Sujet Précédent Sujet Suivant

Virus récalcitrant ? Win32.WORM.BAGLE.ZJJ

Résolu/Fermé
Moi même - 22 déc. 2007 à 13:17
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 - 31 déc. 2007 à 16:22
Bonjour,
Depuis plusieurs jours, mon PC, qui bien que fonctionnant normalement, reboote de façon intempestive et aléatoire et il semblerait qu'il soit infecté.
Aprés plusieurs scans en ligne (Norton, Secuser, Freedom, FSecure, BitDefender, eTrustOnLine), il apparait que BitDefender (et lui seul) détecte W32.Worm.Bagle ZJJ. Les autres antivurus ne détectent strictement rien.
La désinfection et la suppression du fichier infecté sont impossibles et n'apportent aucun résultat, l'anomalie persiste, avec bien sur les précautions d'usage (désactivation restauration du système, etc...).
Tentatives aussi avec AVG, Spybot et CCCLeaner, de même que plusieurs outils destinés à éliminer ce ver (SDFix, AntiBagle-fr, FxBeagle), toujours sans résultat.
Le fichier "infecté" est localisé dans un sous-dossier de Documents & settings, mais rien a faire...
Quelqu'un a t'il une idée ?
Merci
A voir également:

25 réponses

  • 1
  • 2
Réponse 1 / 25
DarkRodWarrior Messages postés 1755 Date d'inscription vendredi 2 mars 2007 Statut Membre Dernière intervention 18 mai 2010 91
22 déc. 2007 à 13:22
Salut,

Tu peux formater ton PC ?
1
Réponse 2 / 25
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
22 déc. 2007 à 13:27
Salut,

Si c'est pour proposer un foramatage, il vaut mieux s'abstenir.
Télécharge ELIBAGLA en bas de cette page : http://www.zonavirus.com/datos/descargas/95/elibagla.asp
(clique sur le bouton "Descargar Elibagla") sur ton bureau.
Lance-le, de préférence en mode sans échec si tu en as la possibilité, en mode normal dans le cas contraire. Patiente le temps du scan.
Lorsqu'il a terminé, poste le contenu du fichier infoSat.txt qui se trouve dans Poste de travail > Disque C:\
Et par la même occasion, précise si tu peux à nouveau démarrer en mode sans échec.

Ne pas rebooter en passant par msconfig.

FillPCA
0
Réponse 3 / 25
Moi même
22 déc. 2007 à 14:25
Merci pour ton aide
Voici le résultat.
Oui, je peux démarrer en mode sans echec.

Sat Dec 22 14:08:20 2007
EliBagle v10.78 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 10601
Nº Total de Ficheros: 157910
Nº de Ficheros Analizados: 14519
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
0
Réponse 4 / 25
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
22 déc. 2007 à 14:48
Re,

Poste les 3 rapports en plusieurs fois s'ils sont trop longsp our être publiés en une seule fois.

1/ * Télécharge DiagHelp.zip sur ton bureau(Merci Malekal) : http://www.malekal.com/download/DiagHelp.zip
Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php
* Ne double-clique pas dessus !! Fais un clic droit sur le fichier et extraire tout.
* Un nouveau dossier chercher va être créé.
* Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
* Une fenêtre va s'ouvrir, choisis l'option 1
* L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.
* Pendant l'analyse après le rapport CATCHME sur l'écran rouge, tu dois appuyer sue entrée pour que l'outil continue ses recherches. Suis les consignes écrites.
* Une fenêtre avec le rapport s'ouvre alors. Copie/colle son contenu. (Il se trouve aussi ici : c:\resultat.txt)
* Double-clique sur ce fichier, Fais CTRL+A puis CTRL+C.
* Dans ta prochaine réponse, colle le rapport en faisant CTRL+V.

2/ * Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
* Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
* Ouvre le dossier SReng2 et double-clique sur SREng.exe.
* Clique sur "smart scan".
* Clique sur le bouton "scan".
* Quand l'analyse est terminée, clique sur le bouton "save reports".
* Sauvegarde alors le rapport sur ton bureau.
* Copie/colle le contenu du rapport SREnglLOG.log dans ta prochaine réponse.

3/ Edite aussi un rapport Hijackthis :
http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
Démo en image
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm


Fais un scan et poste l'analyse.

FillPCA
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 25
Cobr@3 Messages postés 73 Date d'inscription dimanche 30 septembre 2007 Statut Membre Dernière intervention 17 janvier 2008 4
22 déc. 2007 à 14:50
Télécharger HijackThis
- http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Installe le sur le bureau, lance le et clique sur Do a System Scan puis poste ton rapport ;)
0
Réponse 6 / 25
Moi même
22 déc. 2007 à 15:55
Merci encore, voila le résultat

__________________________________________________________________________________________________________
DiagHelp version v1.4 - http://www.malekal.com
excute le 22/12/2007 à 15:21:02,20


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\MSIMN.EXE-3356F448.pf -->27/12/2007 15:37:26
C:\WINDOWS\prefetch\IEXPLORE.EXE-06887102.pf -->27/12/2007 15:34:09
C:\WINDOWS\prefetch\VERCLSID.EXE-3B227142.pf -->27/12/2007 15:34:06
C:\WINDOWS\prefetch\ACDSEEQV.EXE-2174EC4D.pf -->27/12/2007 14:58:10
C:\WINDOWS\prefetch\CIDAEMON.EXE-2B2C6F8A.pf -->27/12/2007 14:51:30
C:\WINDOWS\prefetch\USNSVC.EXE-06863237.pf -->27/12/2007 14:48:37
C:\WINDOWS\prefetch\LIVECALL.EXE-124D8E6F.pf -->27/12/2007 14:48:31
C:\WINDOWS\prefetch\YUPDATER.EXE-290842D1.pf -->27/12/2007 14:48:13
C:\WINDOWS\prefetch\MSNMSGR.EXE-1C291C3F.pf -->27/12/2007 14:47:59
C:\WINDOWS\prefetch\WUAUCLT.EXE-12D8E25E.pf -->27/12/2007 14:45:02

C:\WINDOWS\System32\drivers\gmer.sys -->19/12/2007 14:21:48
C:\WINDOWS\System32\drivers\aswmon.sys -->04/12/2007 15:56:02
C:\WINDOWS\System32\drivers\aswmon2.sys -->04/12/2007 15:55:46
C:\WINDOWS\System32\drivers\aswRdr.sys -->04/12/2007 15:53:39
C:\WINDOWS\System32\drivers\aswTdi.sys -->04/12/2007 15:51:52
C:\WINDOWS\System32\drivers\aavmker4.sys -->04/12/2007 15:49:02
C:\WINDOWS\System32\drivers\secdrv.sys -->13/11/2007 11:25:54

C:\WINDOWS\System32\LVCOMSX.LOG -->22/12/2007 15:16:48
C:\WINDOWS\System32\wpa.dbl -->22/12/2007 11:36:51
C:\WINDOWS\System32\Uninstall.ico -->21/12/2007 00:51:29
C:\WINDOWS\System32\pavas.ico -->21/12/2007 00:51:29
C:\WINDOWS\System32\Help.ico -->21/12/2007 00:51:29
C:\WINDOWS\System32\CONFIG.NT -->12/12/2007 09:32:51
C:\WINDOWS\System32\TZLog.log -->12/12/2007 01:30:26
C:\WINDOWS\System32\aswBoot.exe -->04/12/2007 14:04:28
C:\WINDOWS\System32\AVASTSS.scr -->04/12/2007 13:54:04
C:\WINDOWS\System32\MRT.exe -->03/12/2007 00:00:05
C:\WINDOWS\System32\tzchange.exe -->13/11/2007 12:31:11
C:\WINDOWS\System32\mshtml.dll -->31/10/2007 00:23:48
C:\WINDOWS\System32\quartz.dll -->29/10/2007 23:43:32
C:\WINDOWS\System32\xpsp3res.dll -->29/10/2007 16:07:16
C:\WINDOWS\System32\jupdate-1.6.0_03-b05.log -->28/10/2007 13:20:46
C:\WINDOWS\System32\perfh00C.dat -->28/10/2007 09:19:00
C:\WINDOWS\System32\perfh009.dat -->28/10/2007 09:19:00
C:\WINDOWS\System32\perfc00C.dat -->28/10/2007 09:19:00
C:\WINDOWS\System32\perfc009.dat -->28/10/2007 09:19:00
C:\WINDOWS\System32\PerfStringBackup.INI -->28/10/2007 09:18:59
C:\WINDOWS\System32\shell32.dll -->25/10/2007 17:43:25
C:\WINDOWS\System32\wmasf.dll -->25/10/2007 09:28:30
C:\WINDOWS\System32\wininet.dll -->11/10/2007 00:49:45
C:\WINDOWS\System32\webcheck.dll -->11/10/2007 00:49:45
C:\WINDOWS\System32\urlmon.dll -->11/10/2007 00:49:45

C:\WINDOWS\ntbtlog.txt -->22/12/2007 15:15:35
C:\WINDOWS\bootstat.dat -->22/12/2007 14:31:34
C:\WINDOWS\WindowsUpdate.log -->22/12/2007 14:29:32
C:\WINDOWS\SchedLgU.Txt -->22/12/2007 13:42:15
C:\WINDOWS\wiaservc.log -->22/12/2007 13:42:07
C:\WINDOWS\wiadebug.log -->22/12/2007 13:42:06
C:\WINDOWS\setupapi.log -->22/12/2007 12:44:02
C:\WINDOWS\0.log -->22/12/2007 11:36:36
C:\WINDOWS\TempFile -->22/12/2007 11:36:03
C:\WINDOWS\NeroDigital.ini -->21/12/2007 19:33:25
C:\WINDOWS\pavsig.txt -->21/12/2007 00:51:35
C:\WINDOWS\gmer.ini -->19/12/2007 14:24:43
C:\WINDOWS\gmer_uninstall.cmd -->19/12/2007 14:21:48
C:\WINDOWS\gmer.dll -->19/12/2007 14:21:48
C:\WINDOWS\setupact.log -->19/12/2007 10:34:09

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 816
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x44080000 0xcf000 7.00.6000.16574 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16574 C:\WINDOWS\system32\iertutil.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x44360000 0x5cd000 7.00.6000.16574 C:\WINDOWS\system32\ieframe.dll
0x44160000 0x127000 7.00.6000.16574 C:\WINDOWS\system32\urlmon.dll
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x00f80000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x16200000 0x6000 4.01.0000.0000 C:\PROGRA~1\WINZIP~1.1FR\WZSHLSTB.DLL
0x02410000 0x5d000 1.03.0004.0001 C:\Program Files\Sony Ericsson\Mobile\auexpext.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x02470000 0x2b000 1.03.0004.0001 C:\Program Files\Sony Ericsson\Mobile\FilGuiLg.dll
0x024b0000 0x28000 C:\Program Files\WinRAR\rarext.dll
0x64000000 0x30000 2005.01.0001.0004 C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
0x10000000 0x2a000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
0x64f00000 0x12000 4.07.1098.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
0x02ae0000 0x22000 8.02.0000.1192 C:\Program Files\Logitech\Video\Namespc2.dll
0x7c140000 0x103000 7.10.3077.0000 C:\WINDOWS\system32\MFC71.DLL
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll
0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
0x02400000 0x8000 8.02.0000.1192 C:\Program Files\Logitech\Video\AlbuDBps.dll
0x5a500000 0x4e000 8.01.0178.0000 C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll
0x02b30000 0x27e000 5.02.5721.5145 C:\WINDOWS\system32\wpdshext.dll
0x07160000 0x46000 5.02.5721.5145 C:\WINDOWS\system32\Audiodev.dll
0x15110000 0x25a000 11.00.5721.5145 C:\WINDOWS\system32\WMVCore.DLL
0x11c70000 0x3a000 11.00.5721.5238 C:\WINDOWS\system32\WMASF.DLL
0x02db0000 0x2f000 11.00.0000.0001 C:\WINDOWS\system32\WDShell.dll
0x02df0000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x61c20000 0x54000 8.00.0000.9118 C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll
0x5fc70000 0x18000 8.00.0000.9107 C:\Program Files\OpenOffice.org 2.2\program\uwinapi.dll
0x61740000 0x8e000 4.05.2003.0120 C:\Program Files\OpenOffice.org 2.2\program\stlport_vc7145.dll
0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\system32\MSISIP.DLL
0x74e10000 0x10000 5.06.0000.8820 C:\WINDOWS\System32\wshext.dll
0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL
0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\System32\wshFR.DLL

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 268
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x00df0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll


Le volume dans le lecteur C s'appelle Principal
Le numéro de série du volume est D835-3672

Répertoire de C:\WINDOWS\system

10/09/1999 12:06 4 672 WOWPOST.EXE
1 fichier(s) 4 672 octets
0 Rép(s) 48 208 277 504 octets libres
Le volume dans le lecteur C s'appelle Principal
Le numéro de série du volume est D835-3672

Répertoire de C:\WINDOWS\system32

20/08/2004 00:09 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 48 208 277 504 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C s'appelle Principal
Le numéro de série du volume est D835-3672

Répertoire de C:\WINDOWS\Downloaded Program Files

22/12/2007 12:44 <REP> .
22/12/2007 12:44 <REP> ..
07/03/2007 00:59 300 680 arclib.dll
24/08/2006 07:28 141 424 asinst.dll
22/08/2006 08:06 537 asinst.inf
09/12/2007 00:46 312 680 avsniff.dll
09/12/2007 00:38 773 avsniff.inf
09/12/2007 00:46 255 336 avsniffdlgs.dll
07/12/2004 16:07 32 bdcore.dll
25/05/2006 00:21 118 784 bdupd.dll
21/03/2002 14:26 815 bitdefender.inf
30/01/2003 15:52 348 160 bitdefender.ocx
25/06/2003 18:00 541 ca.pub
09/12/2007 00:38 241 CabSA.inf
14/11/2007 01:00 2 504 catalog.dat
27/03/2002 13:02 168 014 cssweb.dll
24/04/2003 14:11 259 cssweb.inf
17/01/2006 16:11 580 663 daas_s.dll
14/08/2004 13:51 65 desktop.ini
25/07/2002 17:13 24 576 dwusplay.dll
25/07/2002 17:13 196 608 dwusplay.exe
14/11/2007 01:00 6 899 ecbootil.vxd
09/12/2007 00:36 42 112 ecmldr32.dll
14/11/2007 01:00 284 016 ecmsvr32.dll
20/11/2007 16:04 1 523 536 FP_AX_CAB_INSTALLER.exe
03/02/2006 10:20 188 416 fsauc.dll
16/06/2006 14:31 181 856 fscax.dll
13/04/2007 15:52 482 fscax.inf
12/07/2000 01:02 36 864 fxfileop.dll
25/05/2006 00:21 53 248 ipsupd.dll
10/06/2005 09:44 417 792 isusweb.dll
07/01/2007 12:55 2 305 kavwebscan.inf
16/03/2005 11:34 7 407 lang.ini
11/12/2006 16:44 367 LegitCheckControl.inf
07/12/2004 16:07 32 libfn.dll
14/03/2005 13:38 126 live.ini
24/02/2006 11:49 882 mcfscan.inf
18/11/1999 12:48 995 mpeg4ax.inf
18/11/1999 12:49 992 msaudio.inf
09/12/2007 00:36 6 850 navapi.vxd
09/12/2007 00:36 201 896 navapi32.dll
14/11/2007 01:00 124 272 naveng32.dll
14/11/2007 01:00 914 800 navex32a.dll
17/01/2005 16:09 227 opuc.inf
01/06/2006 01:57 1 331 oscan8.inf
01/06/2006 01:54 471 040 oscan8.ocx
31/05/2006 03:15 10 oscan81.ocx_x
09/12/2007 00:46 296 336 rufsi.dll
14/03/2005 13:58 7 073 scanoptions.tsi
14/11/2007 01:00 97 776 scrauth.dat
20/11/2007 15:50 247 swflash.inf
14/11/2007 01:00 11 816 symaveng.cat
14/11/2007 01:00 1 061 symaveng.inf
14/11/2007 01:00 400 415 tcdefs.dat
14/11/2007 01:00 2 344 295 tcscan7.dat
14/11/2007 01:00 413 082 tcscan8.dat
14/11/2007 01:00 968 800 tcscan9.dat
14/11/2007 01:00 453 tinf.dat
14/11/2007 01:00 148 tinfidx.dat
14/11/2007 01:00 1 957 tinfl.dat
14/11/2007 01:00 67 815 tscan1.dat
14/11/2007 01:00 3 240 tscan1hd.dat
31/10/2001 09:37 118 uninst.bat
14/11/2007 01:00 4 778 v.grd
14/11/2007 01:00 2 267 v.sig
21/12/2007 19:08 294 403 vet.da1
19/11/2007 01:18 13 076 520 vet.dat
13/07/2007 05:11 1 353 016 vete.dll
14/11/2007 01:00 106 244 virscan.inf
14/11/2007 01:00 996 122 virscan1.dat
14/11/2007 01:00 570 966 virscan2.dat
14/11/2007 01:00 150 536 virscan3.dat
14/11/2007 01:00 320 253 virscan4.dat
14/11/2007 01:00 4 871 963 virscan5.dat
14/11/2007 01:00 392 074 virscan6.dat
14/11/2007 01:00 14 386 178 virscan7.dat
14/11/2007 01:00 1 862 947 virscan8.dat
14/11/2007 01:00 5 260 290 virscan9.dat
14/11/2007 01:00 32 virscant.dat
18/12/2007 13:34 2 072 vscanmsx.dat
20/11/2006 12:02 180 282 webscan.dll
21/07/2006 12:55 477 webscan.inf
02/11/2005 17:01 1 777 xscan.inf
02/11/2005 17:07 435 712 xscan53.ocx
14/11/2007 01:00 224 zdone.dat
83 fichier(s) 55 805 210 octets

Total des fichiers listés :
83 fichier(s) 55 805 210 octets
2 Rép(s) 48 208 273 408 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Age of Empires 2\\age2_x1.exe"="C:\\Program Files\\Age of Empires 2\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\\Program Files\\EasyPHP1-7\\apache\\apache.exe"="C:\\Program Files\\EasyPHP1-7\\apache\\apache.exe:*:Enabled:apache"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Empire Earth\\Empire Earth.exe"="C:\\Program Files\\Empire Earth\\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\\Program Files\\GlobalSCAPE\\CuteFTP Pro\\TE\\ftpte.exe"="C:\\Program Files\\GlobalSCAPE\\CuteFTP Pro\\TE\\ftpte.exe:*:Enabled:FTP Transfer Engine"
"C:\\Program Files\\MixW\\Teoan.exe"="C:\\Program Files\\MixW\\Teoan.exe:*:Enabled:TEOAN"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime"
"C:\\Program Files\\EchoLink\\EchoLink.exe"="C:\\Program Files\\EchoLink\\EchoLink.exe:*:Enabled:EchoLink"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"="C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp:*:Enabled:KazaaLite"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\11exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\11exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\38exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\38exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\43exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\43exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\74exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\74exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\51exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\51exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\0exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\0exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\80exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\80exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\75exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\75exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\63exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\63exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\8exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\8exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\48exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\48exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\2exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\2exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\36exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\36exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\66exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\66exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\50exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\50exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\73exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\73exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\54exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\54exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\29exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\29exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\6exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\6exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\61exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\61exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\41exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\41exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\45exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\45exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\64exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\64exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\37exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\37exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\19exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\19exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\69exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\69exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\12exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\12exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\84exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\84exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\15exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\15exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\5exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\5exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\21exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\21exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\99exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\99exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\65exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\65exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\23exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\23exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\26exinjs.a6.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\26exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\98exinjs.a6.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\98exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\17exinjs.a6.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\17exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\10exinjs.a6.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\10exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\Microsoft Office\\Office\\EXCEL.EXE"="C:\\Program Files\\Microsoft Office\\Office\\EXCEL.EXE:*:Enabled:Microsoft Excel for Windows"
"C:\\Program Files\\FileZilla\\FileZilla.exe"="C:\\Program Files\\FileZilla\\FileZilla.exe:*:Enabled:FileZilla"
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
"C:\\Program Files\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"



exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 15:21:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2C4D257C-72E2-E577-A752-291333787D00}]
"hagepphnhnalohlb"=hex:61,61,00,00
"hagepphnnnglgocp"=hex:61,61,00,00
"iakfpidebimpimgooj"=hex:6b,61,68,69,67,68,6d,70,69,62,66,67,61,65,6c,66,67,70,61,6f,6f,..
"haegjngplkgkgjhj"=hex:6b,61,68,69,67,68,6d,70,69,62,66,67,61,65,6c,66,67,70,61,6f,6f,..

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Error loading kernel support driver!
Make sure you are running this as Administrator.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Error loading kernel support driver!
Make sure you are running this as Administrator.

Liste des programmes installes

3D Home Architect Home Design Deluxe 6
3D Home Architect Home Design Deluxe 6
ACDSee 9 Gestionnaire de photos
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Ahead InCD
Apache HTTP Server 2.0.55
Archiveur WinRAR
ARTEC
ATI Control Panel
ATI Display Driver
avast! Antivirus
AVG Anti-Spyware 7.5
Barre d'outils MSN
Camfrog Video Chat 3.91 (remove only)
CamStudio 2.0 Fr
Canon i560
CCleaner (remove only)
Command On Demand for Command Software
Compel Adaptec WinASPI
ConTEXT
Copernic Agent Professional
Corel Paint Shop Pro X
CorelDRAW Graphics Suite 12
Correctif pour Lecteur Windows Media 11 (KB939683)
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
CuteFTP Pro
EasyCleaner
EchoLink
eMule
Etats Et Requêtes
EVEREST Home Edition v2.01
Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP
Fake Webcam 2.9.16
FileSpecs plug-in for Ad-Aware SE
FileZilla (remove only)
Freeplayer
Frontline Attack - War over Europe
Google Earth
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
HelpNDoc Version 1.10 Personal Edition
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
HydraVision
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 3.4.0 Full
Kaspersky Online Scanner
Language Pack for Ad-aware 6
Language pack for Ad-Aware SE
Lecteur Windows Media 11
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Logitech Desktop Messenger
Logitech MouseWare 9.79.1
Logitech Print Service
Logitech QuickCam
LST PCSOFT
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks 8
Meracl FontMap v2.1.1
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft IntelliType Pro 5.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2001
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Professional
Microsoft Publisher 98
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows XP (KB918118)
Mise à jour de sécurité pour Windows XP (KB921503)
Mise à jour de sécurité pour Windows XP (KB924667)
Mise à jour de sécurité pour Windows XP (KB925902)
Mise à jour de sécurité pour Windows XP (KB926436)
Mise à jour de sécurité pour Windows XP (KB927779)
Mise à jour de sécurité pour Windows XP (KB927802)
Mise à jour de sécurité pour Windows XP (KB928255)
Mise à jour de sécurité pour Windows XP (KB928843)
Mise à jour de sécurité pour Windows XP (KB929123)
Mise à jour de sécurité pour Windows XP (KB930178)
Mise à jour de sécurité pour Windows XP (KB931261)
Mise à jour de sécurité pour Windows XP (KB931784)
Mise à jour de sécurité pour Windows XP (KB932168)
Mise à jour de sécurité pour Windows XP (KB933729)
Mise à jour de sécurité pour Windows XP (KB935839)
Mise à jour de sécurité pour Windows XP (KB935840)
Mise à jour de sécurité pour Windows XP (KB936021)
Mise à jour de sécurité pour Windows XP (KB938829)
Mise à jour de sécurité pour Windows XP (KB941202)
Mise à jour de sécurité pour Windows XP (KB941568)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB943460)
Mise à jour de sécurité pour Windows XP (KB944653)
Mise à jour pour Windows XP (KB927891)
Mise à jour pour Windows XP (KB929338)
Mise à jour pour Windows XP (KB930916)
Mise à jour pour Windows XP (KB931836)
Mise à jour pour Windows XP (KB933360)
Mise à jour pour Windows XP (KB938828)
Mise à jour pour Windows XP (KB942763)
MixW 2.18 (Jan-09-2007)
Mozilla Firefox (2.0.0.11)
MSN Pictures Displayer 4.5
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
NeoTrace Express 3.25
Nero 6 Ultra Edition
Norton Ghost
Novarm DipTrace
OpenOffice.org 2.2
Panda ActiveScan
PC Camera
PC Camera
Philips SPC 900NC PC Camera
Philips VLounge
Picasa 2
PowerCheck 4.2.3
Programme de gestion Camera de Logitech®
RamBoost XP 4.0.6
RFSim99
Saisie de Schéma SDS
Soldiers - Heroes of World War II
Sonic Foundry Sound Forge 6.0
Sony Ericsson PC Suite 3.1.1
Spamihilator
Tracé de CI
Trust R-Series Mouse
Trust R-Series Mouse
TyanSystemMonitor V2.13
USB Card Reader \Writer
USB Storage Device
USB Video Camera Driver v1.10
VideoLAN VLC media player 0.8.5-freehd
Visionneuse Journal Windows Microsoft
VX2 Cleaner plug-in for Ad-Aware SE
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 2
Yahoo! Messenger



