Virus récalcitrant ? Win32.WORM.BAGLE.ZJJ

Résolu
Moi même -  
FillPCA Messages postés 2264 Statut Contributeur sécurité -
Bonjour,
Depuis plusieurs jours, mon PC, qui bien que fonctionnant normalement, reboote de façon intempestive et aléatoire et il semblerait qu'il soit infecté.
Aprés plusieurs scans en ligne (Norton, Secuser, Freedom, FSecure, BitDefender, eTrustOnLine), il apparait que BitDefender (et lui seul) détecte W32.Worm.Bagle ZJJ. Les autres antivurus ne détectent strictement rien.
La désinfection et la suppression du fichier infecté sont impossibles et n'apportent aucun résultat, l'anomalie persiste, avec bien sur les précautions d'usage (désactivation restauration du système, etc...).
Tentatives aussi avec AVG, Spybot et CCCLeaner, de même que plusieurs outils destinés à éliminer ce ver (SDFix, AntiBagle-fr, FxBeagle), toujours sans résultat.
Le fichier "infecté" est localisé dans un sous-dossier de Documents & settings, mais rien a faire...
Quelqu'un a t'il une idée ?
Merci
Configuration: Windows XP
Internet Explorer 7.0

25 réponses

  • 1
  • 2
  1. DarkRodWarrior Messages postés 1947 Statut Membre 91
     
    Salut,

    Tu peux formater ton PC ?
    1
  2. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Salut,

    Si c'est pour proposer un foramatage, il vaut mieux s'abstenir.
    Télécharge ELIBAGLA en bas de cette page : http://www.zonavirus.com/datos/descargas/95/elibagla.asp
    (clique sur le bouton "Descargar Elibagla") sur ton bureau.
    Lance-le, de préférence en mode sans échec si tu en as la possibilité, en mode normal dans le cas contraire. Patiente le temps du scan.
    Lorsqu'il a terminé, poste le contenu du fichier infoSat.txt qui se trouve dans Poste de travail > Disque C:\
    Et par la même occasion, précise si tu peux à nouveau démarrer en mode sans échec.

    Ne pas rebooter en passant par msconfig.

    FillPCA
    0
  3. Moi même
     
    Merci pour ton aide
    Voici le résultat.
    Oui, je peux démarrer en mode sans echec.

    Sat Dec 22 14:08:20 2007
    EliBagle v10.78 (c)2007 S.G.H. / Satinfo S.L.
    ----------------------------------------------
    Lista de Acciones (por Exploración):
    Explorando Unidad C:\

    Nº Total de Directorios: 10601
    Nº Total de Ficheros: 157910
    Nº de Ficheros Analizados: 14519
    Nº de Ficheros Infectados: 0
    Nº de Ficheros Limpiados: 0
    0
  4. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    Poste les 3 rapports en plusieurs fois s'ils sont trop longsp our être publiés en une seule fois.

    1/ * Télécharge DiagHelp.zip sur ton bureau(Merci Malekal) : http://www.malekal.com/download/DiagHelp.zip
    Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php
    * Ne double-clique pas dessus !! Fais un clic droit sur le fichier et extraire tout.
    * Un nouveau dossier chercher va être créé.
    * Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
    * Une fenêtre va s'ouvrir, choisis l'option 1
    * L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.
    * Pendant l'analyse après le rapport CATCHME sur l'écran rouge, tu dois appuyer sue entrée pour que l'outil continue ses recherches. Suis les consignes écrites.
    * Une fenêtre avec le rapport s'ouvre alors. Copie/colle son contenu. (Il se trouve aussi ici : c:\resultat.txt)
    * Double-clique sur ce fichier, Fais CTRL+A puis CTRL+C.
    * Dans ta prochaine réponse, colle le rapport en faisant CTRL+V.

    2/ * Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
    * Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
    * Ouvre le dossier SReng2 et double-clique sur SREng.exe.
    * Clique sur "smart scan".
    * Clique sur le bouton "scan".
    * Quand l'analyse est terminée, clique sur le bouton "save reports".
    * Sauvegarde alors le rapport sur ton bureau.
    * Copie/colle le contenu du rapport SREnglLOG.log dans ta prochaine réponse.

    3/ Edite aussi un rapport Hijackthis :
    http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
    Démo en image
    http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    Fais un scan et poste l'analyse.

    FillPCA
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Moi même
     
    Merci encore, voila le résultat

    __________________________________________________________________________________________________________
    DiagHelp version v1.4 - http://www.malekal.com
    excute le 22/12/2007 à 15:21:02,20

    Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
    C:\WINDOWS\prefetch\MSIMN.EXE-3356F448.pf -->27/12/2007 15:37:26
    C:\WINDOWS\prefetch\IEXPLORE.EXE-06887102.pf -->27/12/2007 15:34:09
    C:\WINDOWS\prefetch\VERCLSID.EXE-3B227142.pf -->27/12/2007 15:34:06
    C:\WINDOWS\prefetch\ACDSEEQV.EXE-2174EC4D.pf -->27/12/2007 14:58:10
    C:\WINDOWS\prefetch\CIDAEMON.EXE-2B2C6F8A.pf -->27/12/2007 14:51:30
    C:\WINDOWS\prefetch\USNSVC.EXE-06863237.pf -->27/12/2007 14:48:37
    C:\WINDOWS\prefetch\LIVECALL.EXE-124D8E6F.pf -->27/12/2007 14:48:31
    C:\WINDOWS\prefetch\YUPDATER.EXE-290842D1.pf -->27/12/2007 14:48:13
    C:\WINDOWS\prefetch\MSNMSGR.EXE-1C291C3F.pf -->27/12/2007 14:47:59
    C:\WINDOWS\prefetch\WUAUCLT.EXE-12D8E25E.pf -->27/12/2007 14:45:02

    C:\WINDOWS\System32\drivers\gmer.sys -->19/12/2007 14:21:48
    C:\WINDOWS\System32\drivers\aswmon.sys -->04/12/2007 15:56:02
    C:\WINDOWS\System32\drivers\aswmon2.sys -->04/12/2007 15:55:46
    C:\WINDOWS\System32\drivers\aswRdr.sys -->04/12/2007 15:53:39
    C:\WINDOWS\System32\drivers\aswTdi.sys -->04/12/2007 15:51:52
    C:\WINDOWS\System32\drivers\aavmker4.sys -->04/12/2007 15:49:02
    C:\WINDOWS\System32\drivers\secdrv.sys -->13/11/2007 11:25:54

    C:\WINDOWS\System32\LVCOMSX.LOG -->22/12/2007 15:16:48
    C:\WINDOWS\System32\wpa.dbl -->22/12/2007 11:36:51
    C:\WINDOWS\System32\Uninstall.ico -->21/12/2007 00:51:29
    C:\WINDOWS\System32\pavas.ico -->21/12/2007 00:51:29
    C:\WINDOWS\System32\Help.ico -->21/12/2007 00:51:29
    C:\WINDOWS\System32\CONFIG.NT -->12/12/2007 09:32:51
    C:\WINDOWS\System32\TZLog.log -->12/12/2007 01:30:26
    C:\WINDOWS\System32\aswBoot.exe -->04/12/2007 14:04:28
    C:\WINDOWS\System32\AVASTSS.scr -->04/12/2007 13:54:04
    C:\WINDOWS\System32\MRT.exe -->03/12/2007 00:00:05
    C:\WINDOWS\System32\tzchange.exe -->13/11/2007 12:31:11
    C:\WINDOWS\System32\mshtml.dll -->31/10/2007 00:23:48
    C:\WINDOWS\System32\quartz.dll -->29/10/2007 23:43:32
    C:\WINDOWS\System32\xpsp3res.dll -->29/10/2007 16:07:16
    C:\WINDOWS\System32\jupdate-1.6.0_03-b05.log -->28/10/2007 13:20:46
    C:\WINDOWS\System32\perfh00C.dat -->28/10/2007 09:19:00
    C:\WINDOWS\System32\perfh009.dat -->28/10/2007 09:19:00
    C:\WINDOWS\System32\perfc00C.dat -->28/10/2007 09:19:00
    C:\WINDOWS\System32\perfc009.dat -->28/10/2007 09:19:00
    C:\WINDOWS\System32\PerfStringBackup.INI -->28/10/2007 09:18:59
    C:\WINDOWS\System32\shell32.dll -->25/10/2007 17:43:25
    C:\WINDOWS\System32\wmasf.dll -->25/10/2007 09:28:30
    C:\WINDOWS\System32\wininet.dll -->11/10/2007 00:49:45
    C:\WINDOWS\System32\webcheck.dll -->11/10/2007 00:49:45
    C:\WINDOWS\System32\urlmon.dll -->11/10/2007 00:49:45

    C:\WINDOWS\ntbtlog.txt -->22/12/2007 15:15:35
    C:\WINDOWS\bootstat.dat -->22/12/2007 14:31:34
    C:\WINDOWS\WindowsUpdate.log -->22/12/2007 14:29:32
    C:\WINDOWS\SchedLgU.Txt -->22/12/2007 13:42:15
    C:\WINDOWS\wiaservc.log -->22/12/2007 13:42:07
    C:\WINDOWS\wiadebug.log -->22/12/2007 13:42:06
    C:\WINDOWS\setupapi.log -->22/12/2007 12:44:02
    C:\WINDOWS\0.log -->22/12/2007 11:36:36
    C:\WINDOWS\TempFile -->22/12/2007 11:36:03
    C:\WINDOWS\NeroDigital.ini -->21/12/2007 19:33:25
    C:\WINDOWS\pavsig.txt -->21/12/2007 00:51:35
    C:\WINDOWS\gmer.ini -->19/12/2007 14:24:43
    C:\WINDOWS\gmer_uninstall.cmd -->19/12/2007 14:21:48
    C:\WINDOWS\gmer.dll -->19/12/2007 14:21:48
    C:\WINDOWS\setupact.log -->19/12/2007 10:34:09

    winlogon.exe
    Verified: Signed
    svchost.exe
    Verified: Signed
    ws2_32.dll
    Verified: Signed
    user32.dll
    Verified: Signed
    tcpip.sys
    Verified: Signed
    ndis.sys
    Verified: Signed
    null.sys
    Verified: Signed

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    explorer.exe pid: 816
    Command line: C:\WINDOWS\Explorer.EXE

    Base Size Version Path
    0x44080000 0xcf000 7.00.6000.16574 C:\WINDOWS\system32\WININET.dll
    0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
    0x43e00000 0x45000 7.00.6000.16574 C:\WINDOWS\system32\iertutil.dll
    0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
    0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
    0x44360000 0x5cd000 7.00.6000.16574 C:\WINDOWS\system32\ieframe.dll
    0x44160000 0x127000 7.00.6000.16574 C:\WINDOWS\system32\urlmon.dll
    0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
    0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
    0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
    0x00f80000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
    0x16200000 0x6000 4.01.0000.0000 C:\PROGRA~1\WINZIP~1.1FR\WZSHLSTB.DLL
    0x02410000 0x5d000 1.03.0004.0001 C:\Program Files\Sony Ericsson\Mobile\auexpext.dll
    0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
    0x02470000 0x2b000 1.03.0004.0001 C:\Program Files\Sony Ericsson\Mobile\FilGuiLg.dll
    0x024b0000 0x28000 C:\Program Files\WinRAR\rarext.dll
    0x64000000 0x30000 2005.01.0001.0004 C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
    0x10000000 0x2a000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
    0x64f00000 0x12000 4.07.1098.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
    0x02ae0000 0x22000 8.02.0000.1192 C:\Program Files\Logitech\Video\Namespc2.dll
    0x7c140000 0x103000 7.10.3077.0000 C:\WINDOWS\system32\MFC71.DLL
    0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
    0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll
    0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
    0x02400000 0x8000 8.02.0000.1192 C:\Program Files\Logitech\Video\AlbuDBps.dll
    0x5a500000 0x4e000 8.01.0178.0000 C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
    0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll
    0x02b30000 0x27e000 5.02.5721.5145 C:\WINDOWS\system32\wpdshext.dll
    0x07160000 0x46000 5.02.5721.5145 C:\WINDOWS\system32\Audiodev.dll
    0x15110000 0x25a000 11.00.5721.5145 C:\WINDOWS\system32\WMVCore.DLL
    0x11c70000 0x3a000 11.00.5721.5238 C:\WINDOWS\system32\WMASF.DLL
    0x02db0000 0x2f000 11.00.0000.0001 C:\WINDOWS\system32\WDShell.dll
    0x02df0000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
    0x61c20000 0x54000 8.00.0000.9118 C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll
    0x5fc70000 0x18000 8.00.0000.9107 C:\Program Files\OpenOffice.org 2.2\program\uwinapi.dll
    0x61740000 0x8e000 4.05.2003.0120 C:\Program Files\OpenOffice.org 2.2\program\stlport_vc7145.dll
    0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\system32\MSISIP.DLL
    0x74e10000 0x10000 5.06.0000.8820 C:\WINDOWS\System32\wshext.dll
    0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
    0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL
    0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\System32\wshFR.DLL

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    winlogon.exe pid: 268
    Command line: winlogon.exe

    Base Size Version Path
    0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
    0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
    0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
    0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
    0x00df0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
    0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

    Le volume dans le lecteur C s'appelle Principal
    Le numéro de série du volume est D835-3672

    Répertoire de C:\WINDOWS\system

    10/09/1999 12:06 4 672 WOWPOST.EXE
    1 fichier(s) 4 672 octets
    0 Rép(s) 48 208 277 504 octets libres
    Le volume dans le lecteur C s'appelle Principal
    Le numéro de série du volume est D835-3672

    Répertoire de C:\WINDOWS\system32

    20/08/2004 00:09 6 144 csrss.exe
    1 fichier(s) 6 144 octets
    0 Rép(s) 48 208 277 504 octets libres

    Contenu de Downloaded Program Files
    Le volume dans le lecteur C s'appelle Principal
    Le numéro de série du volume est D835-3672

    Répertoire de C:\WINDOWS\Downloaded Program Files

    22/12/2007 12:44 <REP> .
    22/12/2007 12:44 <REP> ..
    07/03/2007 00:59 300 680 arclib.dll
    24/08/2006 07:28 141 424 asinst.dll
    22/08/2006 08:06 537 asinst.inf
    09/12/2007 00:46 312 680 avsniff.dll
    09/12/2007 00:38 773 avsniff.inf
    09/12/2007 00:46 255 336 avsniffdlgs.dll
    07/12/2004 16:07 32 bdcore.dll
    25/05/2006 00:21 118 784 bdupd.dll
    21/03/2002 14:26 815 bitdefender.inf
    30/01/2003 15:52 348 160 bitdefender.ocx
    25/06/2003 18:00 541 ca.pub
    09/12/2007 00:38 241 CabSA.inf
    14/11/2007 01:00 2 504 catalog.dat
    27/03/2002 13:02 168 014 cssweb.dll
    24/04/2003 14:11 259 cssweb.inf
    17/01/2006 16:11 580 663 daas_s.dll
    14/08/2004 13:51 65 desktop.ini
    25/07/2002 17:13 24 576 dwusplay.dll
    25/07/2002 17:13 196 608 dwusplay.exe
    14/11/2007 01:00 6 899 ecbootil.vxd
    09/12/2007 00:36 42 112 ecmldr32.dll
    14/11/2007 01:00 284 016 ecmsvr32.dll
    20/11/2007 16:04 1 523 536 FP_AX_CAB_INSTALLER.exe
    03/02/2006 10:20 188 416 fsauc.dll
    16/06/2006 14:31 181 856 fscax.dll
    13/04/2007 15:52 482 fscax.inf
    12/07/2000 01:02 36 864 fxfileop.dll
    25/05/2006 00:21 53 248 ipsupd.dll
    10/06/2005 09:44 417 792 isusweb.dll
    07/01/2007 12:55 2 305 kavwebscan.inf
    16/03/2005 11:34 7 407 lang.ini
    11/12/2006 16:44 367 LegitCheckControl.inf
    07/12/2004 16:07 32 libfn.dll
    14/03/2005 13:38 126 live.ini
    24/02/2006 11:49 882 mcfscan.inf
    18/11/1999 12:48 995 mpeg4ax.inf
    18/11/1999 12:49 992 msaudio.inf
    09/12/2007 00:36 6 850 navapi.vxd
    09/12/2007 00:36 201 896 navapi32.dll
    14/11/2007 01:00 124 272 naveng32.dll
    14/11/2007 01:00 914 800 navex32a.dll
    17/01/2005 16:09 227 opuc.inf
    01/06/2006 01:57 1 331 oscan8.inf
    01/06/2006 01:54 471 040 oscan8.ocx
    31/05/2006 03:15 10 oscan81.ocx_x
    09/12/2007 00:46 296 336 rufsi.dll
    14/03/2005 13:58 7 073 scanoptions.tsi
    14/11/2007 01:00 97 776 scrauth.dat
    20/11/2007 15:50 247 swflash.inf
    14/11/2007 01:00 11 816 symaveng.cat
    14/11/2007 01:00 1 061 symaveng.inf
    14/11/2007 01:00 400 415 tcdefs.dat
    14/11/2007 01:00 2 344 295 tcscan7.dat
    14/11/2007 01:00 413 082 tcscan8.dat
    14/11/2007 01:00 968 800 tcscan9.dat
    14/11/2007 01:00 453 tinf.dat
    14/11/2007 01:00 148 tinfidx.dat
    14/11/2007 01:00 1 957 tinfl.dat
    14/11/2007 01:00 67 815 tscan1.dat
    14/11/2007 01:00 3 240 tscan1hd.dat
    31/10/2001 09:37 118 uninst.bat
    14/11/2007 01:00 4 778 v.grd
    14/11/2007 01:00 2 267 v.sig
    21/12/2007 19:08 294 403 vet.da1
    19/11/2007 01:18 13 076 520 vet.dat
    13/07/2007 05:11 1 353 016 vete.dll
    14/11/2007 01:00 106 244 virscan.inf
    14/11/2007 01:00 996 122 virscan1.dat
    14/11/2007 01:00 570 966 virscan2.dat
    14/11/2007 01:00 150 536 virscan3.dat
    14/11/2007 01:00 320 253 virscan4.dat
    14/11/2007 01:00 4 871 963 virscan5.dat
    14/11/2007 01:00 392 074 virscan6.dat
    14/11/2007 01:00 14 386 178 virscan7.dat
    14/11/2007 01:00 1 862 947 virscan8.dat
    14/11/2007 01:00 5 260 290 virscan9.dat
    14/11/2007 01:00 32 virscant.dat
    18/12/2007 13:34 2 072 vscanmsx.dat
    20/11/2006 12:02 180 282 webscan.dll
    21/07/2006 12:55 477 webscan.inf
    02/11/2005 17:01 1 777 xscan.inf
    02/11/2005 17:07 435 712 xscan53.ocx
    14/11/2007 01:00 224 zdone.dat
    83 fichier(s) 55 805 210 octets

    Total des fichiers listés :
    83 fichier(s) 55 805 210 octets
    2 Rép(s) 48 208 273 408 octets libres

    Recherche de rootkit! (Merci S!Ri)

    Recherche d'infections connues

    Export des clefs sensibles..

    Liste des fichiers en exception sur le pare-feu XP SP2

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Age of Empires 2\\age2_x1.exe"="C:\\Program Files\\Age of Empires 2\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
    "C:\\Program Files\\EasyPHP1-7\\apache\\apache.exe"="C:\\Program Files\\EasyPHP1-7\\apache\\apache.exe:*:Enabled:apache"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
    "C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\\Program Files\\Empire Earth\\Empire Earth.exe"="C:\\Program Files\\Empire Earth\\Empire Earth.exe:*:Enabled:Empire Earth"
    "C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC"
    "C:\\Program Files\\GlobalSCAPE\\CuteFTP Pro\\TE\\ftpte.exe"="C:\\Program Files\\GlobalSCAPE\\CuteFTP Pro\\TE\\ftpte.exe:*:Enabled:FTP Transfer Engine"
    "C:\\Program Files\\MixW\\Teoan.exe"="C:\\Program Files\\MixW\\Teoan.exe:*:Enabled:TEOAN"
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime"
    "C:\\Program Files\\EchoLink\\EchoLink.exe"="C:\\Program Files\\EchoLink\\EchoLink.exe:*:Enabled:EchoLink"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"="C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp:*:Enabled:KazaaLite"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\11exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\11exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\38exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\38exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\43exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\43exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\74exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\74exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\51exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\51exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\0exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\0exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\80exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\80exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\75exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\75exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\63exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\63exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\8exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\8exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\48exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\48exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\2exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\2exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\36exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\36exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\66exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\66exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\50exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\50exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\73exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\73exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\54exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\54exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\29exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\29exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\6exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\6exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\61exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\61exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\41exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\41exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\45exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\45exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\64exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\64exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\37exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\37exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\19exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\19exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\69exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\69exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\12exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\12exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\84exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\84exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\15exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\15exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\5exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\5exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\21exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\21exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\99exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\99exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\65exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\65exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\23exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\23exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\26exinjs.a6.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\26exinjs.a6.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\98exinjs.a6.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\98exinjs.a6.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\17exinjs.a6.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\17exinjs.a6.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\10exinjs.a6.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\10exinjs.a6.exe:*:Enabled:Microsoft Update"
    "C:\\Program Files\\Microsoft Office\\Office\\EXCEL.EXE"="C:\\Program Files\\Microsoft Office\\Office\\EXCEL.EXE:*:Enabled:Microsoft Excel for Windows"
    "C:\\Program Files\\FileZilla\\FileZilla.exe"="C:\\Program Files\\FileZilla\\FileZilla.exe:*:Enabled:FileZilla"
    "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
    "C:\\Program Files\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Export de la clef SharedTaskScheduler

    [SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

    exports des policies
    REGEDIT4

    [system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    Export des clefs sensibles..
    Rechercher adresses sensibles dans le fichier HOSTS...
    catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-22 15:21:40
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2C4D257C-72E2-E577-A752-291333787D00}]
    "hagepphnhnalohlb"=hex:61,61,00,00
    "hagepphnnnglgocp"=hex:61,61,00,00
    "iakfpidebimpimgooj"=hex:6b,61,68,69,67,68,6d,70,69,62,66,67,61,65,6c,66,67,70,61,6f,6f,..
    "haegjngplkgkgjhj"=hex:6b,61,68,69,67,68,6d,70,69,62,66,67,61,65,6c,66,67,70,61,6f,6f,..

    scanning hidden files ...

    scan completed successfully
    hidden services: 0
    hidden files: 0

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Error loading kernel support driver!
    Make sure you are running this as Administrator.

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Error loading kernel support driver!
    Make sure you are running this as Administrator.

    Liste des programmes installes

    3D Home Architect Home Design Deluxe 6
    3D Home Architect Home Design Deluxe 6
    ACDSee 9 Gestionnaire de photos
    Ad-Aware SE Personal
    Adobe Acrobat 5.0
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player ActiveX
    Adobe Photoshop 7.0
    Ahead InCD
    Apache HTTP Server 2.0.55
    Archiveur WinRAR
    ARTEC
    ATI Control Panel
    ATI Display Driver
    avast! Antivirus
    AVG Anti-Spyware 7.5
    Barre d'outils MSN
    Camfrog Video Chat 3.91 (remove only)
    CamStudio 2.0 Fr
    Canon i560
    CCleaner (remove only)
    Command On Demand for Command Software
    Compel Adaptec WinASPI
    ConTEXT
    Copernic Agent Professional
    Corel Paint Shop Pro X
    CorelDRAW Graphics Suite 12
    Correctif pour Lecteur Windows Media 11 (KB939683)
    Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
    CuteFTP Pro
    EasyCleaner
    EchoLink
    eMule
    Etats Et Requêtes
    EVEREST Home Edition v2.01
    Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP
    Fake Webcam 2.9.16
    FileSpecs plug-in for Ad-Aware SE
    FileZilla (remove only)
    Freeplayer
    Frontline Attack - War over Europe
    Google Earth
    Google Toolbar for Firefox
    Google Toolbar for Internet Explorer
    HelpNDoc Version 1.10 Personal Edition
    HijackThis 1.99.1
    Hotfix for Windows Media Format 11 SDK (KB929399)
    HydraVision
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) SE Runtime Environment 6 Update 1
    K-Lite Codec Pack 3.4.0 Full
    Kaspersky Online Scanner
    Language Pack for Ad-aware 6
    Language pack for Ad-Aware SE
    Lecteur Windows Media 11
    LiveReg (Symantec Corporation)
    LiveUpdate 1.80 (Symantec Corporation)
    Logitech Desktop Messenger
    Logitech MouseWare 9.79.1
    Logitech Print Service
    Logitech QuickCam
    LST PCSOFT
    Macromedia Dreamweaver MX
    Macromedia Extension Manager
    Macromedia Fireworks 8
    Meracl FontMap v2.1.1
    Messenger Plus! Live
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 French Language Pack
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft IntelliType Pro 5.0
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money 2001
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 SR-1 Professional
    Microsoft Publisher 98
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
    Mise à jour de sécurité pour Windows XP (KB918118)
    Mise à jour de sécurité pour Windows XP (KB921503)
    Mise à jour de sécurité pour Windows XP (KB924667)
    Mise à jour de sécurité pour Windows XP (KB925902)
    Mise à jour de sécurité pour Windows XP (KB926436)
    Mise à jour de sécurité pour Windows XP (KB927779)
    Mise à jour de sécurité pour Windows XP (KB927802)
    Mise à jour de sécurité pour Windows XP (KB928255)
    Mise à jour de sécurité pour Windows XP (KB928843)
    Mise à jour de sécurité pour Windows XP (KB929123)
    Mise à jour de sécurité pour Windows XP (KB930178)
    Mise à jour de sécurité pour Windows XP (KB931261)
    Mise à jour de sécurité pour Windows XP (KB931784)
    Mise à jour de sécurité pour Windows XP (KB932168)
    Mise à jour de sécurité pour Windows XP (KB933729)
    Mise à jour de sécurité pour Windows XP (KB935839)
    Mise à jour de sécurité pour Windows XP (KB935840)
    Mise à jour de sécurité pour Windows XP (KB936021)
    Mise à jour de sécurité pour Windows XP (KB938829)
    Mise à jour de sécurité pour Windows XP (KB941202)
    Mise à jour de sécurité pour Windows XP (KB941568)
    Mise à jour de sécurité pour Windows XP (KB941569)
    Mise à jour de sécurité pour Windows XP (KB943460)
    Mise à jour de sécurité pour Windows XP (KB944653)
    Mise à jour pour Windows XP (KB927891)
    Mise à jour pour Windows XP (KB929338)
    Mise à jour pour Windows XP (KB930916)
    Mise à jour pour Windows XP (KB931836)
    Mise à jour pour Windows XP (KB933360)
    Mise à jour pour Windows XP (KB938828)
    Mise à jour pour Windows XP (KB942763)
    MixW 2.18 (Jan-09-2007)
    Mozilla Firefox (2.0.0.11)
    MSN Pictures Displayer 4.5
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    NeoTrace Express 3.25
    Nero 6 Ultra Edition
    Norton Ghost
    Novarm DipTrace
    OpenOffice.org 2.2
    Panda ActiveScan
    PC Camera
    PC Camera
    Philips SPC 900NC PC Camera
    Philips VLounge
    Picasa 2
    PowerCheck 4.2.3
    Programme de gestion Camera de Logitech®
    RamBoost XP 4.0.6
    RFSim99
    Saisie de Schéma SDS
    Soldiers - Heroes of World War II
    Sonic Foundry Sound Forge 6.0
    Sony Ericsson PC Suite 3.1.1
    Spamihilator
    Tracé de CI
    Trust R-Series Mouse
    Trust R-Series Mouse
    TyanSystemMonitor V2.13
    USB Card Reader \Writer
    USB Storage Device
    USB Video Camera Driver v1.10
    VideoLAN VLC media player 0.8.5-freehd
    Visionneuse Journal Windows Microsoft
    VX2 Cleaner plug-in for Ad-Aware SE
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 7
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 2
    Yahoo! Messenger

