Sujet Précédent Sujet Suivant

Alerte de sécurité redondant

Résolu
ghoulghoul Messages postés 36 Statut Membre -  
philae83 Messages postés 12854 Statut Contributeur sécurité -
Bonjour,
ça fait un mois que j'ai un alerte redondant de sécurité (triangle jaune windows)
j'ai vu des discussions sur le forum et il parait qu'il s'agit d'un problème nécessitant des connaissance approfondies en informatique pour le résoudre
de l'aide!!! et merci d'avance

31 réponses

Précédent
  • 1
  • 2
Réponse 21 / 31
ghoulghoul Messages postés 36 Statut Membre
 
re,
voici les logfiles et merci
ComboFix 07-12-21.4 - fsc 2007-12-27 22:51:38.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.569 [GMT 1:00]
Running from: C:\Documents and Settings\fsc\Bureau\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((( Fichiers créés 2007-11-27 to 2007-12-27 ))))))))))))))))))))))))))))))))))))
.

2007-12-26 23:36 . 2007-12-27 00:37 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-12-25 00:01 . 2007-12-26 20:21 <REP> d-------- C:\Documents and Settings\fsc\Application Data\skypePM
2007-12-25 00:01 . 2007-12-25 00:01 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-24 23:59 . 2007-12-26 22:26 <REP> d-------- C:\Documents and Settings\fsc\Application Data\Skype
2007-12-24 23:58 . 2007-12-24 23:58 <REP> d-------- C:\Program Files\Skype
2007-12-24 23:58 . 2007-12-24 23:58 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-12-24 22:10 . 2007-12-24 22:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-12-24 22:06 . 2007-12-24 22:10 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield Shared
2007-12-24 22:06 . 2007-12-24 22:06 <REP> d-------- C:\Program Files\Fichiers communs\Articulate
2007-12-24 22:06 . 2007-12-24 22:06 <REP> d-------- C:\Program Files\Articulate
2007-12-24 00:52 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-24 00:52 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-24 00:52 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-24 00:52 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-24 00:52 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-24 00:52 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-24 00:52 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-24 00:52 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-23 21:59 . 2007-12-23 21:59 <REP> d-------- C:\Program Files\Lavasoft
2007-12-23 21:59 . 2007-12-23 21:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-23 20:58 . 2007-12-27 22:12 <REP> d-------- C:\HiJackThis
2007-12-19 11:57 . 2007-12-09 00:05 9,967,616 --a------ C:\Salah_el_Farzit__Niran_Jachi.mp3
2007-12-19 00:44 . 2007-12-19 00:44 <REP> d-------- C:\Program Files\AxBx
2007-12-17 01:52 . 2007-11-19 14:02 983,040 --a------ C:\WINDOWS\PowerISO.exe
2007-12-16 19:35 . 19,456 C:\WINDOWS\system32\drivers\urcpojcr.dat
2007-12-16 19:28 . 2004-08-05 13:00 84,992 --a------ C:\WINDOWS\system32\actived.dll
2007-12-10 11:50 . 2007-12-10 11:50 8,521 --a------ C:\WINDOWS\lmpcl2a.ini
2007-12-10 11:50 . 2007-12-04 22:25 67 --a------ C:\WINDOWS\system32\Monitor.bak
2007-12-10 11:49 . 2007-12-10 11:49 <REP> d-------- C:\Program Files\Lexmark
2007-12-09 22:48 . 2007-11-19 14:02 1,721,344 --a------ C:\WINDOWS\MagicISO.exe
2007-12-04 22:25 . 2007-12-10 11:50 67 --a------ C:\WINDOWS\system32\Monitor.inf
2007-12-04 22:22 . 2007-12-04 22:22 <REP> d-------- C:\lexmark
2007-11-30 23:21 . 2007-03-04 13:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2007-11-30 23:21 . 2007-11-30 23:20 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-11-30 23:21 . 2007-03-04 13:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2007-11-30 23:20 . 2007-11-30 23:25 <REP> d-------- C:\Program Files\Replay Converter
2007-11-30 23:08 . 2007-11-30 23:08 <REP> d-------- C:\WINDOWS\Freecorder Toolbar
2007-11-30 23:06 . 2007-11-30 23:20 <REP> d-------- C:\Documents and Settings\fsc\Application Data\GetRightToGo
2007-11-30 23:06 . 2007-11-30 23:07 2,293,848 --a------ C:\Program Files\FLV PlayerFCSetup.exe
2007-11-30 23:04 . 2007-11-30 23:04 <REP> d-------- C:\WINDOWS\FLV Player
2007-11-30 23:04 . 2007-11-30 23:04 <REP> d-------- C:\Program Files\FLV Player