Le volume dans le lecteur C s'appelle Principal
Le numéro de série du volume est D835-3672

Répertoire de C:\Program Files

19/12/2007 10:30 <REP> .
19/12/2007 10:30 <REP> ..
10/03/2005 13:37 <REP> 3D Home Architect
14/08/2005 23:14 <REP> AboutTime
01/08/2007 22:03 <REP> ACD Systems
14/12/2005 19:13 <REP> AdaURL
24/03/2005 11:59 <REP> Adobe
21/11/2004 20:11 <REP> Age of Empires 2
22/08/2005 12:10 <REP> Ahead
02/06/2006 20:58 <REP> Alcohol Soft
23/06/2005 13:50 <REP> Alwil Software
03/05/2007 12:24 <REP> AnalogX
02/07/2007 16:55 <REP> Apache Group
14/08/2004 14:16 <REP> ATI Technologies
13/04/2007 23:40 <REP> Camfrog
23/09/2006 16:46 <REP> CamStudio
14/02/2007 17:08 <REP> CCleaner
04/09/2007 18:14 <REP> CodecSniper
13/08/2005 15:55 <REP> Codemasters
22/08/2005 17:20 <REP> Common Files
03/06/2007 22:41 <REP> ConCon
05/02/2007 22:22 <REP> ConTEXT
22/01/2005 18:05 <REP> Copernic Agent
18/07/2007 09:36 <REP> Corel
02/01/2007 00:15 <REP> Cucusoft
16/02/2007 00:50 <REP> Cuisinons
30/09/2006 15:27 <REP> Dial-Messenger
15/04/2007 00:04 <REP> Dictionnaire
31/10/2007 06:45 <REP> DipTrace
23/09/2004 20:02 <REP> directx
04/08/2007 01:10 <REP> DivX
04/10/2005 11:35 <REP> Drive Rescue
30/10/2004 11:47 <REP> EasyPHP1-7
07/09/2006 21:45 <REP> EchoLink
04/02/2006 15:46 <REP> Eidos Interactive
31/01/2005 00:38 <REP> Empire Earth
16/12/2007 15:42 <REP> eMule
19/05/2007 22:04 <REP> Fake Webcam
28/11/2007 20:23 <REP> Fichiers communs
05/10/2006 22:45 <REP> FileZilla
07/01/2007 21:47 <REP> Freeplayer
09/10/2004 23:37 <REP> GlobalSCAPE
16/12/2007 01:25 <REP> Google
10/08/2007 03:18 <REP> Grisoft
04/09/2007 18:23 <REP> GSpot
18/09/2007 18:56 <REP> HelpNDoc
23/04/2005 19:21 <REP> HighMAT CD Writing Wizard
17/12/2007 21:42 <REP> hijackthis
18/12/2005 16:48 <REP> ICprog
16/12/2007 01:26 <REP> Internet Explorer
01/09/2006 19:34 <REP> Intuwave Ltd
28/10/2007 13:20 <REP> Java
15/07/2007 14:10 <REP> Kazaa Lite K++
04/09/2007 18:15 <REP> K-Lite Codec Pack
27/06/2005 23:06 <REP> Lavalys
21/08/2004 10:18 <REP> Lavasoft
03/09/2005 23:46 <REP> Logitech
09/07/2007 20:26 <REP> Macromedia
30/07/2006 14:08 <REP> ManyCam
14/08/2004 15:14 <REP> Meracl FontMap
07/06/2007 17:03 <REP> Messenger
19/12/2007 18:29 <REP> Messenger Plus! Live
21/08/2004 18:03 <REP> Micro Application
14/08/2004 16:26 <REP> microsoft frontpage
16/12/2007 01:39 <REP> Microsoft IntelliType Pro
05/08/2005 18:17 <REP> Microsoft Money
14/08/2004 17:53 <REP> Microsoft Office
26/03/2007 21:58 <REP> MixW
09/02/2005 15:54 <REP> Movie Maker
27/11/2005 13:58 <REP> Movies
16/12/2007 18:10 <REP> Mozilla Firefox
14/08/2004 13:49 <REP> MSN
15/05/2005 12:58 <REP> MSN Apps
14/08/2004 13:49 <REP> MSN Gaming Zone
19/12/2007 18:29 <REP> MSN Messenger
03/06/2007 22:37 <REP> MSN Pictures Displayer
16/11/2006 18:13 <REP> MSXML 4.0
24/03/2007 17:19 <REP> MyUninstall
02/01/2007 00:06 <REP> NeoDivx Suite
08/09/2007 16:29 <REP> NeoTrace Express
26/05/2007 21:04 <REP> NetMeeting
23/04/2005 19:28 <REP> OfficeUpdate11
02/10/2005 16:45 <REP> Ontrack
19/05/2007 14:26 <REP> OpenOffice.org 2.2
24/12/2005 19:35 <REP> Opera
13/06/2007 16:26 <REP> Outlook Express
06/08/2006 09:11 <REP> Paltalk Messenger
07/11/2007 20:35 <REP> PC Camera
15/07/2007 16:03 <REP> PC SOFT
14/11/2007 17:14 <REP> Philips
24/12/2005 16:55 <REP> Picasa2
19/08/2004 19:11 <REP> PopUp Destroy
16/12/2007 01:48 <REP> PowerCheck
22/12/2007 11:36 <REP> RamBoost XP
14/09/2006 20:55 <REP> RegSeeker
25/04/2005 14:36 <REP> RFSim99
27/01/2005 18:59 <REP> Saisie de Schéma
14/08/2004 13:51 <REP> Services en ligne
22/08/2004 12:39 <REP> Sonic Foundry
22/08/2004 12:39 <REP> Sonic Foundry Setup
01/09/2006 19:35 <REP> Sony Ericsson
22/08/2004 12:39 <REP> Sound Forge 6.0
22/12/2007 13:04 <REP> Spamihilator
16/08/2007 19:39 <REP> Spybot - Search & Destroy
10/08/2007 03:03 <REP> STOPzilla!
24/02/2007 21:14 <REP> StuffPlug3
05/08/2005 17:58 <REP> Symantec
08/07/2006 14:13 <REP> The Weather Channel FW
05/02/2005 23:26 <REP> ToniArts
27/01/2005 19:06 <REP> Tracé de CI
13/12/2007 12:08 <REP> Trust
20/08/2005 16:35 <REP> Tyan Computer Corp
14/08/2004 14:05 <REP> VIA Technologies, Inc
14/12/2007 13:25 <REP> VideoLAN
16/05/2005 17:57 <REP> vso
16/12/2007 01:50 <REP> WebcamMax
02/01/2007 00:01 <REP> WinASPI
23/09/2006 17:18 <REP> Windows AntiSpy
23/04/2005 19:21 <REP> Windows Journal Viewer
10/06/2007 10:14 <REP> Windows Live
19/12/2007 22:18 <REP> Windows Live Safety Center
03/11/2006 08:49 <REP> Windows Media Connect 2
03/11/2006 08:49 <REP> Windows Media Player
09/02/2005 15:49 <REP> Windows NT
23/04/2005 18:29 <REP> WinRAR
27/04/2005 08:26 <REP> WINRLC
10/03/2005 00:07 <REP> WinZip 8.1 Fr
14/08/2004 13:52 <REP> xerox
14/04/2007 10:53 <REP> Yahoo!
0 fichier(s) 0 octets
129 Rép(s) 48 190 070 784 octets libres
Le volume dans le lecteur C s'appelle Principal
Le numéro de série du volume est D835-3672

Répertoire de C:\Program Files\fichiers communs

28/11/2007 20:23 <REP> .
28/11/2007 20:23 <REP> ..
01/08/2007 22:07 <REP> ACD Systems
24/03/2005 11:59 <REP> Adobe
22/08/2005 12:09 <REP> Ahead
14/11/2007 17:26 <REP> ArcSoft
14/08/2004 15:33 <REP> Copernic
18/07/2007 09:37 <REP> Corel
18/07/2007 09:20 <REP> Designer
23/09/2004 20:02 <REP> FotoWire
15/07/2007 13:52 <REP> InstallShield
10/08/2007 02:38 <REP> iS3
28/12/2004 09:59 <REP> Java
03/09/2005 23:46 <REP> Logitech
09/07/2007 20:26 <REP> Macromedia
18/07/2007 09:37 <REP> Microsoft Shared
14/08/2004 13:50 <REP> MSSoap
14/08/2004 14:43 <REP> ODBC
01/10/2006 16:02 <REP> Panda Software
17/07/2007 00:01 <REP> PC SOFT
14/08/2004 13:50 <REP> Services
14/08/2004 14:43 <REP> SpeechEngines
05/08/2005 17:57 <REP> Symantec Shared
24/11/2007 10:14 <REP> System
20/08/2004 11:31 <REP> Vbox
0 fichier(s) 0 octets
25 Rép(s) 48 190 078 976 octets libres
Le volume dans le lecteur C s'appelle Principal
Le numéro de série du volume est D835-3672

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

19/05/2007 16:28 <REP> .
19/05/2007 16:28 <REP> ..
28/02/2002 23:03 561 209 MSONSEXT.DLL
03/06/1999 13:09 122 937 MSOWS409.DLL
07/03/2001 08:00 127 033 MSOWS40c.DLL
18/03/1999 05:37 593 977 RAGENT.DLL
4 fichier(s) 1 405 156 octets
2 Rép(s) 48 190 078 976 octets libres
Le volume dans le lecteur C s'appelle Principal
Le numéro de série du volume est D835-3672

Répertoire de C:\Program Files\common files

22/08/2005 17:20 <REP> .
22/08/2005 17:20 <REP> ..
22/08/2005 17:20 <REP> PCCamera
14/08/2004 15:49 <REP> System
0 fichier(s) 0 octets
4 Rép(s) 48 190 078 976 octets libres




Le volume dans le lecteur C s'appelle Principal
Le numéro de série du volume est D835-3672

Répertoire de C:\

c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\aspiinst.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe
c:\Documents and Settings\Bernard\.housecall\getMac.exe
c:\Documents and Settings\Bernard\.housecall\patch.exe
c:\Documents and Settings\Bernard\.housecall\tsc.exe
c:\Documents and Settings\Bernard\.housecall6.6\getMac.exe
c:\Documents and Settings\Bernard\.housecall6.6\patch.exe
c:\Documents and Settings\Bernard\.housecall6.6\tsc.exe
c:\Documents and Settings\Bernard\Application Data\Microsoft\Installer\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}\MnyIco.exe
c:\Documents and Settings\Bernard\Bureau\avg75free_503a1205.exe
c:\Documents and Settings\Bernard\Bureau\EliBaglA.exe
c:\Documents and Settings\Bernard\Bureau\FxBeagle.exe
c:\Documents and Settings\Bernard\Bureau\gmer.exe
c:\Documents and Settings\Bernard\Bureau\clean\clean\gzip.exe
c:\Documents and Settings\Bernard\Bureau\clean\clean\LFiles.exe
c:\Documents and Settings\Bernard\Bureau\clean\clean\pskill.exe
c:\Documents and Settings\Bernard\Bureau\clean\clean\tar.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\sigcheck.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\Bernard\Bureau\LECTEUR MP3\audiodream_3410_2420.exe
c:\Documents and Settings\Bernard\Bureau\LECTEUR MP3\mp3_recovery_drv.exe
c:\Documents and Settings\Bernard\Bureau\OM a tester\Commander471Archive.exe
c:\Documents and Settings\Bernard\Bureau\OM a tester\TRX MANAGER trmde376.exe
c:\Documents and Settings\Bernard\Bureau\Référenceur\submitic.exe
c:\Documents and Settings\Bernard\Bureau\SAT\04-2005\Firmware_Flash308+.exe
c:\Documents and Settings\Bernard\Bureau\SAT\flash XSAT\exe\Firmware_Flash308+.exe
c:\Documents and Settings\Bernard\Bureau\SONY P900\UpdateService_Inst_2.6.4.9.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\catchme.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\diff.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\dumphive.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\find2.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\Fport.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\grep.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\gzip.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\LFiles.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\md5sums.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\pslist.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\sigcheck.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\streams.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\swreg.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\tar.exe
c:\WinDev 11\Composants\Composants exemples\WD DerniersDocuments\WD DerniersDocuments - Exemple\Exe\WD DerniersDocuments - Exemple.exe
c:\Documents and Settings\All Users\Application Data\Adobe\AWSCommonUI.dll
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\Bernard\Application Data\Adobe\AWSCommonUI.dll
c:\Documents and Settings\Bernard\Application Data\Macromedia\Dreamweaver MX\Configuration\Flash Player\FlashPlayerW.dll
c:\Documents and Settings\Bernard\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\Bernard\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
c:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
c:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_BV.tar.gz a l'adresse http://upload.malekal.com
__________________________________________________________________________________________________________
[CODE]

2007-12-22,15:46:16

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Spamihilator><"C:\Program Files\Spamihilator\spamihilator.exe"> [Michel Krämer]
<LDM><\Program\BackWeb-8876480.exe> [N/A]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<RamBoostXp><C:\Program Files\RamBoost XP\rambxpfr.exe> [Gildas LE BOURNAULT]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
<type32><"C:\Program Files\Microsoft IntelliType Pro\type32.exe"> [Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<InCD><C:\Program Files\Ahead\InCD\InCD.exe> []
<LVCOMSX><C:\WINDOWS\System32\LVCOMSX.EXE> [Logitech Inc.]
<LogitechVideoRepair><C:\Program Files\Logitech\Video\ISStart.exe> [Logitech Inc.]
<LogitechVideoTray><C:\Program Files\Logitech\Video\LogiTray.exe> [Logitech Inc.]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
<GhostStartTrayApp><C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe> [Symantec Corporation]
<NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<Logitech Utility><Logi_MwX.Exe> [(Verified)Microsoft Windows Publisher]
<WebcamMaxMoniter><"C:\Program Files\WebcamMax\CAMTHINS.exe" /m> []
<CorelDRAW Graphics Suite 11b><C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=011108 serial=DR12WNN-5521459-MUE lang=FR> [Corel Corporation]
<PhiBtn><%SystemRoot%\System32\drivers\PhiBtn.exe> [Philips]
<Traymin900><%SystemRoot%\System32\drivers\Tray900.exe> [Philips]
<KMCONFIG><C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe KMConfig.exe> [N/A]
<!AVG Anti-Spyware><"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [(Verified)GRISOFT LTD]
<SDFix><C:\SDFix\RunThis.bat /second> [N/A]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{5ECD31F0-F91A-11d4-B3CA-00D0B70A09D2}><WDShell> [N/A]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [(Verified)GRISOFT LTD]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]

==================================
Startup Folders
[Acrobat Assistant]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\AcroTray.exe [Adobe Systems Inc.]><N>
[Adobe Gamma Loader]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk --> C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[Logitech Desktop Messenger]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk --> C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [Logitech]><N>
[Microsoft Office]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~3\Office\OSA9.EXE [Microsoft Corporation]><N>
[Monitor Apache Servers]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Monitor Apache Servers.lnk --> C:\PROGRA~1\APACHE~1\Apache2\bin\APACHE~1.EXE [Apache Software Foundation]><N>
[Phone Connection Monitor]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Phone Connection Monitor.lnk --> C:\PROGRA~1\SONYER~1\Mobile\AUDEVI~1.EXE [Teleca Software Solutions AB]><N>
[PowerCheck]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\PowerCheck.lnk --> C:\PROGRA~1\POWERC~1\POWERC~1.EXE [N/A]><N>
[MSN Pictures Displayer]
<C:\Documents and Settings\Bernard\Menu Démarrer\Programmes\Démarrage\MSN Pictures Displayer.lnk --> C:\PROGRA~1\MSNPIC~1\MSNPIC~1.EXE []><N>
[OpenOffice.org 2.2]
<C:\Documents and Settings\Bernard\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.2.lnk --> C:\PROGRA~1\OPENOF~1.2\program\QUICKS~1.EXE [N/A]><N>

==================================
Services
[Apache2 / Apache2][Stopped/Auto Start]
<"C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice><Apache Software Foundation>
[Service d'état ASP.NET / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
[avast! Antivirus / avast! Antivirus][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
[avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
<C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.>
[GhostStartService / GhostStartService][Running/Auto Start]
<C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE><Symantec Corporation>
[Keyboard And Mouse Communication Service / KMWDSERVICE][Running/Auto Start]
<C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe><UASSOFT.COM>
[UStorage Server Service / UStorage Server Service][Running/Auto Start]
<C:\WINDOWS\system32\UStorSrv.exe /Service><OTi>

==================================
Drivers
[Aladdin HASP Key / akshasp][Stopped/Manual Start]
<system32\DRIVERS\akshasp.sys><Aladdin Knowledge Systems Ltd.>
[Aladdin USB Key / aksusb][Stopped/Manual Start]
<System32\DRIVERS\aksusb.sys><Aladdin Knowledge Systems Ltd.>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[PS/2 Port Mouse Filter Driver / Amps2prt][Stopped/Manual Start]
<System32\Drivers\Amps2prt.sys><(Standard Mouse Types)>
[ati2mtag / ati2mtag][Running/Manual Start]
<System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
<\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[InCD Storage Helper Driver / BsStor][Running/Boot Start]
<\SystemRoot\System3
0
Réponse 7 / 25
Moi même
22 déc. 2007 à 15:55
Merci encore, voila le résultat

__________________________________________________________________________________________________________
DiagHelp version v1.4 - http://www.malekal.com
excute le 22/12/2007 à 15:21:02,20


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\MSIMN.EXE-3356F448.pf -->27/12/2007 15:37:26
C:\WINDOWS\prefetch\IEXPLORE.EXE-06887102.pf -->27/12/2007 15:34:09
C:\WINDOWS\prefetch\VERCLSID.EXE-3B227142.pf -->27/12/2007 15:34:06
C:\WINDOWS\prefetch\ACDSEEQV.EXE-2174EC4D.pf -->27/12/2007 14:58:10
C:\WINDOWS\prefetch\CIDAEMON.EXE-2B2C6F8A.pf -->27/12/2007 14:51:30
C:\WINDOWS\prefetch\USNSVC.EXE-06863237.pf -->27/12/2007 14:48:37
C:\WINDOWS\prefetch\LIVECALL.EXE-124D8E6F.pf -->27/12/2007 14:48:31
C:\WINDOWS\prefetch\YUPDATER.EXE-290842D1.pf -->27/12/2007 14:48:13
C:\WINDOWS\prefetch\MSNMSGR.EXE-1C291C3F.pf -->27/12/2007 14:47:59
C:\WINDOWS\prefetch\WUAUCLT.EXE-12D8E25E.pf -->27/12/2007 14:45:02

C:\WINDOWS\System32\drivers\gmer.sys -->19/12/2007 14:21:48
C:\WINDOWS\System32\drivers\aswmon.sys -->04/12/2007 15:56:02
C:\WINDOWS\System32\drivers\aswmon2.sys -->04/12/2007 15:55:46
C:\WINDOWS\System32\drivers\aswRdr.sys -->04/12/2007 15:53:39
C:\WINDOWS\System32\drivers\aswTdi.sys -->04/12/2007 15:51:52
C:\WINDOWS\System32\drivers\aavmker4.sys -->04/12/2007 15:49:02
C:\WINDOWS\System32\drivers\secdrv.sys -->13/11/2007 11:25:54

C:\WINDOWS\System32\LVCOMSX.LOG -->22/12/2007 15:16:48
C:\WINDOWS\System32\wpa.dbl -->22/12/2007 11:36:51
C:\WINDOWS\System32\Uninstall.ico -->21/12/2007 00:51:29
C:\WINDOWS\System32\pavas.ico -->21/12/2007 00:51:29
C:\WINDOWS\System32\Help.ico -->21/12/2007 00:51:29
C:\WINDOWS\System32\CONFIG.NT -->12/12/2007 09:32:51
C:\WINDOWS\System32\TZLog.log -->12/12/2007 01:30:26
C:\WINDOWS\System32\aswBoot.exe -->04/12/2007 14:04:28
C:\WINDOWS\System32\AVASTSS.scr -->04/12/2007 13:54:04
C:\WINDOWS\System32\MRT.exe -->03/12/2007 00:00:05
C:\WINDOWS\System32\tzchange.exe -->13/11/2007 12:31:11
C:\WINDOWS\System32\mshtml.dll -->31/10/2007 00:23:48
C:\WINDOWS\System32\quartz.dll -->29/10/2007 23:43:32
C:\WINDOWS\System32\xpsp3res.dll -->29/10/2007 16:07:16
C:\WINDOWS\System32\jupdate-1.6.0_03-b05.log -->28/10/2007 13:20:46
C:\WINDOWS\System32\perfh00C.dat -->28/10/2007 09:19:00
C:\WINDOWS\System32\perfh009.dat -->28/10/2007 09:19:00
C:\WINDOWS\System32\perfc00C.dat -->28/10/2007 09:19:00
C:\WINDOWS\System32\perfc009.dat -->28/10/2007 09:19:00
C:\WINDOWS\System32\PerfStringBackup.INI -->28/10/2007 09:18:59
C:\WINDOWS\System32\shell32.dll -->25/10/2007 17:43:25
C:\WINDOWS\System32\wmasf.dll -->25/10/2007 09:28:30
C:\WINDOWS\System32\wininet.dll -->11/10/2007 00:49:45
C:\WINDOWS\System32\webcheck.dll -->11/10/2007 00:49:45
C:\WINDOWS\System32\urlmon.dll -->11/10/2007 00:49:45

C:\WINDOWS\ntbtlog.txt -->22/12/2007 15:15:35
C:\WINDOWS\bootstat.dat -->22/12/2007 14:31:34
C:\WINDOWS\WindowsUpdate.log -->22/12/2007 14:29:32
C:\WINDOWS\SchedLgU.Txt -->22/12/2007 13:42:15
C:\WINDOWS\wiaservc.log -->22/12/2007 13:42:07
C:\WINDOWS\wiadebug.log -->22/12/2007 13:42:06
C:\WINDOWS\setupapi.log -->22/12/2007 12:44:02
C:\WINDOWS\0.log -->22/12/2007 11:36:36
C:\WINDOWS\TempFile -->22/12/2007 11:36:03
C:\WINDOWS\NeroDigital.ini -->21/12/2007 19:33:25
C:\WINDOWS\pavsig.txt -->21/12/2007 00:51:35
C:\WINDOWS\gmer.ini -->19/12/2007 14:24:43
C:\WINDOWS\gmer_uninstall.cmd -->19/12/2007 14:21:48
C:\WINDOWS\gmer.dll -->19/12/2007 14:21:48
C:\WINDOWS\setupact.log -->19/12/2007 10:34:09

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 816
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x44080000 0xcf000 7.00.6000.16574 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16574 C:\WINDOWS\system32\iertutil.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x44360000 0x5cd000 7.00.6000.16574 C:\WINDOWS\system32\ieframe.dll
0x44160000 0x127000 7.00.6000.16574 C:\WINDOWS\system32\urlmon.dll
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x00f80000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x16200000 0x6000 4.01.0000.0000 C:\PROGRA~1\WINZIP~1.1FR\WZSHLSTB.DLL
0x02410000 0x5d000 1.03.0004.0001 C:\Program Files\Sony Ericsson\Mobile\auexpext.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x02470000 0x2b000 1.03.0004.0001 C:\Program Files\Sony Ericsson\Mobile\FilGuiLg.dll
0x024b0000 0x28000 C:\Program Files\WinRAR\rarext.dll
0x64000000 0x30000 2005.01.0001.0004 C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
0x10000000 0x2a000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
0x64f00000 0x12000 4.07.1098.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
0x02ae0000 0x22000 8.02.0000.1192 C:\Program Files\Logitech\Video\Namespc2.dll
0x7c140000 0x103000 7.10.3077.0000 C:\WINDOWS\system32\MFC71.DLL
0x7c340000 0x56000 7.10.3052.0004 C:\WINDOWS\system32\MSVCR71.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\WINDOWS\system32\MSVCP71.dll
0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
0x02400000 0x8000 8.02.0000.1192 C:\Program Files\Logitech\Video\AlbuDBps.dll
0x5a500000 0x4e000 8.01.0178.0000 C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll
0x02b30000 0x27e000 5.02.5721.5145 C:\WINDOWS\system32\wpdshext.dll
0x07160000 0x46000 5.02.5721.5145 C:\WINDOWS\system32\Audiodev.dll
0x15110000 0x25a000 11.00.5721.5145 C:\WINDOWS\system32\WMVCore.DLL
0x11c70000 0x3a000 11.00.5721.5238 C:\WINDOWS\system32\WMASF.DLL
0x02db0000 0x2f000 11.00.0000.0001 C:\WINDOWS\system32\WDShell.dll
0x02df0000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x61c20000 0x54000 8.00.0000.9118 C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll
0x5fc70000 0x18000 8.00.0000.9107 C:\Program Files\OpenOffice.org 2.2\program\uwinapi.dll
0x61740000 0x8e000 4.05.2003.0120 C:\Program Files\OpenOffice.org 2.2\program\stlport_vc7145.dll
0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\system32\MSISIP.DLL
0x74e10000 0x10000 5.06.0000.8820 C:\WINDOWS\System32\wshext.dll
0x73d20000 0xfe000 6.02.4131.0000 C:\WINDOWS\system32\MFC42.DLL
0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\system32\MFC42LOC.DLL
0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\System32\wshFR.DLL