    Le volume dans le lecteur C s'appelle Principal
    Le numéro de série du volume est D835-3672

    Répertoire de C:\Program Files

    19/12/2007 10:30 <REP> .
    19/12/2007 10:30 <REP> ..
    10/03/2005 13:37 <REP> 3D Home Architect
    14/08/2005 23:14 <REP> AboutTime
    01/08/2007 22:03 <REP> ACD Systems
    14/12/2005 19:13 <REP> AdaURL
    24/03/2005 11:59 <REP> Adobe
    21/11/2004 20:11 <REP> Age of Empires 2
    22/08/2005 12:10 <REP> Ahead
    02/06/2006 20:58 <REP> Alcohol Soft
    23/06/2005 13:50 <REP> Alwil Software
    03/05/2007 12:24 <REP> AnalogX
    02/07/2007 16:55 <REP> Apache Group
    14/08/2004 14:16 <REP> ATI Technologies
    13/04/2007 23:40 <REP> Camfrog
    23/09/2006 16:46 <REP> CamStudio
    14/02/2007 17:08 <REP> CCleaner
    04/09/2007 18:14 <REP> CodecSniper
    13/08/2005 15:55 <REP> Codemasters
    22/08/2005 17:20 <REP> Common Files
    03/06/2007 22:41 <REP> ConCon
    05/02/2007 22:22 <REP> ConTEXT
    22/01/2005 18:05 <REP> Copernic Agent
    18/07/2007 09:36 <REP> Corel
    02/01/2007 00:15 <REP> Cucusoft
    16/02/2007 00:50 <REP> Cuisinons
    30/09/2006 15:27 <REP> Dial-Messenger
    15/04/2007 00:04 <REP> Dictionnaire
    31/10/2007 06:45 <REP> DipTrace
    23/09/2004 20:02 <REP> directx
    04/08/2007 01:10 <REP> DivX
    04/10/2005 11:35 <REP> Drive Rescue
    30/10/2004 11:47 <REP> EasyPHP1-7
    07/09/2006 21:45 <REP> EchoLink
    04/02/2006 15:46 <REP> Eidos Interactive
    31/01/2005 00:38 <REP> Empire Earth
    16/12/2007 15:42 <REP> eMule
    19/05/2007 22:04 <REP> Fake Webcam
    28/11/2007 20:23 <REP> Fichiers communs
    05/10/2006 22:45 <REP> FileZilla
    07/01/2007 21:47 <REP> Freeplayer
    09/10/2004 23:37 <REP> GlobalSCAPE
    16/12/2007 01:25 <REP> Google
    10/08/2007 03:18 <REP> Grisoft
    04/09/2007 18:23 <REP> GSpot
    18/09/2007 18:56 <REP> HelpNDoc
    23/04/2005 19:21 <REP> HighMAT CD Writing Wizard
    17/12/2007 21:42 <REP> hijackthis
    18/12/2005 16:48 <REP> ICprog
    16/12/2007 01:26 <REP> Internet Explorer
    01/09/2006 19:34 <REP> Intuwave Ltd
    28/10/2007 13:20 <REP> Java
    15/07/2007 14:10 <REP> Kazaa Lite K++
    04/09/2007 18:15 <REP> K-Lite Codec Pack
    27/06/2005 23:06 <REP> Lavalys
    21/08/2004 10:18 <REP> Lavasoft
    03/09/2005 23:46 <REP> Logitech
    09/07/2007 20:26 <REP> Macromedia
    30/07/2006 14:08 <REP> ManyCam
    14/08/2004 15:14 <REP> Meracl FontMap
    07/06/2007 17:03 <REP> Messenger
    19/12/2007 18:29 <REP> Messenger Plus! Live
    21/08/2004 18:03 <REP> Micro Application
    14/08/2004 16:26 <REP> microsoft frontpage
    16/12/2007 01:39 <REP> Microsoft IntelliType Pro
    05/08/2005 18:17 <REP> Microsoft Money
    14/08/2004 17:53 <REP> Microsoft Office
    26/03/2007 21:58 <REP> MixW
    09/02/2005 15:54 <REP> Movie Maker
    27/11/2005 13:58 <REP> Movies
    16/12/2007 18:10 <REP> Mozilla Firefox
    14/08/2004 13:49 <REP> MSN
    15/05/2005 12:58 <REP> MSN Apps
    14/08/2004 13:49 <REP> MSN Gaming Zone
    19/12/2007 18:29 <REP> MSN Messenger
    03/06/2007 22:37 <REP> MSN Pictures Displayer
    16/11/2006 18:13 <REP> MSXML 4.0
    24/03/2007 17:19 <REP> MyUninstall
    02/01/2007 00:06 <REP> NeoDivx Suite
    08/09/2007 16:29 <REP> NeoTrace Express
    26/05/2007 21:04 <REP> NetMeeting
    23/04/2005 19:28 <REP> OfficeUpdate11
    02/10/2005 16:45 <REP> Ontrack
    19/05/2007 14:26 <REP> OpenOffice.org 2.2
    24/12/2005 19:35 <REP> Opera
    13/06/2007 16:26 <REP> Outlook Express
    06/08/2006 09:11 <REP> Paltalk Messenger
    07/11/2007 20:35 <REP> PC Camera
    15/07/2007 16:03 <REP> PC SOFT
    14/11/2007 17:14 <REP> Philips
    24/12/2005 16:55 <REP> Picasa2
    19/08/2004 19:11 <REP> PopUp Destroy
    16/12/2007 01:48 <REP> PowerCheck
    22/12/2007 11:36 <REP> RamBoost XP
    14/09/2006 20:55 <REP> RegSeeker
    25/04/2005 14:36 <REP> RFSim99
    27/01/2005 18:59 <REP> Saisie de Schéma
    14/08/2004 13:51 <REP> Services en ligne
    22/08/2004 12:39 <REP> Sonic Foundry
    22/08/2004 12:39 <REP> Sonic Foundry Setup
    01/09/2006 19:35 <REP> Sony Ericsson
    22/08/2004 12:39 <REP> Sound Forge 6.0
    22/12/2007 13:04 <REP> Spamihilator
    16/08/2007 19:39 <REP> Spybot - Search & Destroy
    10/08/2007 03:03 <REP> STOPzilla!
    24/02/2007 21:14 <REP> StuffPlug3
    05/08/2005 17:58 <REP> Symantec
    08/07/2006 14:13 <REP> The Weather Channel FW
    05/02/2005 23:26 <REP> ToniArts
    27/01/2005 19:06 <REP> Tracé de CI
    13/12/2007 12:08 <REP> Trust
    20/08/2005 16:35 <REP> Tyan Computer Corp
    14/08/2004 14:05 <REP> VIA Technologies, Inc
    14/12/2007 13:25 <REP> VideoLAN
    16/05/2005 17:57 <REP> vso
    16/12/2007 01:50 <REP> WebcamMax
    02/01/2007 00:01 <REP> WinASPI
    23/09/2006 17:18 <REP> Windows AntiSpy
    23/04/2005 19:21 <REP> Windows Journal Viewer
    10/06/2007 10:14 <REP> Windows Live
    19/12/2007 22:18 <REP> Windows Live Safety Center
    03/11/2006 08:49 <REP> Windows Media Connect 2
    03/11/2006 08:49 <REP> Windows Media Player
    09/02/2005 15:49 <REP> Windows NT
    23/04/2005 18:29 <REP> WinRAR
    27/04/2005 08:26 <REP> WINRLC
    10/03/2005 00:07 <REP> WinZip 8.1 Fr
    14/08/2004 13:52 <REP> xerox
    14/04/2007 10:53 <REP> Yahoo!
    0 fichier(s) 0 octets
    129 Rép(s) 48 190 070 784 octets libres
    Le volume dans le lecteur C s'appelle Principal
    Le numéro de série du volume est D835-3672

    Répertoire de C:\Program Files\fichiers communs

    28/11/2007 20:23 <REP> .
    28/11/2007 20:23 <REP> ..
    01/08/2007 22:07 <REP> ACD Systems
    24/03/2005 11:59 <REP> Adobe
    22/08/2005 12:09 <REP> Ahead
    14/11/2007 17:26 <REP> ArcSoft
    14/08/2004 15:33 <REP> Copernic
    18/07/2007 09:37 <REP> Corel
    18/07/2007 09:20 <REP> Designer
    23/09/2004 20:02 <REP> FotoWire
    15/07/2007 13:52 <REP> InstallShield
    10/08/2007 02:38 <REP> iS3
    28/12/2004 09:59 <REP> Java
    03/09/2005 23:46 <REP> Logitech
    09/07/2007 20:26 <REP> Macromedia
    18/07/2007 09:37 <REP> Microsoft Shared
    14/08/2004 13:50 <REP> MSSoap
    14/08/2004 14:43 <REP> ODBC
    01/10/2006 16:02 <REP> Panda Software
    17/07/2007 00:01 <REP> PC SOFT
    14/08/2004 13:50 <REP> Services
    14/08/2004 14:43 <REP> SpeechEngines
    05/08/2005 17:57 <REP> Symantec Shared
    24/11/2007 10:14 <REP> System
    20/08/2004 11:31 <REP> Vbox
    0 fichier(s) 0 octets
    25 Rép(s) 48 190 078 976 octets libres
    Le volume dans le lecteur C s'appelle Principal
    Le numéro de série du volume est D835-3672

    Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

    19/05/2007 16:28 <REP> .
    19/05/2007 16:28 <REP> ..
    28/02/2002 23:03 561 209 MSONSEXT.DLL
    03/06/1999 13:09 122 937 MSOWS409.DLL
    07/03/2001 08:00 127 033 MSOWS40c.DLL
    18/03/1999 05:37 593 977 RAGENT.DLL
    4 fichier(s) 1 405 156 octets
    2 Rép(s) 48 190 078 976 octets libres
    Le volume dans le lecteur C s'appelle Principal
    Le numéro de série du volume est D835-3672

    Répertoire de C:\Program Files\common files

    22/08/2005 17:20 <REP> .
    22/08/2005 17:20 <REP> ..
    22/08/2005 17:20 <REP> PCCamera
    14/08/2004 15:49 <REP> System
    0 fichier(s) 0 octets
    4 Rép(s) 48 190 078 976 octets libres

    Le volume dans le lecteur C s'appelle Principal
    Le numéro de série du volume est D835-3672

    Répertoire de C:\

    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\aspiinst.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe
    c:\Documents and Settings\Bernard\.housecall\getMac.exe
    c:\Documents and Settings\Bernard\.housecall\patch.exe
    c:\Documents and Settings\Bernard\.housecall\tsc.exe
    c:\Documents and Settings\Bernard\.housecall6.6\getMac.exe
    c:\Documents and Settings\Bernard\.housecall6.6\patch.exe
    c:\Documents and Settings\Bernard\.housecall6.6\tsc.exe
    c:\Documents and Settings\Bernard\Application Data\Microsoft\Installer\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}\MnyIco.exe
    c:\Documents and Settings\Bernard\Bureau\avg75free_503a1205.exe
    c:\Documents and Settings\Bernard\Bureau\EliBaglA.exe
    c:\Documents and Settings\Bernard\Bureau\FxBeagle.exe
    c:\Documents and Settings\Bernard\Bureau\gmer.exe
    c:\Documents and Settings\Bernard\Bureau\clean\clean\gzip.exe
    c:\Documents and Settings\Bernard\Bureau\clean\clean\LFiles.exe
    c:\Documents and Settings\Bernard\Bureau\clean\clean\pskill.exe
    c:\Documents and Settings\Bernard\Bureau\clean\clean\tar.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\catchme.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\diff.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\dumphive.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\FilesInfoCmd.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\find2.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\Fport.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\grep.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\gzip.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\KProcCheck.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\LFiles.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\LISTDLLS.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\md5sums.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\pslist.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\sigcheck.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\streams.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\swreg.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\tar.exe
    c:\Documents and Settings\Bernard\Bureau\LECTEUR MP3\audiodream_3410_2420.exe
    c:\Documents and Settings\Bernard\Bureau\LECTEUR MP3\mp3_recovery_drv.exe
    c:\Documents and Settings\Bernard\Bureau\OM a tester\Commander471Archive.exe
    c:\Documents and Settings\Bernard\Bureau\OM a tester\TRX MANAGER trmde376.exe
    c:\Documents and Settings\Bernard\Bureau\Référenceur\submitic.exe
    c:\Documents and Settings\Bernard\Bureau\SAT\04-2005\Firmware_Flash308+.exe
    c:\Documents and Settings\Bernard\Bureau\SAT\flash XSAT\exe\Firmware_Flash308+.exe
    c:\Documents and Settings\Bernard\Bureau\SONY P900\UpdateService_Inst_2.6.4.9.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\catchme.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\diff.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\dumphive.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\FilesInfoCmd.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\find2.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\Fport.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\grep.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\gzip.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\KProcCheck.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\LFiles.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\LISTDLLS.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\md5sums.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\pslist.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\sigcheck.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\streams.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\swreg.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\tar.exe
    c:\WinDev 11\Composants\Composants exemples\WD DerniersDocuments\WD DerniersDocuments - Exemple\Exe\WD DerniersDocuments - Exemple.exe
    c:\Documents and Settings\All Users\Application Data\Adobe\AWSCommonUI.dll
    c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
    c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
    c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
    c:\Documents and Settings\Bernard\Application Data\Adobe\AWSCommonUI.dll
    c:\Documents and Settings\Bernard\Application Data\Macromedia\Dreamweaver MX\Configuration\Flash Player\FlashPlayerW.dll
    c:\Documents and Settings\Bernard\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
    c:\Documents and Settings\Bernard\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
    c:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
    c:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
    c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

    ****** Fin du rapport DiagHelp
    Veuillez svp envoyer le fichier C:\upload_moi_BV.tar.gz a l'adresse http://upload.malekal.com
    __________________________________________________________________________________________________________
    [CODE]

    2007-12-22,15:46:16

    System Repair Engineer 2.5.16.900
    Smallfrogs (http://www.KZTechs.com)

    Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

    Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File
    Process Privileges Scan

    Boot Items
    Registry
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Spamihilator><"C:\Program Files\Spamihilator\spamihilator.exe"> [Michel Krämer]
    <LDM><\Program\BackWeb-8876480.exe> [N/A]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
    <RamBoostXp><C:\Program Files\RamBoost XP\rambxpfr.exe> [Gildas LE BOURNAULT]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><> [N/A]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
    <type32><"C:\Program Files\Microsoft IntelliType Pro\type32.exe"> [Microsoft Corporation]
    <SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <InCD><C:\Program Files\Ahead\InCD\InCD.exe> []
    <LVCOMSX><C:\WINDOWS\System32\LVCOMSX.EXE> [Logitech Inc.]
    <LogitechVideoRepair><C:\Program Files\Logitech\Video\ISStart.exe> [Logitech Inc.]
    <LogitechVideoTray><C:\Program Files\Logitech\Video\LogiTray.exe> [Logitech Inc.]
    <SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
    <avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
    <GhostStartTrayApp><C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe> [Symantec Corporation]
    <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
    <Logitech Utility><Logi_MwX.Exe> [(Verified)Microsoft Windows Publisher]
    <WebcamMaxMoniter><"C:\Program Files\WebcamMax\CAMTHINS.exe" /m> []
    <CorelDRAW Graphics Suite 11b><C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=011108 serial=DR12WNN-5521459-MUE lang=FR> [Corel Corporation]
    <PhiBtn><%SystemRoot%\System32\drivers\PhiBtn.exe> [Philips]
    <Traymin900><%SystemRoot%\System32\drivers\Tray900.exe> [Philips]
    <KMCONFIG><C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe KMConfig.exe> [N/A]
    <!AVG Anti-Spyware><"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [(Verified)GRISOFT LTD]
    <SDFix><C:\SDFix\RunThis.bat /second> [N/A]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><explorer.exe> [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><> [N/A]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{5ECD31F0-F91A-11d4-B3CA-00D0B70A09D2}><WDShell> [N/A]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [(Verified)GRISOFT LTD]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]

    ==================================
    Startup Folders
    [Acrobat Assistant]
    <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\AcroTray.exe [Adobe Systems Inc.]><N>
    [Adobe Gamma Loader]
    <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk --> C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
    [Logitech Desktop Messenger]
    <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk --> C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [Logitech]><N>
    [Microsoft Office]
    <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~3\Office\OSA9.EXE [Microsoft Corporation]><N>
    [Monitor Apache Servers]
    <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Monitor Apache Servers.lnk --> C:\PROGRA~1\APACHE~1\Apache2\bin\APACHE~1.EXE [Apache Software Foundation]><N>
    [Phone Connection Monitor]
    <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Phone Connection Monitor.lnk --> C:\PROGRA~1\SONYER~1\Mobile\AUDEVI~1.EXE [Teleca Software Solutions AB]><N>
    [PowerCheck]
    <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\PowerCheck.lnk --> C:\PROGRA~1\POWERC~1\POWERC~1.EXE [N/A]><N>
    [MSN Pictures Displayer]
    <C:\Documents and Settings\Bernard\Menu Démarrer\Programmes\Démarrage\MSN Pictures Displayer.lnk --> C:\PROGRA~1\MSNPIC~1\MSNPIC~1.EXE []><N>
    [OpenOffice.org 2.2]
    <C:\Documents and Settings\Bernard\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.2.lnk --> C:\PROGRA~1\OPENOF~1.2\program\QUICKS~1.EXE [N/A]><N>

    ==================================
    Services
    [Apache2 / Apache2][Stopped/Auto Start]
    <"C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice><Apache Software Foundation>
    [Service d'état ASP.NET / aspnet_state][Stopped/Manual Start]
    <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
    [avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
    <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
    [avast! Antivirus / avast! Antivirus][Running/Auto Start]
    <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
    [avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
    <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
    [avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
    <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
    [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
    <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.>
    [GhostStartService / GhostStartService][Running/Auto Start]
    <C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE><Symantec Corporation>
    [Keyboard And Mouse Communication Service / KMWDSERVICE][Running/Auto Start]
    <C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe><UASSOFT.COM>
    [UStorage Server Service / UStorage Server Service][Running/Auto Start]
    <C:\WINDOWS\system32\UStorSrv.exe /Service><OTi>

    ==================================
    Drivers
    [Aladdin HASP Key / akshasp][Stopped/Manual Start]
    <system32\DRIVERS\akshasp.sys><Aladdin Knowledge Systems Ltd.>
    [Aladdin USB Key / aksusb][Stopped/Manual Start]
    <System32\DRIVERS\aksusb.sys><Aladdin Knowledge Systems Ltd.>
    [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
    <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
    [PS/2 Port Mouse Filter Driver / Amps2prt][Stopped/Manual Start]
    <System32\Drivers\Amps2prt.sys><(Standard Mouse Types)>
    [ati2mtag / ati2mtag][Running/Manual Start]
    <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
    [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
    <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
    [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
    <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
    [InCD Storage Helper Driver / BsStor][Running/Boot Start]
    <\SystemRoot\System3
    0
  7. Moi même
     
    Merci encore, voila le résultat

    __________________________________________________________________________________________________________
    DiagHelp version v1.4 - http://www.malekal.com
    excute le 22/12/2007 à 15:21:02,20

    Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
    C:\WINDOWS\prefetch\MSIMN.EXE-3356F448.pf -->27/12/2007 15:37:26
    C:\WINDOWS\prefetch\IEXPLORE.EXE-06887102.pf -->27/12/2007 15:34:09
    C:\WINDOWS\prefetch\VERCLSID.EXE-3B227142.pf -->27/12/2007 15:34:06
    C:\WINDOWS\prefetch\ACDSEEQV.EXE-2174EC4D.pf -->27/12/2007 14:58:10
    C:\WINDOWS\prefetch\CIDAEMON.EXE-2B2C6F8A.pf -->27/12/2007 14:51:30
    C:\WINDOWS\prefetch\USNSVC.EXE-06863237.pf -->27/12/2007 14:48:37
    C:\WINDOWS\prefetch\LIVECALL.EXE-124D8E6F.pf -->27/12/2007 14:48:31
    C:\WINDOWS\prefetch\YUPDATER.EXE-290842D1.pf -->27/12/2007 14:48:13
    C:\WINDOWS\prefetch\MSNMSGR.EXE-1C291C3F.pf -->27/12/2007 14:47:59
    C:\WINDOWS\prefetch\WUAUCLT.EXE-12D8E25E.pf -->27/12/2007 14:45:02

    C:\WINDOWS\System32\drivers\gmer.sys -->19/12/2007 14:21:48
    C:\WINDOWS\System32\drivers\aswmon.sys -->04/12/2007 15:56:02
    C:\WINDOWS\System32\drivers\aswmon2.sys -->04/12/2007 15:55:46
    C:\WINDOWS\System32\drivers\aswRdr.sys -->04/12/2007 15:53:39
    C:\WINDOWS\System32\drivers\aswTdi.sys -->04/12/2007 15:51:52
    C:\WINDOWS\System32\drivers\aavmker4.sys -->04/12/2007 15:49:02
    C:\WINDOWS\System32\drivers\secdrv.sys -->13/11/2007 11:25:54

    C:\WINDOWS\System32\LVCOMSX.LOG -->22/12/2007 15:16:48
    C:\WINDOWS\System32\wpa.dbl -->22/12/2007 11:36:51
    C:\WINDOWS\System32\Uninstall.ico -->21/12/2007 00:51:29
    C:\WINDOWS\System32\pavas.ico -->21/12/2007 00:51:29
    C:\WINDOWS\System32\Help.ico -->21/12/2007 00:51:29
    C:\WINDOWS\System32\CONFIG.NT -->12/12/2007 09:32:51
    C:\WINDOWS\System32\TZLog.log -->12/12/2007 01:30:26
    C:\WINDOWS\System32\aswBoot.exe -->04/12/2007 14:04:28
    C:\WINDOWS\System32\AVASTSS.scr -->04/12/2007 13:54:04
    C:\WINDOWS\System32\MRT.exe -->03/12/2007 00:00:05
    C:\WINDOWS\System32\tzchange.exe -->13/11/2007 12:31:11
    C:\WINDOWS\System32\mshtml.dll -->31/10/2007 00:23:48
    C:\WINDOWS\System32\quartz.dll -->29/10/2007 23:43:32
    C:\WINDOWS\System32\xpsp3res.dll -->29/10/2007 16:07:16
    C:\WINDOWS\System32\jupdate-1.6.0_03-b05.log -->28/10/2007 13:20:46
    C:\WINDOWS\System32\perfh00C.dat -->28/10/2007 09:19:00
    C:\WINDOWS\System32\perfh009.dat -->28/10/2007 09:19:00
    C:\WINDOWS\System32\perfc00C.dat -->28/10/2007 09:19:00
    C:\WINDOWS\System32\perfc009.dat -->28/10/2007 09:19:00
    C:\WINDOWS\System32\PerfStringBackup.INI -->28/10/2007 09:18:59
    C:\WINDOWS\System32\shell32.dll -->25/10/2007 17:43:25
    C:\WINDOWS\System32\wmasf.dll -->25/10/2007 09:28:30
    C:\WINDOWS\System32\wininet.dll -->11/10/2007 00:49:45
    C:\WINDOWS\System32\webcheck.dll -->11/10/2007 00:49:45
    C:\WINDOWS\System32\urlmon.dll -->11/10/2007 00:49:45

    C:\WINDOWS\ntbtlog.txt -->22/12/2007 15:15:35
    C:\WINDOWS\bootstat.dat -->22/12/2007 14:31:34
    C:\WINDOWS\WindowsUpdate.log -->22/12/2007 14:29:32
    C:\WINDOWS\SchedLgU.Txt -->22/12/2007 13:42:15
    C:\WINDOWS\wiaservc.log -->22/12/2007 13:42:07
    C:\WINDOWS\wiadebug.log -->22/12/2007 13:42:06
    C:\WINDOWS\setupapi.log -->22/12/2007 12:44:02
    C:\WINDOWS\0.log -->22/12/2007 11:36:36
    C:\WINDOWS\TempFile -->22/12/2007 11:36:03
    C:\WINDOWS\NeroDigital.ini -->21/12/2007 19:33:25
    C:\WINDOWS\pavsig.txt -->21/12/2007 00:51:35
    C:\WINDOWS\gmer.ini -->19/12/2007 14:24:43
    C:\WINDOWS\gmer_uninstall.cmd -->19/12/2007 14:21:48
    C:\WINDOWS\gmer.dll -->19/12/2007 14:21:48
    C:\WINDOWS\setupact.log -->19/12/2007 10:34:09

    winlogon.exe
    Verified: Signed
    svchost.exe
    Verified: Signed
    ws2_32.dll
    Verified: Signed
    user32.dll
    Verified: Signed
    tcpip.sys
    Verified: Signed
    ndis.sys
    Verified: Signed
    null.sys
    Verified: Signed

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    explorer.exe pid: 816
    Command line: C:\WINDOWS\Explorer.EXE