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 20:40 --------- d-----w C:\Documents and Settings\fsc\Application Data\MegauploadToolbar
2007-12-24 22:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-12-23 20:58 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-15 19:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-13 17:51 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-11-28 20:00 --------- d-----w C:\Documents and Settings\fsc\Application Data\uTorrent
2007-11-23 22:24 --------- d-----w C:\Program Files\MySpeed PC Lite Edition
2007-11-22 22:17 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-11-21 19:41 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-21 19:40 30,615 ----a-w C:\Documents and Settings\fsc\x.exe
2007-11-21 19:40 --------- d-----w C:\Program Files\VisualRoute
2007-11-15 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-14 01:29 --------- d-----w C:\Program Files\DSL Speed
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 01:13 --------- d-----w C:\Documents and Settings\fsc\Application Data\Apple Computer
2007-11-13 01:00 --------- d-----w C:\Program Files\uTorrent
2007-11-13 00:55 --------- d-----w C:\Program Files\QuickTime
2007-11-13 00:55 --------- d-----w C:\Program Files\iTunes
2007-11-13 00:55 --------- d-----w C:\Program Files\iPod
2007-11-13 00:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-13 00:54 --------- d-----w C:\Program Files\Apple Software Update
2007-11-13 00:53 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-11-13 00:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-13 00:19 --------- d-----w C:\Program Files\BitComet
2007-11-07 21:09 --------- d-----w C:\Program Files\MSBuild
2007-11-07 21:09 --------- d-----w C:\Program Files\Microsoft Works
2007-11-07 21:08 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-07 21:06 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2007-11-04 16:38 --------- d-----w C:\Program Files\MSECache
2007-11-04 16:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-11-01 19:47 --------- d-----w C:\Program Files\MegauploadToolbar
2007-11-01 19:10 --------- d-----w C:\Program Files\AskTBar
2007-11-01 18:40 --------- d-----w C:\Program Files\Ahead
2007-10-31 12:26 --------- d-----w C:\Program Files\Google
2007-10-31 12:21 --------- d-----w C:\Program Files\DivX
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-16 18:57 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-10-16 18:57 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-09-28 16:08 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-09-28 16:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-09-28 16:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-09-28 16:07 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-09-28 16:07 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-09-28 16:07 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-09-28 16:07 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-09-28 16:07 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-09-28 16:05 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-09-28 16:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-09-28 16:05 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-09-28 16:05 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-09-28 16:05 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-09-28 16:05 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-09-28 16:05 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-09-28 16:05 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-09-28 16:05 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-09-28 16:05 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-09-28 16:05 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-02-01 22:36 0 ----a-w C:\Documents and Settings\fsc\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C89EBC8B-8B5D-48D1-BA60-2ACD02C87247}]
2004-08-05 13:00 84992 --a------ C:\WINDOWS\system32\actived.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fsc-reminder.exe"="C:\WINDOWS\reminder\fsc-reminder.exe" [2005-01-19 17:10]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 10:44 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 C:\WINDOWS\SkyTel.exe]
"SMSERIAL"="sm56hlpr.exe" [2006-01-20 12:34 C:\WINDOWS\sm56hlpr.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

R0 kfibamma;kfibamma;C:\WINDOWS\system32\drivers\urcpojcr.dat []
R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-27 15:00]
R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-02-20 16:01]
R0 SiSRaid2;SiSRaid2;C:\WINDOWS\system32\drivers\SiSRaid2.sys [2005-01-11 16:58]
R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys [2006-03-31 01:18]
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe -k netsvcs []
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2981de28-9797-11dc-8db9-001302de3af9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2981de29-9797-11dc-8db9-001302de3af9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39007acc-d64e-11db-8c20-001302de3af9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{58ce2e8d-b2fe-11db-8bcf-d301adfce43a}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f5c0226-81a9-11dc-8d73-001302de3af9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66d6887c-1e99-11dc-8c9e-001302de3af9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b4387f5-ec66-11db-8c45-001302de3af9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76007698-9d9f-11dc-8dc6-001302de3af9}]
\Shell\AutoRun\command - fooool.exe
\Shell\explore\Command - fooool.exe
\Shell\open\Command - fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf4ef754-a8a3-11dc-8df3-001302de3af9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c576e3dd-2e3a-11dc-8cb6-001302de3af9}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c576e3de-2e3a-11dc-8cb6-001302de3af9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb0b46aa-24f4-11dc-8cab-001302de3af9}]
\Shell\AutoRun\command - fooool.exe
\Shell\explore\Command - fooool.exe
\Shell\open\Command - fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7aba6ba-e058-11db-8c30-001302de3af9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea18bf45-a888-11dc-8df2-001302de3af9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4a417e9-2004-11dc-8ca1-001302de3af9}]
\Shell\AutoRun\command - fooool.exe
\Shell\explore\Command - fooool.exe
\Shell\open\Command - fooool.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{biueaxge-ylft-fbsw-ybpg-ofmxrkfqqqlt}]
C:\WINDOWS\system32\vidpy.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-11-19 06:06:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-27 22:54:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-27 22:55:40
.
2007-12-12 16:46:06 --- E O F ---