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 268
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x00df0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll


Le volume dans le lecteur C s'appelle Principal
Le numéro de série du volume est D835-3672

Répertoire de C:\WINDOWS\system

10/09/1999 12:06 4 672 WOWPOST.EXE
1 fichier(s) 4 672 octets
0 Rép(s) 48 208 277 504 octets libres
Le volume dans le lecteur C s'appelle Principal
Le numéro de série du volume est D835-3672

Répertoire de C:\WINDOWS\system32

20/08/2004 00:09 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 48 208 277 504 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C s'appelle Principal
Le numéro de série du volume est D835-3672

Répertoire de C:\WINDOWS\Downloaded Program Files

22/12/2007 12:44 <REP> .
22/12/2007 12:44 <REP> ..
07/03/2007 00:59 300 680 arclib.dll
24/08/2006 07:28 141 424 asinst.dll
22/08/2006 08:06 537 asinst.inf
09/12/2007 00:46 312 680 avsniff.dll
09/12/2007 00:38 773 avsniff.inf
09/12/2007 00:46 255 336 avsniffdlgs.dll
07/12/2004 16:07 32 bdcore.dll
25/05/2006 00:21 118 784 bdupd.dll
21/03/2002 14:26 815 bitdefender.inf
30/01/2003 15:52 348 160 bitdefender.ocx
25/06/2003 18:00 541 ca.pub
09/12/2007 00:38 241 CabSA.inf
14/11/2007 01:00 2 504 catalog.dat
27/03/2002 13:02 168 014 cssweb.dll
24/04/2003 14:11 259 cssweb.inf
17/01/2006 16:11 580 663 daas_s.dll
14/08/2004 13:51 65 desktop.ini
25/07/2002 17:13 24 576 dwusplay.dll
25/07/2002 17:13 196 608 dwusplay.exe
14/11/2007 01:00 6 899 ecbootil.vxd
09/12/2007 00:36 42 112 ecmldr32.dll
14/11/2007 01:00 284 016 ecmsvr32.dll
20/11/2007 16:04 1 523 536 FP_AX_CAB_INSTALLER.exe
03/02/2006 10:20 188 416 fsauc.dll
16/06/2006 14:31 181 856 fscax.dll
13/04/2007 15:52 482 fscax.inf
12/07/2000 01:02 36 864 fxfileop.dll
25/05/2006 00:21 53 248 ipsupd.dll
10/06/2005 09:44 417 792 isusweb.dll
07/01/2007 12:55 2 305 kavwebscan.inf
16/03/2005 11:34 7 407 lang.ini
11/12/2006 16:44 367 LegitCheckControl.inf
07/12/2004 16:07 32 libfn.dll
14/03/2005 13:38 126 live.ini
24/02/2006 11:49 882 mcfscan.inf
18/11/1999 12:48 995 mpeg4ax.inf
18/11/1999 12:49 992 msaudio.inf
09/12/2007 00:36 6 850 navapi.vxd
09/12/2007 00:36 201 896 navapi32.dll
14/11/2007 01:00 124 272 naveng32.dll
14/11/2007 01:00 914 800 navex32a.dll
17/01/2005 16:09 227 opuc.inf
01/06/2006 01:57 1 331 oscan8.inf
01/06/2006 01:54 471 040 oscan8.ocx
31/05/2006 03:15 10 oscan81.ocx_x
09/12/2007 00:46 296 336 rufsi.dll
14/03/2005 13:58 7 073 scanoptions.tsi
14/11/2007 01:00 97 776 scrauth.dat
20/11/2007 15:50 247 swflash.inf
14/11/2007 01:00 11 816 symaveng.cat
14/11/2007 01:00 1 061 symaveng.inf
14/11/2007 01:00 400 415 tcdefs.dat
14/11/2007 01:00 2 344 295 tcscan7.dat
14/11/2007 01:00 413 082 tcscan8.dat
14/11/2007 01:00 968 800 tcscan9.dat
14/11/2007 01:00 453 tinf.dat
14/11/2007 01:00 148 tinfidx.dat
14/11/2007 01:00 1 957 tinfl.dat
14/11/2007 01:00 67 815 tscan1.dat
14/11/2007 01:00 3 240 tscan1hd.dat
31/10/2001 09:37 118 uninst.bat
14/11/2007 01:00 4 778 v.grd
14/11/2007 01:00 2 267 v.sig
21/12/2007 19:08 294 403 vet.da1
19/11/2007 01:18 13 076 520 vet.dat
13/07/2007 05:11 1 353 016 vete.dll
14/11/2007 01:00 106 244 virscan.inf
14/11/2007 01:00 996 122 virscan1.dat
14/11/2007 01:00 570 966 virscan2.dat
14/11/2007 01:00 150 536 virscan3.dat
14/11/2007 01:00 320 253 virscan4.dat
14/11/2007 01:00 4 871 963 virscan5.dat
14/11/2007 01:00 392 074 virscan6.dat
14/11/2007 01:00 14 386 178 virscan7.dat
14/11/2007 01:00 1 862 947 virscan8.dat
14/11/2007 01:00 5 260 290 virscan9.dat
14/11/2007 01:00 32 virscant.dat
18/12/2007 13:34 2 072 vscanmsx.dat
20/11/2006 12:02 180 282 webscan.dll
21/07/2006 12:55 477 webscan.inf
02/11/2005 17:01 1 777 xscan.inf
02/11/2005 17:07 435 712 xscan53.ocx
14/11/2007 01:00 224 zdone.dat
83 fichier(s) 55 805 210 octets

Total des fichiers listés :
83 fichier(s) 55 805 210 octets
2 Rép(s) 48 208 273 408 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Age of Empires 2\\age2_x1.exe"="C:\\Program Files\\Age of Empires 2\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\\Program Files\\EasyPHP1-7\\apache\\apache.exe"="C:\\Program Files\\EasyPHP1-7\\apache\\apache.exe:*:Enabled:apache"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Empire Earth\\Empire Earth.exe"="C:\\Program Files\\Empire Earth\\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\\Program Files\\GlobalSCAPE\\CuteFTP Pro\\TE\\ftpte.exe"="C:\\Program Files\\GlobalSCAPE\\CuteFTP Pro\\TE\\ftpte.exe:*:Enabled:FTP Transfer Engine"
"C:\\Program Files\\MixW\\Teoan.exe"="C:\\Program Files\\MixW\\Teoan.exe:*:Enabled:TEOAN"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime"
"C:\\Program Files\\EchoLink\\EchoLink.exe"="C:\\Program Files\\EchoLink\\EchoLink.exe:*:Enabled:EchoLink"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"="C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp:*:Enabled:KazaaLite"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\11exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\11exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\38exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\38exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\43exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\43exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\74exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\74exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\51exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\51exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\0exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\0exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\80exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\80exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\75exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\75exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\63exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\63exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\8exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\8exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\48exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\48exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\2exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\2exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\36exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\36exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\66exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\66exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\50exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\50exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\73exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\73exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\54exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\54exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\29exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\29exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\6exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\6exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\61exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\61exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\41exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\41exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\45exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\45exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\64exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\64exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\37exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\37exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\19exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\19exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\69exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\69exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\12exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\12exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\84exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\84exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\15exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\15exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\5exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\5exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\21exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\21exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\99exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\99exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\65exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\65exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\23exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\23exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\26exinjs.a6.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\26exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\98exinjs.a6.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\98exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\17exinjs.a6.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\17exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\10exinjs.a6.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\10exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\Microsoft Office\\Office\\EXCEL.EXE"="C:\\Program Files\\Microsoft Office\\Office\\EXCEL.EXE:*:Enabled:Microsoft Excel for Windows"
"C:\\Program Files\\FileZilla\\FileZilla.exe"="C:\\Program Files\\FileZilla\\FileZilla.exe:*:Enabled:FileZilla"
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
"C:\\Program Files\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"

"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"



exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-22 15:21:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2C4D257C-72E2-E577-A752-291333787D00}]
"hagepphnhnalohlb"=hex:61,61,00,00
"hagepphnnnglgocp"=hex:61,61,00,00
"iakfpidebimpimgooj"=hex:6b,61,68,69,67,68,6d,70,69,62,66,67,61,65,6c,66,67,70,61,6f,6f,..
"haegjngplkgkgjhj"=hex:6b,61,68,69,67,68,6d,70,69,62,66,67,61,65,6c,66,67,70,61,6f,6f,..

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Error loading kernel support driver!
Make sure you are running this as Administrator.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Error loading kernel support driver!
Make sure you are running this as Administrator.

Liste des programmes installes

3D Home Architect Home Design Deluxe 6
3D Home Architect Home Design Deluxe 6
ACDSee 9 Gestionnaire de photos
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Ahead InCD
Apache HTTP Server 2.0.55
Archiveur WinRAR
ARTEC
ATI Control Panel
ATI Display Driver
avast! Antivirus
AVG Anti-Spyware 7.5
Barre d'outils MSN
Camfrog Video Chat 3.91 (remove only)
CamStudio 2.0 Fr
Canon i560
CCleaner (remove only)
Command On Demand for Command Software
Compel Adaptec WinASPI
ConTEXT
Copernic Agent Professional
Corel Paint Shop Pro X
CorelDRAW Graphics Suite 12
Correctif pour Lecteur Windows Media 11 (KB939683)
Cucusoft MPEG/MOV/RM/DivX/AVI to DVD/VCD/SVCD Creator Pro 7.07
CuteFTP Pro
EasyCleaner
EchoLink
eMule
Etats Et Requêtes
EVEREST Home Edition v2.01
Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP
Fake Webcam 2.9.16
FileSpecs plug-in for Ad-Aware SE
FileZilla (remove only)
Freeplayer
Frontline Attack - War over Europe
Google Earth
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
HelpNDoc Version 1.10 Personal Edition
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
HydraVision
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 3.4.0 Full
Kaspersky Online Scanner
Language Pack for Ad-aware 6
Language pack for Ad-Aware SE
Lecteur Windows Media 11
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Logitech Desktop Messenger
Logitech MouseWare 9.79.1
Logitech Print Service
Logitech QuickCam
LST PCSOFT
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks 8
Meracl FontMap v2.1.1
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft IntelliType Pro 5.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2001
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Professional
Microsoft Publisher 98
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows XP (KB918118)
Mise à jour de sécurité pour Windows XP (KB921503)
Mise à jour de sécurité pour Windows XP (KB924667)
Mise à jour de sécurité pour Windows XP (KB925902)
Mise à jour de sécurité pour Windows XP (KB926436)
Mise à jour de sécurité pour Windows XP (KB927779)
Mise à jour de sécurité pour Windows XP (KB927802)
Mise à jour de sécurité pour Windows XP (KB928255)
Mise à jour de sécurité pour Windows XP (KB928843)
Mise à jour de sécurité pour Windows XP (KB929123)
Mise à jour de sécurité pour Windows XP (KB930178)
Mise à jour de sécurité pour Windows XP (KB931261)
Mise à jour de sécurité pour Windows XP (KB931784)
Mise à jour de sécurité pour Windows XP (KB932168)
Mise à jour de sécurité pour Windows XP (KB933729)
Mise à jour de sécurité pour Windows XP (KB935839)
Mise à jour de sécurité pour Windows XP (KB935840)
Mise à jour de sécurité pour Windows XP (KB936021)
Mise à jour de sécurité pour Windows XP (KB938829)
Mise à jour de sécurité pour Windows XP (KB941202)
Mise à jour de sécurité pour Windows XP (KB941568)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB943460)
Mise à jour de sécurité pour Windows XP (KB944653)
Mise à jour pour Windows XP (KB927891)
Mise à jour pour Windows XP (KB929338)
Mise à jour pour Windows XP (KB930916)
Mise à jour pour Windows XP (KB931836)
Mise à jour pour Windows XP (KB933360)
Mise à jour pour Windows XP (KB938828)
Mise à jour pour Windows XP (KB942763)
MixW 2.18 (Jan-09-2007)
Mozilla Firefox (2.0.0.11)
MSN Pictures Displayer 4.5
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
NeoTrace Express 3.25
Nero 6 Ultra Edition
Norton Ghost
Novarm DipTrace
OpenOffice.org 2.2
Panda ActiveScan
PC Camera
PC Camera
Philips SPC 900NC PC Camera
Philips VLounge
Picasa 2
PowerCheck 4.2.3
Programme de gestion Camera de Logitech®
RamBoost XP 4.0.6
RFSim99
Saisie de Schéma SDS
Soldiers - Heroes of World War II
Sonic Foundry Sound Forge 6.0
Sony Ericsson PC Suite 3.1.1
Spamihilator
Tracé de CI
Trust R-Series Mouse
Trust R-Series Mouse
TyanSystemMonitor V2.13
USB Card Reader \Writer
USB Storage Device
USB Video Camera Driver v1.10
VideoLAN VLC media player 0.8.5-freehd
Visionneuse Journal Windows Microsoft
VX2 Cleaner plug-in for Ad-Aware SE
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 2
Yahoo! Messenger



Le volume dans le lecteur C s'appelle Principal
Le numéro de série du volume est D835-3672

Répertoire de C:\Program Files

19/12/2007 10:30 <REP> .
19/12/2007 10:30 <REP> ..
10/03/2005 13:37 <REP> 3D Home Architect
14/08/2005 23:14 <REP> AboutTime
01/08/2007 22:03 <REP> ACD Systems
14/12/2005 19:13 <REP> AdaURL
24/03/2005 11:59 <REP> Adobe
21/11/2004 20:11 <REP> Age of Empires 2
22/08/2005 12:10 <REP> Ahead
02/06/2006 20:58 <REP> Alcohol Soft
23/06/2005 13:50 <REP> Alwil Software
03/05/2007 12:24 <REP> AnalogX
02/07/2007 16:55 <REP> Apache Group
14/08/2004 14:16 <REP> ATI Technologies
13/04/2007 23:40 <REP> Camfrog
23/09/2006 16:46 <REP> CamStudio
14/02/2007 17:08 <REP> CCleaner
04/09/2007 18:14 <REP> CodecSniper
13/08/2005 15:55 <REP> Codemasters
22/08/2005 17:20 <REP> Common Files
03/06/2007 22:41 <REP> ConCon
05/02/2007 22:22 <REP> ConTEXT
22/01/2005 18:05 <REP> Copernic Agent
18/07/2007 09:36 <REP> Corel
02/01/2007 00:15 <REP> Cucusoft
16/02/2007 00:50 <REP> Cuisinons
30/09/2006 15:27 <REP> Dial-Messenger
15/04/2007 00:04 <REP> Dictionnaire
31/10/2007 06:45 <REP> DipTrace
23/09/2004 20:02 <REP> directx
04/08/2007 01:10 <REP> DivX
04/10/2005 11:35 <REP> Drive Rescue
30/10/2004 11:47 <REP> EasyPHP1-7
07/09/2006 21:45 <REP> EchoLink
04/02/2006 15:46 <REP> Eidos Interactive
31/01/2005 00:38 <REP> Empire Earth
16/12/2007 15:42 <REP> eMule
19/05/2007 22:04 <REP> Fake Webcam
28/11/2007 20:23 <REP> Fichiers communs
05/10/2006 22:45 <REP> FileZilla
07/01/2007 21:47 <REP> Freeplayer
09/10/2004 23:37 <REP> GlobalSCAPE
16/12/2007 01:25 <REP> Google
10/08/2007 03:18 <REP> Grisoft
04/09/2007 18:23 <REP> GSpot
18/09/2007 18:56 <REP> HelpNDoc
23/04/2005 19:21 <REP> HighMAT CD Writing Wizard
17/12/2007 21:42 <REP> hijackthis
18/12/2005 16:48 <REP> ICprog
16/12/2007 01:26 <REP> Internet Explorer
01/09/2006 19:34 <REP> Intuwave Ltd
28/10/2007 13:20 <REP> Java
15/07/2007 14:10 <REP> Kazaa Lite K++
04/09/2007 18:15 <REP> K-Lite Codec Pack
27/06/2005 23:06 <REP> Lavalys
21/08/2004 10:18 <REP> Lavasoft
03/09/2005 23:46 <REP> Logitech
09/07/2007 20:26 <REP> Macromedia
30/07/2006 14:08 <REP> ManyCam
14/08/2004 15:14 <REP> Meracl FontMap
07/06/2007 17:03 <REP> Messenger
19/12/2007 18:29 <REP> Messenger Plus! Live
21/08/2004 18:03 <REP> Micro Application
14/08/2004 16:26 <REP> microsoft frontpage
16/12/2007 01:39 <REP> Microsoft IntelliType Pro
05/08/2005 18:17 <REP> Microsoft Money
14/08/2004 17:53 <REP> Microsoft Office
26/03/2007 21:58 <REP> MixW
09/02/2005 15:54 <REP> Movie Maker
27/11/2005 13:58 <REP> Movies
16/12/2007 18:10 <REP> Mozilla Firefox
14/08/2004 13:49 <REP> MSN
15/05/2005 12:58 <REP> MSN Apps
14/08/2004 13:49 <REP> MSN Gaming Zone
19/12/2007 18:29 <REP> MSN Messenger
03/06/2007 22:37 <REP> MSN Pictures Displayer
16/11/2006 18:13 <REP> MSXML 4.0
24/03/2007 17:19 <REP> MyUninstall
02/01/2007 00:06 <REP> NeoDivx Suite
08/09/2007 16:29 <REP> NeoTrace Express
26/05/2007 21:04 <REP> NetMeeting
23/04/2005 19:28 <REP> OfficeUpdate11
02/10/2005 16:45 <REP> Ontrack
19/05/2007 14:26 <REP> OpenOffice.org 2.2
24/12/2005 19:35 <REP> Opera
13/06/2007 16:26 <REP> Outlook Express
06/08/2006 09:11 <REP> Paltalk Messenger
07/11/2007 20:35 <REP> PC Camera
15/07/2007 16:03 <REP> PC SOFT
14/11/2007 17:14 <REP> Philips
24/12/2005 16:55 <REP> Picasa2
19/08/2004 19:11 <REP> PopUp Destroy
16/12/2007 01:48 <REP> PowerCheck
22/12/2007 11:36 <REP> RamBoost XP
14/09/2006 20:55 <REP> RegSeeker
25/04/2005 14:36 <REP> RFSim99
27/01/2005 18:59 <REP> Saisie de Schéma
14/08/2004 13:51 <REP> Services en ligne
22/08/2004 12:39 <REP> Sonic Foundry
22/08/2004 12:39 <REP> Sonic Foundry Setup
01/09/2006 19:35 <REP> Sony Ericsson
22/08/2004 12:39 <REP> Sound Forge 6.0
22/12/2007 13:04 <REP> Spamihilator
16/08/2007 19:39 <REP> Spybot - Search & Destroy
10/08/2007 03:03 <REP> STOPzilla!
24/02/2007 21:14 <REP> StuffPlug3
05/08/2005 17:58 <REP> Symantec
08/07/2006 14:13 <REP> The Weather Channel FW
05/02/2005 23:26 <REP> ToniArts
27/01/2005 19:06 <REP> Tracé de CI
13/12/2007 12:08 <REP> Trust
20/08/2005 16:35 <REP> Tyan Computer Corp
14/08/2004 14:05 <REP> VIA Technologies, Inc
14/12/2007 13:25 <REP> VideoLAN
16/05/2005 17:57 <REP> vso
16/12/2007 01:50 <REP> WebcamMax
02/01/2007 00:01 <REP> WinASPI
23/09/2006 17:18 <REP> Windows AntiSpy
23/04/2005 19:21 <REP> Windows Journal Viewer
10/06/2007 10:14 <REP> Windows Live
19/12/2007 22:18 <REP> Windows Live Safety Center
03/11/2006 08:49 <REP> Windows Media Connect 2
03/11/2006 08:49 <REP> Windows Media Player
09/02/2005 15:49 <REP> Windows NT
23/04/2005 18:29 <REP> WinRAR
27/04/2005 08:26 <REP> WINRLC
10/03/2005 00:07 <REP> WinZip 8.1 Fr
14/08/2004 13:52 <REP> xerox
14/04/2007 10:53 <REP> Yahoo!
0 fichier(s) 0 octets
129 Rép(s) 48 190 070 784 octets libres
Le volume dans le lecteur C s'appelle Principal
Le numéro de série du volume est D835-3672

Répertoire de C:\Program Files\fichiers communs

28/11/2007 20:23 <REP> .
28/11/2007 20:23 <REP> ..
01/08/2007 22:07 <REP> ACD Systems
24/03/2005 11:59 <REP> Adobe
22/08/2005 12:09 <REP> Ahead
14/11/2007 17:26 <REP> ArcSoft
14/08/2004 15:33 <REP> Copernic
18/07/2007 09:37 <REP> Corel
18/07/2007 09:20 <REP> Designer
23/09/2004 20:02 <REP> FotoWire
15/07/2007 13:52 <REP> InstallShield
10/08/2007 02:38 <REP> iS3
28/12/2004 09:59 <REP> Java
03/09/2005 23:46 <REP> Logitech
09/07/2007 20:26 <REP> Macromedia
18/07/2007 09:37 <REP> Microsoft Shared
14/08/2004 13:50 <REP> MSSoap
14/08/2004 14:43 <REP> ODBC
01/10/2006 16:02 <REP> Panda Software
17/07/2007 00:01 <REP> PC SOFT
14/08/2004 13:50 <REP> Services
14/08/2004 14:43 <REP> SpeechEngines
05/08/2005 17:57 <REP> Symantec Shared
24/11/2007 10:14 <REP> System
20/08/2004 11:31 <REP> Vbox
0 fichier(s) 0 octets
25 Rép(s) 48 190 078 976 octets libres
Le volume dans le lecteur C s'appelle Principal
Le numéro de série du volume est D835-3672

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

19/05/2007 16:28 <REP> .
19/05/2007 16:28 <REP> ..
28/02/2002 23:03 561 209 MSONSEXT.DLL
03/06/1999 13:09 122 937 MSOWS409.DLL
07/03/2001 08:00 127 033 MSOWS40c.DLL
18/03/1999 05:37 593 977 RAGENT.DLL
4 fichier(s) 1 405 156 octets
2 Rép(s) 48 190 078 976 octets libres
Le volume dans le lecteur C s'appelle Principal
Le numéro de série du volume est D835-3672

Répertoire de C:\Program Files\common files

22/08/2005 17:20 <REP> .
22/08/2005 17:20 <REP> ..
22/08/2005 17:20 <REP> PCCamera
14/08/2004 15:49 <REP> System
0 fichier(s) 0 octets
4 Rép(s) 48 190 078 976 octets libres




Le volume dans le lecteur C s'appelle Principal
Le numéro de série du volume est D835-3672