    Base Size Version Path
    0x44080000 0xcf000 7.00.6000.16574 C:\WINDOWS\system32\WININET.dll
    0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
    0x43e00000 0x45000 7.00.6000.16574 C:\WINDOWS\system32\iertutil.dll
    0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
    0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
    0x44360000 0x5cd000 7.00.6000.16574 C:\WINDOWS\system32\ieframe.dll
    0x44160000 0x127000 7.00.6000.16574 C:\WINDOWS\system32\urlmon.dll
    0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
    0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
    0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
    0x00f80000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
    0x16200000 0x6000 4.01.0000.0000 C:\PROGRA~1\WINZIP~1.1FR\WZSHLSTB.DLL
    0x02410000 0x5d000 1.03.0004.0001 C:\Program Files\Sony Ericsson\Mobile\auexpext.dll
    0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
    0x02470000 0x2b000 1.03.0004.0001 C:\Program Files\Sony Ericsson\Mobile\FilGuiLg.dll
    0x024b0000 0x28000 C:\Program Files\WinRAR\rarext.dll
    0x64000000 0x30000 2005.01.0001.0004 C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
    0x10000000 0x2a000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
    0x64f00000 0x12000 4.07.1098.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
    0x02ae0000 0x22000 8.02.0000.1192 C:\Program Files\Logitech\Video\Namespc2.dll
    0x7c140000 0x103000 7.10.3077.0000 C:\WINDOWS\system32\MFC71.DLL
    0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
    0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll
    0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
    0x02400000 0x8000 8.02.0000.1192 C:\Program Files\Logitech\Video\AlbuDBps.dll
    0x5a500000 0x4e000 8.01.0178.0000 C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
    0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll
    0x02b30000 0x27e000 5.02.5721.5145 C:\WINDOWS\system32\wpdshext.dll
    0x07160000 0x46000 5.02.5721.5145 C:\WINDOWS\system32\Audiodev.dll
    0x15110000 0x25a000 11.00.5721.5145 C:\WINDOWS\system32\WMVCore.DLL
    0x11c70000 0x3a000 11.00.5721.5238 C:\WINDOWS\system32\WMASF.DLL
    0x02db0000 0x2f000 11.00.0000.0001 C:\WINDOWS\system32\WDShell.dll
    0x02df0000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
    0x61c20000 0x54000 8.00.0000.9118 C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll
    0x5fc70000 0x18000 8.00.0000.9107 C:\Program Files\OpenOffice.org 2.2\program\uwinapi.dll
    0x61740000 0x8e000 4.05.2003.0120 C:\Program Files\OpenOffice.org 2.2\program\stlport_vc7145.dll
    0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\system32\MSISIP.DLL
    0x74e10000 0x10000 5.06.0000.8820 C:\WINDOWS\System32\wshext.dll
    0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
    0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL
    0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\System32\wshFR.DLL

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    winlogon.exe pid: 268
    Command line: winlogon.exe

    Base Size Version Path
    0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
    0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
    0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
    0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
    0x00df0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
    0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

    Le volume dans le lecteur C s'appelle Principal
    Le numéro de série du volume est D835-3672

    Répertoire de C:\WINDOWS\system

    10/09/1999 12:06 4 672 WOWPOST.EXE
    1 fichier(s) 4 672 octets
    0 Rép(s) 48 208 277 504 octets libres
    Le volume dans le lecteur C s'appelle Principal
    Le numéro de série du volume est D835-3672

    Répertoire de C:\WINDOWS\system32

    20/08/2004 00:09 6 144 csrss.exe
    1 fichier(s) 6 144 octets
    0 Rép(s) 48 208 277 504 octets libres

    Contenu de Downloaded Program Files
    Le volume dans le lecteur C s'appelle Principal
    Le numéro de série du volume est D835-3672

    Répertoire de C:\WINDOWS\Downloaded Program Files

    22/12/2007 12:44 <REP> .
    22/12/2007 12:44 <REP> ..
    07/03/2007 00:59 300 680 arclib.dll
    24/08/2006 07:28 141 424 asinst.dll
    22/08/2006 08:06 537 asinst.inf
    09/12/2007 00:46 312 680 avsniff.dll
    09/12/2007 00:38 773 avsniff.inf
    09/12/2007 00:46 255 336 avsniffdlgs.dll
    07/12/2004 16:07 32 bdcore.dll
    25/05/2006 00:21 118 784 bdupd.dll
    21/03/2002 14:26 815 bitdefender.inf
    30/01/2003 15:52 348 160 bitdefender.ocx
    25/06/2003 18:00 541 ca.pub
    09/12/2007 00:38 241 CabSA.inf
    14/11/2007 01:00 2 504 catalog.dat
    27/03/2002 13:02 168 014 cssweb.dll
    24/04/2003 14:11 259 cssweb.inf
    17/01/2006 16:11 580 663 daas_s.dll
    14/08/2004 13:51 65 desktop.ini
    25/07/2002 17:13 24 576 dwusplay.dll
    25/07/2002 17:13 196 608 dwusplay.exe
    14/11/2007 01:00 6 899 ecbootil.vxd
    09/12/2007 00:36 42 112 ecmldr32.dll
    14/11/2007 01:00 284 016 ecmsvr32.dll
    20/11/2007 16:04 1 523 536 FP_AX_CAB_INSTALLER.exe
    03/02/2006 10:20 188 416 fsauc.dll
    16/06/2006 14:31 181 856 fscax.dll
    13/04/2007 15:52 482 fscax.inf
    12/07/2000 01:02 36 864 fxfileop.dll
    25/05/2006 00:21 53 248 ipsupd.dll
    10/06/2005 09:44 417 792 isusweb.dll
    07/01/2007 12:55 2 305 kavwebscan.inf
    16/03/2005 11:34 7 407 lang.ini
    11/12/2006 16:44 367 LegitCheckControl.inf
    07/12/2004 16:07 32 libfn.dll
    14/03/2005 13:38 126 live.ini
    24/02/2006 11:49 882 mcfscan.inf
    18/11/1999 12:48 995 mpeg4ax.inf
    18/11/1999 12:49 992 msaudio.inf
    09/12/2007 00:36 6 850 navapi.vxd
    09/12/2007 00:36 201 896 navapi32.dll
    14/11/2007 01:00 124 272 naveng32.dll
    14/11/2007 01:00 914 800 navex32a.dll
    17/01/2005 16:09 227 opuc.inf
    01/06/2006 01:57 1 331 oscan8.inf
    01/06/2006 01:54 471 040 oscan8.ocx
    31/05/2006 03:15 10 oscan81.ocx_x
    09/12/2007 00:46 296 336 rufsi.dll
    14/03/2005 13:58 7 073 scanoptions.tsi
    14/11/2007 01:00 97 776 scrauth.dat
    20/11/2007 15:50 247 swflash.inf
    14/11/2007 01:00 11 816 symaveng.cat
    14/11/2007 01:00 1 061 symaveng.inf
    14/11/2007 01:00 400 415 tcdefs.dat
    14/11/2007 01:00 2 344 295 tcscan7.dat
    14/11/2007 01:00 413 082 tcscan8.dat
    14/11/2007 01:00 968 800 tcscan9.dat
    14/11/2007 01:00 453 tinf.dat
    14/11/2007 01:00 148 tinfidx.dat
    14/11/2007 01:00 1 957 tinfl.dat
    14/11/2007 01:00 67 815 tscan1.dat
    14/11/2007 01:00 3 240 tscan1hd.dat
    31/10/2001 09:37 118 uninst.bat
    14/11/2007 01:00 4 778 v.grd
    14/11/2007 01:00 2 267 v.sig
    21/12/2007 19:08 294 403 vet.da1
    19/11/2007 01:18 13 076 520 vet.dat
    13/07/2007 05:11 1 353 016 vete.dll
    14/11/2007 01:00 106 244 virscan.inf
    14/11/2007 01:00 996 122 virscan1.dat
    14/11/2007 01:00 570 966 virscan2.dat
    14/11/2007 01:00 150 536 virscan3.dat
    14/11/2007 01:00 320 253 virscan4.dat
    14/11/2007 01:00 4 871 963 virscan5.dat
    14/11/2007 01:00 392 074 virscan6.dat
    14/11/2007 01:00 14 386 178 virscan7.dat
    14/11/2007 01:00 1 862 947 virscan8.dat
    14/11/2007 01:00 5 260 290 virscan9.dat
    14/11/2007 01:00 32 virscant.dat
    18/12/2007 13:34 2 072 vscanmsx.dat
    20/11/2006 12:02 180 282 webscan.dll
    21/07/2006 12:55 477 webscan.inf
    02/11/2005 17:01 1 777 xscan.inf
    02/11/2005 17:07 435 712 xscan53.ocx
    14/11/2007 01:00 224 zdone.dat
    83 fichier(s) 55 805 210 octets

    Total des fichiers listés :
    83 fichier(s) 55 805 210 octets
    2 Rép(s) 48 208 273 408 octets libres

    Recherche de rootkit! (Merci S!Ri)

    Recherche d'infections connues

    Export des clefs sensibles..

    Liste des fichiers en exception sur le pare-feu XP SP2

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Age of Empires 2\\age2_x1.exe"="C:\\Program Files\\Age of Empires 2\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
    "C:\\Program Files\\EasyPHP1-7\\apache\\apache.exe"="C:\\Program Files\\EasyPHP1-7\\apache\\apache.exe:*:Enabled:apache"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
    "C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\\Program Files\\Empire Earth\\Empire Earth.exe"="C:\\Program Files\\Empire Earth\\Empire Earth.exe:*:Enabled:Empire Earth"
    "C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC"
    "C:\\Program Files\\GlobalSCAPE\\CuteFTP Pro\\TE\\ftpte.exe"="C:\\Program Files\\GlobalSCAPE\\CuteFTP Pro\\TE\\ftpte.exe:*:Enabled:FTP Transfer Engine"
    "C:\\Program Files\\MixW\\Teoan.exe"="C:\\Program Files\\MixW\\Teoan.exe:*:Enabled:TEOAN"
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime"
    "C:\\Program Files\\EchoLink\\EchoLink.exe"="C:\\Program Files\\EchoLink\\EchoLink.exe:*:Enabled:EchoLink"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"="C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp:*:Enabled:KazaaLite"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\11exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\11exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\38exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\38exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\43exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\43exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\74exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\74exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\51exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\51exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\0exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\0exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\80exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\80exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\75exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\75exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\63exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\63exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\8exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\8exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\48exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\48exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\2exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\2exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\36exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\36exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\66exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\66exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\50exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\50exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\73exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\73exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\54exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\54exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\29exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\29exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\6exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\6exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\61exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\61exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\41exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\41exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\45exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\45exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\64exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\64exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\37exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\37exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\19exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\19exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\69exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\69exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\12exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\12exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\84exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\84exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\15exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\15exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\5exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\5exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\21exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\21exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\99exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\99exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\65exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\65exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\23exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\23exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\26exinjs.a6.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\26exinjs.a6.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\98exinjs.a6.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\98exinjs.a6.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\17exinjs.a6.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\17exinjs.a6.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\10exinjs.a6.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\10exinjs.a6.exe:*:Enabled:Microsoft Update"
    "C:\\Program Files\\Microsoft Office\\Office\\EXCEL.EXE"="C:\\Program Files\\Microsoft Office\\Office\\EXCEL.EXE:*:Enabled:Microsoft Excel for Windows"
    "C:\\Program Files\\FileZilla\\FileZilla.exe"="C:\\Program Files\\FileZilla\\FileZilla.exe:*:Enabled:FileZilla"
    "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
    "C:\\Program Files\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Export de la clef SharedTaskScheduler

    [SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

    exports des policies
    REGEDIT4

    [system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    Export des clefs sensibles..
    Rechercher adresses sensibles dans le fichier HOSTS...
    catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-22 15:21:40
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2C4D257C-72E2-E577-A752-291333787D00}]
    "hagepphnhnalohlb"=hex:61,61,00,00
    "hagepphnnnglgocp"=hex:61,61,00,00
    "iakfpidebimpimgooj"=hex:6b,61,68,69,67,68,6d,70,69,62,66,67,61,65,6c,66,67,70,61,6f,6f,..
    "haegjngplkgkgjhj"=hex:6b,61,68,69,67,68,6d,70,69,62,66,67,61,65,6c,66,67,70,61,6f,6f,..

    scanning hidden files ...

    scan completed successfully
    hidden services: 0
    hidden files: 0

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Error loading kernel support driver!
    Make sure you are running this as Administrator.

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Error loading kernel support driver!
    Make sure you are running this as Administrator.

    Liste des programmes installes

    3D Home Architect Home Design Deluxe 6
    3D Home Architect Home Design Deluxe 6
    ACDSee 9 Gestionnaire de photos
    Ad-Aware SE Personal
    Adobe Acrobat 5.0
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player ActiveX
    Adobe Photoshop 7.0
    Ahead InCD
    Apache HTTP Server 2.0.55
    Archiveur WinRAR
    ARTEC
    ATI Control Panel
    ATI Display Driver
    avast! Antivirus
    AVG Anti-Spyware 7.5
    Barre d'outils MSN
    Camfrog Video Chat 3.91 (remove only)
    CamStudio 2.0 Fr
    Canon i560
    CCleaner (remove only)
    Command On Demand for Command Software
    Compel Adaptec WinASPI
    ConTEXT
    Copernic Agent Professional
    Corel Paint Shop Pro X
    CorelDRAW Graphics Suite 12
    Correctif pour Lecteur Windows Media 11 (KB939683)
    Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
    CuteFTP Pro
    EasyCleaner
    EchoLink
    eMule
    Etats Et Requêtes
    EVEREST Home Edition v2.01
    Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP
    Fake Webcam 2.9.16
    FileSpecs plug-in for Ad-Aware SE
    FileZilla (remove only)
    Freeplayer
    Frontline Attack - War over Europe
    Google Earth
    Google Toolbar for Firefox
    Google Toolbar for Internet Explorer
    HelpNDoc Version 1.10 Personal Edition
    HijackThis 1.99.1
    Hotfix for Windows Media Format 11 SDK (KB929399)
    HydraVision
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) SE Runtime Environment 6 Update 1
    K-Lite Codec Pack 3.4.0 Full
    Kaspersky Online Scanner
    Language Pack for Ad-aware 6
    Language pack for Ad-Aware SE
    Lecteur Windows Media 11
    LiveReg (Symantec Corporation)
    LiveUpdate 1.80 (Symantec Corporation)
    Logitech Desktop Messenger
    Logitech MouseWare 9.79.1
    Logitech Print Service
    Logitech QuickCam
    LST PCSOFT
    Macromedia Dreamweaver MX
    Macromedia Extension Manager
    Macromedia Fireworks 8
    Meracl FontMap v2.1.1
    Messenger Plus! Live
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 French Language Pack
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft IntelliType Pro 5.0
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money 2001
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 SR-1 Professional
    Microsoft Publisher 98
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
    Mise à jour de sécurité pour Windows XP (KB918118)
    Mise à jour de sécurité pour Windows XP (KB921503)
    Mise à jour de sécurité pour Windows XP (KB924667)
    Mise à jour de sécurité pour Windows XP (KB925902)
    Mise à jour de sécurité pour Windows XP (KB926436)
    Mise à jour de sécurité pour Windows XP (KB927779)
    Mise à jour de sécurité pour Windows XP (KB927802)
    Mise à jour de sécurité pour Windows XP (KB928255)
    Mise à jour de sécurité pour Windows XP (KB928843)
    Mise à jour de sécurité pour Windows XP (KB929123)
    Mise à jour de sécurité pour Windows XP (KB930178)
    Mise à jour de sécurité pour Windows XP (KB931261)
    Mise à jour de sécurité pour Windows XP (KB931784)
    Mise à jour de sécurité pour Windows XP (KB932168)
    Mise à jour de sécurité pour Windows XP (KB933729)
    Mise à jour de sécurité pour Windows XP (KB935839)
    Mise à jour de sécurité pour Windows XP (KB935840)
    Mise à jour de sécurité pour Windows XP (KB936021)
    Mise à jour de sécurité pour Windows XP (KB938829)
    Mise à jour de sécurité pour Windows XP (KB941202)
    Mise à jour de sécurité pour Windows XP (KB941568)
    Mise à jour de sécurité pour Windows XP (KB941569)
    Mise à jour de sécurité pour Windows XP (KB943460)
    Mise à jour de sécurité pour Windows XP (KB944653)
    Mise à jour pour Windows XP (KB927891)
    Mise à jour pour Windows XP (KB929338)
    Mise à jour pour Windows XP (KB930916)
    Mise à jour pour Windows XP (KB931836)
    Mise à jour pour Windows XP (KB933360)
    Mise à jour pour Windows XP (KB938828)
    Mise à jour pour Windows XP (KB942763)
    MixW 2.18 (Jan-09-2007)
    Mozilla Firefox (2.0.0.11)
    MSN Pictures Displayer 4.5
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    NeoTrace Express 3.25
    Nero 6 Ultra Edition
    Norton Ghost
    Novarm DipTrace
    OpenOffice.org 2.2
    Panda ActiveScan
    PC Camera
    PC Camera
    Philips SPC 900NC PC Camera
    Philips VLounge
    Picasa 2
    PowerCheck 4.2.3
    Programme de gestion Camera de Logitech®
    RamBoost XP 4.0.6
    RFSim99
    Saisie de Schéma SDS
    Soldiers - Heroes of World War II
    Sonic Foundry Sound Forge 6.0
    Sony Ericsson PC Suite 3.1.1
    Spamihilator
    Tracé de CI
    Trust R-Series Mouse
    Trust R-Series Mouse
    TyanSystemMonitor V2.13
    USB Card Reader \Writer
    USB Storage Device
    USB Video Camera Driver v1.10
    VideoLAN VLC media player 0.8.5-freehd
    Visionneuse Journal Windows Microsoft
    VX2 Cleaner plug-in for Ad-Aware SE
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 7
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 2
    Yahoo! Messenger

    Le volume dans le lecteur C s'appelle Principal
    Le numéro de série du volume est D835-3672

    Répertoire de C:\Program Files

    19/12/2007 10:30 <REP> .
    19/12/2007 10:30 <REP> ..
    10/03/2005 13:37 <REP> 3D Home Architect
    14/08/2005 23:14 <REP> AboutTime
    01/08/2007 22:03 <REP> ACD Systems
    14/12/2005 19:13 <REP> AdaURL
    24/03/2005 11:59 <REP> Adobe
    21/11/2004 20:11 <REP> Age of Empires 2
    22/08/2005 12:10 <REP> Ahead
    02/06/2006 20:58 <REP> Alcohol Soft
    23/06/2005 13:50 <REP> Alwil Software
    03/05/2007 12:24 <REP> AnalogX
    02/07/2007 16:55 <REP> Apache Group
    14/08/2004 14:16 <REP> ATI Technologies
    13/04/2007 23:40 <REP> Camfrog
    23/09/2006 16:46 <REP> CamStudio
    14/02/2007 17:08 <REP> CCleaner
    04/09/2007 18:14 <REP> CodecSniper
    13/08/2005 15:55 <REP> Codemasters
    22/08/2005 17:20 <REP> Common Files
    03/06/2007 22:41 <REP> ConCon
    05/02/2007 22:22 <REP> ConTEXT
    22/01/2005 18:05 <REP> Copernic Agent
    18/07/2007 09:36 <REP> Corel
    02/01/2007 00:15 <REP> Cucusoft
    16/02/2007 00:50 <REP> Cuisinons
    30/09/2006 15:27 <REP> Dial-Messenger
    15/04/2007 00:04 <REP> Dictionnaire
    31/10/2007 06:45 <REP> DipTrace
    23/09/2004 20:02 <REP> directx
    04/08/2007 01:10 <REP> DivX
    04/10/2005 11:35 <REP> Drive Rescue
    30/10/2004 11:47 <REP> EasyPHP1-7
    07/09/2006 21:45 <REP> EchoLink
    04/02/2006 15:46 <REP> Eidos Interactive
    31/01/2005 00:38 <REP> Empire Earth
    16/12/2007 15:42 <REP> eMule
    19/05/2007 22:04 <REP> Fake Webcam
    28/11/2007 20:23 <REP> Fichiers communs
    05/10/2006 22:45 <REP> FileZilla
    07/01/2007 21:47 <REP> Freeplayer
    09/10/2004 23:37 <REP> GlobalSCAPE
    16/12/2007 01:25 <REP> Google
    10/08/2007 03:18 <REP> Grisoft
    04/09/2007 18:23 <REP> GSpot
    18/09/2007 18:56 <REP> HelpNDoc
    23/04/2005 19:21 <REP> HighMAT CD Writing Wizard
    17/12/2007 21:42 <REP> hijackthis
    18/12/2005 16:48 <REP> ICprog
    16/12/2007 01:26 <REP> Internet Explorer
    01/09/2006 19:34 <REP> Intuwave Ltd
    28/10/2007 13:20 <REP> Java
    15/07/2007 14:10 <REP> Kazaa Lite K++
    04/09/2007 18:15 <REP> K-Lite Codec Pack
    27/06/2005 23:06 <REP> Lavalys
    21/08/2004 10:18 <REP> Lavasoft
    03/09/2005 23:46 <REP> Logitech
    09/07/2007 20:26 <REP> Macromedia
    30/07/2006 14:08 <REP> ManyCam
    14/08/2004 15:14 <REP> Meracl FontMap
    07/06/2007 17:03 <REP> Messenger
    19/12/2007 18:29 <REP> Messenger Plus! Live
    21/08/2004 18:03 <REP> Micro Application
    14/08/2004 16:26 <REP> microsoft frontpage
    16/12/2007 01:39 <REP> Microsoft IntelliType Pro
    05/08/2005 18:17 <REP> Microsoft Money
    14/08/2004 17:53 <REP> Microsoft Office
    26/03/2007 21:58 <REP> MixW
    09/02/2005 15:54 <REP> Movie Maker
    27/11/2005 13:58 <REP> Movies
    16/12/2007 18:10 <REP> Mozilla Firefox
    14/08/2004 13:49 <REP> MSN
    15/05/2005 12:58 <REP> MSN Apps
    14/08/2004 13:49 <REP> MSN Gaming Zone
    19/12/2007 18:29 <REP> MSN Messenger
    03/06/2007 22:37 <REP> MSN Pictures Displayer
    16/11/2006 18:13 <REP> MSXML 4.0
    24/03/2007 17:19 <REP> MyUninstall
    02/01/2007 00:06 <REP> NeoDivx Suite
    08/09/2007 16:29 <REP> NeoTrace Express
    26/05/2007 21:04 <REP> NetMeeting
    23/04/2005 19:28 <REP> OfficeUpdate11
    02/10/2005 16:45 <REP> Ontrack
    19/05/2007 14:26 <REP> OpenOffice.org 2.2
    24/12/2005 19:35 <REP> Opera
    13/06/2007 16:26 <REP> Outlook Express
    06/08/2006 09:11 <REP> Paltalk Messenger
    07/11/2007 20:35 <REP> PC Camera
    15/07/2007 16:03 <REP> PC SOFT
    14/11/2007 17:14 <REP> Philips
    24/12/2005 16:55 <REP> Picasa2
    19/08/2004 19:11 <REP> PopUp Destroy
    16/12/2007 01:48 <REP> PowerCheck
    22/12/2007 11:36 <REP> RamBoost XP
    14/09/2006 20:55 <REP> RegSeeker
    25/04/2005 14:36 <REP> RFSim99
    27/01/2005 18:59 <REP> Saisie de Schéma
    14/08/2004 13:51 <REP> Services en ligne
    22/08/2004 12:39 <REP> Sonic Foundry
    22/08/2004 12:39 <REP> Sonic Foundry Setup
    01/09/2006 19:35 <REP> Sony Ericsson
    22/08/2004 12:39 <REP> Sound Forge 6.0
    22/12/2007 13:04 <REP> Spamihilator
    16/08/2007 19:39 <REP> Spybot - Search & Destroy
    10/08/2007 03:03 <REP> STOPzilla!
    24/02/2007 21:14 <REP> StuffPlug3
    05/08/2005 17:58 <REP> Symantec
    08/07/2006 14:13 <REP> The Weather Channel FW
    05/02/2005 23:26 <REP> ToniArts
    27/01/2005 19:06 <REP> Tracé de CI
    13/12/2007 12:08 <REP> Trust
    20/08/2005 16:35 <REP> Tyan Computer Corp
    14/08/2004 14:05 <REP> VIA Technologies, Inc
    14/12/2007 13:25 <REP> VideoLAN
    16/05/2005 17:57 <REP> vso
    16/12/2007 01:50 <REP> WebcamMax
    02/01/2007 00:01 <REP> WinASPI
    23/09/2006 17:18 <REP> Windows AntiSpy
    23/04/2005 19:21 <REP> Windows Journal Viewer
    10/06/2007 10:14 <REP> Windows Live
    19/12/2007 22:18 <REP> Windows Live Safety Center
    03/11/2006 08:49 <REP> Windows Media Connect 2
    03/11/2006 08:49 <REP> Windows Media Player
    09/02/2005 15:49 <REP> Windows NT
    23/04/2005 18:29 <REP> WinRAR
    27/04/2005 08:26 <REP> WINRLC
    10/03/2005 00:07 <REP> WinZip 8.1 Fr
    14/08/2004 13:52 <REP> xerox
    14/04/2007 10:53 <REP> Yahoo!
    0 fichier(s) 0 octets
    129 Rép(s) 48 190 070 784 octets libres
    Le volume dans le lecteur C s'appelle Principal
    Le numéro de série du volume est D835-3672

    Répertoire de C:\Program Files\fichiers communs

    28/11/2007 20:23 <REP> .
    28/11/2007 20:23 <REP> ..
    01/08/2007 22:07 <REP> ACD Systems
    24/03/2005 11:59 <REP> Adobe
    22/08/2005 12:09 <REP> Ahead
    14/11/2007 17:26 <REP> ArcSoft
    14/08/2004 15:33 <REP> Copernic
    18/07/2007 09:37 <REP> Corel
    18/07/2007 09:20 <REP> Designer
    23/09/2004 20:02 <REP> FotoWire
    15/07/2007 13:52 <REP> InstallShield
    10/08/2007 02:38 <REP> iS3
    28/12/2004 09:59 <REP> Java
    03/09/2005 23:46 <REP> Logitech
    09/07/2007 20:26 <REP> Macromedia
    18/07/2007 09:37 <REP> Microsoft Shared
    14/08/2004 13:50 <REP> MSSoap
    14/08/2004 14:43 <REP> ODBC
    01/10/2006 16:02 <REP> Panda Software
    17/07/2007 00:01 <REP> PC SOFT
    14/08/2004 13:50 <REP> Services
    14/08/2004 14:43 <REP> SpeechEngines
    05/08/2005 17:57 <REP> Symantec Shared
    24/11/2007 10:14 <REP> System
    20/08/2004 11:31 <REP> Vbox
    0 fichier(s) 0 octets
    25 Rép(s) 48 190 078 976 octets libres
    Le volume dans le lecteur C s'appelle Principal
    Le numéro de série du volume est D835-3672

    Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

    19/05/2007 16:28 <REP> .
    19/05/2007 16:28 <REP> ..
    28/02/2002 23:03 561 209 MSONSEXT.DLL
    03/06/1999 13:09 122 937 MSOWS409.DLL
    07/03/2001 08:00 127 033 MSOWS40c.DLL
    18/03/1999 05:37 593 977 RAGENT.DLL
    4 fichier(s) 1 405 156 octets
    2 Rép(s) 48 190 078 976 octets libres
    Le volume dans le lecteur C s'appelle Principal
    Le numéro de série du volume est D835-3672

    Répertoire de C:\Program Files\common files

    22/08/2005 17:20 <REP> .
    22/08/2005 17:20 <REP> ..
    22/08/2005 17:20 <REP> PCCamera
    14/08/2004 15:49 <REP> System
    0 fichier(s) 0 octets
    4 Rép(s) 48 190 078 976 octets libres

    Le volume dans le lecteur C s'appelle Principal
    Le numéro de série du volume est D835-3672

