC Audio / CAMCAUD][Stopped/Manual Start]
    <system32\drivers\camc6aud.sys><Conexant Systems Inc.>
    [CAMCHALA / CAMCHALA][Stopped/Manual Start]
    <system32\drivers\camc6hal.sys><Conexant Systems Inc.>
    [catchme / catchme][Running/Manual Start]
    <\??\C:\DOCUME~1\Rob\LOCALS~1\Temp\catchme.sys><N/A>
    [eabfiltr / eabfiltr][Stopped/System Start]
    <\??\C:\WINDOWS\system32\drivers\EABFiltr.sys><Hewlett-Packard Development Company, L.P.>
    [eabusb / eabusb][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\drivers\eabusb.sys><Hewlett-Packard Development Company, L.P.>
    [Symantec Eraser Control driver / eeCtrl][Stopped/System Start]
    <\??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
    [EraserUtilRebootDrv / EraserUtilRebootDrv][Stopped/Manual Start]
    <\??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys><Symantec Corporation>
    [GEARAspiWDM / GEARAspiWDM][Running/Manual Start]
    <SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
    [IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]
    <system32\DRIVERS\HPZid412.sys><HP>
    [Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]
    <system32\DRIVERS\HPZipr12.sys><HP>
    [USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]
    <system32\DRIVERS\HPZius12.sys><HP>
    [HSFHWATI / HSFHWATI][Stopped/Manual Start]
    <system32\DRIVERS\HSFHWATI.sys><Conexant Systems, Inc.>
    [HSF_DP / HSF_DP][Stopped/Manual Start]
    <system32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
    [kl1 / kl1][Stopped/Boot Start]
    <\SystemRoot\system32\DRIVERS\kl1.sys><Kaspersky Lab>
    [KLIF / KLIF][Stopped/System Start]
    <system32\DRIVERS\klif.sys><Kaspersky Lab>
    [AEGIS Protocol (IEEE 802.1x) v2.3.1.9 / MDC8021X][Stopped/Auto Start]
    <system32\DRIVERS\mdc8021x.sys><Meetinghouse Data Communications>
    [mdmxsdk / mdmxsdk][Stopped/Auto Start]
    <system32\DRIVERS\mdmxsdk.sys><Conexant>
    [NAVENG / NAVENG][Stopped/Manual Start]
    <\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20071129.006\NAVENG.SYS><Symantec Corporation>
    [NAVEX15 / NAVEX15][Stopped/Manual Start]
    <\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20071129.006\NAVEX15.SYS><Symantec Corporation>
    [PCAMPR5 NDIS Protocol Driver / PCAMPR5][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\PCAMPR5.SYS><N/A>
    [PCANDIS5 NDIS Protocol Driver / PCANDIS5][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
    [PCASp50 NDIS Protocol Driver / PCASp50][Stopped/Manual Start]
    <System32\Drivers\PCASp50.sys><Printing Communications Assoc., Inc. (PCAUSA)>
    [Pilote de liaison parallèle directe / Ptilink][Stopped/Manual Start]
    <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
    [PxHelp20 / PxHelp20][Running/Boot Start]