Répertoire de C:\

c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\aspiinst.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe
c:\Documents and Settings\Bernard\.housecall\getMac.exe
c:\Documents and Settings\Bernard\.housecall\patch.exe
c:\Documents and Settings\Bernard\.housecall\tsc.exe
c:\Documents and Settings\Bernard\.housecall6.6\getMac.exe
c:\Documents and Settings\Bernard\.housecall6.6\patch.exe
c:\Documents and Settings\Bernard\.housecall6.6\tsc.exe
c:\Documents and Settings\Bernard\Application Data\Microsoft\Installer\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}\MnyIco.exe
c:\Documents and Settings\Bernard\Bureau\avg75free_503a1205.exe
c:\Documents and Settings\Bernard\Bureau\EliBaglA.exe
c:\Documents and Settings\Bernard\Bureau\FxBeagle.exe
c:\Documents and Settings\Bernard\Bureau\gmer.exe
c:\Documents and Settings\Bernard\Bureau\clean\clean\gzip.exe
c:\Documents and Settings\Bernard\Bureau\clean\clean\LFiles.exe
c:\Documents and Settings\Bernard\Bureau\clean\clean\pskill.exe
c:\Documents and Settings\Bernard\Bureau\clean\clean\tar.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\catchme.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\diff.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\dumphive.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\find2.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\Fport.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\grep.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\gzip.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\LFiles.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\md5sums.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\pslist.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\sigcheck.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\streams.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\swreg.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\tar.exe
c:\Documents and Settings\Bernard\Bureau\LECTEUR MP3\audiodream_3410_2420.exe
c:\Documents and Settings\Bernard\Bureau\LECTEUR MP3\mp3_recovery_drv.exe
c:\Documents and Settings\Bernard\Bureau\OM a tester\Commander471Archive.exe
c:\Documents and Settings\Bernard\Bureau\OM a tester\TRX MANAGER trmde376.exe
c:\Documents and Settings\Bernard\Bureau\Référenceur\submitic.exe
c:\Documents and Settings\Bernard\Bureau\SAT\04-2005\Firmware_Flash308+.exe
c:\Documents and Settings\Bernard\Bureau\SAT\flash XSAT\exe\Firmware_Flash308+.exe
c:\Documents and Settings\Bernard\Bureau\SONY P900\UpdateService_Inst_2.6.4.9.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\catchme.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\diff.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\dumphive.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\find2.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\Fport.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\grep.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\gzip.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\LFiles.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\md5sums.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\pslist.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\sigcheck.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\streams.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\swreg.exe
c:\Documents and Settings\Bernard\Bureau\zip\DiagHelp\tar.exe
c:\WinDev 11\Composants\Composants exemples\WD DerniersDocuments\WD DerniersDocuments - Exemple\Exe\WD DerniersDocuments - Exemple.exe
c:\Documents and Settings\All Users\Application Data\Adobe\AWSCommonUI.dll
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\Bernard\Application Data\Adobe\AWSCommonUI.dll
c:\Documents and Settings\Bernard\Application Data\Macromedia\Dreamweaver MX\Configuration\Flash Player\FlashPlayerW.dll
c:\Documents and Settings\Bernard\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\Bernard\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
c:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
c:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_BV.tar.gz a l'adresse http://upload.malekal.com
__________________________________________________________________________________________________________
[CODE]

2007-12-22,15:46:16

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Spamihilator><"C:\Program Files\Spamihilator\spamihilator.exe"> [Michel Krämer]
<LDM><\Program\BackWeb-8876480.exe> [N/A]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<RamBoostXp><C:\Program Files\RamBoost XP\rambxpfr.exe> [Gildas LE BOURNAULT]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
<type32><"C:\Program Files\Microsoft IntelliType Pro\type32.exe"> [Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<InCD><C:\Program Files\Ahead\InCD\InCD.exe> []
<LVCOMSX><C:\WINDOWS\System32\LVCOMSX.EXE> [Logitech Inc.]
<LogitechVideoRepair><C:\Program Files\Logitech\Video\ISStart.exe> [Logitech Inc.]
<LogitechVideoTray><C:\Program Files\Logitech\Video\LogiTray.exe> [Logitech Inc.]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
<GhostStartTrayApp><C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe> [Symantec Corporation]
<NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<Logitech Utility><Logi_MwX.Exe> [(Verified)Microsoft Windows Publisher]
<WebcamMaxMoniter><"C:\Program Files\WebcamMax\CAMTHINS.exe" /m> []
<CorelDRAW Graphics Suite 11b><C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=011108 serial=DR12WNN-5521459-MUE lang=FR> [Corel Corporation]
<PhiBtn><%SystemRoot%\System32\drivers\PhiBtn.exe> [Philips]
<Traymin900><%SystemRoot%\System32\drivers\Tray900.exe> [Philips]
<KMCONFIG><C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe KMConfig.exe> [N/A]
<!AVG Anti-Spyware><"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [(Verified)GRISOFT LTD]
<SDFix><C:\SDFix\RunThis.bat /second> [N/A]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{5ECD31F0-F91A-11d4-B3CA-00D0B70A09D2}><WDShell> [N/A]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [(Verified)GRISOFT LTD]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]

==================================
Startup Folders
[Acrobat Assistant]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\AcroTray.exe [Adobe Systems Inc.]><N>
[Adobe Gamma Loader]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk --> C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[Logitech Desktop Messenger]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk --> C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [Logitech]><N>
[Microsoft Office]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~3\Office\OSA9.EXE [Microsoft Corporation]><N>
[Monitor Apache Servers]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Monitor Apache Servers.lnk --> C:\PROGRA~1\APACHE~1\Apache2\bin\APACHE~1.EXE [Apache Software Foundation]><N>
[Phone Connection Monitor]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Phone Connection Monitor.lnk --> C:\PROGRA~1\SONYER~1\Mobile\AUDEVI~1.EXE [Teleca Software Solutions AB]><N>
[PowerCheck]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\PowerCheck.lnk --> C:\PROGRA~1\POWERC~1\POWERC~1.EXE [N/A]><N>
[MSN Pictures Displayer]
<C:\Documents and Settings\Bernard\Menu Démarrer\Programmes\Démarrage\MSN Pictures Displayer.lnk --> C:\PROGRA~1\MSNPIC~1\MSNPIC~1.EXE []><N>
[OpenOffice.org 2.2]
<C:\Documents and Settings\Bernard\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.2.lnk --> C:\PROGRA~1\OPENOF~1.2\program\QUICKS~1.EXE [N/A]><N>

==================================
Services
[Apache2 / Apache2][Stopped/Auto Start]
<"C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice><Apache Software Foundation>
[Service d'état ASP.NET / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
[avast! Antivirus / avast! Antivirus][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
[avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
<C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.>
[GhostStartService / GhostStartService][Running/Auto Start]
<C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE><Symantec Corporation>
[Keyboard And Mouse Communication Service / KMWDSERVICE][Running/Auto Start]
<C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe><UASSOFT.COM>
[UStorage Server Service / UStorage Server Service][Running/Auto Start]
<C:\WINDOWS\system32\UStorSrv.exe /Service><OTi>

==================================
Drivers
[Aladdin HASP Key / akshasp][Stopped/Manual Start]
<system32\DRIVERS\akshasp.sys><Aladdin Knowledge Systems Ltd.>
[Aladdin USB Key / aksusb][Stopped/Manual Start]
<System32\DRIVERS\aksusb.sys><Aladdin Knowledge Systems Ltd.>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[PS/2 Port Mouse Filter Driver / Amps2prt][Stopped/Manual Start]
<System32\Drivers\Amps2prt.sys><(Standard Mouse Types)>
[ati2mtag / ati2mtag][Running/Manual Start]
<System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
<\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[InCD Storage Helper Driver / BsStor][Running/Boot Start]
<\SystemRoot\System3
0
Réponse 8 / 25
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
22 déc. 2007 à 16:01
Re,

Le rapport SREng est incomplet.
0
Réponse 9 / 25
Moi même
27 déc. 2007 à 18:35
Bonsoir
Désolé de ne pas avoir donné suite à ton dernier poste mais je me suis absenté quelques jours et dés mon retour j'ai repris le problème dont la situation est évidemment inchangée, le PC reboote toujours.
Ci-dessous les éléments demandés mais certaines procédures ne semblent pas s'exécuter (fichiers introuvables et messages similaires)
Merci de ton aide qui m'est trés précieuse
________________________________________________________________________________________
[CODE]

2007-12-27,15:13:35

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Spamihilator><"C:\Program Files\Spamihilator\spamihilator.exe"> [Michel Krämer]
<LDM><\Program\BackWeb-8876480.exe> [N/A]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<RamBoostXp><C:\Program Files\RamBoost XP\rambxpfr.exe> [Gildas LE BOURNAULT]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ATIPTA><C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe> [ATI Technologies, Inc.]
<type32><"C:\Program Files\Microsoft IntelliType Pro\type32.exe"> [Microsoft Corporation]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<LVCOMSX><C:\WINDOWS\System32\LVCOMSX.EXE> [Logitech Inc.]
<LogitechVideoRepair><C:\Program Files\Logitech\Video\ISStart.exe> [Logitech Inc.]
<LogitechVideoTray><C:\Program Files\Logitech\Video\LogiTray.exe> [Logitech Inc.]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
<GhostStartTrayApp><C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe> [Symantec Corporation]
<NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<Logitech Utility><Logi_MwX.Exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<WebcamMaxMoniter><"C:\Program Files\WebcamMax\CAMTHINS.exe" /m> []
<CorelDRAW Graphics Suite 11b><C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=011108 serial=DR12WNN-5521459-MUE lang=FR> [Corel Corporation]
<PhiBtn><%SystemRoot%\System32\drivers\PhiBtn.exe> [Philips]
<Traymin900><%SystemRoot%\System32\drivers\Tray900.exe> [Philips]
<KMCONFIG><C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe KMConfig.exe> [N/A]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
<AVG7_CC><C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP> [GRISOFT, s.r.o.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{5ECD31F0-F91A-11d4-B3CA-00D0B70A09D2}><WDShell> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]

==================================
Startup Folders
[Acrobat Assistant]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\AcroTray.exe [Adobe Systems Inc.]><N>
[Adobe Gamma Loader]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk --> C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[Logitech Desktop Messenger]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk --> C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe [Logitech]><N>
[Microsoft Office]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~3\Office\OSA9.EXE [Microsoft Corporation]><N>
[Monitor Apache Servers]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Monitor Apache Servers.lnk --> C:\PROGRA~1\APACHE~1\Apache2\bin\APACHE~1.EXE [Apache Software Foundation]><N>
[Phone Connection Monitor]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Phone Connection Monitor.lnk --> C:\PROGRA~1\SONYER~1\Mobile\AUDEVI~1.EXE [Teleca Software Solutions AB]><N>
[PowerCheck]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\PowerCheck.lnk --> C:\PROGRA~1\POWERC~1\POWERC~1.EXE [N/A]><N>
[MSN Pictures Displayer]
<C:\Documents and Settings\Bernard\Menu Démarrer\Programmes\Démarrage\MSN Pictures Displayer.lnk --> C:\PROGRA~1\MSNPIC~1\MSNPIC~1.EXE []><N>
[OpenOffice.org 2.2]
<C:\Documents and Settings\Bernard\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.2.lnk --> C:\PROGRA~1\OPENOF~1.2\program\QUICKS~1.EXE [N/A]><N>

==================================
Services
[Apache2 / Apache2][Stopped/Auto Start]
<"C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice><Apache Software Foundation>
[Service d'état ASP.NET / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
[avast! Antivirus / avast! Antivirus][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
[avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[AVG7 Alert Manager Server / Avg7Alrt][Running/Auto Start]
<C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe><GRISOFT, s.r.o.>
[AVG7 Update Service / Avg7UpdSvc][Running/Auto Start]
<C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe><GRISOFT, s.r.o.>
[AVG E-mail Scanner / AVGEMS][Running/Auto Start]
<C:\PROGRA~1\Grisoft\AVG7\avgemc.exe><GRISOFT, s.r.o.>
[GhostStartService / GhostStartService][Running/Auto Start]
<C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE><Symantec Corporation>
[Keyboard And Mouse Communication Service / KMWDSERVICE][Running/Auto Start]
<C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe><UASSOFT.COM>
[UStorage Server Service / UStorage Server Service][Running/Auto Start]
<C:\WINDOWS\system32\UStorSrv.exe /Service><OTi>

==================================
Drivers
[Aladdin HASP Key / akshasp][Stopped/Manual Start]
<system32\DRIVERS\akshasp.sys><Aladdin Knowledge Systems Ltd.>
[Aladdin USB Key / aksusb][Stopped/Manual Start]
<System32\DRIVERS\aksusb.sys><Aladdin Knowledge Systems Ltd.>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[PS/2 Port Mouse Filter Driver / Amps2prt][Stopped/Manual Start]
<System32\Drivers\Amps2prt.sys><(Standard Mouse Types)>
[ati2mtag / ati2mtag][Running/Manual Start]
<System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[AVG7 Kernel / Avg7Core][Running/System Start]
<\SystemRoot\System32\Drivers\avg7core.sys><GRISOFT, s.r.o.>
[AVG7 Wrap Driver / Avg7RsW][Running/System Start]
<\SystemRoot\System32\Drivers\avg7rsw.sys><GRISOFT, s.r.o.>
[AVG7 Resident Driver XP / Avg7RsXP][Running/System Start]
<\SystemRoot\System32\Drivers\avg7rsxp.sys><GRISOFT, s.r.o.>
[AVG7 Clean Driver / AvgClean][Running/System Start]
<\SystemRoot\System32\Drivers\avgclean.sys><GRISOFT, s.r.o.>
[AVG Network Redirector / AvgTdi][Running/Auto Start]
<\SystemRoot\System32\Drivers\avgtdi.sys><GRISOFT, s.r.o.>
[InCD Storage Helper Driver / BsStor][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\bsstor.sys><B.H.A Co.,Ltd.>
[SM0121 USB 2.0 Video Camera / CAM1210][Stopped/Manual Start]
<System32\Drivers\cam1210.sys><USB Generic Camera>
[WebcamMax, WDM Video Capture / CamthWDM][Stopped/Auto Start]
<system32\DRIVERS\CamthWDM.sys><YewSoft>
[Philips SPC 900NC PC Camera / camvid40][Stopped/Manual Start]
<system32\DRIVERS\camdrv41.sys><Philips Consumer Electronics>
[Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet / FETNDIS][Running/Manual Start]
<System32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[GhostPciScanner / GhPciScan][Running/System Start]
<\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys><Symantec Corporation>
[IC-Prog Driver / giveio][Running/Auto Start]
<\??\C:\Program Files\ICprog\icprog.sys><N/A>
[gmer / gmer][Stopped/Manual Start]
<System32\DRIVERS\gmer.sys><GMER>
[hardlock / hardlock][Running/Auto Start]
<\??\C:\WINDOWS\System32\drivers\hardlock.sys><Aladdin Knowledge Systems Ltd.>
[Haspnt / Haspnt][Running/Auto Start]
<\??\C:\WINDOWS\System32\drivers\Haspnt.sys><Aladdin Knowledge Systems>
[hpt3xx / hpt3xx][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\hpt3xx.sys><HighPoint Technologies, Inc.>
[hptpro / hptpro][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\hptpro.sys><HighPoint Technologies, Inc.>
[Caméra CS110 Intel(r) PC / ICAM5USB][Stopped/Manual Start]
<System32\Drivers\Icam5USB.sys><Microsoft Corporation>
[imagedrv / imagedrv][Running/Boot Start]
<\SystemRoot\System32\Drivers\imagedrv.sys><Ahead Software AG>
[imagesrv / imagesrv][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\imagesrv.sys><Ahead Software AG>
[KMWDFilter / KMWDFilter][Running/Manual Start]
<\??\C:\WINDOWS\System32\Drivers\KMWDFilter.SYS><Windows (R) Codename Longhorn DDK provider>
[Logitech PS/2 Mouse Filter Driver / L8042pr2][Stopped/Manual Start]
<system32\DRIVERS\L8042pr2.Sys><Logitech, Inc.>
[Logitech Mouse Class Filter Driver / LMouFlt2][Stopped/Manual Start]
<system32\DRIVERS\LMouFlt2.Sys><Logitech, Inc.>
[ManyCam Virtual Webcam, WDM Video Capture Driver / ManyCam][Stopped/Manual Start]
<system32\DRIVERS\ManyCam.sys><Windows (R) 2000 DDK provider>
[Padus ASPI Shell / pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[StarForce Protection Environment Driver v6 / prodrv06][Running/System Start]
<\SystemRoot\System32\drivers\prodrv06.sys><Protection Technology>
[StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start]
<\SystemRoot\System32\drivers\prohlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start]
<\SystemRoot\System32\drivers\prosync1.sys><Protection Technology>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\PxHelp20.sys><Sonic Solutions>
[Logitech QuickCam Communicate / QCMerced][Running/Manual Start]
<System32\DRIVERS\LVCM.sys><>
[Ultima2000 Scanner / SampleScanner][Running/Manual Start]
<System32\DRIVERS\GT680x.sys><>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[StarForce Protection Helper Driver / sfhlp01][Running/Boot Start]
<\SystemRoot\System32\drivers\sfhlp01.sys><Protection Technology>
[Silicon Image SiI 3112 SATARaid Controller / SI3112r][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SI3112r.sys><Silicon Image, Inc.>
[SATALink driver accelerator / SiFilter][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[SoC PC-Camera / SoC PC-Camera Service][Stopped/Manual Start]
<system32\DRIVERS\pfc027.sys><>
[Susteen Serial port driver / SUSCOM][Running/Manual Start]
<system32\DRIVERS\SUSCOM.SYS><Susteen Inc.>
[szkg / szkg][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\szkg.sys><N/A>
[tmcomm / tmcomm][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\tmcomm.sys><Trend Micro Inc.>
[tyansmb / tyansmb][Running/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\tyansmb.sys><Tyan Computer System>
[VIA AGP Filter / viaagp1][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\viaide.sys><Microsoft Corporation>
[VIA USB Host Controller Lower Filter / vulfnths][Running/Manual Start]
<\SystemRoot\System32\Drivers\vulfnth.sys><VIA Technologies, Inc.>
[VIA USB Roothub Lower Filter / vulfntrs][Running/Manual Start]
<\SystemRoot\System32\Drivers\vulfntr.sys><VIA Technologies, Inc.>
[Codec Teletext standard / WSTCODEC][Stopped/Manual Start]
<System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
Browser Add-ons
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx, >
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[ST]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} <C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll, Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[MSNToolBandBHO]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll, Microsoft Corporation>
[Java Plug-in 1.6.0_03]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[]
{85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[NeoTrace It!]
{9885224C-1217-4c5f-83C2-00002E6CEF2B} <, N/A>
[Copernic Agent]
{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} <C:\PROGRA~1\COPERN~1\COPERN~1.DLL, Copernic Technologies Inc.>
[MSN]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Camfrog Toolbar]
{AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} <C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll, Camshare LC>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[Symantec AntiVirus scanner]
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} <C:\WINDOWS\Downloaded Program Files\avsniff.dll, Symantec Corporation>
[YInstStarter Class]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <C:\Program Files\Yahoo!\Common\yinsthelper.dll, Yahoo! Inc.>
[Office Update Installation Engine]
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} <C:\WINDOWS\opuc.dll, Microsoft Corporation>
[BDSCANONLINE Control]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\BDOSCAN8\oscan82.ocx, SOFTWIN>
[Symantec RuFSI Utility Class]
{644E432F-49D3-41A1-8DD5-E099162EEEC5} <C:\WINDOWS\Downloaded Program Files\rufsi.dll, Symantec Corporation>
[HouseCall Control]
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} <C:\WINDOWS\DOWNLO~1\xscan53.ocx, Trend Micro Inc.>
[WScanCtl Class]
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} <C:\WINDOWS\Downloaded Program Files\webscan.dll, CA>
[Java Plug-in 1.6.0_03]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[ActiveScan Installer Class]
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <C:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[F-Secure Online Scanner 3.0]
{9D190AE6-C81E-4039-8061-978EBAD10073} <C:\WINDOWS\Downloaded Program Files\fscax.dll, F-Secure Corporation>
[CSS Web Installer Class]
{C81B5180-AFD1-41A3-97E1-99E8D254DB98} <C:\WINDOWS\Downloaded Program Files\cssweb.dll, >
[Java Plug-in 1.5.0]
{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_02]
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_04]
{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_06]
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_09]
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_10]
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_11]
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_01]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[McFreeScan Class]
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} <C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll, McAfee, Inc.>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <, N/A>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx, >
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[Classe PeerDraw]
{10072CEC-8CC1-11D1-986E-00A0C955B42E} <%CommonProgramFiles%\Microsoft Shared\VGX\vgx.dll, N/A>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[InformationCardSigninHelper Class]
{19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, N/A>
[Symantec AntiVirus scanner]
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} <C:\WINDOWS\Downloaded Program Files\avsniff.dll, Symantec Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Fichiers communs\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\System32\msxml3.dll, N/A>
[Reporte Class]
{4A2A4430-3967-4461-94C7-BD95C419F3CF} <C:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software>
[]
{4F07F79F-087F-42CF-8B36-7A88D06088E9} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[InstallShield Update Service Agent]
{5B7524C8-2446-40E9-9474-94A779DBA224} <C:\WINDOWS\Downloaded Program Files\isusweb.dll, InstallShield Software Corporation>
[BDSCANONLINE Control]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\BDOSCAN8\oscan82.ocx, SOFTWIN>
[CKAVReportCtrl Object]
{6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Symantec RuFSI Utility Class]
{644E432F-49D3-41A1-8DD5-E099162EEEC5} <C:\WINDOWS\Downloaded Program Files\rufsi.dll, Symantec Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Seleccion Class]
{6CEC0297-FAFB-41FB-97EA-77E3081B1DFE} <C:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[ControlConexion Class]
{6FDCDD41-6C97-4A3B-9E6D-0144B66A1CE4} <C:\WINDOWS\system32\ActiveScan\ascontrol.dll, Panda Software>
[HouseCall Control]
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} <C:\WINDOWS\DOWNLO~1\xscan53.ocx, Trend Micro Inc.>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[WScanCtl Class]
{7B297BFD-85E4-4092-B2AF-16A91B2EA103} <C:\WINDOWS\Downloaded Program Files\webscan.dll, CA>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[XML DOM Document 4.0]
{88D969C0-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[XML HTTP 4.0]
{88D969C5-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[Java Plug-in 1.6.0_03]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[CODDlg Class]
{8F0A7264-3CF9-4605-8A79-4A6730AC9BFB} <C:\csscod\cod.dll, >
[ST]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4} <C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll, Microsoft Corporation>
[SOS Class]
{94E9170B-7540-4C38-A2A5-3BF7EF1B80EB} <C:\WINDOWS\system32\ActiveScan\pavpz.dll, Panda Software>
[Panda ActiveScan]
{96567F65-E04C-4611-AF29-7CDEA6FA6A84} <C:\WINDOWS\system32\ACTIVE~1\as.dll, Panda Software>
[ActiveScan Installer Class]
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <C:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[F-Secure Online Scanner 3.0]
{9D190AE6-C81E-4039-8061-978EBAD10073} <C:\WINDOWS\Downloaded Program Files\fscax.dll, F-Secure Corporation>
[YMailAttach Class]
{AA218328-0EA8-4D70-8972-E987A9190FF4} <C:\PROGRA~1\Yahoo!\Common\ymmapi.dll, Yahoo! Inc.>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Camfrog Toolbar]
{AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} <C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll, Camshare LC>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\System32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Fichiers communs\System\msadc\msadco.dll, Microsoft Corporation>
[MSN]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll, Microsoft Corporation>
[MSNToolBandBHO]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll, Microsoft Corporation>
[CSS Web Installer Class]
{C81B5180-AFD1-41A3-97E1-99E8D254DB98} <C:\WINDOWS\Downloaded Program Files\cssweb.dll, >
[Adobe Acrobat Control for ActiveX]
{CA8A9780-280D-11CF-A24D-444553540000} <C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ActiveX\pdf.ocx, Adobe Systems Incorporated>
[ApplicationHelper Object]
{CBBD301C-32AA-4D15-A9BA-3611386AB945} <C:\PROGRA~1\COPERN~1\COPERN~1.DLL, Copernic Technologies Inc.>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__MPEG Moniker Class]
{CD3AFA89-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Msxml]
{CFC399AF-D876-11D0-9C10-00C04FC99C8E} <%SystemRoot%\System32\msxml3.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[OfficeObj Class]
{D2BD7935-05FC-11D2-9059-00C04FD7A1BD} <, N/A>
[Microsoft Agent Control 2.0]
{D45FD31B-5C6E-11D1-9EC1-00C04FD7081F} <C:\WINDOWS\msagent\agentctl.dll, Microsoft Corporation>
[MessengerChecker Class]
{DA4F543C-C8A9-4E88-9A79-548CBB46F18F} <C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, Yahoo! Inc.>
[]
{E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
[SVG Document]
{EBF9B040-94C9-11D4-9064-00C04F78ACF9} <C:\WINDOWS\System32\Adobe\SVG Viewer\SVGControl.dll, Adobe Systems Incorporated>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, N/A>
[McFreeScan Class]
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} <C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll, McAfee, Inc.>
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <, N/A>
[Copernic Agent]
{F2E259E8-0FC8-438C-A6E0-342DD80FA53E} <C:\PROGRA~1\COPERN~1\COPERN~1.DLL, Copernic Technologies Inc.>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\System32\msxml3.dll, N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, N/A>
[&NeoTrace It!]
<C:\PROGRA~1\NEOTRA~1\NTXcontext.htm, N/A>
[&Traduire à partir de l'anglais]
<res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html, N/A>
[Chercher avec Copernic Agent]
<res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT, N/A>
[Pages liées]
<res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html, N/A>
[Pages similaires]
<res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html, N/A>
[Recherche &Google]
<res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html, N/A>
[Version de la page actuelle disponible dans le cache Google]
<res://c:\program files\google\GoogleToolbar2.dll/cmcache.html, N/A>