    Répertoire de C:\

    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\aspiinst.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe
    c:\Documents and Settings\Bernard\.housecall\getMac.exe
    c:\Documents and Settings\Bernard\.housecall\patch.exe
    c:\Documents and Settings\Bernard\.housecall\tsc.exe
    c:\Documents and Settings\Bernard\.housecall6.6\getMac.exe
    c:\Documents and Settings\Bernard\.housecall6.6\patch.exe
    c:\Documents and Settings\Bernard\.housecall6.6\tsc.exe
    c:\Documents and Settings\Bernard\Application Data\Microsoft\Installer\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}\MnyIco.exe
    c:\Documents and Settings\Bernard\Bureau\avg75free_503a1205.exe
    c:\Documents and Settings\Bernard\Bureau\EliBaglA.exe
    c:\Documents and Settings\Bernard\Bureau\FxBeagle.exe
    c:\Documents and Settings\Bernard\Bureau\gmer.exe
    c:\Documents and Settings\Bernard\Bureau\clean\clean\gzip.exe
    c:\Documents and Settings\Bernard\Bureau\clean\clean\LFiles.exe
    c:\Documents and Settings\Bernard\Bureau\clean\clean\pskill.exe
    c:\Documents and Settings\Bernard\Bureau\clean\clean\tar.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\catchme.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\diff.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\dumphive.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\FilesInfoCmd.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\find2.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\Fport.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\grep.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\gzip.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\KProcCheck.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\LFiles.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\LISTDLLS.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\md5sums.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\pslist.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\sigcheck.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\streams.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\swreg.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\tar.exe
    c:\Documents and Settings\Bernard\Bureau\LECTEUR MP3\audiodream_3410_2420.exe
    c:\Documents and Settings\Bernard\Bureau\LECTEUR MP3\mp3_recovery_drv.exe
    c:\Documents and Settings\Bernard\Bureau\OM a tester\Commander471Archive.exe
    c:\Documents and Settings\Bernard\Bureau\OM a tester\TRX MANAGER trmde376.exe
    c:\Documents and Settings\Bernard\Bureau\Référenceur\submitic.exe
    c:\Documents and Settings\Bernard\Bureau\SAT\04-2005\Firmware_Flash308+.exe
    c:\Documents and Settings\Bernard\Bureau\SAT\flash XSAT\exe\Firmware_Flash308+.exe
    c:\Documents and Settings\Bernard\Bureau\SONY P900\UpdateService_Inst_2.6.4.9.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\catchme.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\diff.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\dumphive.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\FilesInfoCmd.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\find2.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\Fport.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\grep.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\gzip.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\KProcCheck.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\LFiles.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\LISTDLLS.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\md5sums.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\pslist.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\sigcheck.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\streams.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\swreg.exe
    c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\tar.exe
    c:\WinDev 11\Composants\Composants exemples\WD DerniersDocuments\WD DerniersDocuments - Exemple\Exe\WD DerniersDocuments - Exemple.exe
    c:\Documents and Settings\All Users\Application Data\Adobe\AWSCommonUI.dll
    c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
    c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
    c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
    c:\Documents and Settings\Bernard\Application Data\Adobe\AWSCommonUI.dll
    c:\Documents and Settings\Bernard\Application Data\Macromedia\Dreamweaver MX\Configuration\Flash Player\FlashPlayerW.dll
    c:\Documents and Settings\Bernard\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
    c:\Documents and Settings\Bernard\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
    c:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
    c:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
    c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

    ****** Fin du rapport DiagHelp
    Veuillez svp envoyer le fichier C:\upload_moi_BV.tar.gz a l'adresse http://upload.malekal.com
    __________________________________________________________________________________________________________
    [CODE]

    2007-12-22,15:46:16

    System Repair Engineer 2.5.16.900
    Smallfrogs (http://www.KZTechs.com)

    Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

    Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File
    Process Privileges Scan

    Boot Items
    Registry
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Spamihilator><"C:\Program Files\Spamihilator\spamihilator.exe"> [Michel Krämer]
    <LDM><\Program\BackWeb-8876480.exe> [N/A]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
    <RamBoostXp><C:\Program Files\RamBoost XP\rambxpfr.exe> [Gildas LE BOURNAULT]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><> [N/A]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
    <type32><"C:\Program Files\Microsoft IntelliType Pro\type32.exe"> [Microsoft Corporation]
    <SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <InCD><C:\Program Files\Ahead\InCD\InCD.exe> []
    <LVCOMSX><C:\WINDOWS\System32\LVCOMSX.EXE> [Logitech Inc.]
    <LogitechVideoRepair><C:\Program Files\Logitech\Video\ISStart.exe> [Logitech Inc.]
    <LogitechVideoTray><C:\Program Files\Logitech\Video\LogiTray.exe> [Logitech Inc.]
    <SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
    <avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
    <GhostStartTrayApp><C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe> [Symantec Corporation]
    <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
    <Logitech Utility><Logi_MwX.Exe> [(Verified)Microsoft Windows Publisher]
    <WebcamMaxMoniter><"C:\Program Files\WebcamMax\CAMTHINS.exe" /m> []
    <CorelDRAW Graphics Suite 11b><C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=011108 serial=DR12WNN-5521459-MUE lang=FR> [Corel Corporation]
    <PhiBtn><%SystemRoot%\System32\drivers\PhiBtn.exe> [Philips]
    <Traymin900><%SystemRoot%\System32\drivers\Tray900.exe> [Philips]
    <KMCONFIG><C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe KMConfig.exe> [N/A]
    <!AVG Anti-Spyware><"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [(Verified)GRISOFT LTD]
    <SDFix><C:\SDFix\RunThis.bat /second> [N/A]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><explorer.exe> [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><> [N/A]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{5ECD31F0-F91A-11d4-B3CA-00D0B70A09D2}><WDShell> [N/A]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [(Verified)GRISOFT LTD]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]

    ==================================
    Startup Folders
    [Acrobat Assistant]
    <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\AcroTray.exe [Adobe Systems Inc.]><N>
    [Adobe Gamma Loader]
    <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk --> C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
    [Logitech Desktop Messenger]
    <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk --> C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [Logitech]><N>
    [Microsoft Office]
    <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~3\Office\OSA9.EXE [Microsoft Corporation]><N>
    [Monitor Apache Servers]
    <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Monitor Apache Servers.lnk --> C:\PROGRA~1\APACHE~1\Apache2\bin\APACHE~1.EXE [Apache Software Foundation]><N>
    [Phone Connection Monitor]
    <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Phone Connection Monitor.lnk --> C:\PROGRA~1\SONYER~1\Mobile\AUDEVI~1.EXE [Teleca Software Solutions AB]><N>
    [PowerCheck]
    <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\PowerCheck.lnk --> C:\PROGRA~1\POWERC~1\POWERC~1.EXE [N/A]><N>
    [MSN Pictures Displayer]
    <C:\Documents and Settings\Bernard\Menu Démarrer\Programmes\Démarrage\MSN Pictures Displayer.lnk --> C:\PROGRA~1\MSNPIC~1\MSNPIC~1.EXE []><N>
    [OpenOffice.org 2.2]
    <C:\Documents and Settings\Bernard\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.2.lnk --> C:\PROGRA~1\OPENOF~1.2\program\QUICKS~1.EXE [N/A]><N>

    ==================================
    Services
    [Apache2 / Apache2][Stopped/Auto Start]
    <"C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice><Apache Software Foundation>
    [Service d'état ASP.NET / aspnet_state][Stopped/Manual Start]
    <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
    [avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
    <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
    [avast! Antivirus / avast! Antivirus][Running/Auto Start]
    <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
    [avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
    <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
    [avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
    <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
    [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
    <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.>
    [GhostStartService / GhostStartService][Running/Auto Start]
    <C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE><Symantec Corporation>
    [Keyboard And Mouse Communication Service / KMWDSERVICE][Running/Auto Start]
    <C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe><UASSOFT.COM>
    [UStorage Server Service / UStorage Server Service][Running/Auto Start]
    <C:\WINDOWS\system32\UStorSrv.exe /Service><OTi>

    ==================================
    Drivers
    [Aladdin HASP Key / akshasp][Stopped/Manual Start]
    <system32\DRIVERS\akshasp.sys><Aladdin Knowledge Systems Ltd.>
    [Aladdin USB Key / aksusb][Stopped/Manual Start]
    <System32\DRIVERS\aksusb.sys><Aladdin Knowledge Systems Ltd.>
    [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
    <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
    [PS/2 Port Mouse Filter Driver / Amps2prt][Stopped/Manual Start]
    <System32\Drivers\Amps2prt.sys><(Standard Mouse Types)>
    [ati2mtag / ati2mtag][Running/Manual Start]
    <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
    [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
    <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
    [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
    <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
    [InCD Storage Helper Driver / BsStor][Running/Boot Start]
    <\SystemRoot\System3
    0
  8. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    Le rapport SREng est incomplet.
    0
  9. Moi même
     
    Bonsoir
    Désolé de ne pas avoir donné suite à ton dernier poste mais je me suis absenté quelques jours et dés mon retour j'ai repris le problème dont la situation est évidemment inchangée, le PC reboote toujours.
    Ci-dessous les éléments demandés mais certaines procédures ne semblent pas s'exécuter (fichiers introuvables et messages similaires)
    Merci de ton aide qui m'est trés précieuse
    ________________________________________________________________________________________
    [CODE]

    2007-12-27,15:13:35

    System Repair Engineer 2.5.16.900
    Smallfrogs (http://www.KZTechs.com)

    Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

    Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File
    Process Privileges Scan

    Boot Items
    Registry
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Spamihilator><"C:\Program Files\Spamihilator\spamihilator.exe"> [Michel Krämer]
    <LDM><\Program\BackWeb-8876480.exe> [N/A]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
    <RamBoostXp><C:\Program Files\RamBoost XP\rambxpfr.exe> [Gildas LE BOURNAULT]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><> [N/A]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
    <type32><"C:\Program Files\Microsoft IntelliType Pro\type32.exe"> [Microsoft Corporation]
    <SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <LVCOMSX><C:\WINDOWS\System32\LVCOMSX.EXE> [Logitech Inc.]
    <LogitechVideoRepair><C:\Program Files\Logitech\Video\ISStart.exe> [Logitech Inc.]
    <LogitechVideoTray><C:\Program Files\Logitech\Video\LogiTray.exe> [Logitech Inc.]
    <SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
    <avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
    <GhostStartTrayApp><C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe> [Symantec Corporation]
    <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
    <Logitech Utility><Logi_MwX.Exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <WebcamMaxMoniter><"C:\Program Files\WebcamMax\CAMTHINS.exe" /m> []
    <CorelDRAW Graphics Suite 11b><C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=011108 serial=DR12WNN-5521459-MUE lang=FR> [Corel Corporation]
    <PhiBtn><%SystemRoot%\System32\drivers\PhiBtn.exe> [Philips]
    <Traymin900><%SystemRoot%\System32\drivers\Tray900.exe> [Philips]
    <KMCONFIG><C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe KMConfig.exe> [N/A]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
    <AVG7_CC><C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP> [GRISOFT, s.r.o.]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><explorer.exe> [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><> [N/A]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{5ECD31F0-F91A-11d4-B3CA-00D0B70A09D2}><WDShell> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]

    ==================================
    Startup Folders
    [Acrobat Assistant]
    <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\AcroTray.exe [Adobe Systems Inc.]><N>
    [Adobe Gamma Loader]
    <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk --> C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
    [Logitech Desktop Messenger]
    <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk --> C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [Logitech]><N>
    [Microsoft Office]
    <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~3\Office\OSA9.EXE [Microsoft Corporation]><N>
    [Monitor Apache Servers]
    <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Monitor Apache Servers.lnk --> C:\PROGRA~1\APACHE~1\Apache2\bin\APACHE~1.EXE [Apache Software Foundation]><N>
    [Phone Connection Monitor]
    <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Phone Connection Monitor.lnk --> C:\PROGRA~1\SONYER~1\Mobile\AUDEVI~1.EXE [Teleca Software Solutions AB]><N>
    [PowerCheck]
    <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\PowerCheck.lnk --> C:\PROGRA~1\POWERC~1\POWERC~1.EXE [N/A]><N>
    [MSN Pictures Displayer]
    <C:\Documents and Settings\Bernard\Menu Démarrer\Programmes\Démarrage\MSN Pictures Displayer.lnk --> C:\PROGRA~1\MSNPIC~1\MSNPIC~1.EXE []><N>
    [OpenOffice.org 2.2]
    <C:\Documents and Settings\Bernard\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.2.lnk --> C:\PROGRA~1\OPENOF~1.2\program\QUICKS~1.EXE [N/A]><N>

    ==================================
    Services
    [Apache2 / Apache2][Stopped/Auto Start]
    <"C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice><Apache Software Foundation>
    [Service d'état ASP.NET / aspnet_state][Stopped/Manual Start]
    <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
    [avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
    <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
    [avast! Antivirus / avast! Antivirus][Running/Auto Start]
    <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
    [avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
    <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
    [avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
    <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
    [AVG7 Alert Manager Server / Avg7Alrt][Running/Auto Start]
    <C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe><GRISOFT, s.r.o.>
    [AVG7 Update Service / Avg7UpdSvc][Running/Auto Start]
    <C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe><GRISOFT, s.r.o.>
    [AVG E-mail Scanner / AVGEMS][Running/Auto Start]
    <C:\PROGRA~1\Grisoft\AVG7\avgemc.exe><GRISOFT, s.r.o.>
    [GhostStartService / GhostStartService][Running/Auto Start]
    <C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE><Symantec Corporation>
    [Keyboard And Mouse Communication Service / KMWDSERVICE][Running/Auto Start]
    <C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe><UASSOFT.COM>
    [UStorage Server Service / UStorage Server Service][Running/Auto Start]
    <C:\WINDOWS\system32\UStorSrv.exe /Service><OTi>

    ==================================
    Drivers
    [Aladdin HASP Key / akshasp][Stopped/Manual Start]
    <system32\DRIVERS\akshasp.sys><Aladdin Knowledge Systems Ltd.>
    [Aladdin USB Key / aksusb][Stopped/Manual Start]
    <System32\DRIVERS\aksusb.sys><Aladdin Knowledge Systems Ltd.>
    [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
    <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
    [PS/2 Port Mouse Filter Driver / Amps2prt][Stopped/Manual Start]
    <System32\Drivers\Amps2prt.sys><(Standard Mouse Types)>
    [ati2mtag / ati2mtag][Running/Manual Start]
    <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
    [AVG7 Kernel / Avg7Core][Running/System Start]
    <\SystemRoot\System32\Drivers\avg7core.sys><GRISOFT, s.r.o.>
    [AVG7 Wrap Driver / Avg7RsW][Running/System Start]
    <\SystemRoot\System32\Drivers\avg7rsw.sys><GRISOFT, s.r.o.>
    [AVG7 Resident Driver XP / Avg7RsXP][Running/System Start]
    <\SystemRoot\System32\Drivers\avg7rsxp.sys><GRISOFT, s.r.o.>
    [AVG7 Clean Driver / AvgClean][Running/System Start]
    <\SystemRoot\System32\Drivers\avgclean.sys><GRISOFT, s.r.o.>
    [AVG Network Redirector / AvgTdi][Running/Auto Start]
    <\SystemRoot\System32\Drivers\avgtdi.sys><GRISOFT, s.r.o.>
    [InCD Storage Helper Driver / BsStor][Running/Boot Start]
    <\SystemRoot\System32\DRIVERS\bsstor.sys><B.H.A Co.,Ltd.>
    [SM0121 USB 2.0 Video Camera / CAM1210][Stopped/Manual Start]
    <System32\Drivers\cam1210.sys><USB Generic Camera>
    [WebcamMax, WDM Video Capture / CamthWDM][Stopped/Auto Start]
    <system32\DRIVERS\CamthWDM.sys><YewSoft>
    [Philips SPC 900NC PC Camera / camvid40][Stopped/Manual Start]
    <system32\DRIVERS\camdrv41.sys><Philips Consumer Electronics>
    [Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet / FETNDIS][Running/Manual Start]
    <System32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
    [GhostPciScanner / GhPciScan][Running/System Start]
    <\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys><Symantec Corporation>
    [IC-Prog Driver / giveio][Running/Auto Start]
    <\??\C:\Program Files\ICprog\icprog.sys><N/A>
    [gmer / gmer][Stopped/Manual Start]
    <System32\DRIVERS\gmer.sys><GMER>
    [hardlock / hardlock][Running/Auto Start]
    <\??\C:\WINDOWS\System32\drivers\hardlock.sys><Aladdin Knowledge Systems Ltd.>
    [Haspnt / Haspnt][Running/Auto Start]
    <\??\C:\WINDOWS\System32\drivers\Haspnt.sys><Aladdin Knowledge Systems>
    [hpt3xx / hpt3xx][Running/Boot Start]
    <\SystemRoot\System32\DRIVERS\hpt3xx.sys><HighPoint Technologies, Inc.>
    [hptpro / hptpro][Running/Boot Start]
    <\SystemRoot\System32\DRIVERS\hptpro.sys><HighPoint Technologies, Inc.>
    [Caméra CS110 Intel(r) PC / ICAM5USB][Stopped/Manual Start]
    <System32\Drivers\Icam5USB.sys><Microsoft Corporation>
    [imagedrv / imagedrv][Running/Boot Start]
    <\SystemRoot\System32\Drivers\imagedrv.sys><Ahead Software AG>
    [imagesrv / imagesrv][Running/Boot Start]
    <\SystemRoot\system32\DRIVERS\imagesrv.sys><Ahead Software AG>
    [KMWDFilter / KMWDFilter][Running/Manual Start]
    <\??\C:\WINDOWS\System32\Drivers\KMWDFilter.SYS><Windows (R) Codename Longhorn DDK provider>
    [Logitech PS/2 Mouse Filter Driver / L8042pr2][Stopped/Manual Start]
    <system32\DRIVERS\L8042pr2.Sys><Logitech, Inc.>
    [Logitech Mouse Class Filter Driver / LMouFlt2][Stopped/Manual Start]
    <system32\DRIVERS\LMouFlt2.Sys><Logitech, Inc.>
    [ManyCam Virtual Webcam, WDM Video Capture Driver / ManyCam][Stopped/Manual Start]
    <system32\DRIVERS\ManyCam.sys><Windows (R) 2000 DDK provider>
    [Padus ASPI Shell / pfc][Running/Manual Start]
    <system32\drivers\pfc.sys><Padus, Inc.>
    [StarForce Protection Environment Driver v6 / prodrv06][Running/System Start]
    <\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
    [StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start]
    <\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
    [StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start]
    <\SystemRoot\System32\drivers\prosync1.sys><Protection Technology>
    [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
    <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
    [PxHelp20 / PxHelp20][Running/Boot Start]
    <\SystemRoot\system32\DRIVERS\PxHelp20.sys><Sonic Solutions>
    [Logitech QuickCam Communicate / QCMerced][Running/Manual Start]
    <System32\DRIVERS\LVCM.sys><>
    [Ultima2000 Scanner / SampleScanner][Running/Manual Start]
    <System32\DRIVERS\GT680x.sys><>
    [Secdrv / Secdrv][Stopped/Manual Start]
    <System32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
    [StarForce Protection Helper Driver / sfhlp01][Running/Boot Start]
    <\SystemRoot\System32\drivers\sfhlp01.sys><Protection Technology>
    [Silicon Image SiI 3112 SATARaid Controller / SI3112r][Running/Boot Start]
    <\SystemRoot\System32\DRIVERS\SI3112r.sys><Silicon Image, Inc.>
    [SATALink driver accelerator / SiFilter][Running/Boot Start]
    <\SystemRoot\System32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
    [SoC PC-Camera / SoC PC-Camera Service][Stopped/Manual Start]
    <system32\DRIVERS\pfc027.sys><>
    [Susteen Serial port driver / SUSCOM][Running/Manual Start]
    <system32\DRIVERS\SUSCOM.SYS><Susteen Inc.>
    [szkg / szkg][Stopped/Boot Start]
    <\SystemRoot\system32\DRIVERS\szkg.sys><N/A>
    [tmcomm / tmcomm][Running/Auto Start]
    <\??\C:\WINDOWS\system32\drivers\tmcomm.sys><Trend Micro Inc.>
    [tyansmb / tyansmb][Running/Auto Start]
    <\??\C:\WINDOWS\system32\Drivers\tyansmb.sys><Tyan Computer System>
    [VIA AGP Filter / viaagp1][Running/Boot Start]
    <\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
    [ViaIde / ViaIde][Running/Boot Start]
    <\SystemRoot\System32\DRIVERS\viaide.sys><Microsoft Corporation>
    [VIA USB Host Controller Lower Filter / vulfnths][Running/Manual Start]
    <\SystemRoot\System32\Drivers\vulfnth.sys><VIA Technologies, Inc.>
    [VIA USB Roothub Lower Filter / vulfntrs][Running/Manual Start]
    <\SystemRoot\System32\Drivers\vulfntr.sys><VIA Technologies, Inc.>
    [Codec Teletext standard / WSTCODEC][Stopped/Manual Start]
    <System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

    ==================================
    Browser Add-ons
    [AcroIEHlprObj Class]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx, >
    [SSVHelper Class]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
    [ST]
    {9394EDE7-C8B5-483E-8773-474BF36AF6E4} <C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll, Microsoft Corporation>
    [Google Toolbar Helper]
    {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
    [MSNToolBandBHO]
    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll, Microsoft Corporation>
    [Java Plug-in 1.6.0_03]
    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
    []
    {85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A>
    []
    {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
    [NeoTrace It!]
    {9885224C-1217-4c5f-83C2-00002E6CEF2B} <, N/A>
    [Copernic Agent]
    {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} <C:\PROGRA~1\COPERN~1\COPERN~1.DLL, Copernic Technologies Inc.>
    [MSN]
    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll, Microsoft Corporation>
    [&Google]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
    [Camfrog Toolbar]
    {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} <C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll, Camshare LC>
    [CKAVWebScan Object]
    {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
    [Windows Genuine Advantage Validation Tool]
    {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
    [Symantec AntiVirus scanner]
    {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} <C:\WINDOWS\Downloaded Program Files\avsniff.dll, Symantec Corporation>
    [YInstStarter Class]
    {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <C:\Program Files\Yahoo!\Common\yinsthelper.dll, Yahoo! Inc.>
    [Office Update Installation Engine]
    {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
    [BDSCANONLINE Control]
    {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\BDOSCAN8\oscan82.ocx, SOFTWIN>
    [Symantec RuFSI Utility Class]
    {644E432F-49D3-41A1-8DD5-E099162EEEC5} <C:\WINDOWS\Downloaded Program Files\rufsi.dll, Symantec Corporation>
    [HouseCall Control]
    {74D05D43-3236-11D4-BDCD-00C04F9A3B61} <C:\WINDOWS\DOWNLO~1\xscan53.ocx, Trend Micro Inc.>
    [WScanCtl Class]
    {7B297BFD-85E4-4092-B2AF-16A91B2EA103} <C:\WINDOWS\Downloaded Program Files\webscan.dll, CA>
    [Java Plug-in 1.6.0_03]
    {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
    [ActiveScan Installer Class]
    {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <C:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
    [F-Secure Online Scanner 3.0]
    {9D190AE6-C81E-4039-8061-978EBAD10073} <C:\WINDOWS\Downloaded Program Files\fscax.dll, F-Secure Corporation>
    [CSS Web Installer Class]
    {C81B5180-AFD1-41A3-97E1-99E8D254DB98} <C:\WINDOWS\Downloaded Program Files\cssweb.dll, >
    [Java Plug-in 1.5.0]
    {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
    [Java Plug-in 1.5.0_02]
    {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
    [Java Plug-in 1.5.0_04]
    {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
    [Java Plug-in 1.5.0_06]
    {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
    [Java Plug-in 1.5.0_09]
    {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
    [Java Plug-in 1.5.0_10]
    {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
    [Java Plug-in 1.5.0_11]
    {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
    [Java Plug-in 1.6.0_01]
    {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
    [Java Plug-in 1.6.0_02]
    {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
    [Java Plug-in 1.6.0_03]
    {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
    [Java Plug-in 1.6.0_03]
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll, Sun Microsystems, Inc.>
    [Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
    [McFreeScan Class]
    {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} <C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll, McAfee, Inc.>
    [Google Script Object]
    {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
    [Yahoo! Toolbar Helper]
    {02478D38-C3F9-4EFB-9B51-7695ECA05670} <, N/A>
    [AcroIEHlprObj Class]
    {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx, >
    [CKAVWebScan Object]
    {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
    [Classe PeerDraw]
    {10072CEC-8CC1-11D1-986E-00A0C955B42E} <%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll, N/A>
    [Windows Genuine Advantage Validation Tool]
    {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
    [InformationCardSigninHelper Class]
    {19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, Microsoft Corporation>
    [Windows Media Player]
    {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
    [&Google]
    {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
    [HTML Document]
    {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
    [XML DOM Document]
    {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, N/A>
    [Symantec AntiVirus scanner]
    {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} <C:\WINDOWS\Downloaded Program Files\avsniff.dll, Symantec Corporation>
    [DHTML Edit Control Safe for Scripting for IE5]
    {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Fichiers communs\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
    [XML Document]
    {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, N/A>
    [Reporte Class]
    {4A2A4430-3967-4461-94C7-BD95C419F3CF} <C:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software>
    []
    {4F07F79F-087F-42CF-8B36-7A88D06088E9} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
    [Shell Name Space]
    {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
    [InstallShield Update Service Agent]
    {5B7524C8-2446-40E9-9474-94A779DBA224} <C:\WINDOWS\Downloaded Program Files\isusweb.dll, InstallShield Software Corporation>
    [BDSCANONLINE Control]
    {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\BDOSCAN8\oscan82.ocx, SOFTWIN>
    [CKAVReportCtrl Object]
    {6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
    [WUWebControl Class]
    {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
    [Symantec RuFSI Utility Class]
    {644E432F-49D3-41A1-8DD5-E099162EEEC5} <C:\WINDOWS\Downloaded Program Files\rufsi.dll, Symantec Corporation>
    [Windows Media Player]
    {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [Seleccion Class]
    {6CEC0297-FAFB-41FB-97EA-77E3081B1DFE} <C:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software>
    [MUWebControl Class]
    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
    [ControlConexion Class]
    {6FDCDD41-6C97-4A3B-9E6D-0144B66A1CE4} <C:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software>
    [HouseCall Control]
    {74D05D43-3236-11D4-BDCD-00C04F9A3B61} <C:\WINDOWS\DOWNLO~1\xscan53.ocx, Trend Micro Inc.>
    [SSVHelper Class]
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
    [WScanCtl Class]
    {7B297BFD-85E4-4092-B2AF-16A91B2EA103} <C:\WINDOWS\Downloaded Program Files\webscan.dll, CA>
    [Microsoft Web Browser]
    {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
    [XML DOM Document 4.0]
    {88D969C0-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
    [XML HTTP 4.0]
    {88D969C5-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
    [Java Plug-in 1.6.0_03]
    {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
    [CODDlg Class]
    {8F0A7264-3CF9-4605-8A79-4A6730AC9BFB} <C:\csscod\cod.dll, >
    [ST]
    {9394EDE7-C8B5-483E-8773-474BF36AF6E4} <C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll, Microsoft Corporation>
    [SOS Class]
    {94E9170B-7540-4C38-A2A5-3BF7EF1B80EB} <C:\WINDOWS\system32\ActiveScan\pavpz.dll, Panda Software>
    [Panda ActiveScan]
    {96567F65-E04C-4611-AF29-7CDEA6FA6A84} <C:\WINDOWS\system32\ACTIVE~1\as.dll, Panda Software>
    [ActiveScan Installer Class]
    {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <C:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
    [F-Secure Online Scanner 3.0]
    {9D190AE6-C81E-4039-8061-978EBAD10073} <C:\WINDOWS\Downloaded Program Files\fscax.dll, F-Secure Corporation>
    [YMailAttach Class]
    {AA218328-0EA8-4D70-8972-E987A9190FF4} <C:\PROGRA~1\Yahoo!\Common\ymmapi.dll, Yahoo! Inc.>
    [Google Toolbar Helper]
    {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
    [Camfrog Toolbar]
    {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} <C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll, Camshare LC>
    [SearchAssistantOC]
    {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
    [RDS.DataSpace]
    {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Fichiers communs\System\msadc\msadco.dll, Microsoft Corporation>
    [MSN]
    {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll, Microsoft Corporation>
    [MSNToolBandBHO]
    {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll, Microsoft Corporation>
    [CSS Web Installer Class]
    {C81B5180-AFD1-41A3-97E1-99E8D254DB98} <C:\WINDOWS\Downloaded Program Files\cssweb.dll, >
    [Adobe Acrobat Control for ActiveX]
    {CA8A9780-280D-11CF-A24D-444553540000} <C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ActiveX\pdf.ocx, Adobe Systems Incorporated>
    [ApplicationHelper Object]
    {CBBD301C-32AA-4D15-A9BA-3611386AB945} <C:\PROGRA~1\COPERN~1\COPERN~1.DLL, Copernic Technologies Inc.>
    [AUDIO__MID Moniker Class]
    {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [AUDIO__MP3 Moniker Class]
    {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [AUDIO__WAV Moniker Class]
    {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [VIDEO__MPEG Moniker Class]
    {CD3AFA89-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [VIDEO__X_MS_ASF Moniker Class]
    {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [VIDEO__X_MS_WMV Moniker Class]
    {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
    [Msxml]
    {CFC399AF-D876-11D0-9C10-00C04FC99C8E} <%SystemRoot%\System32\msxml3.dll, N/A>
    [Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
    [OfficeObj Class]
    {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} <, N/A>
    [Microsoft Agent Control 2.0]
    {D45FD31B-5C6E-11D1-9EC1-00C04FD7081F} <C:\WINDOWS\msagent\agentctl.dll, Microsoft Corporation>
    [MessengerChecker Class]
    {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} <C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, Yahoo! Inc.>
    []
    {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
    [SVG Document]
    {EBF9B040-94C9-11D4-9064-00C04F78ACF9} <C:\WINDOWS\System32\Adobe\SVG Viewer\SVGControl.dll, Adobe Systems Incorporated>
    [XML HTTP Request]
    {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, N/A>
    [McFreeScan Class]
    {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} <C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll, McAfee, Inc.>
    [Yahoo! Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} <, N/A>
    [Copernic Agent]
    {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} <C:\PROGRA~1\COPERN~1\COPERN~1.DLL, Copernic Technologies Inc.>
    [XML DOM Document 3.0]
    {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, N/A>
    [XML HTTP]
    {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, N/A>
    [&NeoTrace It!]
    <C:\PROGRA~1\NEOTRA~1\NTXcontext.htm, N/A>
    [&Traduire à partir de l'anglais]
    <res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html, N/A>
    [Chercher avec Copernic Agent]
    <res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT, N/A>
    [Pages liées]
    <res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html, N/A>
    [Pages similaires]
    <res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html, N/A>
    [Recherche &Google]
    <res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html, N/A>
    [Version de la page actuelle disponible dans le cache Google]
    <res://c:\program files\google\GoogleToolbar2.dll/cmcache.html, N/A>