    <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
    [ASUS USB Wireless LAN Driver / RT2500USB][Stopped/Manual Start]
    <system32\DRIVERS\rt2500usb.sys><Ralink Technology Inc.>
    [Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Stopped/Manual Start]
    <system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
    [Secdrv / Secdrv][Stopped/Manual Start]
    <system32\DRIVERS\secdrv.sys><N/A>
    [Pilote de périphérique SMC IrCC Miniport / SMCIRDA][Stopped/Manual Start]
    <system32\DRIVERS\smcirda.sys><SMC>
    [SPBBCDrv / SPBBCDrv][Stopped/System Start]
    <\??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
    [srescan / srescan][Stopped/Boot Start]
    <\SystemRoot\system32\ZoneLabs\srescan.sys><Zone Labs, LLC>
    [SRTSP / SRTSP][Stopped/System Start]
    <System32\Drivers\SRTSP.SYS><Symantec Corporation>
    [SRTSPL / SRTSPL][Stopped/Manual Start]
    <System32\Drivers\SRTSPL.SYS><Symantec Corporation>
    [SRTSPX / SRTSPX][Stopped/System Start]
    <System32\Drivers\SRTSPX.SYS><Symantec Corporation>
    [SYMDNS / SYMDNS][Stopped/Manual Start]
    <\SystemRoot\System32\Drivers\SYMDNS.SYS><Symantec Corporation>
    [SymEvent / SymEvent][Stopped/Manual Start]
    <\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS><Symantec Corporation>
    [SYMFW / SYMFW][Stopped/Manual Start]
    <\SystemRoot\System32\Drivers\SYMFW.SYS><Symantec Corporation>
    [SYMIDS / SYMIDS][Stopped/Manual Start]
    <\SystemRoot\System32\Drivers\SYMIDS.SYS><Symantec Corporation>
    [SYMIDSCO / SYMIDSCO][Stopped/Manual Start]
    <\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20061025.029\SymIDSCo.sys><Symantec Corporation>
    [symlcbrd / symlcbrd][Stopped/Auto Start]
    <\??\C:\WINDOWS\system32\drivers\symlcbrd.sys><Symantec Corporation>
    [SYMNDIS / SYMNDIS][Stopped/Manual Start]
    <\SystemRoot\System32\Drivers\SYMNDIS.SYS><Symantec Corporation>
    [SYMREDRV / SYMREDRV][Stopped/Manual Start]
    <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
    [SYMTDI / SYMTDI][Stopped/System Start]
    <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
    [Synaptics TouchPad Driver / SynTP][Running/Manual Start]
    <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
    [ViaIde / ViaIde][Running/Boot Start]
    <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
    [vsdatant / vsdatant][Stopped/System Start]
    <System32\vsdatant.sys><Zone Labs, LLC>
    [WAN Miniport (ATW) / wanatw][Stopped/Manual Start]
    <system32\DRIVERS\wanatw4.sys><N/A>
    [winachsf / winachsf][Stopped/Manual Start]
    <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
    [wynohuqt / wynohuqt][Stopped/Boot Start]
    <\SystemRoot\system32\drivers\ylfiqyhy.dat><N/A>