==================================
Running Processes
[PID: 596 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 684 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 728 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 740 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 892 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 972 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1064 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 1104 / SERVICE RÉSEAU][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1168 / SERVICE LOCAL][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 1248 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 1408 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 1656 / Bernard][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\WDShell.dll] [PC SOFT, 11.00Ac]
[C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll] [Sun Microsystems, Inc., 8.0.0.9118]
[C:\Program Files\OpenOffice.org 2.2\program\uwinapi.dll] [Sun Microsystems, Inc., 8.0.0.9107]
[C:\Program Files\OpenOffice.org 2.2\program\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\OpenOffice.org 2.2\program\stlport_vc7145.dll] [STLport Consulting, Inc., 4.5.2003.0120]
[C:\Program Files\OpenOffice.org 2.2\program\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRA~1\WINZIP~1.1FR\WZSHLSTB.DLL] [WinZip Computing, Inc., 3.0 (32-bit)]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Grisoft\AVG7\avgse.dll] [GRISOFT, s.r.o., 7.5.0.409]
[C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx] [, 1, 0, 0, 1]
[C:\PROGRA~1\Yahoo!\Common\ymmapi.dll] [Yahoo! Inc., 2005, 1, 1, 4]
[PID: 1688 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\CNBJMON2.DLL] [Microsoft Corporation, 5.1.2600.2079 built by: xpsp(skatari)]
[C:\WINDOWS\system32\CNMLM58.DLL] [CANON INC., 1.73.2.0]
[C:\WINDOWS\System32\pdfports.dll] [Adobe Systems Incorporated., 5.0.000]
[C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll] [N/A, ]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD58.DLL] [CANON INC., 1.73.2.0]
[PID: 1940 / Bernard][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.13.10.3041]
[C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.FRA] [ATI Technologies, Inc., 6.13.10.3041]
[C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.13.10.3041]
[PID: 1948 / Bernard][C:\Program Files\Microsoft IntelliType Pro\type32.exe] [Microsoft Corporation, 5.00.174.0]
[C:\Program Files\Microsoft IntelliType Pro\type32.dll] [Microsoft Corporation, 5.00.176.0]
[C:\Program Files\Microsoft IntelliType Pro\dpgmkb.dll] [Microsoft Corporation, 5.00.174.0]
[C:\Program Files\Microsoft IntelliType Pro\dpgcmd.dll] [Microsoft Corporation, 5.00.175.0]
[C:\Program Files\Microsoft IntelliType Pro\srres.dll] [Microsoft Corporation, 5.00.154.0]
[PID: 1960 / Bernard][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.0.14]
[PID: 1968 / Bernard][C:\WINDOWS\System32\LVCOMSX.EXE] [Logitech Inc., 8.2.0.1192]
[C:\WINDOWS\System32\lvmaenum.dll] [Logitech Inc., 8.2.0.1192]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\System32\lvcomcx.dll] [Logitech Inc., 8.2.0.1192]
[PID: 2004 / Bernard][C:\Program Files\Logitech\Video\LogiTray.exe] [Logitech Inc., 8.2.0.1192]
[C:\Program Files\Logitech\Video\QCUI2.dll] [Logitech Inc., 8.2.0.1192]
[C:\Program Files\Logitech\Video\LTWVC12n.dll] [LEAD Technologies, Inc., 12.1.0.011]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Logitech\Video\LTFIL12n.DLL] [LEAD Technologies, Inc., 12.1.0.011]
[C:\Program Files\Logitech\Video\LTKRN12n.dll] [LEAD Technologies, Inc., 12.1.0.011]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Logitech\Video\LQCUI2.dll] [Logitech Inc., 8.2.0.1192]
[C:\Program Files\Logitech\Video\LLogTray.dll] [Logitech Inc., 8.2.0.1192]
[C:\Program Files\Logitech\Video\LTDIS12N.DLL] [LEAD Technologies, Inc., 12.1.0.011]
[C:\Program Files\Logitech\Video\LTIMG12N.DLL] [LEAD Technologies, Inc., 12.1.0.011]
[C:\Program Files\Logitech\Video\LTEFX12N.DLL] [LEAD Technologies, Inc., 12.1.0.011]
[C:\Program Files\Logitech\Video\LFFAX12N.DLL] [LEAD Technologies, Inc., 12.1.0.011]
[C:\Program Files\Logitech\Video\LFCMP12N.DLL] [LEAD Technologies, Inc., 12.1.0.011]
[C:\Program Files\Logitech\Video\LFTIF12N.DLL] [LEAD Technologies, Inc., 12.1.0.011]
[C:\Program Files\Logitech\Video\LFBMP12N.DLL] [LEAD Technologies, Inc., 12.1.0.011]
[C:\Program Files\Logitech\Video\LFPCX12N.DLL] [LEAD Technologies, Inc., 12.1.0.011]
[C:\WINDOWS\System32\lvmaenum.dll] [Logitech Inc., 8.2.0.1192]
[C:\WINDOWS\System32\lvcomcx.dll] [Logitech Inc., 8.2.0.1192]
[C:\Program Files\Logitech\Video\fxsvrps.dll] [Logitech Inc., 8.2.0.1192]
[PID: 2012 / Bernard][C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.30.5]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 2028 / Bernard][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
[c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]
[c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 2036 / Bernard][C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe] [Symantec Corporation, 2003.775]
[PID: 180 / Bernard][C:\WINDOWS\Logi_MwX.Exe] [Logitech Inc., 9.79.024]
[PID: 212 / Bernard][C:\Program Files\WebcamMax\CAMTHINS.exe] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Program Files\WebcamMax\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\WebcamMax\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[PID: 176 / Bernard][C:\WINDOWS\System32\drivers\PhiBtn.exe] [Philips, 1.0.13.0]
[PID: 260 / Bernard][C:\WINDOWS\System32\drivers\Tray900.exe] [Philips, 1.0.0.8]
[PID: 280 / Bernard][C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe] [UASSOFT.COM, 1.0.0.1]
[PID: 372 / Bernard][C:\PROGRA~1\Grisoft\AVG7\avgcc.exe] [GRISOFT, s.r.o., 7.5.0.504]
[C:\PROGRA~1\Grisoft\AVG7\AvgTMgr.dll] [GRISOFT, s.r.o., 7.5.0.494]
[C:\PROGRA~1\Grisoft\AVG7\AvgCtrl.dll] [GRISOFT, s.r.o., 7.5.0.506]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRA~1\Grisoft\AVG7\AvgAbout.dll] [GRISOFT, s.r.o., 7.5.0.507]
[C:\PROGRA~1\Grisoft\AVG7\AvgTest.dll] [GRISOFT, s.r.o., 7.5.0.506]
[C:\PROGRA~1\Grisoft\AVG7\AvgTRes.dll] [GRISOFT, s.r.o., 7.5.0.494]
[C:\PROGRA~1\Grisoft\AVG7\AvgSet.dll] [, ]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRA~1\Grisoft\AVG7\avglog.dll] [GRISOFT, s.r.o., 7.5.0.429]
[C:\Program Files\Grisoft\AVG7\avgcfg.dll] [GRISOFT, s.r.o., 7.5.0.504]
[C:\Program Files\Grisoft\AVG7\avgklib.dll] [GRISOFT, s.r.o., 7.5.0.458]
[C:\Program Files\Grisoft\AVG7\avglng.dll] [GRISOFT, s.r.o., 7.5.0.480]
[C:\Program Files\Grisoft\AVG7\avgamsps.dll] [GRISOFT, s.r.o., 7.5.0.407]
[C:\Program Files\Grisoft\AVG7\AVGRES.DLL] [GRISOFT, s.r.o., 7.5.0.503]
[C:\Program Files\Grisoft\AVG7\avgcckrn.dll] [GRISOFT, s.r.o., 7.5.0.506]
[C:\Program Files\Grisoft\AVG7\avgvault.dll] [GRISOFT, s.r.o., 7.5.0.458]
[C:\Program Files\Grisoft\AVG7\avgrep.dll] [GRISOFT, s.r.o., 7.5.0.448]
[C:\Program Files\Grisoft\AVG7\avgunarc.dll] [GRISOFT, s.r.o., 7.5.0.474]
[C:\PROGRA~1\Grisoft\AVG7\avgemsui.dll] [GRISOFT, s.r.o., 7.5.0.506]
[C:\PROGRA~1\Grisoft\AVG7\avgemcps.dll] [GRISOFT, s.r.o., 7.5.0.420]
[C:\Program Files\Grisoft\AVG7\avgscan.dll] [GRISOFT, s.r.o., 7.5.0.491]
[C:\Program Files\Grisoft\AVG7\avgcore.dll] [GRISOFT, s.r.o., 7.5.0.498]
[C:\Program Files\Grisoft\AVG7\avgf.dll] [N/A, ]
[PID: 380 / Bernard][C:\Program Files\Spamihilator\spamihilator.exe] [Michel Krämer, 0, 9, 9, 10]
[C:\Program Files\Spamihilator\uclanguage.dll] [Michel Krämer, 1, 2, 0, 0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Spamihilator\SSLEAY32.dll] [N/A, ]
[C:\Program Files\Spamihilator\LIBEAY32.dll] [N/A, ]
[C:\Program Files\Spamihilator\zlib1.dll] [, 1.2.1]
[C:\Program Files\Spamihilator\spu.dll] [N/A, ]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Spamihilator\plugins\attachmentfilter.dll] [Michel Krämer, 0, 9, 1, 0]
[C:\Program Files\Spamihilator\plugins\dccfilter.dll] [Michel Krämer, 0, 0, 2, 4]
[C:\Program Files\Spamihilator\plugins\imagefilter.dll] [Michel Krämer, 1, 2, 1, 0]
[C:\Program Files\Spamihilator\plugins\newsletter.dll] [Michel Krämer, 1, 0, 1, 0]
[PID: 436 / Bernard][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 472 / Bernard][C:\Program Files\RamBoost XP\rambxpfr.exe] [Gildas LE BOURNAULT, 4.0.6.324]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 480 / Bernard][C:\Program Files\Trust\Trust R-Series Mouse\KMConfig.exe] [UASSOFT.COM, 3, 0, 0, 1]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 524 / Bernard][C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe] [Adobe Systems Inc., 5, 0, 0, 0]
[PID: 552 / SYSTEM][C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe] [GRISOFT, s.r.o., 7.5.0.496]
[C:\PROGRA~1\Grisoft\AVG7\avgklib.dll] [GRISOFT, s.r.o., 7.5.0.458]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\Grisoft\AVG7\avglog.dll] [GRISOFT, s.r.o., 7.5.0.429]
[C:\Program Files\Grisoft\AVG7\avgcfg.dll] [GRISOFT, s.r.o., 7.5.0.504]
[C:\Program Files\Grisoft\AVG7\avglng.dll] [GRISOFT, s.r.o., 7.5.0.480]
[C:\Program Files\Grisoft\AVG7\avgamint.dll] [GRISOFT, s.r.o., 7.5.0.482]
[C:\Program Files\Grisoft\AVG7\avgamsps.dll] [GRISOFT, s.r.o., 7.5.0.407]
[PID: 640 / SYSTEM][C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe] [GRISOFT, s.r.o., 7.5.0.420]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Grisoft\AVG7\avgupd.dll] [GRISOFT, s.r.o., 7.5.0.515]
[C:\Program Files\Grisoft\AVG7\avgklib.dll] [GRISOFT, s.r.o., 7.5.0.458]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Grisoft\AVG7\avgcfg.dll] [GRISOFT, s.r.o., 7.5.0.504]
[C:\PROGRA~1\Grisoft\AVG7\avglog.dll] [GRISOFT, s.r.o., 7.5.0.429]
[C:\Program Files\Grisoft\AVG7\avgupsvc.dll] [GRISOFT, s.r.o., 7.5.0.420]
[C:\Program Files\Grisoft\AVG7\avgamsps.dll] [GRISOFT, s.r.o., 7.5.0.407]
[PID: 704 / SYSTEM][C:\PROGRA~1\Grisoft\AVG7\avgemc.exe] [GRISOFT, s.r.o., 7.5.0.510]
[C:\PROGRA~1\Grisoft\AVG7\libsasl.dll] [GRISOFT, s.r.o., 7.5.0.407]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRA~1\Grisoft\AVG7\avglog.dll] [GRISOFT, s.r.o., 7.5.0.429]
[C:\Program Files\Grisoft\AVG7\avgcfg.dll] [GRISOFT, s.r.o., 7.5.0.504]
[C:\Program Files\Grisoft\AVG7\avgklib.dll] [GRISOFT, s.r.o., 7.5.0.458]
[C:\Program Files\Grisoft\AVG7\avglng.dll] [GRISOFT, s.r.o., 7.5.0.480]
[C:\Program Files\Grisoft\AVG7\avgscan.dll] [GRISOFT, s.r.o., 7.5.0.491]
[C:\Program Files\Grisoft\AVG7\avgunarc.dll] [GRISOFT, s.r.o., 7.5.0.474]
[C:\PROGRA~1\Grisoft\AVG7\saslcrammd5.dll] [GRISOFT, s.r.o., 7.5.0.407]
[C:\PROGRA~1\Grisoft\AVG7\sasldigestmd5.dll] [GRISOFT, s.r.o., 7.5.0.407]
[C:\PROGRA~1\Grisoft\AVG7\sasllogin.dll] [GRISOFT, s.r.o., 7.5.0.407]
[C:\PROGRA~1\Grisoft\AVG7\saslplain.dll] [GRISOFT, s.r.o., 7.5.0.407]
[C:\Program Files\Grisoft\AVG7\avgmail.dll] [GRISOFT, s.r.o., 7.5.0.429]
[C:\PROGRA~1\Grisoft\AVG7\avgemcps.dll] [GRISOFT, s.r.o., 7.5.0.420]
[C:\Program Files\Grisoft\AVG7\avgcore.dll] [GRISOFT, s.r.o., 7.5.0.498]
[PID: 904 / SYSTEM][C:\WINDOWS\system32\cisvc.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1016 / Bernard][C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe] [Apache Software Foundation, 2.0.55]
[PID: 1048 / SYSTEM][C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE] [Symantec Corporation, 2003.775]
[PID: 1128 / Bernard][C:\Program Files\Trust\Trust R-Series Mouse\KMProcess.exe] [UASSOFT.COM, 4.0.0.1]
[C:\Program Files\Trust\Trust R-Series Mouse\keydll.dll] [N/A, ]
[C:\Program Files\Trust\Trust R-Series Mouse\MouseHook.dll] [N/A, ]
[PID: 1204 / Bernard][C:\Program Files\Logitech\Video\FxSvr2.exe] [Logitech Inc., 8.2.0.1192]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\twain_32\LogiVid\HVidSp2.dll] [Logitech Inc., 8.2.0.1192]
[C:\WINDOWS\System32\lvmaenum.dll] [Logitech Inc., 8.2.0.1192]
[C:\WINDOWS\System32\lvcomcx.dll] [Logitech Inc., 8.2.0.1192]
[C:\Program Files\Logitech\Video\fxsvrps.dll] [Logitech Inc., 8.2.0.1192]
[PID: 1192 / SYSTEM][C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe] [UASSOFT.COM, 1, 0, 6, 0]
[PID: 1272 / Bernard][C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe] [Teleca Software Solutions AB, 1, 4, 0, 1]
[C:\Program Files\Sony Ericsson\Mobile\DMLg.dll] [Teleca Software Solutions AB, 1, 3, 5, 0]
[C:\PROGRA~1\SONYER~1\Mobile\Sync.ocx] [Teleca Software Solutions AB, 2, 2, 0, 18]
[C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ECENGI~1.DLL] [Symbian Ltd., 1, 0, 0, 41]
[C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\Wswitch.dll] [N/A, ]
[C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CracDlr.dll] [N/A, ]
[C:\Program Files\Sony Ericsson\Mobile\Connectivity Pack\RtSock.dll] [Symbian Ltd., 1, 0, 0, 41]
[C:\Program Files\Sony Ericsson\Mobile\Connectivity Pack\SCRFSProxy.dll] [N/A, ]
[C:\Program Files\Sony Ericsson\Mobile\aufilemgr.dll] [N/A, ]
[PID: 1516 / Bernard][C:\Program Files\PowerCheck\PowerCheck.exe] [N/A, ]
[PID: 1512 / SYSTEM][C:\WINDOWS\System32\snmp.exe] [Microsoft Corporation, 5.1.2600.3038 (xpsp_sp2_gdr.061119-2303)]
[PID: 1888 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2084 / SYSTEM][C:\WINDOWS\system32\UStorSrv.exe] [OTi, 2, 0, 0, 4]
[C:\WINDOWS\system32\OPDSL.dll] [, 1, 0, 0, 14]
[PID: 2124 / Bernard][c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE] [Intuwave Ltd., 2, 2, 0, 371]
[c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\mRouterGateway.DLL] [Intuwave Ltd., 2, 2, 0, 371]
[c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\mRouterPropPages.DLL] [Intuwave Ltd., 2, 2, 0, 371]
[c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterController.dll] [Intuwave Ltd., 2, 2, 0, 371]
[c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTERTCP.DLL] [Intuwave Ltd., 2, 2, 0, 371]
[c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTERSERIAL.DLL] [Intuwave Ltd., 2, 2, 0, 371]
[c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTERIRSOCKETS.DLL] [Intuwave Ltd., 2, 2, 0, 371]
[c:\Program Files\Intuwave Ltd\Shared\mRouterRunTime\mRouterBluetooth.dll] [Intuwave Ltd., 2, 2, 0, 371]
[c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTERWINSOCK.DLL] [Intuwave Ltd., 2, 2, 0, 371]
[c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\mRouterAccessPoint.dll] [Intuwave Ltd., 2, 2, 0, 371]
[PID: 2192 / Bernard][C:\Program Files\OpenOffice.org 2.2\program\soffice.exe] [OpenOffice.org, 1.09.9129]
[C:\Program Files\OpenOffice.org 2.2\program\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\OpenOffice.org 2.2\program\uwinapi.dll] [Sun Microsystems, Inc., 8.0.0.9107]
[PID: 2272 / Bernard][C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN] [OpenOffice.org, 1.09.9129]
[C:\Program Files\OpenOffice.org 2.2\program\vcl680mi.dll] [Sun Microsystems, Inc., 8.0.0.9118]
[C:\Program Files\OpenOffice.org 2.2\program\sot680mi.dll] [Sun Microsystems, Inc., 8.0.0.9116]
[C:\Program Files\OpenOffice.org 2.2\program\tl680mi.dll] [Sun Microsystems, Inc., 8.0.0.9116]
[C:\Program Files\OpenOffice.org 2.2\program\cppu3.dll] [Sun Microsystems, Inc., 8.0.0.9106]
[C:\Program Files\OpenOffice.org 2.2\program\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\OpenOffice.org 2.2\program\sal3.dll] [Sun Microsystems, Inc., 8.0.0.9107]
[C:\Program Files\OpenOffice.org 2.2\program\uwinapi.dll] [Sun Microsystems, Inc., 8.0.0.9107]
[C:\Program Files\OpenOffice.org 2.2\program\stlport_vc7145.dll] [STLport Consulting, Inc., 4.5.2003.0120]
[C:\Program Files\OpenOffice.org 2.2\program\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\OpenOffice.org 2.2\program\vos3MSC.dll] [Sun Microsystems, Inc., 8.0.0.9106]
[C:\Program Files\OpenOffice.org 2.2\program\basegfx680mi.dll] [Sun Microsystems, Inc., 8.0.0.9116]
[C:\Program Files\OpenOffice.org 2.2\program\i18nisolang1MSC.dll] [Sun Microsystems, Inc., 8.0.0.9116]
[C:\Program Files\OpenOffice.org 2.2\program\utl680mi.dll] [Sun Microsystems, Inc., 8.0.0.9116]
[C:\Program Files\OpenOffice.org 2.2\program\salhelper3MSC.dll] [Sun Microsystems, Inc., 8.0.0.9106]
[C:\Program Files\OpenOffice.org 2.2\program\comphelp4MSC.dll] [Sun Microsystems, Inc., 8.0.0.9116]
[C:\Program Files\OpenOffice.org 2.2\program\cppuhelper3MSC.dll] [Sun Microsystems, Inc., 8.0.0.9116]
[C:\Program Files\OpenOffice.org 2.2\program\ucbhelper3MSC.dll] [Sun Microsystems, Inc., 8.0.0.9116]
[C:\Program Files\OpenOffice.org 2.2\program\icuuc36.dll] [IBM Corporation and others, 3, 6, 0, 0]
[C:\Program Files\OpenOffice.org 2.2\program\icudt36l.dll] [IBM Corporation and others, 3, 6, 0, 0]
[C:\Program Files\OpenOffice.org 2.2\program\svl680mi.dll] [Sun Microsystems, Inc., 8.0.0.9118]
[C:\Program Files\OpenOffice.org 2.2\program\svt680mi.dll] [Sun Microsystems, Inc., 8.0.0.9118]
[C:\Program Files\OpenOffice.org 2.2\program\tk680mi.dll] [Sun Microsystems, Inc., 8.0.0.9119]
[C:\Program Files\OpenOffice.org 2.2\program\jvmfwk3.dll] [Sun Microsystems, Inc., 8.0.0.9116]
[C:\Program Files\OpenOffice.org 2.2\program\libxml2.dll] [N/A, ]
[C:\Program Files\OpenOffice.org 2.2\program\servicemgr.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
[C:\Program Files\OpenOffice.org 2.2\program\shlibloader.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
[C:\Program Files\OpenOffice.org 2.2\program\simplereg.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
[C:\Program Files\OpenOffice.org 2.2\program\nestedreg.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
[C:\Program Files\OpenOffice.org 2.2\program\typemgr.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
[C:\Program Files\OpenOffice.org 2.2\program\implreg.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
[C:\Program Files\OpenOffice.org 2.2\program\security.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
[C:\Program Files\OpenOffice.org 2.2\program\reg3.dll] [Sun Microsystems, Inc., 8.0.0.9106]
[C:\Program Files\OpenOffice.org 2.2\program\store3.dll] [Sun Microsystems, Inc., 8.0.0.9106]
[C:\Program Files\OpenOffice.org 2.2\program\regtypeprov.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
[C:\Program Files\OpenOffice.org 2.2\program\configmgr2.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
[C:\Program Files\OpenOffice.org 2.2\program\typeconverter.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
[C:\Program Files\OpenOffice.org 2.2\program\sysmgr1.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
[C:\Program Files\OpenOffice.org 2.2\program\sax.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
[C:\Program Files\OpenOffice.org 2.2\program\localebe1.uno.dll] [Sun Microsystems, Inc., 8.0.0.9118]
[C:\Program Files\OpenOffice.org 2.2\program\behelper.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
[C:\Program Files\OpenOffice.org 2.2\program\uriproc.uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
[C:\Program Files\OpenOffice.org 2.2\program\ucb1.dll] [Sun Microsystems, Inc., 8.0.0.9116]
[C:\Program Files\OpenOffice.org 2.2\program\fwl680mi.dll] [Sun Microsystems, Inc., 8.0.0.9118]
[C:\Program Files\OpenOffice.org 2.2\program\fwi680mi.dll] [Sun Microsystems, Inc., 8.0.0.9118]
[C:\Program Files\OpenOffice.org 2.2\program\ucpfile1.dll] [Sun Microsystems, Inc., 8.0.0.9116]
[C:\Program Files\OpenOffice.org 2.2\program\sfx680mi.dll] [Sun Microsystems, Inc., 8.0.0.9124]
[C:\Program Files\OpenOffice.org 2.2\program\fwe680mi.dll] [Sun Microsystems, Inc., 8.0.0.9118]
[C:\Program Files\OpenOffice.org 2.2\program\sb680mi.dll] [Sun Microsystems, Inc., 8.0.0.9118]
[C:\Program Files\OpenOffice.org 2.2\program\xcr680mi.dll] [Sun Microsystems, Inc., 8.0.0.9116]
[C:\Program Files\OpenOffice.org 2.2\program\j680mi_g.dll] [Sun Microsystems, Inc., 8.0.0.9118]
[C:\Program Files\OpenOffice.org 2.2\program\jvmaccess3MSC.dll] [Sun Microsystems, Inc., 8.0.0.9107]
[C:\Program Files\OpenOffice.org 2.2\program\fwk680mi.dll] [Sun Microsystems, Inc., 8.0.0.9124]
[C:\Program Files\OpenOffice.org 2.2\program\msci_uno.dll] [Sun Microsystems, Inc., 8.0.0.9116]
[C:\Program Files\OpenOffice.org 2.2\program\spl680mi.dll] [Sun Microsystems, Inc., 8.0.0.9129]
[C:\Program Fi
0
Réponse 10 / 25
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
27 déc. 2007 à 18:54
Bonjour,

1/ * Ouvrir l'explorateur windows (Démarrer>programmes>Accessoires>Explorateur windows ou Démarrer>programmes>Explorateur windows).
* Cliquer sur outils>options des dossiers>affichage.
* Sélectionner :
o afficher les fichiers et dossiers cachés,
o décocher "masquer les extensions des fichiers dont le type est connu",
o décocher masquer les fichiers protégés du système d'exploitation (recommandé)".