    ==================================
    Running Processes
    [PID: 596 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 660 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 684 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 728 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
    [PID: 740 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 892 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 972 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1064 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
    [PID: 1104 / SERVICE RÉSEAU][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1168 / SERVICE LOCAL][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
    [PID: 1248 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
    [PID: 1408 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ]
    [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1098, 0]
    [PID: 1656 / Bernard][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
    [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
    [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\WDShell.dll] [PC SOFT, 11.00Ac]
    [C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll] [Sun Microsystems, Inc., 8.0.0.9118]
    [C:\Program Files\OpenOffice.org 2.2\program\uwinapi.dll] [Sun Microsystems, Inc., 8.0.0.9107]
    [C:\Program Files\OpenOffice.org 2.2\program\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\OpenOffice.org 2.2\program\stlport_vc7145.dll] [STLport Consulting, Inc., 4.5.2003.0120]
    [C:\Program Files\OpenOffice.org 2.2\program\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRA~1\WINZIP~1.1FR\WZSHLSTB.DLL] [WinZip Computing, Inc., 3.0 (32-bit)]
    [C:\Program Files\WinRAR\rarext.dll] [N/A, ]
    [C:\Program Files\Grisoft\AVG7\avgse.dll] [GRISOFT, s.r.o., 7.5.0.409]
    [C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx] [, 1, 0, 0, 1]
    [C:\PROGRA~1\Yahoo!\Common\ymmapi.dll] [Yahoo! Inc., 2005, 1, 1, 4]
    [PID: 1688 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\CNBJMON2.DLL] [Microsoft Corporation, 5.1.2600.2079 built by: xpsp(skatari)]
    [C:\WINDOWS\system32\CNMLM58.DLL] [CANON INC., 1.73.2.0]
    [C:\WINDOWS\System32\pdfports.dll] [Adobe Systems Incorporated., 5.0.000]
    [C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll] [N/A, ]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD58.DLL] [CANON INC., 1.73.2.0]
    [PID: 1940 / Bernard][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.13.10.3041]
    [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.FRA] [ATI Technologies, Inc., 6.13.10.3041]
    [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.13.10.3041]
    [PID: 1948 / Bernard][C:\Program Files\Microsoft IntelliType Pro\type32.exe] [Microsoft Corporation, 5.00.174.0]
    [C:\Program Files\Microsoft IntelliType Pro\type32.dll] [Microsoft Corporation, 5.00.176.0]
    [C:\Program Files\Microsoft IntelliType Pro\dpgmkb.dll] [Microsoft Corporation, 5.00.174.0]
    [C:\Program Files\Microsoft IntelliType Pro\dpgcmd.dll] [Microsoft Corporation, 5.00.175.0]
    [C:\Program Files\Microsoft IntelliType Pro\srres.dll] [Microsoft Corporation, 5.00.154.0]
    [PID: 1960 / Bernard][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.0.14]
    [PID: 1968 / Bernard][C:\WINDOWS\System32\LVCOMSX.EXE] [Logitech Inc., 8.2.0.1192]
    [C:\WINDOWS\System32\lvmaenum.dll] [Logitech Inc., 8.2.0.1192]
    [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\lvcomcx.dll] [Logitech Inc., 8.2.0.1192]
    [PID: 2004 / Bernard][C:\Program Files\Logitech\Video\LogiTray.exe] [Logitech Inc., 8.2.0.1192]
    [C:\Program Files\Logitech\Video\QCUI2.dll] [Logitech Inc., 8.2.0.1192]
    [C:\Program Files\Logitech\Video\LTWVC12n.dll] [LEAD Technologies, Inc., 12.1.0.011]
    [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Logitech\Video\LTFIL12n.DLL] [LEAD Technologies, Inc., 12.1.0.011]
    [C:\Program Files\Logitech\Video\LTKRN12n.dll] [LEAD Technologies, Inc., 12.1.0.011]
    [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Logitech\Video\LQCUI2.dll] [Logitech Inc., 8.2.0.1192]
    [C:\Program Files\Logitech\Video\LLogTray.dll] [Logitech Inc., 8.2.0.1192]
    [C:\Program Files\Logitech\Video\LTDIS12N.DLL] [LEAD Technologies, Inc., 12.1.0.011]
    [C:\Program Files\Logitech\Video\LTIMG12N.DLL] [LEAD Technologies, Inc., 12.1.0.011]
    [C:\Program Files\Logitech\Video\LTEFX12N.DLL] [LEAD Technologies, Inc., 12.1.0.011]
    [C:\Program Files\Logitech\Video\LFFAX12N.DLL] [LEAD Technologies, Inc., 12.1.0.011]
    [C:\Program Files\Logitech\Video\LFCMP12N.DLL] [LEAD Technologies, Inc., 12.1.0.011]
    [C:\Program Files\Logitech\Video\LFTIF12N.DLL] [LEAD Technologies, Inc., 12.1.0.011]
    [C:\Program Files\Logitech\Video\LFBMP12N.DLL] [LEAD Technologies, Inc., 12.1.0.011]
    [C:\Program Files\Logitech\Video\LFPCX12N.DLL] [LEAD Technologies, Inc., 12.1.0.011]
    [C:\WINDOWS\System32\lvmaenum.dll] [Logitech Inc., 8.2.0.1192]
    [C:\WINDOWS\System32\lvcomcx.dll] [Logitech Inc., 8.2.0.1192]
    [C:\Program Files\Logitech\Video\fxsvrps.dll] [Logitech Inc., 8.2.0.1192]
    [PID: 2012 / Bernard][C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.30.5]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
    [PID: 2028 / Bernard][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1098, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1098, 0]
    [c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
    [c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1098, 0]
    [c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1098, 0]
    [c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1098, 0]
    [C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]
    [c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1098, 0]
    [c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1098, 0]
    [c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1098, 0]
    [PID: 2036 / Bernard][C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe] [Symantec Corporation, 2003.775]
    [PID: 180 / Bernard][C:\WINDOWS\Logi_MwX.Exe] [Logitech Inc., 9.79.024]
    [PID: 212 / Bernard][C:\Program Files\WebcamMax\CAMTHINS.exe] [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
    [C:\Program Files\WebcamMax\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\WebcamMax\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\msdmo.dll] [, ]
    [PID: 176 / Bernard][C:\WINDOWS\System32\drivers\PhiBtn.exe] [Philips, 1.0.13.0]
    [PID: 260 / Bernard][C:\WINDOWS\System32\drivers\Tray900.exe] [Philips, 1.0.0.8]
    [PID: 280 / Bernard][C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe] [UASSOFT.COM, 1.0.0.1]
    [PID: 372 / Bernard][C:\PROGRA~1\Grisoft\AVG7\avgcc.exe] [GRISOFT, s.r.o., 7.5.0.504]
    [C:\PROGRA~1\Grisoft\AVG7\AvgTMgr.dll] [GRISOFT, s.r.o., 7.5.0.494]
    [C:\PROGRA~1\Grisoft\AVG7\AvgCtrl.dll] [GRISOFT, s.r.o., 7.5.0.506]
    [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRA~1\Grisoft\AVG7\AvgAbout.dll] [GRISOFT, s.r.o., 7.5.0.507]
    [C:\PROGRA~1\Grisoft\AVG7\AvgTest.dll] [GRISOFT, s.r.o., 7.5.0.506]
    [C:\PROGRA~1\Grisoft\AVG7\AvgTRes.dll] [GRISOFT, s.r.o., 7.5.0.494]
    [C:\PROGRA~1\Grisoft\AVG7\AvgSet.dll] [, ]
    [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRA~1\Grisoft\AVG7\avglog.dll] [GRISOFT, s.r.o., 7.5.0.429]
    [C:\Program Files\Grisoft\AVG7\avgcfg.dll] [GRISOFT, s.r.o., 7.5.0.504]
    [C:\Program Files\Grisoft\AVG7\avgklib.dll] [GRISOFT, s.r.o., 7.5.0.458]
    [C:\Program Files\Grisoft\AVG7\avglng.dll] [GRISOFT, s.r.o., 7.5.0.480]
    [C:\Program Files\Grisoft\AVG7\avgamsps.dll] [GRISOFT, s.r.o., 7.5.0.407]
    [C:\Program Files\Grisoft\AVG7\AVGRES.DLL] [GRISOFT, s.r.o., 7.5.0.503]
    [C:\Program Files\Grisoft\AVG7\avgcckrn.dll] [GRISOFT, s.r.o., 7.5.0.506]
    [C:\Program Files\Grisoft\AVG7\avgvault.dll] [GRISOFT, s.r.o., 7.5.0.458]
    [C:\Program Files\Grisoft\AVG7\avgrep.dll] [GRISOFT, s.r.o., 7.5.0.448]
    [C:\Program Files\Grisoft\AVG7\avgunarc.dll] [GRISOFT, s.r.o., 7.5.0.474]
    [C:\PROGRA~1\Grisoft\AVG7\avgemsui.dll] [GRISOFT, s.r.o., 7.5.0.506]
    [C:\PROGRA~1\Grisoft\AVG7\avgemcps.dll] [GRISOFT, s.r.o., 7.5.0.420]
    [C:\Program Files\Grisoft\AVG7\avgscan.dll] [GRISOFT, s.r.o., 7.5.0.491]
    [C:\Program Files\Grisoft\AVG7\avgcore.dll] [GRISOFT, s.r.o., 7.5.0.498]
    [C:\Program Files\Grisoft\AVG7\avgf.dll] [N/A, ]
    [PID: 380 / Bernard][C:\Program Files\Spamihilator\spamihilator.exe] [Michel Krämer, 0, 9, 9, 10]
    [C:\Program Files\Spamihilator\uclanguage.dll] [Michel Krämer, 1, 2, 0, 0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Spamihilator\SSLEAY32.dll] [N/A, ]
    [C:\Program Files\Spamihilator\LIBEAY32.dll] [N/A, ]
    [C:\Program Files\Spamihilator\zlib1.dll] [, 1.2.1]
    [C:\Program Files\Spamihilator\spu.dll] [N/A, ]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Spamihilator\plugins\attachmentfilter.dll] [Michel Krämer, 0, 9, 1, 0]
    [C:\Program Files\Spamihilator\plugins\dccfilter.dll] [Michel Krämer, 0, 0, 2, 4]
    [C:\Program Files\Spamihilator\plugins\imagefilter.dll] [Michel Krämer, 1, 2, 1, 0]
    [C:\Program Files\Spamihilator\plugins\newsletter.dll] [Michel Krämer, 1, 0, 1, 0]
    [PID: 436 / Bernard][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 472 / Bernard][C:\Program Files\RamBoost XP\rambxpfr.exe] [Gildas LE BOURNAULT, 4.0.6.324]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
    [PID: 480 / Bernard][C:\Program Files\Trust\Trust R-Series Mouse\KMConfig.exe] [UASSOFT.COM, 3, 0, 0, 1]
    [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
    [PID: 524 / Bernard][C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe] [Adobe Systems Inc., 5, 0, 0, 0]
    [PID: 552 / SYSTEM][C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe] [GRISOFT, s.r.o., 7.5.0.496]
    [C:\PROGRA~1\Grisoft\AVG7\avgklib.dll] [GRISOFT, s.r.o., 7.5.0.458]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRA~1\Grisoft\AVG7\avglog.dll] [GRISOFT, s.r.o., 7.5.0.429]
    [C:\Program Files\Grisoft\AVG7\avgcfg.dll] [GRISOFT, s.r.o., 7.5.0.504]
    [C:\Program Files\Grisoft\AVG7\avglng.dll] [GRISOFT, s.r.o., 7.5.0.480]
    [C:\Program Files\Grisoft\AVG7\avgamint.dll] [GRISOFT, s.r.o., 7.5.0.482]
    [C:\Program Files\Grisoft\AVG7\avgamsps.dll] [GRISOFT, s.r.o., 7.5.0.407]
    [PID: 640 / SYSTEM][C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe] [GRISOFT, s.r.o., 7.5.0.420]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Grisoft\AVG7\avgupd.dll] [GRISOFT, s.r.o., 7.5.0.515]
    [C:\Program Files\Grisoft\AVG7\avgklib.dll] [GRISOFT, s.r.o., 7.5.0.458]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Grisoft\AVG7\avgcfg.dll] [GRISOFT, s.r.o., 7.5.0.504]
    [C:\PROGRA~1\Grisoft\AVG7\avglog.dll] [GRISOFT, s.r.o., 7.5.0.429]
    [C:\Program Files\Grisoft\AVG7\avgupsvc.dll] [GRISOFT, s.r.o., 7.5.0.420]
    [C:\Program Files\Grisoft\AVG7\avgamsps.dll] [GRISOFT, s.r.o., 7.5.0.407]
    [PID: 704 / SYSTEM][C:\PROGRA~1\Grisoft\AVG7\avgemc.exe] [GRISOFT, s.r.o., 7.5.0.510]
    [C:\PROGRA~1\Grisoft\AVG7\libsasl.dll] [GRISOFT, s.r.o., 7.5.0.407]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRA~1\Grisoft\AVG7\avglog.dll] [GRISOFT, s.r.o., 7.5.0.429]
    [C:\Program Files\Grisoft\AVG7\avgcfg.dll] [GRISOFT, s.r.o., 7.5.0.504]
    [C:\Program Files\Grisoft\AVG7\avgklib.dll] [GRISOFT, s.r.o., 7.5.0.458]
    [C:\Program Files\Grisoft\AVG7\avglng.dll] [GRISOFT, s.r.o., 7.5.0.480]
    [C:\Program Files\Grisoft\AVG7\avgscan.dll] [GRISOFT, s.r.o., 7.5.0.491]
    [C:\Program Files\Grisoft\AVG7\avgunarc.dll] [GRISOFT, s.r.o., 7.5.0.474]
    [C:\PROGRA~1\Grisoft\AVG7\saslcrammd5.dll] [GRISOFT, s.r.o., 7.5.0.407]
    [C:\PROGRA~1\Grisoft\AVG7\sasldigestmd5.dll] [GRISOFT, s.r.o., 7.5.0.407]
    [C:\PROGRA~1\Grisoft\AVG7\sasllogin.dll] [GRISOFT, s.r.o., 7.5.0.407]
    [C:\PROGRA~1\Grisoft\AVG7\saslplain.dll] [GRISOFT, s.r.o., 7.5.0.407]
    [C:\Program Files\Grisoft\AVG7\avgmail.dll] [GRISOFT, s.r.o., 7.5.0.429]
    [C:\PROGRA~1\Grisoft\AVG7\avgemcps.dll] [GRISOFT, s.r.o., 7.5.0.420]
    [C:\Program Files\Grisoft\AVG7\avgcore.dll] [GRISOFT, s.r.o., 7.5.0.498]
    [PID: 904 / SYSTEM][C:\WINDOWS\system32\cisvc.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 1016 / Bernard][C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe] [Apache Software Foundation, 2.0.55]
    [PID: 1048 / SYSTEM][C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE] [Symantec Corporation, 2003.775]
    [PID: 1128 / Bernard][C:\Program Files\Trust\Trust R-Series Mouse\KMProcess.exe] [UASSOFT.COM, 4.0.0.1]
    [C:\Program Files\Trust\Trust R-Series Mouse\keydll.dll] [N/A, ]
    [C:\Program Files\Trust\Trust R-Series Mouse\MouseHook.dll] [N/A, ]
    [PID: 1204 / Bernard][C:\Program Files\Logitech\Video\FxSvr2.exe] [Logitech Inc., 8.2.0.1192]
    [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\twain_32\LogiVid\HVidSp2.dll] [Logitech Inc., 8.2.0.1192]
    [C:\WINDOWS\System32\lvmaenum.dll] [Logitech Inc., 8.2.0.1192]
    [C:\WINDOWS\System32\lvcomcx.dll] [Logitech Inc., 8.2.0.1192]
    [C:\Program Files\Logitech\Video\fxsvrps.dll] [Logitech Inc., 8.2.0.1192]
    [PID: 1192 / SYSTEM][C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe] [UASSOFT.COM, 1, 0, 6, 0]
    [PID: 1272 / Bernard][C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe] [Teleca Software Solutions AB, 1, 4, 0, 1]
    [C:\Program Files\Sony Ericsson\Mobile\DMLg.dll] [Teleca Software Solutions AB, 1, 3, 5, 0]
    [C:\PROGRA~1\SONYER~1\Mobile\Sync.ocx] [Teleca Software Solutions AB, 2, 2, 0, 18]
    [C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ECENGI~1.DLL] [Symbian Ltd., 1, 0, 0, 41]
    [C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\Wswitch.dll] [N/A, ]
    [C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CracDlr.dll] [N/A, ]
    [C:\Program Files\Sony Ericsson\Mobile\Connectivity Pack\RtSock.dll] [Symbian Ltd., 1, 0, 0, 41]
    [C:\Program Files\Sony Ericsson\Mobile\Connectivity Pack\SCRFSProxy.dll] [N/A, ]
    [C:\Program Files\Sony Ericsson\Mobile\aufilemgr.dll] [N/A, ]
    [PID: 1516 / Bernard][C:\Program Files\PowerCheck\PowerCheck.exe] [N/A, ]
    [PID: 1512 / SYSTEM][C:\WINDOWS\System32\snmp.exe] [Microsoft Corporation, 5.1.2600.3038 (xpsp_sp2_gdr.061119-2303)]
    [PID: 1888 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [PID: 2084 / SYSTEM][C:\WINDOWS\system32\UStorSrv.exe] [OTi, 2, 0, 0, 4]
    [C:\WINDOWS\system32\OPDSL.dll] [, 1, 0, 0, 14]
    [PID: 2124 / Bernard][c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE] [Intuwave Ltd., 2, 2, 0, 371]
    [c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\mRouterGateway.DLL] [Intuwave Ltd., 2, 2, 0, 371]
    [c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\mRouterPropPages.DLL] [Intuwave Ltd., 2, 2, 0, 371]
    [c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterController.dll] [Intuwave Ltd., 2, 2, 0, 371]
    [c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTERTCP.DLL] [Intuwave Ltd., 2, 2, 0, 371]
    [c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTERSERIAL.DLL] [Intuwave Ltd., 2, 2, 0, 371]
    [c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTERIRSOCKETS.DLL] [Intuwave Ltd., 2, 2, 0, 371]
    [c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterBluetooth.dll] [Intuwave Ltd., 2, 2, 0, 371]
    [c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTERWINSOCK.DLL] [Intuwave Ltd., 2, 2, 0, 371]
    [c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\mRouterAccessPoint.dll] [Intuwave Ltd., 2, 2, 0, 371]
    [PID: 2192 / Bernard][C:\Program Files\OpenOffice.org 2.2\program\soffice.exe] [OpenOffice.org, 1.09.9129]
    [C:\Program Files\OpenOffice.org 2.2\program\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\OpenOffice.org 2.2\program\uwinapi.dll] [Sun Microsystems, Inc., 8.0.0.9107]
    [PID: 2272 / Bernard][C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN] [OpenOffice.org, 1.09.9129]
    [C:\Program Files\OpenOffice.org 2.2\program\vcl680mi.dll] [Sun Microsystems, Inc., 8.0.0.9118]
    [C:\Program Files\OpenOffice.org 2.2\program\sot680mi.dll] [Sun Microsystems, Inc., 8.0.0.9116]
    [C:\Program Files\OpenOffice.org 2.2\program\tl680mi.dll] [Sun Microsystems, Inc., 8.0.0.9116]
    [C:\Program Files\OpenOffice.org 2.2\program\cppu3.dll] [Sun Microsystems, Inc., 8.0.0.9106]
    [C:\Program Files\OpenOffice.org 2.2\program\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\OpenOffice.org 2.2\program\sal3.dll] [Sun Microsystems, Inc., 8.0.0.9107]
    [C:\Program Files\OpenOffice.org 2.2\program\uwinapi.dll] [Sun Microsystems, Inc., 8.0.0.9107]
    [C:\Program Files\OpenOffice.org 2.2\program\stlport_vc7145.dll] [STLport Consulting, Inc., 4.5.2003.0120]
    [C:\Program Files\OpenOffice.org 2.2\program\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\OpenOffice.org 2.2\program\vos3MSC.dll] [Sun Microsystems, Inc., 8.0.0.9106]
    [C:\Program Files\OpenOffice.org 2.2\program\basegfx680mi.dll] [Sun Microsystems, Inc., 8.0.0.9116]
    [C:\Program Files\OpenOffice.org 2.2\program\i18nisolang1MSC.dll] [Sun Microsystems, Inc., 8.0.0.9116]
    [C:\Program Files\OpenOffice.org 2.2\program\utl680mi.dll] [Sun Microsystems, Inc., 8.0.0.9116]
    [C:\Program Files\OpenOffice.org 2.2\program\salhelper3MSC.dll] [Sun Microsystems, Inc., 8.0.0.9106]
    [C:\Program Files\OpenOffice.org 2.2\program\comphelp4MSC.dll] [Sun Microsystems, Inc., 8.0.0.9116]
    [C:\Program Files\OpenOffice.org 2.2\program\cppuhelper3MSC.dll] [Sun Microsystems, Inc., 8.0.0.9116]
    [C:\Program Files\OpenOffice.org 2.2\program\ucbhelper3MSC.dll] [Sun Microsystems, Inc., 8.0.0.9116]
    [C:\Program Files\OpenOffice.org 2.2\program\icuuc36.dll] [IBM Corporation and others, 3, 6, 0, 0]
    [C:\Program Files\OpenOffice.org 2.2\program\icudt36l.dll] [IBM Corporation and others, 3, 6, 0, 0]
    [C:\Program Files\OpenOffice.org 2.2\program\svl680mi.dll] [Sun Microsystems, Inc., 8.0.0.9118]
    [C:\Program Files\OpenOffice.org 2.2\program\svt680mi.dll] [Sun Microsystems, Inc., 8.0.0.9118]
    [C:\Program Files\OpenOffice.org 2.2\program\tk680mi.dll] [Sun Microsystems, Inc., 8.0.0.9119]
    [C:\Program Files\OpenOffice.org 2.2\program\jvmfwk3.dll] [Sun Microsystems, Inc., 8.0.0.9116]
    [C:\Program Files\OpenOffice.org 2.2\program\libxml2.dll] [N/A, ]
    [C:\Program Files\OpenOffice.org 2.2\program\servicemgr.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
    [C:\Program Files\OpenOffice.org 2.2\program\shlibloader.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
    [C:\Program Files\OpenOffice.org 2.2\program\simplereg.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
    [C:\Program Files\OpenOffice.org 2.2\program\nestedreg.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
    [C:\Program Files\OpenOffice.org 2.2\program\typemgr.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
    [C:\Program Files\OpenOffice.org 2.2\program\implreg.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
    [C:\Program Files\OpenOffice.org 2.2\program\security.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
    [C:\Program Files\OpenOffice.org 2.2\program\reg3.dll] [Sun Microsystems, Inc., 8.0.0.9106]
    [C:\Program Files\OpenOffice.org 2.2\program\store3.dll] [Sun Microsystems, Inc., 8.0.0.9106]
    [C:\Program Files\OpenOffice.org 2.2\program\regtypeprov.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
    [C:\Program Files\OpenOffice.org 2.2\program\configmgr2.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
    [C:\Program Files\OpenOffice.org 2.2\program\typeconverter.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
    [C:\Program Files\OpenOffice.org 2.2\program\sysmgr1.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
    [C:\Program Files\OpenOffice.org 2.2\program\sax.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
    [C:\Program Files\OpenOffice.org 2.2\program\localebe1.uno.dll] [Sun Microsystems, Inc., 8.0.0.9118]
    [C:\Program Files\OpenOffice.org 2.2\program\behelper.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
    [C:\Program Files\OpenOffice.org 2.2\program\uriproc.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
    [C:\Program Files\OpenOffice.org 2.2\program\ucb1.dll] [Sun Microsystems, Inc., 8.0.0.9116]
    [C:\Program Files\OpenOffice.org 2.2\program\fwl680mi.dll] [Sun Microsystems, Inc., 8.0.0.9118]
    [C:\Program Files\OpenOffice.org 2.2\program\fwi680mi.dll] [Sun Microsystems, Inc., 8.0.0.9118]
    [C:\Program Files\OpenOffice.org 2.2\program\ucpfile1.dll] [Sun Microsystems, Inc., 8.0.0.9116]
    [C:\Program Files\OpenOffice.org 2.2\program\sfx680mi.dll] [Sun Microsystems, Inc., 8.0.0.9124]
    [C:\Program Files\OpenOffice.org 2.2\program\fwe680mi.dll] [Sun Microsystems, Inc., 8.0.0.9118]
    [C:\Program Files\OpenOffice.org 2.2\program\sb680mi.dll] [Sun Microsystems, Inc., 8.0.0.9118]
    [C:\Program Files\OpenOffice.org 2.2\program\xcr680mi.dll] [Sun Microsystems, Inc., 8.0.0.9116]
    [C:\Program Files\OpenOffice.org 2.2\program\j680mi_g.dll] [Sun Microsystems, Inc., 8.0.0.9118]
    [C:\Program Files\OpenOffice.org 2.2\program\jvmaccess3MSC.dll] [Sun Microsystems, Inc., 8.0.0.9107]
    [C:\Program Files\OpenOffice.org 2.2\program\fwk680mi.dll] [Sun Microsystems, Inc., 8.0.0.9124]
    [C:\Program Files\OpenOffice.org 2.2\program\msci_uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
    [C:\Program Files\OpenOffice.org 2.2\program\spl680mi.dll] [Sun Microsystems, Inc., 8.0.0.9129]
    [C:\Program Fi
    0
  10. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Bonjour,

    1/ * Ouvrir l'explorateur windows (Démarrer>programmes>Accessoires>Explorateur windows ou Démarrer>programmes>Explorateur windows).
    * Cliquer sur outils>options des dossiers>affichage.
    * Sélectionner :
    o afficher les fichiers et dossiers cachés,
    o décocher "masquer les extensions des fichiers dont le type est connu",
    o décocher masquer les fichiers protégés du système d'exploitation (recommandé)".