    ==================================
    Browser Add-ons
    [Yahoo! Toolbar Helper]
    {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll, Yahoo! Inc.>
    [Adobe PDF Reader Link Helper]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
    []
    {1E8A6170-7264-4D0F-BEAE-D42A53123C75} <C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll, Symantec Corporation>
    [Yahoo! IE Services Button]
    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <C:\Program Files\Yahoo!\Common\yiesrvc.dll, Yahoo! Inc.>
    [SSVHelper Class]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
    [Windows Live Sign-in Helper]
    {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
    [Google Toolbar Helper]
    {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
    [Google Toolbar Notifier BHO]
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
    [Windows Live Toolbar Helper]
    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
    []
    {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} <C:\Program Files\Microsoft Money\System\mnyviewer.dll, Microsoft Corporation>
    [Java Plug-in 1.6.0_03]
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
    [Yahoo! IE Services Button]
    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <C:\Program Files\Yahoo!\Common\yiesrvc.dll, Yahoo! Inc.>
    [Real.com]
    {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} <C:\WINDOWS\system32\Shdocvw.dll, Microsoft Corporation>
    []
    {E023F504-0C5A-4750-A1E7-A9046DEA8A21} <C:\Program Files\Microsoft Money\System\mnyviewer.dll, Microsoft Corporation>
    []
    {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
    [Messenger]
    {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
    [Vue HP]
    {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} <C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll, Hewlett-Packard Company>
    [Java Plug-in 1.6.0_03]
    {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
    [Java Plug-in 1.6.0_01]
    {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
    [Java Plug-in 1.6.0_03]
    {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
    [Java Plug-in 1.6.0_03]
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll, Sun Microsystems, Inc.>
    [Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
    [QDiagHUpdateObj Class]
    {EB387D2F-E27B-4D36-979E-847D1036C65D} <C:\WINDOWS\system32\qdiagh.ocx, Gteko Ltd.>
    [Google Script Object]
    {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar1.dll, Google Inc.>
    [Yahoo! Toolbar Helper]
    {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll, Yahoo! Inc.>
    [Adobe PDF Reader Link Helper]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
    [Shockwave ActiveX Control]
    {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\Macromed\Director\SwDir.dll, Macromedia, Inc.>
    []
    {1E8A6170-7264-4D0F-BEAE-D42A53123C75} <C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll, Symantec Corporation>
    [Windows Media Player]
    {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
    [&Google]
    {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
    [XML DOM Document]
    {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\MSXML3.DLL, N/A>
    [HtmlDlgSafeHelper Class]
    {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
    [IETag Factory]
    {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
    [XML Document]
    {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\MSXML3.DLL, N/A>
    [Yahoo! IE Services Button]
    {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} <C:\Program Files\Yahoo!\Common\yiesrvc.dll, Yahoo! Inc.>
    [Windows Media Player]
    {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [SSVHelper Class]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
    [Microsoft Web Browser]
    {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
    [Afficher Norton Toolbar]
    {90222687-F593-4738-B738-FBEE9C7B26DF} <C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll, Symantec Corporation>
    [Windows Live Sign-in Helper]
    {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
    [Google Toolbar Helper]
    {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
    [Google Toolbar Notifier BHO]
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll, Google Inc.>
    [Vue HP]
    {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} <C:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll, Hewlett-Packard Company>
    [Windows Live Toolbar]
    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
    [Windows Live Toolbar Helper]
    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
    [VIDEO__X_MS_WMV Moniker Class]
    {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [RealPlayer G2 Control]
    {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks>
    [Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
    [Yahoo! VersionInfo]
    {D5184A39-CBDF-4A4F-AC1A-7A45A852C883} <C:\Program Files\Yahoo!\Common\YVerInfo.dll, Yahoo! Inc.>
    [iTunesDetector Class]
    {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} <C:\Program Files\iTunes\ITDetector.ocx, Apple Computer, Inc.>
    [MessengerChecker Class]
    {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} <C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, Yahoo! Inc.>
    [QuickTimeCheck Class]
    {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, Apple Inc.>
    [Messenger Class]
    {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <, N/A>
    [XML HTTP Request]
    {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\MSXML3.DLL, N/A>
    [Yahoo! Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll, Yahoo! Inc.>
    [XML DOM Document 3.0]
    {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\MSXML3.DLL, N/A>
    [XML HTTP 3.0]
    {F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\MSXML3.DLL, N/A>
    [XML HTTP]
    {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\MSXML3.DLL, N/A>
    []
    {FDD3B846-8D59-4FFB-8758-209B6AD74ACC} <C:\Program Files\Microsoft Money\System\mnyviewer.dll, Microsoft Corporation>
    [&Google Search]
    <res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html, N/A>
    [&Windows Live Search]
    <res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm, N/A>
    [Add to Windows &Live Favorites]
    <https://onedrive.live.com/?id=favorites N/A>
    [Pages liées]
    <res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html, N/A>
    [Pages similaires]
    <res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html, N/A>
    [Version de la page actuelle disponible dans le cache Google]
    <res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html, N/A>