* "appliquer" et "ok"

2/ * Peux-tu tester ceci : C:\windows\system32\DRIVERS\szkg.sys
* Clique sur ce lien : http://www.virustotal.com/en/indexf.html
* Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
* Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.

3/ # Télécharge SDFix (créé par Andy Manchesta) et sauvegarde le sur ton Bureau : http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
# Imprime ceci.
# Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

* Redémarre ton ordinateur.
* Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (ou F5).
* A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
* Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
* Choisis ton compte.

# Déroule la liste des instructions ci-dessous :

* En mode sans échec, double-clique sur le fichier SDFix.exe et clique sur install,
* Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le script.
* Appuie sur Y pour commencer le script.
* Il va supprimer les services de certains trojans, effectuera aussi quelques réparations du Registre et il te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
* Enfin, ouvre le dossier de SDFix sur ton Bureau et copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

FillPCA
0
Réponse 11 / 25
Moi même
28 déc. 2007 à 14:32
Bonjour et merci
je n'ai pas trouvé le fichier que tu m'indiques : C:\windows\system32\DRIVERS\szkg.sys et en conséquence la procédure 2/ n'a pas été effectuée...
Voici par contre le résultat des autres
_______________________________________________________________________

SDFix: Version 1.120

Run by Bernard on 28/12/2007 at 14:02

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 14:12:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2C4D257C-72E2-E577-A752-291333787D00}]
"hagepphnhnalohlb"=hex:61,61,00,00
"hagepphnnnglgocp"=hex:61,61,00,00
"iakfpidebimpimgooj"=hex:6b,61,68,69,67,68,6d,70,69,62,66,67,61,65,6c,66,67,70,61,6f,6f,..
"haegjngplkgkgjhj"=hex:6b,61,68,69,67,68,6d,70,69,62,66,67,61,65,6c,66,67,70,61,6f,6f,..

scanning hidden files ...

C:\WINDOWS\Temp\_av_proI.tm~a01980
C:\WINDOWS\Temp\_av_proI.tm~a01980\dld1.tmp 0 bytes
C:\WINDOWS\Temp\_av_proI.tm~a01980\setup.lok 0 bytes
C:\Documents and Settings\Bernard\Application Data\m\shared\BiblePromise : Scripture Verses for your Daily Bread 2.2 [Patch].zip 767430 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 4


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Age of Empires 2\\age2_x1.exe"="C:\\Program Files\\Age of Empires 2\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\\Program Files\\EasyPHP1-7\\apache\\apache.exe"="C:\\Program Files\\EasyPHP1-7\\apache\\apache.exe:*:Enabled:apache"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows© NetMeeting©"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Empire Earth\\Empire Earth.exe"="C:\\Program Files\\Empire Earth\\Empire Earth.exe:*:Enabled:Empire Earth"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\\Program Files\\GlobalSCAPE\\CuteFTP Pro\\TE\\ftpte.exe"="C:\\Program Files\\GlobalSCAPE\\CuteFTP Pro\\TE\\ftpte.exe:*:Enabled:FTP Transfer Engine"
"C:\\Program Files\\MixW\\Teoan.exe"="C:\\Program Files\\MixW\\Teoan.exe:*:Enabled:TEOAN"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime"
"C:\\Program Files\\EchoLink\\EchoLink.exe"="C:\\Program Files\\EchoLink\\EchoLink.exe:*:Enabled:EchoLink"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"="C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp:*:Enabled:KazaaLite"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\11exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\11exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\38exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\38exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\43exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\43exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\74exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\74exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\51exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\51exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\0exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\0exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\80exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\80exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\75exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\75exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\63exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\63exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\8exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\8exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\48exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\48exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\2exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\2exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\36exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\36exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\66exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\66exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\50exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\50exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\73exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\73exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\54exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\54exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\29exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\29exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\6exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\6exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\61exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\61exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\41exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\41exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\45exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\45exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\64exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\64exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\37exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\37exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\19exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\19exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\69exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\69exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\12exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\12exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\84exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\84exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\15exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\15exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\5exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\5exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\21exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\21exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\99exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\99exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\65exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\65exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\23exinjs.a5.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\23exinjs.a5.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\26exinjs.a6.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\26exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\98exinjs.a6.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\98exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\17exinjs.a6.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\17exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\10exinjs.a6.exe"="C:\\DOCUME~1\\Bernard\\LOCALS~1\\Temp\\10exinjs.a6.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\Microsoft Office\\Office\\EXCEL.EXE"="C:\\Program Files\\Microsoft Office\\Office\\EXCEL.EXE:*:Enabled:Microsoft Excel for Windows"
"C:\\Program Files\\FileZilla\\FileZilla.exe"="C:\\Program Files\\FileZilla\\FileZilla.exe:*:Enabled:FileZilla"
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
"C:\\Program Files\\Apache Group\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\Apache Group\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------


Files with Hidden Attributes:

Fri 23 Dec 2005 4,027,936 ...H. --- "C:\Program Files\Picasa2\setup.exe"
Thu 5 Jun 2003 24,576 A..H. --- "C:\Program Files\RamBoost XP\StopRam.exe"
Mon 3 Sep 2007 1,890 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Fri 27 Aug 2004 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 14 Aug 2004 24,576 A..H. --- "C:\Documents and Settings\Bernard\Local Settings\TempIadHide4.dll"
Fri 3 Nov 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 27 Aug 2004 4,348 ...H. --- "C:\Documents and Settings\Bernard\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak"
Sun 30 Jan 2005 20 A..H. --- "C:\Documents and Settings\Bernard\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak"
Fri 27 Aug 2004 400 A.SH. --- "C:\Documents and Settings\Bernard\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak"
Wed 14 Aug 2002 65,088 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM"
Wed 14 Aug 2002 12,732 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM"
Wed 14 Aug 2002 26,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM"
Wed 14 Aug 2002 28,062 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM"
Wed 14 Aug 2002 10,710 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM"
Wed 14 Aug 2002 10,083 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM"
Wed 14 Aug 2002 10,257 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM"
Wed 14 Aug 2002 29,499 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM"
Wed 14 Aug 2002 12,660 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM"
Wed 14 Aug 2002 11,031 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM"
Wed 14 Aug 2002 17,952 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM"
Wed 14 Aug 2002 9,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM"
Wed 14 Aug 2002 13,673 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM"
Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM"
Wed 14 Aug 2002 7,243 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM"
Wed 14 Aug 2002 24,767 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM"
Wed 14 Aug 2002 7,463 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM"
Wed 14 Aug 2002 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM"
Wed 14 Aug 2002 10,286 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM"
Wed 14 Aug 2002 25,460 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM"
Wed 14 Aug 2002 28,866 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM"
Wed 14 Aug 2002 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM"
Wed 14 Aug 2002 8,544 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys"
Wed 14 Aug 2002 33,149 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys"
Wed 28 May 2003 51,150 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI1394.SYS"
Wed 14 Aug 2002 35,340 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI2DOS.SYS"
Wed 14 Aug 2002 14,378 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI4DOS.SYS"
Wed 14 Aug 2002 37,984 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8DOS.SYS"
Wed 14 Aug 2002 44,828 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8U2.SYS"
Wed 14 Aug 2002 29,628 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPICD.SYS"
Wed 28 May 2003 52,106 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIEHCI.SYS"
Wed 14 Aug 2002 49,242 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIOHCI.SYS"
Wed 14 Aug 2002 50,606 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIUHCI.SYS"
Wed 14 Aug 2002 161,792 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BOOTSRV.SYS"
Wed 14 Aug 2002 174,080 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\bootsrv16.sys"
Wed 14 Aug 2002 21,971 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTCDROM.SYS"
Wed 14 Aug 2002 30,955 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTDOSM.SYS"
Wed 14 Aug 2002 202,517 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE"
Wed 14 Aug 2002 374,038 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE"
Wed 14 Aug 2002 22,158 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\COUNTRY.SYS"
Wed 14 Aug 2002 1,608 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DEVICE.COM"
Wed 14 Aug 2002 15,345 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DISPLAY.SYS"
Wed 14 Aug 2002 7,840 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DLSHELP.SYS"
Wed 14 Aug 2002 56,821 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE"
Wed 14 Aug 2002 64,425 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\FLASHPT.SYS"
Wed 14 Aug 2002 32,396 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE"
Wed 14 Aug 2002 14,160 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\HIMEM.SYS"
Wed 14 Aug 2002 10,898 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYB.COM"
Wed 14 Aug 2002 53,556 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYBOARD.SYS"
Wed 14 Aug 2002 15,777 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MODE.COM"
Wed 14 Aug 2002 37,681 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MOUSE.COM"
Wed 14 Aug 2002 354,304 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\msbootsrv16.sys"
Wed 14 Aug 2002 21,180 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE"
Wed 14 Aug 2002 354,263 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe"
Wed 14 Aug 2002 8,513 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\NETBIND.COM"
Wed 14 Aug 2002 41,302 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OAKCDROM.SYS"
Wed 14 Aug 2002 129,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE"
Wed 14 Aug 2002 28,439 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Paralink.com"
Wed 14 Aug 2002 13,770 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE"
Wed 14 Aug 2002 130,980 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE"
Wed 14 Aug 2002 11,854 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM"
Wed 14 Aug 2002 52,715 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM"
Wed 14 Aug 2002 62,391 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM"
Wed 14 Aug 2002 11,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com"
Wed 14 Aug 2002 17,791 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com"
Wed 14 Aug 2002 17,043 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com"
Wed 14 Aug 2002 11,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com"
Wed 14 Aug 2002 18,300 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com"
Wed 14 Aug 2002 48,224 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com"
Wed 14 Aug 2002 13,360 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com"
Wed 14 Aug 2002 9,190 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com"
Wed 14 Aug 2002 12,567 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com"
Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM"
Wed 14 Aug 2002 56,896 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com"
Wed 14 Aug 2002 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com"
Wed 14 Aug 2002 9,692 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com"
Wed 14 Aug 2002 9,537 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM"
Wed 14 Aug 2002 32,484 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com"
Wed 14 Aug 2002 52,225 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe"
Wed 14 Aug 2002 48,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe"
Wed 14 Aug 2002 50,405 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com"
Wed 14 Aug 2002 33,860 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe"
Wed 14 Aug 2002 50,175 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe"
Wed 14 Aug 2002 50,795 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe"
Wed 14 Aug 2002 48,223 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com"
Wed 14 Aug 2002 48,641 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe"
Wed 14 Aug 2002 49,015 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com"
Wed 14 Aug 2002 53,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\command.com"
Wed 14 Aug 2002 44,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM"
Wed 14 Aug 2002 42,550 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM"

Finished!
________________________________________________________________________________________________________
catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 14:12:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2C4D257C-72E2-E577-A752-291333787D00}]
"hagepphnhnalohlb"=hex:61,61,00,00
"hagepphnnnglgocp"=hex:61,61,00,00
"iakfpidebimpimgooj"=hex:6b,61,68,69,67,68,6d,70,69,62,66,67,61,65,6c,66,67,70,61,6f,6f,..
"haegjngplkgkgjhj"=hex:6b,61,68,69,67,68,6d,70,69,62,66,67,61,65,6c,66,67,70,61,6f,6f,..

scanning hidden files ...

C:\WINDOWS\Temp\_av_proI.tm~a01980
C:\WINDOWS\Temp\_av_proI.tm~a01980\dld1.tmp 0 bytes
C:\WINDOWS\Temp\_av_proI.tm~a01980\setup.lok 0 bytes
C:\Documents and Settings\Bernard\Application Data\m\shared\BiblePromise : Scripture Verses for your Daily Bread 2.2 [Patch].zip 767430 bytes hidden from API

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 4
_________________________________________________________________________________________________________
Logfile of HijackThis v1.99.1
Scan saved at 14:23:28, on 28/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\PowerCheck\PowerCheck.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CapMan.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ElogErr.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\SCRFS.exe
C:\PROGRA~1\SONYER~1\Mobile\AUFILE~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\Ecfmserv.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://news.google.com/topstories?hl=fr&gl=FR&ceid=FR:fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O4 - Global Startup: PowerCheck.lnk = C:\Program Files\PowerCheck\PowerCheck.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - https://www.f-secure.com/en/home/support
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - https://www.f-secure.com/en/home/support
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - https://www.appdirect.com/products/apphelp/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4886/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
0
Réponse 12 / 25
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
28 déc. 2007 à 14:49
Bonjour,

* Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Double clique combofix.exe et suis les invites.
* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

Edite aussi un rapport Hijackthis.

FillPCA
0
Réponse 13 / 25
Moi même
28 déc. 2007 à 17:06
voila
________________________________________________________________________________________________________
ComboFix 07-12-21.4 - Bernard 2007-12-28 16:41:19.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.163 [GMT 1:00]
Running from: C:\Documents and Settings\Bernard\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\Phibtn.exe
C:\WINDOWS\system32\drivers\Tray900.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\poof


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-28 to 2007-12-28 ))))))))))))))))))))))))))))))))))))
.

2007-12-28 16:40 . 2004-08-05 13:00 153,088 --a------ C:\WINDOWS\regedit.exe
2007-12-28 14:01 . 2007-12-28 14:01 <REP> d-------- C:\WINDOWS\ERUNT
2007-12-27 15:03 . 2007-12-27 15:03 17,374,963 --a------ C:\upload_moi_BV.tar.gz
2007-12-27 14:39 . 2007-12-13 12:08 <REP> d-------- C:\Program Files\Trust
2007-12-25 19:54 . 2007-12-28 09:04 <REP> d-------- C:\Documents and Settings\Bernard\Application Data\AVG7
2007-12-25 19:53 . 2007-12-25 19:53 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-25 19:53 . 2007-12-25 19:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-22 20:41 . 2007-12-22 20:41 <REP> d-------- C:\Program Files\PC Inspector File Recovery
2007-12-22 20:41 . 2002-02-18 18:40 6,200 --a------ C:\WINDOWS\system32\INT13EXT.VXD
2007-12-22 15:47 . 2007-12-22 15:47 <REP> d-------- C:\Program Files\Trend Micro
2007-12-21 00:54 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2007-12-21 00:50 . 2007-12-21 00:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-19 14:21 . 2007-12-19 14:24 250 --a------ C:\WINDOWS\gmer.ini
2007-12-18 00:58 . 2007-12-18 00:58 <REP> d-------- C:\WINDOWS\AU_Temp
2007-12-18 00:57 . 2007-12-18 00:53 40,069,133 --a------ C:\WINDOWS\LPT$VPN.891
2007-12-18 00:53 . 2007-12-18 00:53 40,069,133 --a------ C:\WINDOWS\VPTNFILE.891
2007-12-14 13:27 . 2007-12-14 13:27 <REP> d-------- C:\Documents and Settings\Bernard\Application Data\vlc
2007-12-13 11:51 . 2007-02-13 07:42 14,848 --a------ C:\WINDOWS\system32\drivers\KMWDFilter.SYS
2007-12-13 11:50 . 2007-12-13 11:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3E318E90-4BE6-4440-A0EE-2EAF8419199C}
2007-12-13 11:39 . 2004-08-20 00:09 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-13 11:39 . 2004-08-20 00:09 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-28 15:47 --------- d-----w C:\Program Files\Spamihilator
2007-12-28 13:38 --------- d-----w C:\Documents and Settings\Bernard\Application Data\OpenOffice.org2
2007-12-28 08:04 --------- d-----w C:\Program Files\RamBoost XP
2007-12-26 23:04 --------- d-----w C:\Program Files\eMule
2007-12-25 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-25 00:03 --------- d-----w C:\Program Files\3D Home Architect
2007-12-24 23:48 --------- d-----w C:\Program Files\Fake Webcam
2007-12-24 23:37 --------- d-----w C:\Documents and Settings\Bernard\Application Data\m
2007-12-23 20:56 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-22 19:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-19 17:29 --------- d-----w C:\Program Files\MSN Messenger
2007-12-19 17:29 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-17 23:58 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-12-17 23:58 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-12-17 23:53 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2007-12-17 23:53 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-12-16 00:50 --------- d-----w C:\Program Files\WebcamMax
2007-12-16 00:48 --------- d-----w C:\Program Files\PowerCheck
2007-12-16 00:39 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2007-12-16 00:25 --------- d-----w C:\Program Files\Google
2007-12-14 12:25 --------- d-----w C:\Program Files\VideoLAN
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-28 19:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-11-18 05:49 286,720 ------w C:\WINDOWS\Setup1.exe
2007-11-14 16:28 --------- d-----w C:\Documents and Settings\Bernard\Application Data\ArcSoft
2007-11-14 16:26 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft
2007-11-14 16:14 --------- d-----w C:\Program Files\Philips
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 19:35 --------- d-----w C:\Program Files\PC Camera
2007-10-31 05:45 --------- d-----w C:\Program Files\DipTrace
2007-10-28 12:20 --------- d-----w C:\Program Files\Java
2007-09-03 21:16 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="\Program\BackWeb-8876480.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-25 19:53]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5ECD31F0-F91A-11d4-B3CA-00D0B70A09D2}"= WDShell [ ]

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-06 00:07]
R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2002-10-05 10:46]
R0 hptpro;hptpro;C:\WINDOWS\system32\DRIVERS\hptpro.sys [2002-04-27 07:34]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-05-12 13:01]
R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 14:11]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe [2007-06-09 00:23]
R2 tyansmb;tyansmb;C:\WINDOWS\system32\Drivers\tyansmb.sys [2003-06-05 13:14]
R3 KMWDFilter;KMWDFilter;C:\WINDOWS\System32\Drivers\KMWDFilter.SYS [2007-02-13 07:42]
R3 SampleScanner;Ultima2000 Scanner;C:\WINDOWS\system32\DRIVERS\GT680x.sys [2001-06-07 16:56]
R3 SUSCOM;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS [2002-10-22 12:58]
S2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2006-07-03 07:39]
S3 akshasp;Aladdin HASP Key;C:\WINDOWS\system32\DRIVERS\akshasp.sys [2005-07-20 17:08]
S3 Amps2prt;PS/2 Port Mouse Filter Driver;C:\WINDOWS\system32\Drivers\Amps2prt.sys [2000-11-03 17:37]
S3 CAM1210;SM0121 USB 2.0 Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2006-07-24 17:49]
S3 camvid40;Philips SPC 900NC PC Camera;C:\WINDOWS\system32\DRIVERS\camdrv41.sys [2005-08-25 18:28]
S3 ICAM5USB;Caméra CS110 Intel(r) PC;C:\WINDOWS\system32\Drivers\Icam5USB.sys [2001-08-17 21:06]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2006-07-27 03:07]
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2003-02-12 12:16]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2005-01-22 17:06:07 C:\WINDOWS\Tasks\1 Copernic Intra-Daily ~BV Bernard.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
"2005-01-22 17:06:07 C:\WINDOWS\Tasks\2 Copernic Daily ~BV Bernard.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
"2005-01-22 17:06:07 C:\WINDOWS\Tasks\3 Copernic Weekly ~BV Bernard.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
"2005-01-22 17:06:07 C:\WINDOWS\Tasks\4 Copernic Monthly ~BV Bernard.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 16:51:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-28 16:52:55 - machine was rebooted
.
2007-12-12 08:34:57 --- E O F ---
_________________________________________________________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 16:54:42, on 28/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\PowerCheck\PowerCheck.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CapMan.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ElogErr.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\SCRFS.exe
C:\PROGRA~1\SONYER~1\Mobile\AUFILE~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\Ecfmserv.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://news.google.com/topstories?hl=fr&gl=FR&ceid=FR:fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O4 - Global Startup: PowerCheck.lnk = C:\Program Files\PowerCheck\PowerCheck.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - https://www.f-secure.com/en/home/support
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - https://www.f-secure.com/en/home/support
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - https://www.appdirect.com/products/apphelp/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4886/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
0
Réponse 14 / 25
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
28 déc. 2007 à 17:14
Re,

1/ * Sélectionne le texte suivant :

Driver::
szkg

File::
C:\Windows\system32\DRIVERS\szkg.sys

Folder::
"C:\Documents and Settings\Bernard\Application Data\m"

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-note (programme>Accessoire>bloc-note).
* Colle le texte copié dans ce bloc-note (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

2/ Télécharge Ccleaner Basic https://www.ccleaner.com/ccleaner/download

Ouvre Ccleaner, clique sur "lancer le nettoyage".

3/ Télécharge AVGantispyware : https://www.avg.com/en-ww/free-antivirus-download
Tu l'installes.
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente.

Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. Ensuite.
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

4/ * Fais un scan en ligne en cliquant ici : https://www.bitdefender.com/toolbox/
* Tu dois réaliser le scan en utilisant Internet explorer. Une information apparait en haut, près de la barre d'état. Tu dois accepter et installer l'activeX proposé. La mise à jour de l'antivirus se lance.
* Réalise un scan complet du système.
* Sauvegarde le rapport en mode texte à l'issue du scan.

5/ Edite ces rapports :
Combofix, AVGantispyware, bit defender.

FillPCA
0
Réponse 15 / 25
Moi même
28 déc. 2007 à 23:31
Bonsoir
Effectivement, le virus est bien localisé dans C:\Documents and Settings\Bernard\Application Data\m à l'emplacement ou BitDefender l'avait localisé initialement.
Il a bien été trouvé et supprimé a la suite de la procédure avec ComboFix.exe que tu as indiquée et n'apparait plus dans le dernier scan de BitDefender.
Je pense qu'il est éradiqué et que tout est rentré dans l'ordre.
Merci mille fois encore pour ta précieuse aide qui a été particulièrement efficace.

Ci dessous les logs des procédures.
____________________________________________________________________________________________________________

ComboFix 07-12-21.4 - Bernard 2007-12-28 17:46:18.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.218 [GMT 1:00]
Running from: C:\Documents and Settings\Bernard\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bernard\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\Windows\system32\DRIVERS\szkg.sys
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Bernard\Application Data\m
C:\Documents and Settings\Bernard\Application Data\m\shared\BiblePromise

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SZKG
-------\szkg


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-28 to 2007-12-28 ))))))))))))))))))))))))))))))))))))
.