    * "appliquer" et "ok"

    2/ * Peux-tu tester ceci : C:\windows\system32\DRIVERS\szkg.sys
    * Clique sur ce lien : http://www.virustotal.com/en/indexf.html
    * Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
    * Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.

    3/ # Télécharge SDFix (créé par Andy Manchesta) et sauvegarde le sur ton Bureau : http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    # Imprime ceci.
    # Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

    * Redémarre ton ordinateur.
    * Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (ou F5).
    * A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    * Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    * Choisis ton compte.

    # Déroule la liste des instructions ci-dessous :

    * En mode sans échec, double-clique sur le fichier SDFix.exe et clique sur install,
    * Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le script.
    * Appuie sur Y pour commencer le script.
    * Il va supprimer les services de certains trojans, effectuera aussi quelques réparations du Registre et il te demandera d'appuyer sur une touche pour redémarrer.
    * Appuie sur une touche pour redémarrer le PC.
    * Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    * Après le chargement du Bureau, l'outil terminera son travail et affichera Finished
    * Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    * Enfin, ouvre le dossier de SDFix sur ton Bureau et copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

    FillPCA
    0
  11. Moi même
     
    Bonjour et merci
    je n'ai pas trouvé le fichier que tu m'indiques : C:\windows\system32\DRIVERS\szkg.sys et en conséquence la procédure 2/ n'a pas été effectuée...
    Voici par contre le résultat des autres
    _______________________________________________________________________

    SDFix: Version 1.120

    Run by Bernard on 28/12/2007 at 14:02

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    No Trojan Files Found

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-28 14:12:16
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2C4D257C-72E2-E577-A752-291333787D00}]
    "hagepphnhnalohlb"=hex:61,61,00,00
    "hagepphnnnglgocp"=hex:61,61,00,00
    "iakfpidebimpimgooj"=hex:6b,61,68,69,67,68,6d,70,69,62,66,67,61,65,6c,66,67,70,61,6f,6f,..
    "haegjngplkgkgjhj"=hex:6b,61,68,69,67,68,6d,70,69,62,66,67,61,65,6c,66,67,70,61,6f,6f,..

    scanning hidden files ...

    C:\WINDOWS\Temp\_av_proI.tm~a01980
    C:\WINDOWS\Temp\_av_proI.tm~a01980\dld1.tmp 0 bytes
    C:\WINDOWS\Temp\_av_proI.tm~a01980\setup.lok 0 bytes
    C:\Documents and Settings\Bernard\Application Data\m\shared\BiblePromise : Scripture Verses for your Daily Bread 2.2 [Patch].zip 767430 bytes hidden from API

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 4

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Age of Empires 2\\age2_x1.exe"="C:\\Program Files\\Age of Empires 2\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
    "C:\\Program Files\\EasyPHP1-7\\apache\\apache.exe"="C:\\Program Files\\EasyPHP1-7\\apache\\apache.exe:*:Enabled:apache"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
    "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
    "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
    "C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows© NetMeeting©"
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\\Program Files\\Empire Earth\\Empire Earth.exe"="C:\\Program Files\\Empire Earth\\Empire Earth.exe:*:Enabled:Empire Earth"
    "C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC"
    "C:\\Program Files\\GlobalSCAPE\\CuteFTP Pro\\TE\\ftpte.exe"="C:\\Program Files\\GlobalSCAPE\\CuteFTP Pro\\TE\\ftpte.exe:*:Enabled:FTP Transfer Engine"
    "C:\\Program Files\\MixW\\Teoan.exe"="C:\\Program Files\\MixW\\Teoan.exe:*:Enabled:TEOAN"
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime"
    "C:\\Program Files\\EchoLink\\EchoLink.exe"="C:\\Program Files\\EchoLink\\EchoLink.exe:*:Enabled:EchoLink"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"="C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp:*:Enabled:KazaaLite"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\11exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\11exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\38exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\38exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\43exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\43exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\74exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\74exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\51exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\51exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\0exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\0exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\80exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\80exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\75exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\75exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\63exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\63exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\8exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\8exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\48exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\48exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\2exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\2exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\36exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\36exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\66exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\66exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\50exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\50exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\73exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\73exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\54exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\54exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\29exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\29exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\6exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\6exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\61exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\61exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\41exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\41exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\45exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\45exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\64exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\64exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\37exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\37exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\19exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\19exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\69exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\69exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\12exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\12exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\84exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\84exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\15exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\15exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\5exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\5exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\21exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\21exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\99exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\99exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\65exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\65exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\23exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\23exinjs.a5.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\26exinjs.a6.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\26exinjs.a6.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\98exinjs.a6.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\98exinjs.a6.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\17exinjs.a6.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\17exinjs.a6.exe:*:Enabled:Microsoft Update"
    "C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\10exinjs.a6.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\10exinjs.a6.exe:*:Enabled:Microsoft Update"
    "C:\\Program Files\\Microsoft Office\\Office\\EXCEL.EXE"="C:\\Program Files\\Microsoft Office\\Office\\EXCEL.EXE:*:Enabled:Microsoft Excel for Windows"
    "C:\\Program Files\\FileZilla\\FileZilla.exe"="C:\\Program Files\\FileZilla\\FileZilla.exe:*:Enabled:FileZilla"
    "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
    "C:\\Program Files\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Remaining Files:
    ---------------

    Files with Hidden Attributes:

    Fri 23 Dec 2005 4,027,936 ...H. --- "C:\Program Files\Picasa2\setup.exe"
    Thu 5 Jun 2003 24,576 A..H. --- "C:\Program Files\RamBoost XP\StopRam.exe"
    Mon 3 Sep 2007 1,890 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
    Fri 27 Aug 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Sat 14 Aug 2004 24,576 A..H. --- "C:\Documents and Settings\Bernard\Local Settings\TempIadHide4.dll"
    Fri 3 Nov 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Fri 27 Aug 2004 4,348 ...H. --- "C:\Documents and Settings\Bernard\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
    Sun 30 Jan 2005 20 A..H. --- "C:\Documents and Settings\Bernard\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
    Fri 27 Aug 2004 400 A.SH. --- "C:\Documents and Settings\Bernard\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
    Wed 14 Aug 2002 65,088 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM"
    Wed 14 Aug 2002 12,732 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM"
    Wed 14 Aug 2002 26,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM"
    Wed 14 Aug 2002 28,062 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM"
    Wed 14 Aug 2002 10,710 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM"
    Wed 14 Aug 2002 10,083 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM"
    Wed 14 Aug 2002 10,257 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM"
    Wed 14 Aug 2002 29,499 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM"
    Wed 14 Aug 2002 12,660 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM"
    Wed 14 Aug 2002 11,031 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM"
    Wed 14 Aug 2002 17,952 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM"
    Wed 14 Aug 2002 9,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM"
    Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM"
    Wed 14 Aug 2002 13,673 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM"
    Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM"
    Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM"
    Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM"
    Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM"
    Wed 14 Aug 2002 7,243 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM"
    Wed 14 Aug 2002 24,767 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM"
    Wed 14 Aug 2002 7,463 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM"
    Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM"
    Wed 14 Aug 2002 10,286 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM"
    Wed 14 Aug 2002 25,460 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM"
    Wed 14 Aug 2002 28,866 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM"
    Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM"
    Wed 14 Aug 2002 8,544 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys"
    Wed 14 Aug 2002 33,149 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys"
    Wed 28 May 2003 51,150 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI1394.SYS"
    Wed 14 Aug 2002 35,340 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI2DOS.SYS"
    Wed 14 Aug 2002 14,378 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI4DOS.SYS"
    Wed 14 Aug 2002 37,984 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8DOS.SYS"
    Wed 14 Aug 2002 44,828 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8U2.SYS"
    Wed 14 Aug 2002 29,628 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPICD.SYS"
    Wed 28 May 2003 52,106 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIEHCI.SYS"
    Wed 14 Aug 2002 49,242 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIOHCI.SYS"
    Wed 14 Aug 2002 50,606 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIUHCI.SYS"
    Wed 14 Aug 2002 161,792 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BOOTSRV.SYS"
    Wed 14 Aug 2002 174,080 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\bootsrv16.sys"
    Wed 14 Aug 2002 21,971 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTCDROM.SYS"
    Wed 14 Aug 2002 30,955 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTDOSM.SYS"
    Wed 14 Aug 2002 202,517 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE"
    Wed 14 Aug 2002 374,038 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE"
    Wed 14 Aug 2002 22,158 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\COUNTRY.SYS"
    Wed 14 Aug 2002 1,608 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DEVICE.COM"
    Wed 14 Aug 2002 15,345 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DISPLAY.SYS"
    Wed 14 Aug 2002 7,840 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DLSHELP.SYS"
    Wed 14 Aug 2002 56,821 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE"
    Wed 14 Aug 2002 64,425 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\FLASHPT.SYS"
    Wed 14 Aug 2002 32,396 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE"
    Wed 14 Aug 2002 14,160 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\HIMEM.SYS"
    Wed 14 Aug 2002 10,898 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYB.COM"
    Wed 14 Aug 2002 53,556 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYBOARD.SYS"
    Wed 14 Aug 2002 15,777 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MODE.COM"
    Wed 14 Aug 2002 37,681 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MOUSE.COM"
    Wed 14 Aug 2002 354,304 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\msbootsrv16.sys"
    Wed 14 Aug 2002 21,180 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE"
    Wed 14 Aug 2002 354,263 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe"
    Wed 14 Aug 2002 8,513 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\NETBIND.COM"
    Wed 14 Aug 2002 41,302 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OAKCDROM.SYS"
    Wed 14 Aug 2002 129,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE"
    Wed 14 Aug 2002 28,439 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Paralink.com"
    Wed 14 Aug 2002 13,770 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE"
    Wed 14 Aug 2002 130,980 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE"
    Wed 14 Aug 2002 11,854 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM"
    Wed 14 Aug 2002 52,715 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM"
    Wed 14 Aug 2002 62,391 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM"
    Wed 14 Aug 2002 11,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com"
    Wed 14 Aug 2002 17,791 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com"
    Wed 14 Aug 2002 17,043 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com"
    Wed 14 Aug 2002 11,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com"
    Wed 14 Aug 2002 18,300 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com"
    Wed 14 Aug 2002 48,224 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com"
    Wed 14 Aug 2002 13,360 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com"
    Wed 14 Aug 2002 9,190 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com"
    Wed 14 Aug 2002 12,567 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com"
    Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM"
    Wed 14 Aug 2002 56,896 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com"
    Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com"
    Wed 14 Aug 2002 9,692 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com"
    Wed 14 Aug 2002 9,537 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM"
    Wed 14 Aug 2002 32,484 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com"
    Wed 14 Aug 2002 52,225 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe"
    Wed 14 Aug 2002 48,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe"
    Wed 14 Aug 2002 50,405 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com"
    Wed 14 Aug 2002 33,860 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe"
    Wed 14 Aug 2002 50,175 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe"
    Wed 14 Aug 2002 50,795 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe"
    Wed 14 Aug 2002 48,223 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com"
    Wed 14 Aug 2002 48,641 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe"
    Wed 14 Aug 2002 49,015 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com"
    Wed 14 Aug 2002 53,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\command.com"
    Wed 14 Aug 2002 44,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM"
    Wed 14 Aug 2002 42,550 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM"

    Finished!
    ________________________________________________________________________________________________________
    catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-28 14:12:16
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2C4D257C-72E2-E577-A752-291333787D00}]
    "hagepphnhnalohlb"=hex:61,61,00,00
    "hagepphnnnglgocp"=hex:61,61,00,00
    "iakfpidebimpimgooj"=hex:6b,61,68,69,67,68,6d,70,69,62,66,67,61,65,6c,66,67,70,61,6f,6f,..
    "haegjngplkgkgjhj"=hex:6b,61,68,69,67,68,6d,70,69,62,66,67,61,65,6c,66,67,70,61,6f,6f,..

    scanning hidden files ...

    C:\WINDOWS\Temp\_av_proI.tm~a01980
    C:\WINDOWS\Temp\_av_proI.tm~a01980\dld1.tmp 0 bytes
    C:\WINDOWS\Temp\_av_proI.tm~a01980\setup.lok 0 bytes
    C:\Documents and Settings\Bernard\Application Data\m\shared\BiblePromise : Scripture Verses for your Daily Bread 2.2 [Patch].zip 767430 bytes hidden from API

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 4
    _________________________________________________________________________________________________________
    Logfile of HijackThis v1.99.1
    Scan saved at 14:23:28, on 28/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
    C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
    C:\Program Files\PowerCheck\PowerCheck.exe
    c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
    C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CapMan.exe
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ElogErr.exe
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\SCRFS.exe
    C:\PROGRA~1\SONYER~1\Mobile\AUFILE~1.EXE
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\Ecfmserv.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://news.google.com/topstories?hl=fr&gl=FR&ceid=FR:fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
    O4 - Global Startup: Phone Connection Monitor.lnk = ?
    O4 - Global Startup: PowerCheck.lnk = C:\Program Files\PowerCheck\PowerCheck.exe
    O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - https://www.f-secure.com/en/home/support
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - https://www.f-secure.com/en/home/support
    O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - https://www.appdirect.com/products/apphelp/
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4886/mcfscan.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
    0
  12. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Bonjour,

    * Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    * Double clique combofix.exe et suis les invites.
    * Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    Edite aussi un rapport Hijackthis.

    FillPCA
    0
  13. Moi même
     
    voila
    ________________________________________________________________________________________________________
    ComboFix 07-12-21.4 - Bernard 2007-12-28 16:41:19.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.163 [GMT 1:00]
    Running from: C:\Documents and Settings\Bernard\Bureau\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\system32\drivers\Phibtn.exe
    C:\WINDOWS\system32\drivers\Tray900.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\poof

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-28 to 2007-12-28 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-28 16:40 . 2004-08-05 13:00 153,088 --a------ C:\WINDOWS\regedit.exe
    2007-12-28 14:01 . 2007-12-28 14:01 <REP> d-------- C:\WINDOWS\ERUNT
    2007-12-27 15:03 . 2007-12-27 15:03 17,374,963 --a------ C:\upload_moi_BV.tar.gz
    2007-12-27 14:39 . 2007-12-13 12:08 <REP> d-------- C:\Program Files\Trust
    2007-12-25 19:54 . 2007-12-28 09:04 <REP> d-------- C:\Documents and Settings\Bernard\Application Data\AVG7
    2007-12-25 19:53 . 2007-12-25 19:53 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-12-25 19:53 . 2007-12-25 19:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2007-12-22 20:41 . 2007-12-22 20:41 <REP> d-------- C:\Program Files\PC Inspector File Recovery
    2007-12-22 20:41 . 2002-02-18 18:40 6,200 --a------ C:\WINDOWS\system32\INT13EXT.VXD
    2007-12-22 15:47 . 2007-12-22 15:47 <REP> d-------- C:\Program Files\Trend Micro
    2007-12-21 00:54 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
    2007-12-21 00:50 . 2007-12-21 00:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-12-19 14:21 . 2007-12-19 14:24 250 --a------ C:\WINDOWS\gmer.ini
    2007-12-18 00:58 . 2007-12-18 00:58 <REP> d-------- C:\WINDOWS\AU_Temp
    2007-12-18 00:57 . 2007-12-18 00:53 40,069,133 --a------ C:\WINDOWS\LPT$VPN.891
    2007-12-18 00:53 . 2007-12-18 00:53 40,069,133 --a------ C:\WINDOWS\VPTNFILE.891
    2007-12-14 13:27 . 2007-12-14 13:27 <REP> d-------- C:\Documents and Settings\Bernard\Application Data\vlc
    2007-12-13 11:51 . 2007-02-13 07:42 14,848 --a------ C:\WINDOWS\system32\drivers\KMWDFilter.SYS
    2007-12-13 11:50 . 2007-12-13 11:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3E318E90-4BE6-4440-A0EE-2EAF8419199C}
    2007-12-13 11:39 . 2004-08-20 00:09 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2007-12-13 11:39 . 2004-08-20 00:09 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-28 15:47 --------- d-----w C:\Program Files\Spamihilator
    2007-12-28 13:38 --------- d-----w C:\Documents and Settings\Bernard\Application Data\OpenOffice.org2
    2007-12-28 08:04 --------- d-----w C:\Program Files\RamBoost XP
    2007-12-26 23:04 --------- d-----w C:\Program Files\eMule
    2007-12-25 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-12-25 00:03 --------- d-----w C:\Program Files\3D Home Architect
    2007-12-24 23:48 --------- d-----w C:\Program Files\Fake Webcam
    2007-12-24 23:37 --------- d-----w C:\Documents and Settings\Bernard\Application Data\m
    2007-12-23 20:56 --------- d-----w C:\Program Files\Windows Live Safety Center
    2007-12-22 19:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-19 17:29 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-19 17:29 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-12-17 23:58 86,094 ----a-w C:\WINDOWS\BPMNT.dll
    2007-12-17 23:58 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
    2007-12-17 23:53 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
    2007-12-17 23:53 267,845 ----a-w C:\WINDOWS\tsc.exe
    2007-12-16 00:50 --------- d-----w C:\Program Files\WebcamMax
    2007-12-16 00:48 --------- d-----w C:\Program Files\PowerCheck
    2007-12-16 00:39 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
    2007-12-16 00:25 --------- d-----w C:\Program Files\Google
    2007-12-14 12:25 --------- d-----w C:\Program Files\VideoLAN
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-11-28 19:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2007-11-18 05:49 286,720 ------w C:\WINDOWS\Setup1.exe
    2007-11-14 16:28 --------- d-----w C:\Documents and Settings\Bernard\Application Data\ArcSoft
    2007-11-14 16:26 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft
    2007-11-14 16:14 --------- d-----w C:\Program Files\Philips
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-07 19:35 --------- d-----w C:\Program Files\PC Camera
    2007-10-31 05:45 --------- d-----w C:\Program Files\DipTrace
    2007-10-28 12:20 --------- d-----w C:\Program Files\Java
    2007-09-03 21:16 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LDM"="\Program\BackWeb-8876480.exe" []
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-25 19:53]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5ECD31F0-F91A-11d4-B3CA-00D0B70A09D2}"= WDShell [ ]

    R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-06 00:07]
    R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2002-10-05 10:46]
    R0 hptpro;hptpro;C:\WINDOWS\system32\DRIVERS\hptpro.sys [2002-04-27 07:34]
    R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-05-12 13:01]
    R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 14:11]
    R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe [2007-06-09 00:23]
    R2 tyansmb;tyansmb;C:\WINDOWS\system32\Drivers\tyansmb.sys [2003-06-05 13:14]
    R3 KMWDFilter;KMWDFilter;C:\WINDOWS\System32\Drivers\KMWDFilter.SYS [2007-02-13 07:42]
    R3 SampleScanner;Ultima2000 Scanner;C:\WINDOWS\system32\DRIVERS\GT680x.sys [2001-06-07 16:56]
    R3 SUSCOM;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS [2002-10-22 12:58]
    S2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2006-07-03 07:39]
    S3 akshasp;Aladdin HASP Key;C:\WINDOWS\system32\DRIVERS\akshasp.sys [2005-07-20 17:08]
    S3 Amps2prt;PS/2 Port Mouse Filter Driver;C:\WINDOWS\system32\Drivers\Amps2prt.sys [2000-11-03 17:37]
    S3 CAM1210;SM0121 USB 2.0 Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2006-07-24 17:49]
    S3 camvid40;Philips SPC 900NC PC Camera;C:\WINDOWS\system32\DRIVERS\camdrv41.sys [2005-08-25 18:28]
    S3 ICAM5USB;Caméra CS110 Intel(r) PC;C:\WINDOWS\system32\Drivers\Icam5USB.sys [2001-08-17 21:06]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2006-07-27 03:07]
    S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2003-02-12 12:16]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2005-01-22 17:06:07 C:\WINDOWS\Tasks\1 Copernic Intra-Daily ~BV Bernard.job"
    - C:\Program Files\Copernic Agent\CopernicAgent.exe
    "2005-01-22 17:06:07 C:\WINDOWS\Tasks\2 Copernic Daily ~BV Bernard.job"
    - C:\Program Files\Copernic Agent\CopernicAgent.exe
    "2005-01-22 17:06:07 C:\WINDOWS\Tasks\3 Copernic Weekly ~BV Bernard.job"
    - C:\Program Files\Copernic Agent\CopernicAgent.exe
    "2005-01-22 17:06:07 C:\WINDOWS\Tasks\4 Copernic Monthly ~BV Bernard.job"
    - C:\Program Files\Copernic Agent\CopernicAgent.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-28 16:51:12
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-28 16:52:55 - machine was rebooted
    .
    2007-12-12 08:34:57 --- E O F ---
    _________________________________________________________________________________________________________

    Logfile of HijackThis v1.99.1
    Scan saved at 16:54:42, on 28/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
    C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
    C:\Program Files\PowerCheck\PowerCheck.exe
    c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
    C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CapMan.exe
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ElogErr.exe
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\SCRFS.exe
    C:\PROGRA~1\SONYER~1\Mobile\AUFILE~1.EXE
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\Ecfmserv.exe
    C:\Program Files\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://news.google.com/topstories?hl=fr&gl=FR&ceid=FR:fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
    O4 - Global Startup: Phone Connection Monitor.lnk = ?
    O4 - Global Startup: PowerCheck.lnk = C:\Program Files\PowerCheck\PowerCheck.exe
    O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - https://www.f-secure.com/en/home/support
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - https://www.f-secure.com/en/home/support
    O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - https://www.appdirect.com/products/apphelp/
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4886/mcfscan.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
    0
  14. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    1/ * Sélectionne le texte suivant :

    Driver::
    szkg

    File::
    C:\Windows\system32\DRIVERS\szkg.sys

    Folder::
    "C:\Documents and Settings\Bernard\Application Data\m"


    * Copie le texte sélectionné (CTRL+C).
    * Ouvre le bloc-note (programme>Accessoire>bloc-note).
    * Colle le texte copié dans ce bloc-note (CTRL+V).
    * Sauvegarde ce fichier sous le nom de CFScript.txt
    * Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
    * Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
    * Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.
    * Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
    * Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    2/ Télécharge Ccleaner Basic https://www.ccleaner.com/ccleaner/download

    Ouvre Ccleaner, clique sur "lancer le nettoyage".

    3/ Télécharge AVGantispyware : https://www.avg.com/en-ww/free-antivirus-download
    Tu l'installes.
    Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.

    Clique sur le bouton Analyse (de la barre d'outils)
    Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
    Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
    A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
    Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

    4/ * Fais un scan en ligne en cliquant ici : https://www.bitdefender.com/toolbox/
    * Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
    * Réalise un scan complet du système.
    * Sauvegarde le rapport en mode texte à l'issue du scan.

    5/ Edite ces rapports :
    Combofix, AVGantispyware, bit defender.

    FillPCA
    0
  15. Moi même
     
    Bonsoir
    Effectivement, le virus est bien localisé dans C:\Documents and Settings\Bernard\Application Data\m à l'emplacement ou BitDefender l'avait localisé initialement.
    Il a bien été trouvé et supprimé a la suite de la procédure avec ComboFix.exe que tu as indiquée et n'apparait plus dans le dernier scan de BitDefender.
    Je pense qu'il est éradiqué et que tout est rentré dans l'ordre.
    Merci mille fois encore pour ta précieuse aide qui a été particulièrement efficace.