[CODE]

2007-12-27,22:58:43

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<fsc-reminder.exe><C:\WINDOWS\reminder\fsc-reminder.exe 2454128 14> [N/A]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RTHDCPL><RTHDCPL.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SkyTel><SkyTel.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SMSERIAL><sm56hlpr.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
<WinlogonNotify: igfxcui><igfxdev.dll> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
<Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{biueaxge-ylft-fbsw-ybpg-ofmxrkfqqqlt}]
<N/A><C:\WINDOWS\system32\vidpy.exe> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [(Verified)Microsoft Windows XP Publisher]

==================================
Startup Folders
N/A

==================================
Services
[Ad-Aware 2007 Service / aawservice][Running/Auto Start]
<"C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"><Lavasoft AB>
[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
<"C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple, Inc.>
[Gestion d'applications / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
[avast! Antivirus / avast! Antivirus][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
[avast! Mail Scanner / avast! Mail Scanner][Stopped/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Stopped/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[Google Updater Service / gusvc][Stopped/Manual Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[InstallShield Licensing Service / InstallShield Licensing Service][Running/Auto Start]
<"C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe"><Macrovision>
[Service de l'iPod / iPod Service][Stopped/Manual Start]
<"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[O2Micro Flash Memory / O2Flash][Running/Auto Start]
<C:\WINDOWS\system32\o2flash.exe><N/A>
[Pml Driver HPZ12 / Pml Driver HPZ12][Running/Auto Start]
<C:\WINDOWS\system32\HPZipm12.exe><HP>
[Symantec Core LC / Symantec Core LC][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe"><Symantec Corporation>

==================================
Drivers
[Ad-Watch Connect Kernel Filter / Ad-Watch Connect Filter][Running/Manual Start]
<\??\C:\WINDOWS\system32\drivers\NSDriver.sys><Lavasoft AB>
[GEARAspiWDM / GEARAspiWDM][Running/Manual Start]
<System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[Pilote de bus Microsoft UAA pour High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Intel AHCI Controller / iaStor][Running/Boot Start]
<\SystemRoot\system32\drivers\iaStor.sys><Intel Corporation>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[kfibamma / kfibamma][Running/Boot Start]
<\SystemRoot\system32\drivers\urcpojcr.dat><N/A>
[Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows XP 32 bits / NETw3x32][Running/Manual Start]
<system32\DRIVERS\NETw3x32.sys><Intel® Corporation>
[nvatabus / nvatabus][Running/Boot Start]
<\SystemRoot\system32\drivers\nvatabus.sys><NVIDIA Corporation>
[nvraid / nvraid][Running/Boot Start]
<\SystemRoot\system32\drivers\nvraid.sys><NVIDIA Corporation>
[O2MDRDR / O2MDRDR][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\o2media.sys><O2Micro>
[O2SDRDR / O2SDRDR][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\o2sd.sys><O2Micro>
[Padus ASPI Shell / pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) / rtl8139][Stopped/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SiSRaid2 / SiSRaid2][Running/Boot Start]
<\SystemRoot\system32\drivers\SiSRaid2.sys><Silicon Integrated Systems Corp>
[smserial / smserial][Running/Manual Start]
<system32\DRIVERS\smserial.sys><Motorola Inc.>
[viamraid / viamraid][Running/Boot Start]
<\SystemRoot\system32\drivers\viamraid.sys><VIA Technologies inc,.ltd>
[ZDCndis5 Protocol Driver / ZDCndis5][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\ZDCndis5.SYS><N/A>
[ZDPSp50 NDIS Protocol Driver / ZDPSp50][Stopped/Manual Start]
<System32\Drivers\ZDPSp50.sys><N/A>