2007-12-28 16:40 . 2004-08-05 13:00 153,088 --a------ C:\WINDOWS\regedit.exe
2007-12-28 14:01 . 2007-12-28 14:01 <REP> d-------- C:\WINDOWS\ERUNT
2007-12-27 15:03 . 2007-12-27 15:03 17,374,963 --a------ C:\upload_moi_BV.tar.gz
2007-12-27 14:39 . 2007-12-13 12:08 <REP> d-------- C:\Program Files\Trust
2007-12-25 19:54 . 2007-12-28 09:04 <REP> d-------- C:\Documents and Settings\Bernard\Application Data\AVG7
2007-12-25 19:53 . 2007-12-25 19:53 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-25 19:53 . 2007-12-25 19:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-22 20:41 . 2007-12-22 20:41 <REP> d-------- C:\Program Files\PC Inspector File Recovery
2007-12-22 20:41 . 2002-02-18 18:40 6,200 --a------ C:\WINDOWS\system32\INT13EXT.VXD
2007-12-22 15:47 . 2007-12-22 15:47 <REP> d-------- C:\Program Files\Trend Micro
2007-12-21 00:54 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2007-12-21 00:50 . 2007-12-21 00:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-19 14:21 . 2007-12-19 14:24 250 --a------ C:\WINDOWS\gmer.ini
2007-12-18 00:58 . 2007-12-18 00:58 <REP> d-------- C:\WINDOWS\AU_Temp
2007-12-18 00:57 . 2007-12-18 00:53 40,069,133 --a------ C:\WINDOWS\LPT$VPN.891
2007-12-18 00:53 . 2007-12-18 00:53 40,069,133 --a------ C:\WINDOWS\VPTNFILE.891
2007-12-14 13:27 . 2007-12-14 13:27 <REP> d-------- C:\Documents and Settings\Bernard\Application Data\vlc
2007-12-13 11:51 . 2007-02-13 07:42 14,848 --a------ C:\WINDOWS\system32\drivers\KMWDFilter.SYS
2007-12-13 11:50 . 2007-12-13 11:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3E318E90-4BE6-4440-A0EE-2EAF8419199C}
2007-12-13 11:39 . 2004-08-20 00:09 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2007-12-13 11:39 . 2004-08-20 00:09 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-28 16:42 --------- d-----w C:\Program Files\Spamihilator
2007-12-28 16:05 --------- d-----w C:\Documents and Settings\Bernard\Application Data\OpenOffice.org2
2007-12-28 08:04 --------- d-----w C:\Program Files\RamBoost XP
2007-12-26 23:04 --------- d-----w C:\Program Files\eMule
2007-12-25 18:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-25 00:03 --------- d-----w C:\Program Files\3D Home Architect
2007-12-24 23:48 --------- d-----w C:\Program Files\Fake Webcam
2007-12-23 20:56 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-12-22 19:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-19 17:29 --------- d-----w C:\Program Files\MSN Messenger
2007-12-19 17:29 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-12-17 23:58 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2007-12-17 23:58 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2007-12-17 23:53 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2007-12-17 23:53 267,845 ----a-w C:\WINDOWS\tsc.exe
2007-12-16 00:50 --------- d-----w C:\Program Files\WebcamMax
2007-12-16 00:48 --------- d-----w C:\Program Files\PowerCheck
2007-12-16 00:39 --------- d-----w C:\Program Files\Microsoft IntelliType Pro
2007-12-16 00:25 --------- d-----w C:\Program Files\Google
2007-12-14 12:25 --------- d-----w C:\Program Files\VideoLAN
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-28 19:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-11-18 05:49 286,720 ------w C:\WINDOWS\Setup1.exe
2007-11-14 16:28 --------- d-----w C:\Documents and Settings\Bernard\Application Data\ArcSoft
2007-11-14 16:26 --------- d-----w C:\Program Files\Fichiers communs\ArcSoft
2007-11-14 16:14 --------- d-----w C:\Program Files\Philips
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-07 19:35 --------- d-----w C:\Program Files\PC Camera
2007-10-31 05:45 --------- d-----w C:\Program Files\DipTrace
2007-10-28 12:20 --------- d-----w C:\Program Files\Java
2007-09-03 21:16 1,890 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2007-12-28_16.52.11.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-12-28 16:54:02 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_1a0.dat
+ 2007-12-28 16:53:38 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_530.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="\Program\BackWeb-8876480.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-25 19:53]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5ECD31F0-F91A-11d4-B3CA-00D0B70A09D2}"= WDShell [ ]

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-06 00:07]
R0 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys [2002-10-05 10:46]
R0 hptpro;hptpro;C:\WINDOWS\system32\DRIVERS\hptpro.sys [2002-04-27 07:34]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-05-12 13:01]
R1 GhPciScan;GhostPciScanner;C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys [2002-08-14 14:11]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe [2007-06-09 00:23]
R2 tyansmb;tyansmb;C:\WINDOWS\system32\Drivers\tyansmb.sys [2003-06-05 13:14]
R3 KMWDFilter;KMWDFilter;C:\WINDOWS\System32\Drivers\KMWDFilter.SYS [2007-02-13 07:42]
R3 SampleScanner;Ultima2000 Scanner;C:\WINDOWS\system32\DRIVERS\GT680x.sys [2001-06-07 16:56]
R3 SUSCOM;Susteen Serial port driver;C:\WINDOWS\system32\DRIVERS\SUSCOM.SYS [2002-10-22 12:58]
S2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2006-07-03 07:39]
S3 akshasp;Aladdin HASP Key;C:\WINDOWS\system32\DRIVERS\akshasp.sys [2005-07-20 17:08]
S3 Amps2prt;PS/2 Port Mouse Filter Driver;C:\WINDOWS\system32\Drivers\Amps2prt.sys [2000-11-03 17:37]
S3 CAM1210;SM0121 USB 2.0 Video Camera;C:\WINDOWS\system32\Drivers\cam1210.sys [2006-07-24 17:49]
S3 camvid40;Philips SPC 900NC PC Camera;C:\WINDOWS\system32\DRIVERS\camdrv41.sys [2005-08-25 18:28]
S3 ICAM5USB;Caméra CS110 Intel(r) PC;C:\WINDOWS\system32\Drivers\Icam5USB.sys [2001-08-17 21:06]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2006-07-27 03:07]
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2003-02-12 12:16]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2005-01-22 17:06:07 C:\WINDOWS\Tasks\1 Copernic Intra-Daily ~BV Bernard.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
"2005-01-22 17:06:07 C:\WINDOWS\Tasks\2 Copernic Daily ~BV Bernard.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
"2005-01-22 17:06:07 C:\WINDOWS\Tasks\3 Copernic Weekly ~BV Bernard.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
"2005-01-22 17:06:07 C:\WINDOWS\Tasks\4 Copernic Monthly ~BV Bernard.job"
- C:\Program Files\Copernic Agent\CopernicAgent.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 17:54:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-28 17:55:59 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-28 16:52
.
2007-12-12 08:34:57 --- E O F ---
__________________________________________________________________________________________________________
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 20:03:45 28/12/2007

+ Résultat de l'analyse:



C:\Documents and Settings\Bernard\Bureau\Outils\EliBaglA.exe -> Heuristic.Win32.AVKiller : Nettoyé.
:mozilla.47:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.7:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.8:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.54:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.38:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.15:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Bernard\Cookies\bernard@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
:mozilla.36:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.37:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.58:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.59:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.25:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.26:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.27:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.28:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.29:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.44:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.40:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.41:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.42:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.45:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.46:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.53:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.39:C:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.


Fin du rapport

_________________________________________________________________________________________________________
BitDefender Online Scanner - Rapport virus en temps réel

Généré à: Fri, Dec 28, 2007 - 22:20:56

--------------------------------------------------------------------------------

Info d'analyse

Fichiers scannés
661967

Infectés Fichiers
0

Virus Détectés

Aucun virus trouvé.
0
Réponse 16 / 25
Moi même
29 déc. 2007 à 09:57
Bonjour
Malheureusement, ca reboote encore ! Ce matin l'anomalie s'est à nouveau manifestée !
0
Réponse 17 / 25
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
29 déc. 2007 à 18:06
Bonjour,

Tu as des traces de 2 antivirus : AVG et Avast. Désinstalle proprement cleui qui tu n'utilises pas et édite un nouveau rapport Hijackthis et un rapport SREng.

FillPCA
0
Réponse 18 / 25
Moi même
29 déc. 2007 à 20:48
Les voici
_________________________________________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:31, on 29/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
C:\Program Files\RamBoost XP\rambxpfr.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\Program Files\PowerCheck\PowerCheck.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CapMan.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ElogErr.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\SCRFS.exe
C:\PROGRA~1\SONYER~1\Mobile\AUFILE~1.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\Ecfmserv.exe
C:\Program Files\Spamihilator\Spamihilator.exe
C:\Program Files\Alwil Software\Avast4\1ashDisp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://news.google.com/topstories?hl=fr&gl=FR&ceid=FR:fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - C:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Group\Apache2\bin\ApacheMonitor.exe
O4 - Global Startup: Phone Connection Monitor.lnk = ?
O4 - Global Startup: PowerCheck.lnk = C:\Program Files\PowerCheck\PowerCheck.exe
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Pages liées - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le cache Google - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NEOTRA~1\NTXtoolbar.htm (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - https://www.f-secure.com/en/home/support
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - https://www.f-secure.com/en/home/support
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - https://www.appdirect.com/products/apphelp/
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4886/mcfscan.cab
O23 - Service: Apache2 - Apache Software Foundation - C:\Program Files\Apache Group\Apache2\bin\Apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
0
Réponse 19 / 25
FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
29 déc. 2007 à 20:58
Re,

Ton antivirus apparait bien dans les services, mais pas au démarrage. ESt-il actif quand tu démarres le PC ? Je ne suis pas certain que le problème soit encore infectieux.

1/ Télécharge et utilise ATFcleaner et nettoie tout : http://pitcatsite.ovh.org/php/ATFCleaner.php
2/ Edite un nouveau rapport Diaghelp.

FillPCA
0
Réponse 20 / 25
Moi même
29 déc. 2007 à 21:25
Non l'antivirus ne se lance pas au démarrage ainsi que quelques autres applis auxiliaires
Voici le rapport

DiagHelp version v1.4 - http://www.malekal.com
excute le 29/12/2007 à 21:11:19,89


Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CMD.EXE-137A0D53.pf -->29/12/2007 21:11:19
C:\WINDOWS\prefetch\CHCP.COM-17C61B40.pf -->29/12/2007 21:11:16
C:\WINDOWS\prefetch\WINZIP32.EXE-22905BC0.pf -->29/12/2007 21:10:41
C:\WINDOWS\prefetch\VERCLSID.EXE-3B227142.pf -->29/12/2007 21:10:30
C:\WINDOWS\prefetch\IEXPLORE.EXE-06887102.pf -->29/12/2007 21:09:19
C:\WINDOWS\prefetch\layout.ini -->29/12/2007 20:12:53

C:\WINDOWS\System32\drivers\gmer.sys -->19/12/2007 14:21:48
C:\WINDOWS\System32\drivers\aswmon.sys -->04/12/2007 15:56:02
C:\WINDOWS\System32\drivers\aswmon2.sys -->04/12/2007 15:55:46
C:\WINDOWS\System32\drivers\aswRdr.sys -->04/12/2007 15:53:39
C:\WINDOWS\System32\drivers\aswTdi.sys -->04/12/2007 15:51:52
C:\WINDOWS\System32\drivers\aavmker4.sys -->04/12/2007 15:49:02
C:\WINDOWS\System32\drivers\secdrv.sys -->13/11/2007 11:25:54

C:\WINDOWS\System32\wpa.dbl -->29/12/2007 19:35:43
C:\WINDOWS\System32\LVCOMSX.LOG -->28/12/2007 13:52:49
C:\WINDOWS\System32\Uninstall.ico -->21/12/2007 00:51:29
C:\WINDOWS\System32\pavas.ico -->21/12/2007 00:51:29
C:\WINDOWS\System32\Help.ico -->21/12/2007 00:51:29
C:\WINDOWS\System32\swreg.exe -->13/12/2007 21:26:50
C:\WINDOWS\System32\CONFIG.NT -->12/12/2007 09:32:51
C:\WINDOWS\System32\TZLog.log -->12/12/2007 01:30:26
C:\WINDOWS\System32\aswBoot.exe -->04/12/2007 14:04:28
C:\WINDOWS\System32\AVASTSS.scr -->04/12/2007 13:54:04
C:\WINDOWS\System32\MRT.exe -->03/12/2007 00:00:05
C:\WINDOWS\System32\tzchange.exe -->13/11/2007 12:31:11
C:\WINDOWS\System32\mshtml.dll -->31/10/2007 00:23:48
C:\WINDOWS\System32\quartz.dll -->29/10/2007 23:43:32
C:\WINDOWS\System32\xpsp3res.dll -->29/10/2007 16:07:16
C:\WINDOWS\System32\jupdate-1.6.0_03-b05.log -->28/10/2007 13:20:46
C:\WINDOWS\System32\perfh00C.dat -->28/10/2007 09:19:00
C:\WINDOWS\System32\perfh009.dat -->28/10/2007 09:19:00
C:\WINDOWS\System32\perfc00C.dat -->28/10/2007 09:19:00
C:\WINDOWS\System32\perfc009.dat -->28/10/2007 09:19:00
C:\WINDOWS\System32\PerfStringBackup.INI -->28/10/2007 09:18:59
C:\WINDOWS\System32\shell32.dll -->25/10/2007 17:43:25
C:\WINDOWS\System32\wmasf.dll -->25/10/2007 09:28:30
C:\WINDOWS\System32\wininet.dll -->11/10/2007 00:49:45
C:\WINDOWS\System32\webcheck.dll -->11/10/2007 00:49:45

C:\WINDOWS\WindowsUpdate.log -->29/12/2007 21:04:48
C:\WINDOWS\0.log -->29/12/2007 19:35:15
C:\WINDOWS\wiadebug.log -->29/12/2007 19:34:53
C:\WINDOWS\wiaservc.log -->29/12/2007 19:34:45
C:\WINDOWS\TempFile -->29/12/2007 19:34:43
C:\WINDOWS\bootstat.dat -->29/12/2007 19:34:30
C:\WINDOWS\SchedLgU.Txt -->29/12/2007 19:32:31
C:\WINDOWS\system.ini -->29/12/2007 18:00:13
C:\WINDOWS\wmsetup.log -->29/12/2007 16:53:08
C:\WINDOWS\tsc.ini -->29/12/2007 11:45:57
C:\WINDOWS\tsc.ptn -->29/12/2007 09:56:29
C:\WINDOWS\tsc.exe -->29/12/2007 09:56:28
C:\WINDOWS\vsapi32.dll -->29/12/2007 09:56:27
C:\WINDOWS\hcextoutput.dll -->29/12/2007 09:56:27
C:\WINDOWS\VPTNFILE.919 -->29/12/2007 09:56:26

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed


ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 1800
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x44080000 0xcf000 7.00.6000.16574 C:\WINDOWS\system32\WININET.dll
0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
0x43e00000 0x45000 7.00.6000.16574 C:\WINDOWS\system32\iertutil.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x44360000 0x5cd000 7.00.6000.16574 C:\WINDOWS\system32\ieframe.dll
0x44160000 0x127000 7.00.6000.16574 C:\WINDOWS\system32\urlmon.dll
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x442b0000 0x3c000 7.00.6000.16574 C:\WINDOWS\system32\webcheck.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x10000000 0x2f000 11.00.0000.0001 C:\WINDOWS\system32\WDShell.dll
0x61c20000 0x54000 8.00.0000.9118 C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll
0x5fc70000 0x18000 8.00.0000.9107 C:\Program Files\OpenOffice.org 2.2\program\uwinapi.dll
0x7c340000 0x56000 7.10.3052.0004 C:\Program Files\OpenOffice.org 2.2\program\MSVCR71.dll
0x61740000 0x8e000 4.05.2003.0120 C:\Program Files\OpenOffice.org 2.2\program\stlport_vc7145.dll
0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\OpenOffice.org 2.2\program\MSVCP71.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x02e40000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x00a60000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x16200000 0x6000 4.01.0000.0000 C:\PROGRA~1\WINZIP~1.1FR\WZSHLSTB.DLL
0x01100000 0x28000 C:\Program Files\WinRAR\rarext.dll
0x02030000 0x5d000 1.03.0004.0001 C:\Program Files\Sony Ericsson\Mobile\auexpext.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x018c0000 0x2b000 1.03.0004.0001 C:\Program Files\Sony Ericsson\Mobile\FilGuiLg.dll
0x00d90000 0x8000 1.00.0000.0001 C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 672
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x01150000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL


Le volume dans le lecteur C s'appelle Principal
Le numéro de série du volume est D835-3672

Répertoire de C:\WINDOWS\system

10/09/1999 12:06 4 672 WOWPOST.EXE
1 fichier(s) 4 672 octets
0 Rép(s) 47 971 311 616 octets libres
Le volume dans le lecteur C s'appelle Principal
Le numéro de série du volume est D835-3672

Répertoire de C:\WINDOWS\system32

20/08/2004 00:09 6 144 csrss.exe
1 fichier(s) 6 144 octets
0 Rép(s) 47 971 311 616 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C s'appelle Principal
Le numéro de série du volume est D835-3672

Répertoire de C:\WINDOWS\Downloaded Program Files

25/12/2007 14:07 <REP> .
25/12/2007 14:07 <REP> ..
07/03/2007 00:59 300 680 arclib.dll
24/08/2006 07:28 141 424 asinst.dll
22/08/2006 08:06 537 asinst.inf
09/12/2007 00:46 312 680 avsniff.dll
09/12/2007 00:38 773 avsniff.inf
09/12/2007 00:46 255 336 avsniffdlgs.dll
07/12/2004 16:07 32 bdcore.dll
25/05/2006 00:21 118 784 bdupd.dll
21/03/2002 14:26 815 bitdefender.inf
30/01/2003 15:52 348 160 bitdefender.ocx
25/06/2003 18:00 541 ca.pub
09/12/2007 00:38 241 CabSA.inf
19/12/2007 01:00 2 504 catalog.dat
27/03/2002 13:02 168 014 cssweb.dll
24/04/2003 14:11 259 cssweb.inf
17/01/2006 16:11 580 663 daas_s.dll
14/08/2004 13:51 65 desktop.ini
25/07/2002 17:13 24 576 dwusplay.dll
25/07/2002 17:13 196 608 dwusplay.exe
19/12/2007 01:00 6 899 ecbootil.vxd
09/12/2007 00:36 42 112 ecmldr32.dll
19/12/2007 01:00 284 016 ecmsvr32.dll
20/11/2007 16:04 1 523 536 FP_AX_CAB_INSTALLER.exe
03/02/2006 10:20 188 416 fsauc.dll
16/06/2006 14:31 181 856 fscax.dll
13/04/2007 15:52 482 fscax.inf
12/07/2000 01:02 36 864 fxfileop.dll
25/05/2006 00:21 53 248 ipsupd.dll
10/06/2005 09:44 417 792 isusweb.dll
07/01/2007 12:55 2 305 kavwebscan.inf
16/03/2005 11:34 7 407 lang.ini
11/12/2006 16:44 367 LegitCheckControl.inf
07/12/2004 16:07 32 libfn.dll
14/03/2005 13:38 126 live.ini
24/02/2006 11:49 882 mcfscan.inf
18/11/1999 12:48 995 mpeg4ax.inf
18/11/1999 12:49 992 msaudio.inf
09/12/2007 00:36 6 850 navapi.vxd
09/12/2007 00:36 201 896 navapi32.dll
19/12/2007 01:00 124 272 naveng32.dll
19/12/2007 01:00 914 800 navex32a.dll
17/01/2005 16:09 227 opuc.inf
01/06/2006 01:57 1 331 oscan8.inf
01/06/2006 01:54 471 040 oscan8.ocx
31/05/2006 03:15 10 oscan81.ocx_x
09/12/2007 00:46 296 336 rufsi.dll
14/03/2005 13:58 7 073 scanoptions.tsi
19/12/2007 01:00 97 776 scrauth.dat
20/11/2007 15:50 247 swflash.inf
19/12/2007 01:00 11 816 symaveng.cat
19/12/2007 01:00 1 061 symaveng.inf
19/12/2007 01:00 402 118 tcdefs.dat
19/12/2007 01:00 2 429 629 tcscan7.dat
19/12/2007 01:00 428 396 tcscan8.dat
19/12/2007 01:00 1 000 625 tcscan9.dat
19/12/2007 01:00 453 tinf.dat
19/12/2007 01:00 148 tinfidx.dat
19/12/2007 01:00 1 957 tinfl.dat
19/12/2007 01:00 68 399 tscan1.dat
19/12/2007 01:00 3 294 tscan1hd.dat
31/10/2001 09:37 118 uninst.bat
19/12/2007 01:00 4 778 v.grd
19/12/2007 01:00 2 267 v.sig
21/12/2007 19:08 294 403 vet.da1
19/11/2007 01:18 13 076 520 vet.dat
13/07/2007 05:11 1 353 016 vete.dll
19/12/2007 01:00 106 244 virscan.inf
19/12/2007 01:00 997 354 virscan1.dat
19/12/2007 01:00 570 966 virscan2.dat
19/12/2007 01:00 150 932 virscan3.dat
19/12/2007 01:00 320 253 virscan4.dat
19/12/2007 01:00 5 198 791 virscan5.dat
19/12/2007 01:00 392 361 virscan6.dat
19/12/2007 01:00 18 131 798 virscan7.dat
19/12/2007 01:00 1 899 941 virscan8.dat
19/12/2007 01:00 5 410 050 virscan9.dat
19/12/2007 01:00 32 virscant.dat
20/11/2006 12:02 180 282 webscan.dll
21/07/2006 12:55 477 webscan.inf
02/11/2005 17:01 1 777 xscan.inf
02/11/2005 17:07 435 712 xscan53.ocx
19/12/2007 01:00 224 zdone.dat
82 fichier(s) 60 199 069 octets

Total des fichiers listés :
82 fichier(s) 60 199 069 octets
2 Rép(s) 47 971 307 520 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..


Liste des fichiers en exception sur le pare-feu XP SP2

"C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"="C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime"


Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"



exports des policies
REGEDIT4

[system]



Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-29 21:12:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2C4D257C-72E2-E577-A752-291333787D00}]
"hagepphnhnalohlb"=hex:61,61,00,00
"hagepphnnnglgocp"=hex:61,61,00,00
"iakfpidebimpimgooj"=hex:6b,61,68,69,67,68,6d,70,69,62,66,67,61,65,6c,66,67,70,61,6f,6f,..
"haegjngplkgkgjhj"=hex:6b,61,68,69,67,68,6d,70,69,62,66,67,61,65,6c,66,67,70,61,6f,6f,..