    Ci dessous les logs des procédures.
    ____________________________________________________________________________________________________________

    ComboFix 07-12-21.4 - Bernard 2007-12-28 17:46:18.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.218 [GMT 1:00]
    Running from: C:\Documents and Settings\Bernard\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Bernard\Bureau\CFScript.txt
    * Created a new restore point

    FILE
    C:\Windows\system32\DRIVERS\szkg.sys
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\Bernard\Application Data\m
    C:\Documents and Settings\Bernard\Application Data\m\shared\BiblePromise

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_SZKG
    -------\szkg

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-28 to 2007-12-28 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-28 16:40 . 2004-08-05 13:00 153,088 --a------ C:\WINDOWS\regedit.exe
    2007-12-28 14:01 . 2007-12-28 14:01 <REP> d-------- C:\WINDOWS\ERUNT
    2007-12-27 15:03 . 2007-12-27 15:03 17,374,963 --a------ C:\upload_moi_BV.tar.gz
    2007-12-27 14:39 . 2007-12-13 12:08 <REP> d-------- C:\Program Files\Trust
    2007-12-25 19:54 . 2007-12-28 09:04 <REP> d-------- C:\Documents and Settings\Bernard\Application Data\AVG7
    2007-12-25 19:53 . 2007-12-25 19:53 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
    2007-12-25 19:53 . 2007-12-25 19:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
    2007-12-22 20:41 . 2007-12-22 20:41 <REP> d-------- C:\Program Files\PC Inspector File Recovery
    2007-12-22 20:41 . 2002-02-18 18:40 6,200 --a------ C:\WINDOWS\system32\INT13EXT.VXD
    2007-12-22 15:47 . 2007-12-22 15:47 <REP> d-------- C:\Program Files\Trend Micro
    2007-12-21 00:54 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
    2007-12-21 00:50 . 2007-12-21 00:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-12-19 14:21 . 2007-12-19 14:24 250 --a------ C:\WINDOWS\gmer.ini
    2007-12-18 00:58 . 2007-12-18 00:58 <REP> d-------- C:\WINDOWS\AU_Temp
    2007-12-18 00:57 . 2007-12-18 00:53 40,069,133 --a------ C:\WINDOWS\LPT$VPN.891
    2007-12-18 00:53 . 2007-12-18 00:53 40,069,133 --a------ C:\WINDOWS\VPTNFILE.891
    2007-12-14 13:27 . 2007-12-14 13:27 <REP> d-------- C:\Documents and Settings\Bernard\Application Data\vlc
    2007-12-13 11:51 . 2007-02-13 07:42 14,848 --a------ C:\WINDOWS\system32\drivers\KMWDFilter.SYS
    2007-12-13 11:50 . 2007-12-13 11:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3E318E90-4BE6-4440-A0EE-2EAF8419199C}
    2007-12-13 11:39 . 2004-08-20 00:09 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2007-12-13 11:39 . 2004-08-20 00:09 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-28 16:42 --------- d-----w C:\Program Files\Spamihilator
    2007-12-28 16:05 --------- d-----w C:\Documents and Settings\Bernard\Application Data\OpenOffice.org2
    2007-12-28 08:04 --------- d-----w C:\Program Files\RamBoost XP
    2007-12-26 23:04 --------- d-----w C:\Program Files\eMule
    2007-12-25 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
    2007-12-25 00:03 --------- d-----w C:\Program Files\3D Home Architect
    2007-12-24 23:48 --------- d-----w C:\Program Files\Fake Webcam
    2007-12-23 20:56 --------- d-----w C:\Program Files\Windows Live Safety Center
    2007-12-22 19:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-19 17:29 --------- d-----w C:\Program Files\MSN Messenger
    2007-12-19 17:29 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-12-17 23:58 86,094 ----a-w C:\WINDOWS\BPMNT.dll
    2007-12-17 23:58 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
    2007-12-17 23:53 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
    2007-12-17 23:53 267,845 ----a-w C:\WINDOWS\tsc.exe
    2007-12-16 00:50 --------- d-----w C:\Program Files\WebcamMax
    2007-12-16 00:48 --------- d-----w C:\Program Files\PowerCheck
    2007-12-16 00:39 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
    2007-12-16 00:25 --------- d-----w C:\Program Files\Google
    2007-12-14 12:25 --------- d-----w C:\Program Files\VideoLAN
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-11-28 19:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
    2007-11-18 05:49 286,720 ------w C:\WINDOWS\Setup1.exe
    2007-11-14 16:28 --------- d-----w C:\Documents and Settings\Bernard\Application Data\ArcSoft
    2007-11-14 16:26 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft
    2007-11-14 16:14 --------- d-----w C:\Program Files\Philips
    2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
    2007-11-07 19:35 --------- d-----w C:\Program Files\PC Camera
    2007-10-31 05:45 --------- d-----w C:\Program Files\DipTrace
    2007-10-28 12:20 --------- d-----w C:\Program Files\Java
    2007-09-03 21:16 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2007-12-28_16.52.11.56 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2007-12-28 16:54:02 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1a0.dat
    + 2007-12-28 16:53:38 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_530.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "LDM"="\Program\BackWeb-8876480.exe" []
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-25 19:53]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5ECD31F0-F91A-11d4-B3CA-00D0B70A09D2}"= WDShell [ ]

    R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-06 00:07]
    R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2002-10-05 10:46]
    R0 hptpro;hptpro;C:\WINDOWS\system32\DRIVERS\hptpro.sys [2002-04-27 07:34]
    R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-05-12 13:01]
    R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 14:11]
    R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe [2007-06-09 00:23]
    R2 tyansmb;tyansmb;C:\WINDOWS\system32\Drivers\tyansmb.sys [2003-06-05 13:14]
    R3 KMWDFilter;KMWDFilter;C:\WINDOWS\System32\Drivers\KMWDFilter.SYS [2007-02-13 07:42]
    R3 SampleScanner;Ultima2000 Scanner;C:\WINDOWS\system32\DRIVERS\GT680x.sys [2001-06-07 16:56]
    R3 SUSCOM;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS [2002-10-22 12:58]
    S2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2006-07-03 07:39]
    S3 akshasp;Aladdin HASP Key;C:\WINDOWS\system32\DRIVERS\akshasp.sys [2005-07-20 17:08]
    S3 Amps2prt;PS/2 Port Mouse Filter Driver;C:\WINDOWS\system32\Drivers\Amps2prt.sys [2000-11-03 17:37]
    S3 CAM1210;SM0121 USB 2.0 Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2006-07-24 17:49]
    S3 camvid40;Philips SPC 900NC PC Camera;C:\WINDOWS\system32\DRIVERS\camdrv41.sys [2005-08-25 18:28]
    S3 ICAM5USB;Caméra CS110 Intel(r) PC;C:\WINDOWS\system32\Drivers\Icam5USB.sys [2001-08-17 21:06]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2006-07-27 03:07]
    S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2003-02-12 12:16]

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2005-01-22 17:06:07 C:\WINDOWS\Tasks\1 Copernic Intra-Daily ~BV Bernard.job"
    - C:\Program Files\Copernic Agent\CopernicAgent.exe
    "2005-01-22 17:06:07 C:\WINDOWS\Tasks\2 Copernic Daily ~BV Bernard.job"
    - C:\Program Files\Copernic Agent\CopernicAgent.exe
    "2005-01-22 17:06:07 C:\WINDOWS\Tasks\3 Copernic Weekly ~BV Bernard.job"
    - C:\Program Files\Copernic Agent\CopernicAgent.exe
    "2005-01-22 17:06:07 C:\WINDOWS\Tasks\4 Copernic Monthly ~BV Bernard.job"
    - C:\Program Files\Copernic Agent\CopernicAgent.exe
    .
    **************************************************************************

    catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-28 17:54:22
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-12-28 17:55:59 - machine was rebooted
    C:\ComboFix2.txt ... 2007-12-28 16:52
    .
    2007-12-12 08:34:57 --- E O F ---
    __________________________________________________________________________________________________________
    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 20:03:45 28/12/2007

    + Résultat de l'analyse:

    C:\Documents and Settings\Bernard\Bureau\Outils\EliBaglA.exe -> Heuristic.Win32.AVKiller : Nettoyé.
    :mozilla.47:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
    :mozilla.7:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.8:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.54:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
    :mozilla.38:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
    :mozilla.15:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
    C:\Documents and Settings\Bernard\Cookies\bernard@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
    :mozilla.36:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
    :mozilla.37:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
    :mozilla.58:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
    :mozilla.59:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
    :mozilla.25:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.26:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.27:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.28:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.29:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.44:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.40:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.41:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.42:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.45:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.46:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.53:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.39:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.

    Fin du rapport

    _________________________________________________________________________________________________________
    BitDefender Online Scanner - Rapport virus en temps réel

    Généré à: Fri, Dec 28, 2007 - 22:20:56

    --------------------------------------------------------------------------------

    Info d'analyse

    Fichiers scannés
    661967

    Infectés Fichiers
    0

    Virus Détectés

    Aucun virus trouvé.
    0
  16. Moi même
     
    Bonjour
    Malheureusement, ca reboote encore ! Ce matin l'anomalie s'est à nouveau manifestée !
    0
  17. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Bonjour,

    Tu as des traces de 2 antivirus : AVG et Avast. Désinstalle proprement cleui qui tu n'utilises pas et édite un nouveau rapport Hijackthis et un rapport SREng.

    FillPCA
    0
  18. Moi même
     
    Les voici
    _________________________________________________________________________________________________
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:38:31, on 29/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
    C:\Program Files\RamBoost XP\rambxpfr.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
    C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
    C:\Program Files\PowerCheck\PowerCheck.exe
    c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
    C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CapMan.exe
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ElogErr.exe
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\SCRFS.exe
    C:\PROGRA~1\SONYER~1\Mobile\AUFILE~1.EXE
    C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\Ecfmserv.exe
    C:\Program Files\Spamihilator\Spamihilator.exe
    C:\Program Files\Alwil Software\Avast4\1ashDisp.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://news.google.com/topstories?hl=fr&gl=FR&ceid=FR:fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
    O4 - Global Startup: Phone Connection Monitor.lnk = ?
    O4 - Global Startup: PowerCheck.lnk = C:\Program Files\PowerCheck\PowerCheck.exe
    O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
    O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - https://www.f-secure.com/en/home/support
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - https://www.f-secure.com/en/home/support
    O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - https://www.appdirect.com/products/apphelp/
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4886/mcfscan.cab
    O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
    0
  19. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    Ton antivirus apparait bien dans les services, mais pas au démarrage. ESt-il actif quand tu démarres le PC ? Je ne suis pas certain que le problème soit encore infectieux.

    1/ Télécharge et utilise ATFcleaner et nettoie tout : http://pitcatsite.ovh.org/php/ATFCleaner.php
    2/ Edite un nouveau rapport Diaghelp.

    FillPCA
    0
  20. Moi même
     
    Non l'antivirus ne se lance pas au démarrage ainsi que quelques autres applis auxiliaires
    Voici le rapport

    DiagHelp version v1.4 - http://www.malekal.com
    excute le 29/12/2007 à 21:11:19,89

    Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
    C:\WINDOWS\prefetch\CMD.EXE-137A0D53.pf -->29/12/2007 21:11:19
    C:\WINDOWS\prefetch\CHCP.COM-17C61B40.pf -->29/12/2007 21:11:16
    C:\WINDOWS\prefetch\WINZIP32.EXE-22905BC0.pf -->29/12/2007 21:10:41
    C:\WINDOWS\prefetch\VERCLSID.EXE-3B227142.pf -->29/12/2007 21:10:30
    C:\WINDOWS\prefetch\IEXPLORE.EXE-06887102.pf -->29/12/2007 21:09:19
    C:\WINDOWS\prefetch\layout.ini -->29/12/2007 20:12:53

    C:\WINDOWS\System32\drivers\gmer.sys -->19/12/2007 14:21:48
    C:\WINDOWS\System32\drivers\aswmon.sys -->04/12/2007 15:56:02
    C:\WINDOWS\System32\drivers\aswmon2.sys -->04/12/2007 15:55:46
    C:\WINDOWS\System32\drivers\aswRdr.sys -->04/12/2007 15:53:39
    C:\WINDOWS\System32\drivers\aswTdi.sys -->04/12/2007 15:51:52
    C:\WINDOWS\System32\drivers\aavmker4.sys -->04/12/2007 15:49:02
    C:\WINDOWS\System32\drivers\secdrv.sys -->13/11/2007 11:25:54

    C:\WINDOWS\System32\wpa.dbl -->29/12/2007 19:35:43
    C:\WINDOWS\System32\LVCOMSX.LOG -->28/12/2007 13:52:49
    C:\WINDOWS\System32\Uninstall.ico -->21/12/2007 00:51:29
    C:\WINDOWS\System32\pavas.ico -->21/12/2007 00:51:29
    C:\WINDOWS\System32\Help.ico -->21/12/2007 00:51:29
    C:\WINDOWS\System32\swreg.exe -->13/12/2007 21:26:50
    C:\WINDOWS\System32\CONFIG.NT -->12/12/2007 09:32:51
    C:\WINDOWS\System32\TZLog.log -->12/12/2007 01:30:26
    C:\WINDOWS\System32\aswBoot.exe -->04/12/2007 14:04:28
    C:\WINDOWS\System32\AVASTSS.scr -->04/12/2007 13:54:04
    C:\WINDOWS\System32\MRT.exe -->03/12/2007 00:00:05
    C:\WINDOWS\System32\tzchange.exe -->13/11/2007 12:31:11
    C:\WINDOWS\System32\mshtml.dll -->31/10/2007 00:23:48
    C:\WINDOWS\System32\quartz.dll -->29/10/2007 23:43:32
    C:\WINDOWS\System32\xpsp3res.dll -->29/10/2007 16:07:16
    C:\WINDOWS\System32\jupdate-1.6.0_03-b05.log -->28/10/2007 13:20:46
    C:\WINDOWS\System32\perfh00C.dat -->28/10/2007 09:19:00
    C:\WINDOWS\System32\perfh009.dat -->28/10/2007 09:19:00
    C:\WINDOWS\System32\perfc00C.dat -->28/10/2007 09:19:00
    C:\WINDOWS\System32\perfc009.dat -->28/10/2007 09:19:00
    C:\WINDOWS\System32\PerfStringBackup.INI -->28/10/2007 09:18:59
    C:\WINDOWS\System32\shell32.dll -->25/10/2007 17:43:25
    C:\WINDOWS\System32\wmasf.dll -->25/10/2007 09:28:30
    C:\WINDOWS\System32\wininet.dll -->11/10/2007 00:49:45
    C:\WINDOWS\System32\webcheck.dll -->11/10/2007 00:49:45

    C:\WINDOWS\WindowsUpdate.log -->29/12/2007 21:04:48
    C:\WINDOWS\0.log -->29/12/2007 19:35:15
    C:\WINDOWS\wiadebug.log -->29/12/2007 19:34:53
    C:\WINDOWS\wiaservc.log -->29/12/2007 19:34:45
    C:\WINDOWS\TempFile -->29/12/2007 19:34:43
    C:\WINDOWS\bootstat.dat -->29/12/2007 19:34:30
    C:\WINDOWS\SchedLgU.Txt -->29/12/2007 19:32:31
    C:\WINDOWS\system.ini -->29/12/2007 18:00:13
    C:\WINDOWS\wmsetup.log -->29/12/2007 16:53:08
    C:\WINDOWS\tsc.ini -->29/12/2007 11:45:57
    C:\WINDOWS\tsc.ptn -->29/12/2007 09:56:29
    C:\WINDOWS\tsc.exe -->29/12/2007 09:56:28
    C:\WINDOWS\vsapi32.dll -->29/12/2007 09:56:27
    C:\WINDOWS\hcextoutput.dll -->29/12/2007 09:56:27
    C:\WINDOWS\VPTNFILE.919 -->29/12/2007 09:56:26

    winlogon.exe
    Verified: Signed
    svchost.exe
    Verified: Signed
    ws2_32.dll
    Verified: Signed
    user32.dll
    Verified: Signed
    tcpip.sys
    Verified: Signed
    ndis.sys
    Verified: Signed
    null.sys
    Verified: Signed

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    explorer.exe pid: 1800
    Command line: C:\WINDOWS\Explorer.EXE

    Base Size Version Path
    0x44080000 0xcf000 7.00.6000.16574 C:\WINDOWS\system32\WININET.dll
    0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
    0x43e00000 0x45000 7.00.6000.16574 C:\WINDOWS\system32\iertutil.dll
    0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
    0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
    0x44360000 0x5cd000 7.00.6000.16574 C:\WINDOWS\system32\ieframe.dll
    0x44160000 0x127000 7.00.6000.16574 C:\WINDOWS\system32\urlmon.dll
    0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
    0x442b0000 0x3c000 7.00.6000.16574 C:\WINDOWS\system32\webcheck.dll
    0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
    0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
    0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
    0x10000000 0x2f000 11.00.0000.0001 C:\WINDOWS\system32\WDShell.dll
    0x61c20000 0x54000 8.00.0000.9118 C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll
    0x5fc70000 0x18000 8.00.0000.9107 C:\Program Files\OpenOffice.org 2.2\program\uwinapi.dll
    0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\OpenOffice.org 2.2\program\MSVCR71.dll
    0x61740000 0x8e000 4.05.2003.0120 C:\Program Files\OpenOffice.org 2.2\program\stlport_vc7145.dll
    0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\OpenOffice.org 2.2\program\MSVCP71.dll
    0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
    0x02e40000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
    0x00a60000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
    0x16200000 0x6000 4.01.0000.0000 C:\PROGRA~1\WINZIP~1.1FR\WZSHLSTB.DLL
    0x01100000 0x28000 C:\Program Files\WinRAR\rarext.dll
    0x02030000 0x5d000 1.03.0004.0001 C:\Program Files\Sony Ericsson\Mobile\auexpext.dll
    0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
    0x018c0000 0x2b000 1.03.0004.0001 C:\Program Files\Sony Ericsson\Mobile\FilGuiLg.dll
    0x00d90000 0x8000 1.00.0000.0001 C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    winlogon.exe pid: 672
    Command line: winlogon.exe

    Base Size Version Path
    0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
    0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
    0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
    0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
    0x01150000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
    0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
    0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL

    Le volume dans le lecteur C s'appelle Principal
    Le numéro de série du volume est D835-3672

    Répertoire de C:\WINDOWS\system

    10/09/1999 12:06 4 672 WOWPOST.EXE
    1 fichier(s) 4 672 octets
    0 Rép(s) 47 971 311 616 octets libres
    Le volume dans le lecteur C s'appelle Principal
    Le numéro de série du volume est D835-3672

    Répertoire de C:\WINDOWS\system32

    20/08/2004 00:09 6 144 csrss.exe
    1 fichier(s) 6 144 octets
    0 Rép(s) 47 971 311 616 octets libres

    Contenu de Downloaded Program Files
    Le volume dans le lecteur C s'appelle Principal
    Le numéro de série du volume est D835-3672

    Répertoire de C:\WINDOWS\Downloaded Program Files

    25/12/2007 14:07 <REP> .
    25/12/2007 14:07 <REP> ..
    07/03/2007 00:59 300 680 arclib.dll
    24/08/2006 07:28 141 424 asinst.dll
    22/08/2006 08:06 537 asinst.inf
    09/12/2007 00:46 312 680 avsniff.dll
    09/12/2007 00:38 773 avsniff.inf
    09/12/2007 00:46 255 336 avsniffdlgs.dll
    07/12/2004 16:07 32 bdcore.dll
    25/05/2006 00:21 118 784 bdupd.dll
    21/03/2002 14:26 815 bitdefender.inf
    30/01/2003 15:52 348 160 bitdefender.ocx
    25/06/2003 18:00 541 ca.pub
    09/12/2007 00:38 241 CabSA.inf
    19/12/2007 01:00 2 504 catalog.dat
    27/03/2002 13:02 168 014 cssweb.dll
    24/04/2003 14:11 259 cssweb.inf
    17/01/2006 16:11 580 663 daas_s.dll
    14/08/2004 13:51 65 desktop.ini
    25/07/2002 17:13 24 576 dwusplay.dll
    25/07/2002 17:13 196 608 dwusplay.exe
    19/12/2007 01:00 6 899 ecbootil.vxd
    09/12/2007 00:36 42 112 ecmldr32.dll
    19/12/2007 01:00 284 016 ecmsvr32.dll
    20/11/2007 16:04 1 523 536 FP_AX_CAB_INSTALLER.exe
    03/02/2006 10:20 188 416 fsauc.dll
    16/06/2006 14:31 181 856 fscax.dll
    13/04/2007 15:52 482 fscax.inf
    12/07/2000 01:02 36 864 fxfileop.dll
    25/05/2006 00:21 53 248 ipsupd.dll
    10/06/2005 09:44 417 792 isusweb.dll
    07/01/2007 12:55 2 305 kavwebscan.inf
    16/03/2005 11:34 7 407 lang.ini
    11/12/2006 16:44 367 LegitCheckControl.inf
    07/12/2004 16:07 32 libfn.dll
    14/03/2005 13:38 126 live.ini
    24/02/2006 11:49 882 mcfscan.inf
    18/11/1999 12:48 995 mpeg4ax.inf
    18/11/1999 12:49 992 msaudio.inf
    09/12/2007 00:36 6 850 navapi.vxd
    09/12/2007 00:36 201 896 navapi32.dll
    19/12/2007 01:00 124 272 naveng32.dll
    19/12/2007 01:00 914 800 navex32a.dll
    17/01/2005 16:09 227 opuc.inf
    01/06/2006 01:57 1 331 oscan8.inf
    01/06/2006 01:54 471 040 oscan8.ocx
    31/05/2006 03:15 10 oscan81.ocx_x
    09/12/2007 00:46 296 336 rufsi.dll
    14/03/2005 13:58 7 073 scanoptions.tsi
    19/12/2007 01:00 97 776 scrauth.dat
    20/11/2007 15:50 247 swflash.inf
    19/12/2007 01:00 11 816 symaveng.cat
    19/12/2007 01:00 1 061 symaveng.inf
    19/12/2007 01:00 402 118 tcdefs.dat
    19/12/2007 01:00 2 429 629 tcscan7.dat
    19/12/2007 01:00 428 396 tcscan8.dat
    19/12/2007 01:00 1 000 625 tcscan9.dat
    19/12/2007 01:00 453 tinf.dat
    19/12/2007 01:00 148 tinfidx.dat
    19/12/2007 01:00 1 957 tinfl.dat
    19/12/2007 01:00 68 399 tscan1.dat
    19/12/2007 01:00 3 294 tscan1hd.dat
    31/10/2001 09:37 118 uninst.bat
    19/12/2007 01:00 4 778 v.grd
    19/12/2007 01:00 2 267 v.sig
    21/12/2007 19:08 294 403 vet.da1
    19/11/2007 01:18 13 076 520 vet.dat
    13/07/2007 05:11 1 353 016 vete.dll
    19/12/2007 01:00 106 244 virscan.inf
    19/12/2007 01:00 997 354 virscan1.dat
    19/12/2007 01:00 570 966 virscan2.dat
    19/12/2007 01:00 150 932 virscan3.dat
    19/12/2007 01:00 320 253 virscan4.dat
    19/12/2007 01:00 5 198 791 virscan5.dat
    19/12/2007 01:00 392 361 virscan6.dat
    19/12/2007 01:00 18 131 798 virscan7.dat
    19/12/2007 01:00 1 899 941 virscan8.dat
    19/12/2007 01:00 5 410 050 virscan9.dat
    19/12/2007 01:00 32 virscant.dat
    20/11/2006 12:02 180 282 webscan.dll
    21/07/2006 12:55 477 webscan.inf
    02/11/2005 17:01 1 777 xscan.inf
    02/11/2005 17:07 435 712 xscan53.ocx
    19/12/2007 01:00 224 zdone.dat
    82 fichier(s) 60 199 069 octets

    Total des fichiers listés :
    82 fichier(s) 60 199 069 octets
    2 Rép(s) 47 971 307 520 octets libres

    Recherche de rootkit! (Merci S!Ri)

    Recherche d'infections connues

    Export des clefs sensibles..

    Liste des fichiers en exception sur le pare-feu XP SP2

    "C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime"

    Export de la clef SharedTaskScheduler

    [SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

    exports des policies
    REGEDIT4

    [system]

    Export des clefs sensibles..
    Rechercher adresses sensibles dans le fichier HOSTS...
    catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-29 21:12:19
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2C4D257C-72E2-E577-A752-291333787D00}]
    "hagepphnhnalohlb"=hex:61,61,00,00
    "hagepphnnnglgocp"=hex:61,61,00,00
    "iakfpidebimpimgooj"=hex:6b,61,68,69,67,68,6d,70,69,62,66,67,61,65,6c,66,67,70,61,6f,6f,..
    "haegjngplkgkgjhj"=hex:6b,61,68,69,67,68,6d,70,69,62,66,67,61,65,6c,66,67,70,61,6f,6f,..

    scanning hidden files ...

    scan completed successfully
    hidden services: 0
    hidden files: 0

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Process list by traversal of KiWaitListHead

    4 - System
    164 - avgas.exe
    176 - ctfmon.exe
    268 - rambxpfr.exe
    364 - snmp.exe
    620 - MROUTE~2.EXE
    648 - csrss.exe
    672 - winlogon.exe
    716 - services.exe
    728 - lsass.exe
    876 - svchost.exe
    956 - svchost.exe
    1024 - ApacheMonitor.e
    1048 - svchost.exe
    1092 - svchost.exe
    1116 - PowerCheck.exe
    1288 - soffice.bin
    1320 - ashServ.exe
    1504 - spoolsv.exe
    1800 - explorer.exe
    1836 - CONNMN~1.EXE
    1848 - msimn.exe
    1976 - guard.exe
    2152 - ashMaiSv.exe
    2172 - ashWebSv.exe
    2268 - 1ashDisp.exe
    2672 - alg.exe
    3280 - BROADC~1.EXE
    3688 - cmd.exe
    -1304204150 - x --[Hidden]--

    Total number of processes = 30
    NOTE: Under WinXP, this will not show all processes.