    ==================================
    Running Processes
    [PID: 120][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 168][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\CSRSRV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\basesrv.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\winsrv.dll] [Microsoft Corporation, 5.1.2600.3103 (xpsp_sp2_gdr.070316-1309)]
    [C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\KERNEL32.dll] [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\sxs.dll] [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
    [C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.3173 (xpsp_sp2_qfe.070709-0052)]
    [PID: 192][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.3173 (xpsp_sp2_qfe.070709-0052)]
    [C:\WINDOWS\system32\AUTHZ.dll] [Microsoft Corporation, 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)]
    [C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NDdeApi.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\PROFMAP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
    [C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\PSAPI.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\REGAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WINTRUST.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MSGINA.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.2995 (xpsp.060913-0019)]
    [C:\WINDOWS\system32\COMCTL32.dll] [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\ODBC32.dll] [Microsoft Corporation, 3.525.1117.0 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\comdlg32.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\odbcint.dll] [Microsoft Corporation, 3.525.1117.0 built by: (_sqlbld)]
    [C:\WINDOWS\system32\SHSVCS.dll] [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
    [C:\WINDOWS\system32\sfc.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\Apphelp.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msctfime.ime] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4121]
    [C:\WINDOWS\system32\rsaenh.dll] [Microsoft Corporation, 5.1.2600.2161 (xpsp.040706-1629)]
    [C:\WINDOWS\system32\cscdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WlNotify.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WinSCard.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WTSAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WINSPOOL.DRV] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MPR.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5]
    [C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\NTMARTA.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.308]
    [C:\WINDOWS\system32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.258]
    [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\cscui.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msv1_0.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)]
    [PID: 236][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.3173 (xpsp_sp2_qfe.070709-0052)]
    [C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SCESRV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\AUTHZ.dll] [Microsoft Corporation, 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)]
    [C:\WINDOWS\system32\umpnpmgr.dll] [Microsoft Corporation, 5.1.2600.2744 (xpsp_sp2_gdr.050822-1647)]
    [C:\WINDOWS\system32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
    [C:\WINDOWS\system32\NCObjAPI.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0]
    [C:\WINDOWS\system32\ShimEng.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
    [C:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\secur32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Apphelp.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\eventlog.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\PSAPI.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wtsapi32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 248][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.3173 (xpsp_sp2_qfe.070709-0052)]
    [C:\WINDOWS\system32\LSASRV.dll] [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
    [C:\WINDOWS\system32\MPR.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
    [C:\WINDOWS\system32\NTDSAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
    [C:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SAMSRV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\cryptdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ShimEng.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcGenral.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\MSACM32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.2995 (xpsp.060913-0019)]
    [C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\msprivs.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kerberos.dll] [Microsoft Corporation, 5.1.2600.2698 (xpsp_sp2_gdr.050614-1522)]
    [C:\WINDOWS\system32\msv1_0.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)]
    [C:\WINDOWS\system32\netlogon.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\w32time.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0]
    [C:\WINDOWS\system32\schannel.dll] [Microsoft Corporation, 5.1.2600.3126 (xpsp_sp2_gdr.070425-0226)]
    [C:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wdigest.dll] [Microsoft Corporation, 5.1.2600.2874 (xpsp_sp2_gdr.060323-1516)]
    [C:\WINDOWS\system32\rsaenh.dll] [Microsoft Corporation, 5.1.2600.2161 (xpsp.040706-1629)]
    [C:\WINDOWS\system32\scecli.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dssenh.dll] [Microsoft Corporation, 5.1.2600.2133 (xpsp.040514-1639)]
    [PID: 396][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.3173 (xpsp_sp2_qfe.070709-0052)]
    [C:\WINDOWS\system32\ShimEng.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcGenral.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\MSACM32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.2995 (xpsp.060913-0019)]
    [C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\NTMARTA.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\rpcss.dll] [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [c:\windows\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.308]
    [C:\WINDOWS\system32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.258]
    [C:\WINDOWS\system32\WTSAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
    [C:\WINDOWS\system32\msv1_0.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)]
    [C:\WINDOWS\system32\Apphelp.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 464][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.3173 (xpsp_sp2_qfe.070709-0052)]
    [C:\WINDOWS\system32\ShimEng.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcGenral.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\MSACM32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.2995 (xpsp.060913-0019)]
    [C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [c:\windows\system32\rpcss.dll] [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [c:\windows\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rsaenh.dll] [Microsoft Corporation, 5.1.2600.2161 (xpsp.040706-1629)]
    [C:\WINDOWS\system32\mswsock.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\hnetcfg.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\wshtcpip.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
    [C:\WINDOWS\system32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)]
    [C:\WINDOWS\System32\winrnr.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rasadhlp.dll] [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
    [C:\WINDOWS\system32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.308]
    [C:\WINDOWS\system32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.258]
    [PID: 540][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe] [GRISOFT s.r.o., 7, 5, 1, 22]
    [C:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [GRISOFT s.r.o., 4, 2, 0, 19]
    [C:\WINDOWS\system32\SHFOLDER.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.3173 (xpsp_sp2_qfe.070709-0052)]
    [C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.2995 (xpsp.060913-0019)]
    [C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\PSAPI.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)]
    [C:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\NTMARTA.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 572][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.3173 (xpsp_sp2_qfe.070709-0052)]
    [C:\WINDOWS\system32\ShimEng.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcGenral.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\MSACM32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.2995 (xpsp.060913-0019)]
    [C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\NTMARTA.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\cryptsvc.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WINTRUST.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\certcli.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\ATL.DLL] [Microsoft Corporation, 3.05.2284]
    [c:\windows\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
    [C:\WINDOWS\system32\CRYPTUI.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [c:\windows\system32\ESENT.dll] [Microsoft Corporation, 5.1.2468.0 (Lab03_N(jliem).010306-1456)]
    [c:\windows\system32\wbem\wmisvc.dll]
    0
  19. Marxes Messages postés 38 Statut Membre
     