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0


KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
164 - avgas.exe
176 - ctfmon.exe
268 - rambxpfr.exe
364 - snmp.exe
620 - MROUTE~2.EXE
648 - csrss.exe
672 - winlogon.exe
716 - services.exe
728 - lsass.exe
876 - svchost.exe
956 - svchost.exe
1024 - ApacheMonitor.e
1048 - svchost.exe
1092 - svchost.exe
1116 - PowerCheck.exe
1288 - soffice.bin
1320 - ashServ.exe
1504 - spoolsv.exe
1800 - explorer.exe
1836 - CONNMN~1.EXE
1848 - msimn.exe
1976 - guard.exe
2152 - ashMaiSv.exe
2172 - ashWebSv.exe
2268 - 1ashDisp.exe
2672 - alg.exe
3280 - BROADC~1.EXE
3688 - cmd.exe
-1304204150 - x --[Hidden]--

Total number of processes = 30
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntoskrnl.exe
806EC000 - \WINDOWS\system32\hal.dll
F8A35000 - \WINDOWS\system32\KDCOM.DLL
F8945000 - \WINDOWS\system32\BOOTVID.dll
F84F5000 - imagesrv.sys
F84C6000 - ACPI.sys
F8A37000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS
F84B5000 - pci.sys
F8535000 - isapnp.sys
F8A39000 - viaide.sys
F87B5000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
F8545000 - MountMgr.sys
F8496000 - ftdisk.sys
F87BD000 - PartMgr.sys
F8555000 - VolSnap.sys
F847E000 - atapi.sys
F8466000 - SI3112r.sys
F844E000 - \WINDOWS\System32\DRIVERS\SCSIPORT.SYS
F8565000 - hpt3xx.sys
F8A3B000 - imagedrv.sys
F8575000 - disk.sys
F8585000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
F842E000 - fltmgr.sys
F8595000 - PxHelp20.sys
F8949000 - bsstor.sys
F894D000 - SiWinAcc.sys
F8951000 - hptpro.sys
F8417000 - KSecDD.sys
F838A000 - Ntfs.sys
F835D000 - NDIS.sys
F87C5000 - viaagp1.sys
F8A3D000 - sfhlp01.sys
F8A3F000 - prosync1.sys
F834B000 - prohlp02.sys
F8330000 - Mup.sys
F8695000 - \SystemRoot\System32\DRIVERS\amdk7.sys
F7A7E000 - \SystemRoot\System32\DRIVERS\ati2mtag.sys
F7A6A000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
F88E5000 - \SystemRoot\System32\DRIVERS\usbuhci.sys
F7A47000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
F8A6F000 - \SystemRoot\System32\Drivers\vulfnth.sys
F88ED000 - \SystemRoot\System32\DRIVERS\usbehci.sys
F86A5000 - \SystemRoot\System32\DRIVERS\imapi.sys
F7E1D000 - \SystemRoot\system32\drivers\pfc.sys
F86B5000 - \SystemRoot\System32\DRIVERS\cdrom.sys
F86C5000 - \SystemRoot\System32\DRIVERS\redbook.sys
F7A24000 - \SystemRoot\System32\DRIVERS\ks.sys
F7976000 - \SystemRoot\system32\drivers\ALCXWDM.SYS
F7952000 - \SystemRoot\system32\drivers\portcls.sys
F86D5000 - \SystemRoot\system32\drivers\drmk.sys
F88F5000 - \SystemRoot\System32\DRIVERS\fetnd5.sys
F88FD000 - \SystemRoot\System32\DRIVERS\fdc.sys
F7941000 - \SystemRoot\System32\DRIVERS\serial.sys
F7E11000 - \SystemRoot\System32\DRIVERS\serenum.sys
F792D000 - \SystemRoot\System32\DRIVERS\parport.sys
F86E5000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
F8905000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
F7E0D000 - \SystemRoot\System32\DRIVERS\gameenum.sys
F8BFD000 - \SystemRoot\System32\DRIVERS\audstub.sys
F86F5000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
F7E09000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
F7916000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
F8705000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
F8715000 - \SystemRoot\System32\DRIVERS\raspptp.sys
F890D000 - \SystemRoot\System32\DRIVERS\TDI.SYS
F7905000 - \SystemRoot\System32\DRIVERS\psched.sys
F8725000 - \SystemRoot\System32\DRIVERS\msgpc.sys
F8915000 - \SystemRoot\System32\DRIVERS\ptilink.sys
F891D000 - \SystemRoot\System32\DRIVERS\raspti.sys
F8735000 - \SystemRoot\System32\DRIVERS\termdd.sys
F8925000 - \SystemRoot\System32\DRIVERS\mouclass.sys
F8A71000 - \SystemRoot\System32\DRIVERS\swenum.sys
F78D1000 - \SystemRoot\System32\DRIVERS\update.sys
F89F1000 - \SystemRoot\System32\DRIVERS\mssmbios.sys
F8775000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F8A15000 - \SystemRoot\System32\Drivers\vulfntr.sys
F8795000 - \SystemRoot\System32\DRIVERS\usbhub.sys
F8A77000 - \SystemRoot\System32\DRIVERS\USBD.SYS
F892D000 - \SystemRoot\System32\DRIVERS\flpydisk.sys
F8A79000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F8C23000 - \SystemRoot\System32\Drivers\Null.SYS
F8A7B000 - \SystemRoot\System32\Drivers\Beep.SYS
F8C0D000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys
F87FD000 - \SystemRoot\System32\DRIVERS\usbccgp.sys
F8805000 - \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
F880D000 - \SystemRoot\System32\drivers\vga.sys
F8A7D000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F8A7F000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F8815000 - \SystemRoot\System32\Drivers\Msfs.SYS
F881D000 - \SystemRoot\System32\Drivers\Npfs.SYS
F8308000 - \SystemRoot\System32\DRIVERS\rasacd.sys
EF856000 - \SystemRoot\System32\DRIVERS\ipsec.sys
EF7FE000 - \SystemRoot\System32\DRIVERS\tcpip.sys
F7B92000 - \SystemRoot\System32\Drivers\aswTdi.SYS
EF7D6000 - \SystemRoot\System32\DRIVERS\netbt.sys
F8304000 - \SystemRoot\System32\drivers\ws2ifsl.sys
EF7B4000 - \SystemRoot\System32\drivers\afd.sys
F7B82000 - \SystemRoot\System32\DRIVERS\netbios.sys
EF789000 - \SystemRoot\System32\DRIVERS\rdbss.sys
F7B72000 - \SystemRoot\System32\drivers\prodrv06.sys
EF6F2000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
F7B62000 - \SystemRoot\System32\Drivers\Fips.SYS
EF6D1000 - \SystemRoot\System32\DRIVERS\ipnat.sys
F7B52000 - \SystemRoot\System32\DRIVERS\wanarp.sys
F82E8000 - \SystemRoot\System32\DRIVERS\GT680x.sys
F82E4000 - \??\C:\WINDOWS\System32\Drivers\KMWDFilter.SYS
F82E0000 - \SystemRoot\system32\DRIVERS\hidusb.sys
F7B42000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
F8825000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
F7B32000 - \SystemRoot\system32\DRIVERS\SUSCOM.SYS
F8BA3000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
F882D000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
EF5BE000 - \SystemRoot\System32\DRIVERS\LVCM.sys
F85D5000 - \SystemRoot\System32\DRIVERS\STREAM.SYS
EF59B000 - \SystemRoot\System32\Drivers\Fastfat.SYS
F85F5000 - \SystemRoot\system32\drivers\usbaudio.sys
F7E21000 - \SystemRoot\System32\DRIVERS\mouhid.sys
EF583000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F8A95000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
EF88D000 - \SystemRoot\System32\drivers\Dxapi.sys
F884D000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F8C10000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9D5000 - \SystemRoot\System32\ati2dvag.dll
BFA10000 - \SystemRoot\System32\ati3d1ag.dll
EF2ED000 - \SystemRoot\System32\Drivers\aswMon2.SYS
EF170000 - \SystemRoot\system32\drivers\wdmaud.sys
EF51B000 - \SystemRoot\system32\drivers\sysaudio.sys
EEE95000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
F8635000 - \??\C:\WINDOWS\System32\drivers\Haspnt.sys
F8AC7000 - \SystemRoot\System32\Drivers\ParVdm.SYS
EF185000 - \SystemRoot\System32\Drivers\Aspi32.SYS
F8B60000 - \??\C:\Program Files\ICprog\icprog.sys
EEDC5000 - \??\C:\WINDOWS\System32\drivers\hardlock.sys
EECAB000 - \SystemRoot\System32\DRIVERS\srv.sys
EEC49000 - \??\C:\WINDOWS\system32\drivers\tmcomm.sys
EF299000 - \??\C:\WINDOWS\system32\Drivers\tyansmb.sys
EEF02000 - \SystemRoot\System32\Drivers\Cdfs.SYS
EE898000 - \SystemRoot\System32\Drivers\HTTP.sys
EE7B4000 - \SystemRoot\System32\Drivers\aswRdr.SYS
EE243000 - \SystemRoot\system32\DRIVERS\sr.sys
EE218000 - \SystemRoot\system32\drivers\kmixer.sys
F8C43000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 144

Liste des programmes installes

ACDSee 9 Gestionnaire de photos
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Ahead InCD
Apache HTTP Server 2.0.55
Archiveur WinRAR
ARTEC
ATI Control Panel
ATI Display Driver
avast! Antivirus
AVG Anti-Spyware 7.5
Barre d'outils MSN
Camfrog Video Chat 3.91 (remove only)
CamStudio 2.0 Fr
Canon i560
CCleaner (remove only)
Command On Demand for Command Software
Compel Adaptec WinASPI
ConTEXT
Copernic Agent Professional
Corel Paint Shop Pro X
CorelDRAW Graphics Suite 12
Correctif pour Lecteur Windows Media 11 (KB939683)
CuteFTP Pro
EasyCleaner
EchoLink
eMule
Etats Et Requêtes
EVEREST Home Edition v2.01
Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP
FileSpecs plug-in for Ad-Aware SE
FileZilla (remove only)
Freeplayer
Frontline Attack - War over Europe
Google Earth
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
HelpNDoc Version 1.10 Personal Edition
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
HydraVision
J2SE Runtime Environment 5.0
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
K-Lite Codec Pack 3.4.0 Full
Kaspersky Online Scanner
Language Pack for Ad-aware 6
Language pack for Ad-Aware SE
Lecteur Windows Media 11
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Logitech Desktop Messenger
Logitech MouseWare 9.79.1
Logitech Print Service
Logitech QuickCam
LST PCSOFT
Macromedia Dreamweaver MX
Macromedia Extension Manager
Macromedia Fireworks 8
Meracl FontMap v2.1.1
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft IntelliType Pro 5.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2001
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Professional
Microsoft Publisher 98
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
Mise à jour de sécurité pour Windows XP (KB918118)
Mise à jour de sécurité pour Windows XP (KB921503)
Mise à jour de sécurité pour Windows XP (KB924667)
Mise à jour de sécurité pour Windows XP (KB925902)
Mise à jour de sécurité pour Windows XP (KB926436)
Mise à jour de sécurité pour Windows XP (KB927779)
Mise à jour de sécurité pour Windows XP (KB927802)
Mise à jour de sécurité pour Windows XP (KB928255)
Mise à jour de sécurité pour Windows XP (KB928843)
Mise à jour de sécurité pour Windows XP (KB929123)
Mise à jour de sécurité pour Windows XP (KB930178)
Mise à jour de sécurité pour Windows XP (KB931261)
Mise à jour de sécurité pour Windows XP (KB931784)
Mise à jour de sécurité pour Windows XP (KB932168)
Mise à jour de sécurité pour Windows XP (KB933729)
Mise à jour de sécurité pour Windows XP (KB935839)
Mise à jour de sécurité pour Windows XP (KB935840)
Mise à jour de sécurité pour Windows XP (KB936021)
Mise à jour de sécurité pour Windows XP (KB938829)
Mise à jour de sécurité pour Windows XP (KB941202)
Mise à jour de sécurité pour Windows XP (KB941568)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB943460)
Mise à jour de sécurité pour Windows XP (KB944653)
Mise à jour pour Windows XP (KB927891)
Mise à jour pour Windows XP (KB929338)
Mise à jour pour Windows XP (KB930916)
Mise à jour pour Windows XP (KB931836)
Mise à jour pour Windows XP (KB933360)
Mise à jour pour Windows XP (KB938828)
Mise à jour pour Windows XP (KB942763)
MixW 2.18 (Jan-09-2007)
Mozilla Firefox (2.0.0.11)
MSN Pictures Displayer 4.5
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
NeoTrace Express 3.25
Nero 6 Ultra Edition
Norton Ghost
Novarm DipTrace
OpenOffice.org 2.2
Panda ActiveScan
PC Camera
PC Camera
Philips SPC 900NC PC Camera
Philips VLounge
PowerCheck 4.2.3
Programme de gestion Camera de Logitech®
RamBoost XP 4.0.6
RFSim99
Saisie de Schéma SDS
Soldiers - Heroes of World War II
Sonic Foundry Sound Forge 6.0
Sony Ericsson PC Suite 3.1.1
Spamihilator
Tracé de CI
Trust R-Series Mouse
Trust R-Series Mouse
TyanSystemMonitor V2.13
USB Card Reader \Writer
USB Storage Device
USB Video Camera Driver v1.10
VideoLAN VLC media player 0.8.5-freehd
Visionneuse Journal Windows Microsoft
VX2 Cleaner plug-in for Ad-Aware SE
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 2
Yahoo! Messenger



Le volume dans le lecteur C s'appelle Principal
Le numéro de série du volume est D835-3672

Répertoire de C:\Program Files

29/12/2007 21:03 <REP> .
29/12/2007 21:03 <REP> ..
25/12/2007 01:03 <REP> 3D Home Architect
14/08/2005 23:14 <REP> AboutTime
01/08/2007 22:03 <REP> ACD Systems
14/12/2005 19:13 <REP> AdaURL
24/03/2005 11:59 <REP> Adobe
21/11/2004 20:11 <REP> Age of Empires 2
22/08/2005 12:10 <REP> Ahead
23/06/2005 13:50 <REP> Alwil Software
03/05/2007 12:24 <REP> AnalogX
02/07/2007 16:55 <REP> Apache Group
14/08/2004 14:16 <REP> ATI Technologies
13/04/2007 23:40 <REP> Camfrog
23/09/2006 16:46 <REP> CamStudio
14/02/2007 17:08 <REP> CCleaner
04/09/2007 18:14 <REP> CodecSniper
13/08/2005 15:55 <REP> Codemasters
22/08/2005 17:20 <REP> Common Files
03/06/2007 22:41 <REP> ConCon
05/02/2007 22:22 <REP> ConTEXT
22/01/2005 18:05 <REP> Copernic Agent
18/07/2007 09:36 <REP> Corel
02/01/2007 00:15 <REP> Cucusoft
16/02/2007 00:50 <REP> Cuisinons
30/09/2006 15:27 <REP> Dial-Messenger
15/04/2007 00:04 <REP> Dictionnaire
31/10/2007 06:45 <REP> DipTrace
23/09/2004 20:02 <REP> directx
04/08/2007 01:10 <REP> DivX
04/10/2005 11:35 <REP> Drive Rescue
30/10/2004 11:47 <REP> EasyPHP1-7
07/09/2006 21:45 <REP> EchoLink
04/02/2006 15:46 <REP> Eidos Interactive
31/01/2005 00:38 <REP> Empire Earth
27/12/2007 00:04 <REP> eMule
25/12/2007 00:48 <REP> Fake Webcam
28/11/2007 20:23 <REP> Fichiers communs
05/10/2006 22:45 <REP> FileZilla
07/01/2007 21:47 <REP> Freeplayer
09/10/2004 23:37 <REP> GlobalSCAPE
16/12/2007 01:25 <REP> Google
29/12/2007 19:31 <REP> Grisoft
04/09/2007 18:23 <REP> GSpot
18/09/2007 18:56 <REP> HelpNDoc
23/04/2005 19:21 <REP> HighMAT CD Writing Wizard
28/12/2007 16:54 <REP> hijackthis
18/12/2005 16:48 <REP> ICprog
16/12/2007 01:26 <REP> Internet Explorer
01/09/2006 19:34 <REP> Intuwave Ltd
28/10/2007 13:20 <REP> Java
15/07/2007 14:10 <REP> Kazaa Lite K++
04/09/2007 18:15 <REP> K-Lite Codec Pack
27/06/2005 23:06 <REP> Lavalys
21/08/2004 10:18 <REP> Lavasoft
03/09/2005 23:46 <REP> Logitech
09/07/2007 20:26 <REP> Macromedia
30/07/2006 14:08 <REP> ManyCam
14/08/2004 15:14 <REP> Meracl FontMap
07/06/2007 17:03 <REP> Messenger
19/12/2007 18:29 <REP> Messenger Plus! Live
21/08/2004 18:03 <REP> Micro Application
14/08/2004 16:26 <REP> microsoft frontpage
16/12/2007 01:39 <REP> Microsoft IntelliType Pro
05/08/2005 18:17 <REP> Microsoft Money
14/08/2004 17:53 <REP> Microsoft Office
26/03/2007 21:58 <REP> MixW
09/02/2005 15:54 <REP> Movie Maker
27/11/2005 13:58 <REP> Movies
16/12/2007 18:10 <REP> Mozilla Firefox
14/08/2004 13:49 <REP> MSN
15/05/2005 12:58 <REP> MSN Apps
14/08/2004 13:49 <REP> MSN Gaming Zone
19/12/2007 18:29 <REP> MSN Messenger
03/06/2007 22:37 <REP> MSN Pictures Displayer
16/11/2006 18:13 <REP> MSXML 4.0
24/03/2007 17:19 <REP> MyUninstall
02/01/2007 00:06 <REP> NeoDivx Suite
08/09/2007 16:29 <REP> NeoTrace Express
26/05/2007 21:04 <REP> NetMeeting
23/04/2005 19:28 <REP> OfficeUpdate11
19/05/2007 14:26 <REP> OpenOffice.org 2.2
24/12/2005 19:35 <REP> Opera
13/06/2007 16:26 <REP> Outlook Express
07/11/2007 20:35 <REP> PC Camera
15/07/2007 16:03 <REP> PC SOFT
14/11/2007 17:14 <REP> Philips
16/12/2007 01:48 <REP> PowerCheck
29/12/2007 19:34 <REP> RamBoost XP
14/09/2006 20:55 <REP> RegSeeker
25/04/2005 14:36 <REP> RFSim99
27/01/2005 18:59 <REP> Saisie de Schéma
14/08/2004 13:51 <REP> Services en ligne
22/08/2004 12:39 <REP> Sonic Foundry
22/08/2004 12:39 <REP> Sonic Foundry Setup
01/09/2006 19:35 <REP> Sony Ericsson
22/08/2004 12:39 <REP> Sound Forge 6.0
29/12/2007 21:05 <REP> Spamihilator
16/08/2007 19:39 <REP> Spybot - Search & Destroy
10/08/2007 03:03 <REP> STOPzilla!
24/02/2007 21:14 <REP> StuffPlug3
05/08/2005 17:58 <REP> Symantec
05/02/2005 23:26 <REP> ToniArts
27/01/2005 19:06 <REP> Tracé de CI
22/12/2007 15:47 <REP> Trend Micro
13/12/2007 12:08 <REP> Trust
20/08/2005 16:35 <REP> Tyan Computer Corp
14/08/2004 14:05 <REP> VIA Technologies, Inc
14/12/2007 13:25 <REP> VideoLAN
16/05/2005 17:57 <REP> vso
16/12/2007 01:50 <REP> WebcamMax
02/01/2007 00:01 <REP> WinASPI
23/09/2006 17:18 <REP> Windows AntiSpy
23/04/2005 19:21 <REP> Windows Journal Viewer
10/06/2007 10:14 <REP> Windows Live
23/12/2007 21:56 <REP> Windows Live Safety Center
03/11/2006 08:49 <REP> Windows Media Connect 2
03/11/2006 08:49 <REP> Windows Media Player
09/02/2005 15:49 <REP> Windows NT
23/04/2005 18:29 <REP> WinRAR
27/04/2005 08:26 <REP> WINRLC
10/03/2005 00:07 <REP> WinZip 8.1 Fr
14/08/2004 13:52 <REP> xerox
14/04/2007 10:53 <REP> Yahoo!
0 fichier(s) 0 octets
124 Rép(s) 47 960 502 272 octets libres
Le volume dans le lecteur C s'appelle Principal
Le numéro de série du volume est D835-3672

Répertoire de C:\Program Files\fichiers communs

28/11/2007 20:23 <REP> .
28/11/2007 20:23 <REP> ..
01/08/2007 22:07 <REP> ACD Systems
24/03/2005 11:59 <REP> Adobe
22/08/2005 12:09 <REP> Ahead
14/11/2007 17:26 <REP> ArcSoft
14/08/2004 15:33 <REP> Copernic
18/07/2007 09:37 <REP> Corel
18/07/2007 09:20 <REP> Designer
23/09/2004 20:02 <REP> FotoWire
15/07/2007 13:52 <REP> InstallShield
10/08/2007 02:38 <REP> iS3
28/12/2004 09:59 <REP> Java
03/09/2005 23:46 <REP> Logitech
09/07/2007 20:26 <REP> Macromedia
18/07/2007 09:37 <REP> Microsoft Shared
14/08/2004 13:50 <REP> MSSoap
14/08/2004 14:43 <REP> ODBC
01/10/2006 16:02 <REP> Panda Software
17/07/2007 00:01 <REP> PC SOFT
14/08/2004 13:50 <REP> Services
14/08/2004 14:43 <REP> SpeechEngines
05/08/2005 17:57 <REP> Symantec Shared
24/11/2007 10:14 <REP> System
20/08/2004 11:31 <REP> Vbox
0 fichier(s) 0 octets
25 Rép(s) 47 960 506 368 octets libres
Le volume dans le lecteur C s'appelle Principal
Le numéro de série du volume est D835-3672

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

19/05/2007 16:28 <REP> .
19/05/2007 16:28 <REP> ..
28/02/2002 23:03 561 209 MSONSEXT.DLL
03/06/1999 13:09 122 937 MSOWS409.DLL
07/03/2001 08:00 127 033 MSOWS40c.DLL
18/03/1999 05:37 593 977 RAGENT.DLL
4 fichier(s) 1 405 156 octets
2 Rép(s) 47 960 506 368 octets libres
Le volume dans le lecteur C s'appelle Principal
Le numéro de série du volume est D835-3672

Répertoire de C:\Program Files\common files

22/08/2005 17:20 <REP> .
22/08/2005 17:20 <REP> ..
22/08/2005 17:20 <REP> PCCamera
14/08/2004 15:49 <REP> System
0 fichier(s) 0 octets
4 Rép(s) 47 960 506 368 octets libres




Le volume dans le lecteur C s'appelle Principal
Le numéro de série du volume est D835-3672

Répertoire de C:\

c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\aspiinst.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe
c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe
c:\Documents and Settings\Bernard\.housecall\getMac.exe
c:\Documents and Settings\Bernard\.housecall\patch.exe
c:\Documents and Settings\Bernard\.housecall\tsc.exe
c:\Documents and Settings\Bernard\.housecall6.6\getMac.exe
c:\Documents and Settings\Bernard\.housecall6.6\patch.exe
c:\Documents and Settings\Bernard\.housecall6.6\tsc.exe
c:\Documents and Settings\Bernard\Application Data\Microsoft\Installer\{D085A1B6-90A4-11D3-82B7-00C04FA309DE}\MnyIco.exe
c:\Documents and Settings\Bernard\Bureau\ATF-Cleaner.exe
c:\Documents and Settings\Bernard\Bureau\ComboFix.exe
c:\Documents and Settings\Bernard\Bureau\WEBCAM DELIA LCVA_PCDrv_US_1_01_03_1104.EXE
c:\Documents and Settings\Bernard\Bureau\A installer\2_Microsoft Flight Simulator 2002 crack.exe
c:\Documents and Settings\Bernard\Bureau\A installer\Ahead Nero Burning Rom 6.0.0.9 Fr + serial.exe
c:\Documents and Settings\Bernard\Bureau\A installer\Battlefield 1942 - Multi Keygen.exe
c:\Documents and Settings\Bernard\Bureau\A installer\Codec - All CODECS for Windows Media Player (Will play ALL movies).exe
c:\Documents and Settings\Bernard\Bureau\A installer\Deus_Ex_2_-_Invisible_War_Patch_v1.1.exe
c:\Documents and Settings\Bernard\Bureau\A installer\Grand Prix 4 Patch (Official) 9.6.exe
c:\Documents and Settings\Bernard\Bureau\A installer\Nero 6.0.0.9 - Fr Packet.exe
c:\Documents and Settings\Bernard\Bureau\A installer\Nero 6.3.0.3 Ultra Full =Latest Version= + Key Gen.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\gzip.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\md5sums.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\sigcheck.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\Bernard\Bureau\DiagHelp\DiagHelp\tar.exe
c:\Documents and Settings\Bernard\Bureau\LECTEUR MP3\audiodream_3410_2420.exe
c:\Documents and Settings\Bernard\Bureau\LECTEUR MP3\mp3_recovery_drv.exe
c:\Documents and Settings\Bernard\Bureau\OM a tester\Commander471Archive.exe
c:\Documents and Settings\Bernard\Bureau\OM a tester\TRX MANAGER trmde376.exe
c:\Documents and Settings\Bernard\Bureau\Outils\Antibagle-fr.exe
c:\Documents and Settings\Bernard\Bureau\Outils\avgas-setup-7.5.1.43.exe
c:\Documents and Settings\Bernard\Bureau\Outils\FxBeagle.exe
c:\Documents and Settings\Bernard\Bureau\Outils\gmer.exe
c:\Documents and Settings\Bernard\Bureau\Outils\SREngPS.EXE
c:\Documents and Settings\Bernard\Bureau\Outils\clean\clean\gzip.exe
c:\Documents and Settings\Bernard\Bureau\Outils\clean\clean\LFiles.exe
c:\Documents and Settings\Bernard\Bureau\Outils\clean\clean\pskill.exe
c:\Documents and Settings\Bernard\Bureau\Outils\clean\clean\tar.exe
c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\catchme.exe
c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\diff.exe
c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\dumphive.exe
c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\find2.exe
c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\Fport.exe
c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\grep.exe
c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\gzip.exe
c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\KProcCheck.exe
c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\LFiles.exe
c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\md5sums.exe
c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\pslist.exe
c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\sigcheck.exe
c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\streams.exe
c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\swreg.exe
c:\Documents and Settings\Bernard\Bureau\Outils\DiagHelp\tar.exe
c:\Documents and Settings\Bernard\Bureau\Outils\zip\SREngPS.EXE
c:\Documents and Settings\Bernard\Bureau\Référenceur\submitic.exe
c:\Documents and Settings\Bernard\Bureau\SAT\04-2005\Firmware_Flash308+.exe
c:\Documents and Settings\Bernard\Bureau\SAT\flash XSAT\exe\Firmware_Flash308+.exe
c:\Documents and Settings\Bernard\Bureau\SONY P900\UpdateService_Inst_2.6.4.9.exe
c:\WinDev 11\Composants\Composants exemples\WD DerniersDocuments\WD DerniersDocuments - Exemple\Exe\WD DerniersDocuments - Exemple.exe
c:\Documents and Settings\All Users\Application Data\Adobe\AWSCommonUI.dll
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\Bernard\Application Data\Adobe\AWSCommonUI.dll
c:\Documents and Settings\Bernard\Application Data\Macromedia\Dreamweaver MX\Configuration\Flash Player\FlashPlayerW.dll
c:\Documents and Settings\Bernard\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
c:\Documents and Settings\Bernard\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
c:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
c:\Documents and Settings\Bernard\Application Data\Mozilla\Firefox\Profiles\ptl3pb7z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_BV.tar.gz a l'adresse http://upload.malekal.com
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Detection PUA: win32 Installcore
Nat -
bazfile -

13 réponses
infecté par HackTool:Win32/AutoKMS
fredo1968 -
fredo1968 -

5 réponses
Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
Que fait le virus LPI Win32 Pup-Gen
Tristan Chrome -
Tristan Chrome -

2 réponses