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Driver/Module list by traversal of PsLoadedModuleList

    804D7000 - \WINDOWS\system32\ntoskrnl.exe
    806EC000 - \WINDOWS\system32\hal.dll
    F8A35000 - \WINDOWS\system32\KDCOM.DLL
    F8945000 - \WINDOWS\system32\BOOTVID.dll
    F84F5000 - imagesrv.sys
    F84C6000 - ACPI.sys
    F8A37000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS
    F84B5000 - pci.sys
    F8535000 - isapnp.sys
    F8A39000 - viaide.sys
    F87B5000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    F8545000 - MountMgr.sys
    F8496000 - ftdisk.sys
    F87BD000 - PartMgr.sys
    F8555000 - VolSnap.sys
    F847E000 - atapi.sys
    F8466000 - SI3112r.sys
    F844E000 - \WINDOWS\System32\DRIVERS\SCSIPORT.SYS
    F8565000 - hpt3xx.sys
    F8A3B000 - imagedrv.sys
    F8575000 - disk.sys
    F8585000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    F842E000 - fltmgr.sys
    F8595000 - PxHelp20.sys
    F8949000 - bsstor.sys
    F894D000 - SiWinAcc.sys
    F8951000 - hptpro.sys
    F8417000 - KSecDD.sys
    F838A000 - Ntfs.sys
    F835D000 - NDIS.sys
    F87C5000 - viaagp1.sys
    F8A3D000 - sfhlp01.sys
    F8A3F000 - prosync1.sys
    F834B000 - prohlp02.sys
    F8330000 - Mup.sys
    F8695000 - \SystemRoot\System32\DRIVERS\amdk7.sys
    F7A7E000 - \SystemRoot\System32\DRIVERS\ati2mtag.sys
    F7A6A000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
    F88E5000 - \SystemRoot\System32\DRIVERS\usbuhci.sys
    F7A47000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
    F8A6F000 - \SystemRoot\System32\Drivers\vulfnth.sys
    F88ED000 - \SystemRoot\System32\DRIVERS\usbehci.sys
    F86A5000 - \SystemRoot\System32\DRIVERS\imapi.sys
    F7E1D000 - \SystemRoot\system32\drivers\pfc.sys
    F86B5000 - \SystemRoot\System32\DRIVERS\cdrom.sys
    F86C5000 - \SystemRoot\System32\DRIVERS\redbook.sys
    F7A24000 - \SystemRoot\System32\DRIVERS\ks.sys
    F7976000 - \SystemRoot\system32\drivers\ALCXWDM.SYS
    F7952000 - \SystemRoot\system32\drivers\portcls.sys
    F86D5000 - \SystemRoot\system32\drivers\drmk.sys
    F88F5000 - \SystemRoot\System32\DRIVERS\fetnd5.sys
    F88FD000 - \SystemRoot\System32\DRIVERS\fdc.sys
    F7941000 - \SystemRoot\System32\DRIVERS\serial.sys
    F7E11000 - \SystemRoot\System32\DRIVERS\serenum.sys
    F792D000 - \SystemRoot\System32\DRIVERS\parport.sys
    F86E5000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
    F8905000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
    F7E0D000 - \SystemRoot\System32\DRIVERS\gameenum.sys
    F8BFD000 - \SystemRoot\System32\DRIVERS\audstub.sys
    F86F5000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
    F7E09000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
    F7916000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
    F8705000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
    F8715000 - \SystemRoot\System32\DRIVERS\raspptp.sys
    F890D000 - \SystemRoot\System32\DRIVERS\TDI.SYS
    F7905000 - \SystemRoot\System32\DRIVERS\psched.sys
    F8725000 - \SystemRoot\System32\DRIVERS\msgpc.sys
    F8915000 - \SystemRoot\System32\DRIVERS\ptilink.sys
    F891D000 - \SystemRoot\System32\DRIVERS\raspti.sys
    F8735000 - \SystemRoot\System32\DRIVERS\termdd.sys
    F8925000 - \SystemRoot\System32\DRIVERS\mouclass.sys
    F8A71000 - \SystemRoot\System32\DRIVERS\swenum.sys
    F78D1000 - \SystemRoot\System32\DRIVERS\update.sys
    F89F1000 - \SystemRoot\System32\DRIVERS\mssmbios.sys
    F8775000 - \SystemRoot\System32\Drivers\NDProxy.SYS
    F8A15000 - \SystemRoot\System32\Drivers\vulfntr.sys
    F8795000 - \SystemRoot\System32\DRIVERS\usbhub.sys
    F8A77000 - \SystemRoot\System32\DRIVERS\USBD.SYS
    F892D000 - \SystemRoot\System32\DRIVERS\flpydisk.sys
    F8A79000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
    F8C23000 - \SystemRoot\System32\Drivers\Null.SYS
    F8A7B000 - \SystemRoot\System32\Drivers\Beep.SYS
    F8C0D000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys
    F87FD000 - \SystemRoot\System32\DRIVERS\usbccgp.sys
    F8805000 - \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
    F880D000 - \SystemRoot\System32\drivers\vga.sys
    F8A7D000 - \SystemRoot\System32\Drivers\mnmdd.SYS
    F8A7F000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
    F8815000 - \SystemRoot\System32\Drivers\Msfs.SYS
    F881D000 - \SystemRoot\System32\Drivers\Npfs.SYS
    F8308000 - \SystemRoot\System32\DRIVERS\rasacd.sys
    EF856000 - \SystemRoot\System32\DRIVERS\ipsec.sys
    EF7FE000 - \SystemRoot\System32\DRIVERS\tcpip.sys
    F7B92000 - \SystemRoot\System32\Drivers\aswTdi.SYS
    EF7D6000 - \SystemRoot\System32\DRIVERS\netbt.sys
    F8304000 - \SystemRoot\System32\drivers\ws2ifsl.sys
    EF7B4000 - \SystemRoot\System32\drivers\afd.sys
    F7B82000 - \SystemRoot\System32\DRIVERS\netbios.sys
    EF789000 - \SystemRoot\System32\DRIVERS\rdbss.sys
    F7B72000 - \SystemRoot\System32\drivers\prodrv06.sys
    EF6F2000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
    F7B62000 - \SystemRoot\System32\Drivers\Fips.SYS
    EF6D1000 - \SystemRoot\System32\DRIVERS\ipnat.sys
    F7B52000 - \SystemRoot\System32\DRIVERS\wanarp.sys
    F82E8000 - \SystemRoot\System32\DRIVERS\GT680x.sys
    F82E4000 - \??\C:\WINDOWS\System32\Drivers\KMWDFilter.SYS
    F82E0000 - \SystemRoot\system32\DRIVERS\hidusb.sys
    F7B42000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    F8825000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    F7B32000 - \SystemRoot\system32\DRIVERS\SUSCOM.SYS
    F8BA3000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
    F882D000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
    EF5BE000 - \SystemRoot\System32\DRIVERS\LVCM.sys
    F85D5000 - \SystemRoot\System32\DRIVERS\STREAM.SYS
    EF59B000 - \SystemRoot\System32\Drivers\Fastfat.SYS
    F85F5000 - \SystemRoot\system32\drivers\usbaudio.sys
    F7E21000 - \SystemRoot\System32\DRIVERS\mouhid.sys
    EF583000 - \SystemRoot\System32\Drivers\dump_atapi.sys
    F8A95000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    BF800000 - \SystemRoot\System32\win32k.sys
    EF88D000 - \SystemRoot\System32\drivers\Dxapi.sys
    F884D000 - \SystemRoot\System32\watchdog.sys
    BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
    F8C10000 - \SystemRoot\System32\drivers\dxgthk.sys
    BF9D5000 - \SystemRoot\System32\ati2dvag.dll
    BFA10000 - \SystemRoot\System32\ati3d1ag.dll
    EF2ED000 - \SystemRoot\System32\Drivers\aswMon2.SYS
    EF170000 - \SystemRoot\system32\drivers\wdmaud.sys
    EF51B000 - \SystemRoot\system32\drivers\sysaudio.sys
    EEE95000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
    F8635000 - \??\C:\WINDOWS\System32\drivers\Haspnt.sys
    F8AC7000 - \SystemRoot\System32\Drivers\ParVdm.SYS
    EF185000 - \SystemRoot\System32\Drivers\Aspi32.SYS
    F8B60000 - \??\C:\Program Files\ICprog\icprog.sys
    EEDC5000 - \??\C:\WINDOWS\System32\drivers\hardlock.sys
    EECAB000 - \SystemRoot\System32\DRIVERS\srv.sys
    EEC49000 - \??\C:\WINDOWS\system32\drivers\tmcomm.sys
    EF299000 - \??\C:\WINDOWS\system32\Drivers\tyansmb.sys
    EEF02000 - \SystemRoot\System32\Drivers\Cdfs.SYS
    EE898000 - \SystemRoot\System32\Drivers\HTTP.sys
    EE7B4000 - \SystemRoot\System32\Drivers\aswRdr.SYS
    EE243000 - \SystemRoot\system32\DRIVERS\sr.sys
    EE218000 - \SystemRoot\system32\drivers\kmixer.sys
    F8C43000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

    Total number of drivers = 144

    Liste des programmes installes

    ACDSee 9 Gestionnaire de photos
    Ad-Aware SE Personal
    Adobe Acrobat 5.0
    Adobe Flash Player ActiveX
    Adobe Photoshop 7.0
    Ahead InCD
    Apache HTTP Server 2.0.55
    Archiveur WinRAR
    ARTEC
    ATI Control Panel
    ATI Display Driver
    avast! Antivirus
    AVG Anti-Spyware 7.5
    Barre d'outils MSN
    Camfrog Video Chat 3.91 (remove only)
    CamStudio 2.0 Fr
    Canon i560
    CCleaner (remove only)
    Command On Demand for Command Software
    Compel Adaptec WinASPI
    ConTEXT
    Copernic Agent Professional
    Corel Paint Shop Pro X
    CorelDRAW Graphics Suite 12
    Correctif pour Lecteur Windows Media 11 (KB939683)
    CuteFTP Pro
    EasyCleaner
    EchoLink
    eMule
    Etats Et Requêtes
    EVEREST Home Edition v2.01
    Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP
    FileSpecs plug-in for Ad-Aware SE
    FileZilla (remove only)
    Freeplayer
    Frontline Attack - War over Europe
    Google Earth
    Google Toolbar for Firefox
    Google Toolbar for Internet Explorer
    HelpNDoc Version 1.10 Personal Edition
    HijackThis 2.0.2
    Hotfix for Windows Media Format 11 SDK (KB929399)
    HydraVision
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) SE Runtime Environment 6 Update 1
    K-Lite Codec Pack 3.4.0 Full
    Kaspersky Online Scanner
    Language Pack for Ad-aware 6
    Language pack for Ad-Aware SE
    Lecteur Windows Media 11
    LiveReg (Symantec Corporation)
    LiveUpdate 1.80 (Symantec Corporation)
    Logitech Desktop Messenger
    Logitech MouseWare 9.79.1
    Logitech Print Service
    Logitech QuickCam
    LST PCSOFT
    Macromedia Dreamweaver MX
    Macromedia Extension Manager
    Macromedia Fireworks 8
    Meracl FontMap v2.1.1
    Messenger Plus! Live
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 French Language Pack
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft IntelliType Pro 5.0
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money 2001
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 SR-1 Professional
    Microsoft Publisher 98
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
    Mise à jour de sécurité pour Windows XP (KB918118)
    Mise à jour de sécurité pour Windows XP (KB921503)
    Mise à jour de sécurité pour Windows XP (KB924667)
    Mise à jour de sécurité pour Windows XP (KB925902)
    Mise à jour de sécurité pour Windows XP (KB926436)
    Mise à jour de sécurité pour Windows XP (KB927779)
    Mise à jour de sécurité pour Windows XP (KB927802)
    Mise à jour de sécurité pour Windows XP (KB928255)
    Mise à jour de sécurité pour Windows XP (KB928843)
    Mise à jour de sécurité pour Windows XP (KB929123)
    Mise à jour de sécurité pour Windows XP (KB930178)
    Mise à jour de sécurité pour Windows XP (KB931261)
    Mise à jour de sécurité pour Windows XP (KB931784)
    Mise à jour de sécurité pour Windows XP (KB932168)
    Mise à jour de sécurité pour Windows XP (KB933729)
    Mise à jour de sécurité pour Windows XP (KB935839)
    Mise à jour de sécurité pour Windows XP (KB935840)
    Mise à jour de sécurité pour Windows XP (KB936021)
    Mise à jour de sécurité pour Windows XP (KB938829)
    Mise à jour de sécurité pour Windows XP (KB941202)
    Mise à jour de sécurité pour Windows XP (KB941568)
    Mise à jour de sécurité pour Windows XP (KB941569)
    Mise à jour de sécurité pour Windows XP (KB943460)
    Mise à jour de sécurité pour Windows XP (KB944653)
    Mise à jour pour Windows XP (KB927891)
    Mise à jour pour Windows XP (KB929338)
    Mise à jour pour Windows XP (KB930916)
    Mise à jour pour Windows XP (KB931836)
    Mise à jour pour Windows XP (KB933360)
    Mise à jour pour Windows XP (KB938828)
    Mise à jour pour Windows XP (KB942763)
    MixW 2.18 (Jan-09-2007)
    Mozilla Firefox (2.0.0.11)
    MSN Pictures Displayer 4.5
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    NeoTrace Express 3.25
    Nero 6 Ultra Edition
    Norton Ghost
    Novarm DipTrace
    OpenOffice.org 2.2
    Panda ActiveScan
    PC Camera
    PC Camera
    Philips SPC 900NC PC Camera
    Philips VLounge
    PowerCheck 4.2.3
    Programme de gestion Camera de Logitech®
    RamBoost XP 4.0.6
    RFSim99
    Saisie de Schéma SDS
    Soldiers - Heroes of World War II
    Sonic Foundry Sound Forge 6.0
    Sony Ericsson PC Suite 3.1.1
    Spamihilator
    Tracé de CI
    Trust R-Series Mouse
    Trust R-Series Mouse
    TyanSystemMonitor V2.13
    USB Card Reader \Writer
    USB Storage Device
    USB Video Camera Driver v1.10
    VideoLAN VLC media player 0.8.5-freehd
    Visionneuse Journal Windows Microsoft
    VX2 Cleaner plug-in for Ad-Aware SE
    WebFldrs XP
    Windows Genuine Advantage Notifications (KB905474)
    Windows Internet Explorer 7
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 2
    Yahoo! Messenger

    Le volume dans le lecteur C s'appelle Principal
    Le numéro de série du volume est D835-3672

    Répertoire de C:\Program Files

    29/12/2007 21:03 <REP> .
    29/12/2007 21:03 <REP> ..
    25/12/2007 01:03 <REP> 3D Home Architect
    14/08/2005 23:14 <REP> AboutTime
    01/08/2007 22:03 <REP> ACD Systems
    14/12/2005 19:13 <REP> AdaURL
    24/03/2005 11:59 <REP> Adobe
    21/11/2004 20:11 <REP> Age of Empires 2
    22/08/2005 12:10 <REP> Ahead
    23/06/2005 13:50 <REP> Alwil Software
    03/05/2007 12:24 <REP> AnalogX
    02/07/2007 16:55 <REP> Apache Group
    14/08/2004 14:16 <REP> ATI Technologies
    13/04/2007 23:40 <REP> Camfrog
    23/09/2006 16:46 <REP> CamStudio
    14/02/2007 17:08 <REP> CCleaner
    04/09/2007 18:14 <REP> CodecSniper
    13/08/2005 15:55 <REP> Codemasters
    22/08/2005 17:20 <REP> Common Files
    03/06/2007 22:41 <REP> ConCon
    05/02/2007 22:22 <REP> ConTEXT
    22/01/2005 18:05 <REP> Copernic Agent
    18/07/2007 09:36 <REP> Corel
    02/01/2007 00:15 <REP> Cucusoft
    16/02/2007 00:50 <REP> Cuisinons
    30/09/2006 15:27 <REP> Dial-Messenger
    15/04/2007 00:04 <REP> Dictionnaire
    31/10/2007 06:45 <REP> DipTrace
    23/09/2004 20:02 <REP> directx
    04/08/2007 01:10 <REP> DivX
    04/10/2005 11:35 <REP> Drive Rescue
    30/10/2004 11:47 <REP> EasyPHP1-7
    07/09/2006 21:45 <REP> EchoLink
    04/02/2006 15:46 <REP> Eidos Interactive
    31/01/2005 00:38 <REP> Empire Earth
    27/12/2007 00:04 <REP> eMule
    25/12/2007 00:48 <REP> Fake Webcam
    28/11/2007 20:23 <REP> Fichiers communs
    05/10/2006 22:45 <REP> FileZilla
    07/01/2007 21:47 <REP> Freeplayer
    09/10/2004 23:37 <REP> GlobalSCAPE
    16/12/2007 01:25 <REP> Google
    29/12/2007 19:31 <REP> Grisoft
    04/09/2007 18:23 <REP> GSpot
    18/09/2007 18:56 <REP> HelpNDoc
    23/04/2005 19:21 <REP> HighMAT CD Writing Wizard
    28/12/2007 16:54 <REP> hijackthis
    18/12/2005 16:48 <REP> ICprog
    16/12/2007 01:26 <REP> Internet Explorer
    01/09/2006 19:34 <REP> Intuwave Ltd
    28/10/2007 13:20 <REP> Java
    15/07/2007 14:10 <REP> Kazaa Lite K++
    04/09/2007 18:15 <REP> K-Lite Codec Pack
    27/06/2005 23:06 <REP> Lavalys
    21/08/2004 10:18 <REP> Lavasoft
    03/09/2005 23:46 <REP> Logitech
    09/07/2007 20:26 <REP> Macromedia
    30/07/2006 14:08 <REP> ManyCam
    14/08/2004 15:14 <REP> Meracl FontMap
    07/06/2007 17:03 <REP> Messenger
    19/12/2007 18:29 <REP> Messenger Plus! Live
    21/08/2004 18:03 <REP> Micro Application
    14/08/2004 16:26 <REP> microsoft frontpage
    16/12/2007 01:39 <REP> Microsoft IntelliType Pro
    05/08/2005 18:17 <REP> Microsoft Money
    14/08/2004 17:53 <REP> Microsoft Office
    26/03/2007 21:58 <REP> MixW
    09/02/2005 15:54 <REP> Movie Maker
    27/11/2005 13:58 <REP> Movies
    16/12/2007 18:10 <REP> Mozilla Firefox
    14/08/2004 13:49 <REP> MSN
    15/05/2005 12:58 <REP> MSN Apps
    14/08/2004 13:49 <REP> MSN Gaming Zone
    19/12/2007 18:29 <REP> MSN Messenger
    03/06/2007 22:37 <REP> MSN Pictures Displayer
    16/11/2006 18:13 <REP> MSXML 4.0
    24/03/2007 17:19 <REP> MyUninstall
    02/01/2007 00:06 <REP> NeoDivx Suite
    08/09/2007 16:29 <REP> NeoTrace Express
    26/05/2007 21:04 <REP> NetMeeting
    23/04/2005 19:28 <REP> OfficeUpdate11
    19/05/2007 14:26 <REP> OpenOffice.org 2.2
    24/12/2005 19:35 <REP> Opera
    13/06/2007 16:26 <REP> Outlook Express
    07/11/2007 20:35 <REP> PC Camera
    15/07/2007 16:03 <REP> PC SOFT
    14/11/2007 17:14 <REP> Philips
    16/12/2007 01:48 <REP> PowerCheck
    29/12/2007 19:34 <REP> RamBoost XP
    14/09/2006 20:55 <REP> RegSeeker
    25/04/2005 14:36 <REP> RFSim99
    27/01/2005 18:59 <REP> Saisie de Schéma
    14/08/2004 13:51 <REP> Services en ligne
    22/08/2004 12:39 <REP> Sonic Foundry
    22/08/2004 12:39 <REP> Sonic Foundry Setup
    01/09/2006 19:35 <REP> Sony Ericsson
    22/08/2004 12:39 <REP> Sound Forge 6.0
    29/12/2007 21:05 <REP> Spamihilator
    16/08/2007 19:39 <REP> Spybot - Search & Destroy
    10/08/2007 03:03 <REP> STOPzilla!
    24/02/2007 21:14 <REP> StuffPlug3
    05/08/2005 17:58 <REP> Symantec
    05/02/2005 23:26 <REP> ToniArts
    27/01/2005 19:06 <REP> Tracé de CI
    22/12/2007 15:47 <REP> Trend Micro
    13/12/2007 12:08 <REP> Trust
    20/08/2005 16:35 <REP> Tyan Computer Corp
    14/08/2004 14:05 <REP> VIA Technologies, Inc
    14/12/2007 13:25 <REP> VideoLAN
    16/05/2005 17:57 <REP> vso
    16/12/2007 01:50 <REP> WebcamMax
    02/01/2007 00:01 <REP> WinASPI
    23/09/2006 17:18 <REP> Windows AntiSpy
    23/04/2005 19:21 <REP> Windows Journal Viewer
    10/06/2007 10:14 <REP> Windows Live
    23/12/2007 21:56 <REP> Windows Live Safety Center
    03/11/2006 08:49 <REP> Windows Media Connect 2
    03/11/2006 08:49 <REP> Windows Media Player
    09/02/2005 15:49 <REP> Windows NT
    23/04/2005 18:29 <REP> WinRAR
    27/04/2005 08:26 <REP> WINRLC
    10/03/2005 00:07 <REP> WinZip 8.1 Fr
    14/08/2004 13:52 <REP> xerox
    14/04/2007 10:53 <REP> Yahoo!
    0 fichier(s) 0 octets
    124 Rép(s) 47 960 502 272 octets libres
    Le volume dans le lecteur C s'appelle Principal
    Le numéro de série du volume est D835-3672

    Répertoire de C:\Program Files\fichiers communs

    28/11/2007 20:23 <REP> .
    28/11/2007 20:23 <REP> ..
    01/08/2007 22:07 <REP> ACD Systems
    24/03/2005 11:59 <REP> Adobe
    22/08/2005 12:09 <REP> Ahead
    14/11/2007 17:26 <REP> ArcSoft
    14/08/2004 15:33 <REP> Copernic
    18/07/2007 09:37 <REP> Corel
    18/07/2007 09:20 <REP> Designer
    23/09/2004 20:02 <REP> FotoWire
    15/07/2007 13:52 <REP> InstallShield
    10/08/2007 02:38 <REP> iS3
    28/12/2004 09:59 <REP> Java
    03/09/2005 23:46 <REP> Logitech
    09/07/2007 20:26 <REP> Macromedia
    18/07/2007 09:37 <REP> Microsoft Shared
    14/08/2004 13:50 <REP> MSSoap
    14/08/2004 14:43 <REP> ODBC
    01/10/2006 16:02 <REP> Panda Software
    17/07/2007 00:01 <REP> PC SOFT
    14/08/2004 13:50 <REP> Services
    14/08/2004 14:43 <REP> SpeechEngines
    05/08/2005 17:57 <REP> Symantec Shared
    24/11/2007 10:14 <REP> System
    20/08/2004 11:31 <REP> Vbox
    0 fichier(s) 0 octets
    25 Rép(s) 47 960 506 368 octets libres
    Le volume dans le lecteur C s'appelle Principal
    Le numéro de série du volume est D835-3672

    Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

    19/05/2007 16:28 <REP> .
    19/05/2007 16:28 <REP> ..
    28/02/2002 23:03 561 209 MSONSEXT.DLL
    03/06/1999 13:09 122 937 MSOWS409.DLL
    07/03/2001 08:00 127 033 MSOWS40c.DLL
    18/03/1999 05:37 593 977 RAGENT.DLL
    4 fichier(s) 1 405 156 octets
    2 Rép(s) 47 960 506 368 octets libres
    Le volume dans le lecteur C s'appelle Principal
    Le numéro de série du volume est D835-3672

    Répertoire de C:\Program Files\common files

    22/08/2005 17:20 <REP> .
    22/08/2005 17:20 <REP> ..
    22/08/2005 17:20 <REP> PCCamera
    14/08/2004 15:49 <REP> System
    0 fichier(s) 0 octets
    4 Rép(s) 47 960 506 368 octets libres

    Le volume dans le lecteur C s'appelle Principal
    Le numéro de série du volume est D835-3672

    Répertoire de C:\

    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\aspiinst.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe
    c:\Documents and Settings\Bernard\.housecall\getMac.exe
    c:\Documents and Settings\Bernard\.housecall\patch.exe
    c:\Documents and Settings\Bernard\.housecall\tsc.exe
    c:\Documents and Settings\Bernard\.housecall6.6\getMac.exe
    c:\Documents and Settings\Bernard\.housecall6.6\patch.exe
    c:\Documents and Settings\Bernard\.housecall6.6\tsc.exe
    c:\Documents and Settings\Bernard\Application Data\Microsoft\Installer\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}\MnyIco.exe
    c:\Documents and Settings\Bernard\Bureau\ATF-Cleaner.exe
    c:\Documents and Settings\Bernard\Bureau\ComboFix.exe
    c:\Documents and Settings\Bernard\Bureau\WEBCAM DELIA LCVA_PCDrv_US_1_01_03_1104.EXE
    c:\Documents and Settings\Bernard\Bureau\A installer\2_Microsoft Flight Simulator 2002 crack.exe
    c:\Documents and Settings\Bernard\Bureau\A installer\Ahead Nero Burning Rom 6.0.0.9 Fr + serial.exe
    c:\Documents and Settings\Bernard\Bureau\A installer\Battlefield 1942 - Multi Keygen.exe
    c:\Documents and Settings\Bernard\Bureau\A installer\Codec - All CODECS for Windows Media Player (Will play ALL movies).exe
    c:\Documents and Settings\Bernard\Bureau\A installer\Deus_Ex_2_-_Invisible_War_Patch_v1.1.exe
    c:\Documents and Settings\Bernard\Bureau\A installer\Grand Prix 4 Patch (Official) 9.6.exe
    c:\Documents and Settings\Bernard\Bureau\A installer\Nero 6.0.0.9 - Fr Packet.exe
    c:\Documents and Settings\Bernard\Bureau\A installer\Nero 6.3.0.3 Ultra Full =Latest Version= + Key Gen.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\catchme.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\diff.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\dumphive.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\find2.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\Fport.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\grep.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\gzip.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\LFiles.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\md5sums.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\pslist.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\sigcheck.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\streams.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\swreg.exe
    c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\tar.exe
    c:\Documents and Settings\Bernard\Bureau\LECTEUR MP3\audiodream_3410_2420.exe
    c:\Documents and Settings\Bernard\Bureau\LECTEUR MP3\mp3_recovery_drv.exe
    c:\Documents and Settings\Bernard\Bureau\OM a tester\Commander471Archive.exe
    c:\Documents and Settings\Bernard\Bureau\OM a tester\TRX MANAGER trmde376.exe
    c:\Documents and Settings\Bernard\Bureau\Outils\Antibagle-fr.exe
    c:\Documents and Settings\Bernard\Bureau\Outils\avgas-setup-7.5.1.43.exe
    c:\Documents and Settings\Bernard\Bureau\Outils\FxBeagle.exe
    c:\Documents and Settings\Bernard\Bureau\Outils\gmer.exe
    c:\Documents and Settings\Bernard\Bureau\Outils\SREngPS.EXE
    c:\Documents and Settings\Bernard\Bureau\Outils\clean\clean\gzip.exe
    c:\Documents and Settings\Bernard\Bureau\Outils\clean\clean\LFiles.exe
    c:\Documents and Settings\Bernard\Bureau\Outils\clean\clean\pskill.exe
    c:\Documents and Settings\Bernard\Bureau\Outils\clean\clean\tar.exe
    c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\catchme.exe
    c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\diff.exe
    c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\dumphive.exe
    c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\FilesInfoCmd.exe
    c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\find2.exe
    c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\Fport.exe
    c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\grep.exe
    c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\gzip.exe
    c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\KProcCheck.exe
    c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\LFiles.exe
    c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\LISTDLLS.exe
    c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\md5sums.exe
    c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\pslist.exe
    c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\sigcheck.exe
    c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\streams.exe
    c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\swreg.exe
    c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\tar.exe
    c:\Documents and Settings\Bernard\Bureau\Outils\zip\SREngPS.EXE
    c:\Documents and Settings\Bernard\Bureau\Référenceur\submitic.exe
    c:\Documents and Settings\Bernard\Bureau\SAT\04-2005\Firmware_Flash308+.exe
    c:\Documents and Settings\Bernard\Bureau\SAT\flash XSAT\exe\Firmware_Flash308+.exe
    c:\Documents and Settings\Bernard\Bureau\SONY P900\UpdateService_Inst_2.6.4.9.exe
    c:\WinDev 11\Composants\Composants exemples\WD DerniersDocuments\WD DerniersDocuments - Exemple\Exe\WD DerniersDocuments - Exemple.exe
    c:\Documents and Settings\All Users\Application Data\Adobe\AWSCommonUI.dll
    c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
    c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
    c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
    c:\Documents and Settings\Bernard\Application Data\Adobe\AWSCommonUI.dll
    c:\Documents and Settings\Bernard\Application Data\Macromedia\Dreamweaver MX\Configuration\Flash Player\FlashPlayerW.dll
    c:\Documents and Settings\Bernard\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
    c:\Documents and Settings\Bernard\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
    c:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
    c:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
    c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

    ****** Fin du rapport DiagHelp
    Veuillez svp envoyer le fichier C:\upload_moi_BV.tar.gz a l'adresse http://upload.malekal.com
    0
  • 1
  • 2