    oups. Message trop grand. Le Rapport a été coupé en deux, je t'envoie la suite.
    0
  20. Marxes Messages postés 38 Statut Membre
     
    Partie 2 du rapport SReng ;

    [c:\windows\system32\wbem\wmisvc.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\VSSAPI.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\srsvc.dll] [Microsoft Corporation, 5.1.2600.2567 (xpsp.040919-1030)]
    [c:\windows\system32\POWRPROF.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.308]
    [C:\WINDOWS\system32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.258]
    [c:\windows\pchealth\helpctr\binaries\pchsvc.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Apphelp.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msi.dll] [Microsoft Corporation, 3.1.4000.4039]
    [C:\WINDOWS\system32\SXS.DLL] [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
    [C:\WINDOWS\system32\wbem\wbemcore.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0]
    [C:\WINDOWS\system32\wbem\esscli.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wbem\wbemcomn.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wbem\FastProx.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NTDSAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
    [C:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wbem\wmiutils.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wbem\repdrvfs.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wbem\wmiprvsd.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NCObjAPI.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wbem\wbemess.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rsaenh.dll] [Microsoft Corporation, 5.1.2600.2161 (xpsp.040706-1629)]
    [C:\WINDOWS\system32\wbem\ncprov.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\wbem\wbemsvc.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1872][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.3173 (xpsp_sp2_qfe.070709-0052)]
    [C:\WINDOWS\system32\BROWSEUI.dll] [Microsoft Corporation, 6.00.2900.2995 (xpsp.060913-0019)]
    [C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.2995 (xpsp.060913-0019)]
    [C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\SHDOCVW.dll] [Microsoft Corporation, 6.00.2900.2987 (xpsp.060901-0211)]
    [C:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\CRYPTUI.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WINTRUST.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
    [C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ShimEng.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcGenral.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MSACM32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\comctl32.dll] [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
    [C:\WINDOWS\system32\apphelp.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msctfime.ime] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\CLBCATQ.DLL] [Microsoft Corporation, 2001.12.4414.308]
    [C:\WINDOWS\system32\COMRes.dll] [Microsoft Corporation, 2001.12.4414.258]
    [C:\WINDOWS\System32\cscui.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\CSCDLL.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\themeui.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MSIMG32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\LINKINFO.dll] [Microsoft Corporation, 5.1.2600.2751 (xpsp_sp2_gdr.050831-1520)]
    [C:\WINDOWS\system32\ntshrui.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ATL.DLL] [Microsoft Corporation, 3.05.2284]
    [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\WINDOWS\system32\PSAPI.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\urlmon.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\WINDOWS\system32\msi.dll] [Microsoft Corporation, 3.1.4000.4039]
    [C:\WINDOWS\system32\MLANG.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WINSTA.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MPR.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\drprov.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\ntlanman.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\NETUI0.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\NETUI1.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\NETRAP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\davclnt.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Unlocker\UnlockerCOM.dll] [N/A, ]
    [C:\Program Files\Norton Save and Restore\Browser\VProShellExt.dll] [Symantec Corporation, 11.0.2.20309]
    [C:\WINDOWS\system32\WINSPOOL.DRV] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\dbghelp.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll] [Zone Labs, LLC, 7.0.362.000]
    [C:\Program Files\Zone Labs\ZoneAlarm\zlavscan_Loc040c.dll] [Zone Labs Inc., 5.3.017.000]
    [C:\PROGRA~1\Yahoo!\Common\ymmapi2005010104.dll] [Yahoo! Inc., 2005, 1, 1, 4]
    [C:\Program Files\WinRAR\rarext.dll] [N/A, ]
    [C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll] [Symantec Corporation, 14.0.0.89]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Fichiers communs\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 106.0.1.10]
    [C:\Program Files\Fichiers communs\Symantec Shared\ccL60U.dll] [Symantec Corporation, 106.0.1.10]
    [C:\WINDOWS\system32\WSOCK32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.loc] [N/A, ]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll] [GRISOFT s.r.o., 7, 5, 1, 36]
    [C:\WINDOWS\system32\sendmail.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\zipfldr.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\mydocs.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\system32\wpdshext.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\shgina.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MSGINA.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\ODBC32.dll] [Microsoft Corporation, 3.525.1117.0 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\comdlg32.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\odbcint.dll] [Microsoft Corporation, 3.525.1117.0 built by: (_sqlbld)]
    [C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\WMVCore.DLL] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\WMASF.DLL] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\wiashext.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36]
    [C:\WINDOWS\system32\browselc.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
    [C:\WINDOWS\system32\actxprxy.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NTMARTA.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 300][C:\Documents and Settings\Rob\Bureau\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\ntdll.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\kernel32.dll] [Microsoft Corporation, 5.1.2600.3119 (xpsp_sp2_gdr.070416-1301)]
    [C:\WINDOWS\system32\USER32.dll] [Microsoft Corporation, 5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)]
    [C:\WINDOWS\system32\GDI32.dll] [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\comdlg32.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHLWAPI.dll] [Microsoft Corporation, 6.00.2900.2995 (xpsp.060913-0019)]
    [C:\WINDOWS\system32\ADVAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RPCRT4.dll] [Microsoft Corporation, 5.1.2600.3173 (xpsp_sp2_qfe.070709-0052)]
    [C:\WINDOWS\system32\msvcrt.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SHELL32.dll] [Microsoft Corporation, 6.00.2900.3241 (xpsp_sp2_qfe.071025-1245)]
    [C:\WINDOWS\system32\WINSPOOL.DRV] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\oledlg.dll] [Microsoft Corporation, 1.0 (xpsp_sp2_gdr.061016-0148)]
    [C:\WINDOWS\system32\ole32.dll] [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
    [C:\WINDOWS\system32\OLEAUT32.dll] [Microsoft Corporation, 5.1.2600.3139]
    [C:\WINDOWS\system32\VERSION.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\CRYPT32.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\MSASN1.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WINMM.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WS2_32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WS2HELP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WININET.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\WINDOWS\system32\IMM32.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RICHED20.DLL] [Microsoft Corporation, 5.30.23.1228]
    [C:\WINDOWS\system32\NTMARTA.DLL] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WLDAP32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SAMLIB.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Secur32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\apphelp.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msctfime.ime] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\sfc.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WINTRUST.dll] [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IMAGEHLP.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Documents and Settings\Rob\Bureau\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\system32\RASAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rasman.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NETAPI32.dll] [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
    [C:\WINDOWS\system32\TAPI32.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rtutils.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\USERENV.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\mswsock.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\urlmon.dll] [Microsoft Corporation, 7.00.6000.16544 (vista_gdr.070814-1500)]
    [C:\WINDOWS\system32\DNSAPI.dll] [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
    [C:\WINDOWS\system32\iphlpapi.dll] [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)]
    [C:\WINDOWS\system32\rasadhlp.dll] [Microsoft Corporation, 5.1.2600.2938 (xpsp_sp2_gdr.060626-0020)]
    [C:\WINDOWS\system32\Winsta.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\utildll.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\SETUPAPI.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\xpsp2res.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\rsaenh.dll] [Microsoft Corporation, 5.1.2600.2161 (xpsp.040706-1629)]

    ==================================
    File Associations
    .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
    .EXE OK. ["%1" %*]
    .COM OK. ["%1" %*]
    .PIF OK. ["%1" %*]
    .REG OK. [regedit.exe "%1"]
    .BAT OK. ["%1" %*]
    .SCR OK. ["%1" /S]
    .CHM OK. ["C:\WINDOWS\hh.exe" %1]
    .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
    .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
    .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
    .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
    .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
    .LNK OK. [{00021401-0000-0000-C000-000000000046}]

    ==================================
    Winsock Provider
    N/A

    ==================================
    Autorun.Inf
    N/A

    ==================================
    HOSTS File
    127.0.0.1 localhost

    ==================================
    Process Privileges Scan
    N/A

    ==================================
    API HOOK
    N/A

    ==================================
    Hidden Process
    N/A

    ==================================

    [/CODE]

    Ps : bilan...
    0
  21. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    re

    bilan, y a tjs ylfiqyhy.dat à virer
    je regarde après diner, me faut aller préparer le repas, sinon je vais avoir la soupe à la grimace chez moi.

    @ tout à l'heure
    0
  • 1
  • 2
  • 3
  • 4
  • 5