==================================
Browser Add-ons
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[Aide pour le lien d'Adobe PDF Reader]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[RealPlayer Download and Record Plugin for Internet Explorer]
{3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, RealPlayer>
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll, BitComet>
[Megaupload Toolbar]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} <C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL, MEGAUPLOAD >
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[]
{C89EBC8B-8B5D-48D1-BA60-2ACD02C87247} <C:\WINDOWS\system32\actived.dll, N/A>
[vrie]
{04849C74-016E-4a43-8AA5-1F01DE57F4A1} <, N/A>
[BitComet Button]
{461CC20B-FB6E-4f16-8FE8-C29359DB100E} <C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll, BitComet>
[@sysiecom.dll,-2100]
{703436F1-3E1F-11d3-8F6B-00105A2A1D59} <, N/A>
[@sysiecom.dll,-2103]
{703436F2-3E1F-11d3-8F6B-00105A2A1D59} <, N/A>
[@sysiecom.dll,-2115]
{703436F3-3E1F-11d3-8F6B-00105A2A1D59} <, N/A>
[]
{85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A>
[&Rechercher]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL, Microsoft Corporation>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[Megaupload Toolbar]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} <C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL, MEGAUPLOAD >
[TDServer Control]
{0246ECA8-996F-11D1-BE2F-00A0C9037DFE} <C:\WINDOWS\DOWNLO~1\tdserver.ocx, Bitstream, Inc.>
[Office Genuine Advantage Validation Tool]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\WINDOWS\system32\OGACheckControl.DLL, >
[BDSCANONLINE Control]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\BDOSCAN8\oscan82.ocx, SOFTWIN>
[Java Plug-in 1.6.0_03]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll, Sun Microsystems, Inc.>
[Microsoft Outlook 8.0 Object Library]
{0006F033-0000-0000-C000-000000000046} <, N/A>
[Microsoft Office Outlook]
{0006F03A-0000-0000-C000-000000000046} <, N/A>
[IERJCtl Class]
{00CEDC01-864D-11D3-908D-00C0F03B3EDC} <C:\Program Files\Real\RealPlayer\ierjplug.dll, RealNetworks, Inc.>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[TDServer Control]
{0246ECA8-996F-11D1-BE2F-00A0C9037DFE} <C:\WINDOWS\DOWNLO~1\tdserver.ocx, Bitstream, Inc.>
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Inc.>
[Outlook Today's Data-binding control]
{0468C085-CA5B-11D0-AF08-00609797F0E0} <C:\PROGRA~1\MICROS~3\Office12\OUTLCTL.DLL, >
[Office Genuine Advantage Validation Tool]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} <C:\WINDOWS\system32\OGACheckControl.DLL, >
[Aide pour le lien d'Adobe PDF Reader]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[RealPlayer Download and Record Plugin for Internet Explorer]
{3049C3E9-B461-4BC5-8870-4C09146192CA} <C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll, RealPlayer>
[HtmlDlgSafeHelper Class]
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[BitComet Helper]
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} <C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll, BitComet>
[QuickTime Object]
{4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Inc.>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Megaupload Toolbar]
{4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} <C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL, MEGAUPLOAD >
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[BDSCANONLINE Control]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\BDOSCAN8\oscan82.ocx, SOFTWIN>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Windows Media Services DRM Storage object]
{760C4B83-E211-11D2-BF3E-00805FBE84A6} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Fichiers communs\System\msadc\msadco.dll, Microsoft Corporation>
[OWSClientMiscApis Class]
{BDEADE3F-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~3\Office12\OWSCLT.DLL, Microsoft Corporation>
[]
{C89EBC8B-8B5D-48D1-BA60-2ACD02C87247} <C:\WINDOWS\system32\actived.dll, N/A>
[BcAgent Class]
{C8FF2A06-638A-4913-8403-50294CFF6608} <C:\Program Files\BitComet\tools\BitCometAgent_1.1.11.1.dll, BitComet>
[Microsoft Office 12 Authorization Control]
{C9712B19-838B-45A5-ABF2-9A315DDDED50} <C:\PROGRA~1\MICROS~3\Office12\AUTHZAX.DLL, Microsoft Corporation>
[VIDEO__MPEG Moniker Class]
{CD3AFA89-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[iTunesDetector Class]
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} <C:\Program Files\iTunes\ITDetector.ocx, Apple Computer, Inc.>
[QuickTimeCheck Class]
{DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, Apple Inc.>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll, Yahoo! Inc.>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML HTTP 3.0]
{F5078F35-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[&D&ownload &with BitComet]
<res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>
[&D&ownload all video with BitComet]
<res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A>
[&D&ownload all with BitComet]
<res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[E&xporter vers Microsoft Excel]
<res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000, N/A>
[SYSTRAN: &Effacer le cache de traduction]
<C:\Program Files\Systran\Premium\menuClearCache.html, N/A>
[SYSTRAN: &Options]
<C:\Program Files\Systran\Premium\menuConfigure.html, N/A>
[SYSTRAN: &Traduire]
<C:\Program Files\Systran\Premium\menuTranslate.html, N/A>
[SYSTRAN: En&registrement]
<C:\Program Files\Systran\Premium\menuRegister.html, N/A>
[SYSTRAN: Rechercher les &mises à jour]
<C:\Program Files\Systran\Premium\menuUpdate.html, N/A>
[SYSTRAN: Traduire les &cadres]
<C:\Program Files\Systran\Premium\menuTranslateAll.html, N/A>

==================================
Running Processes
[PID: 868 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 924 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 952 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2508 (xpsp.040806-1825)]
[C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.5.0540.0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 996 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 1008 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1164 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1232 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1272 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\windows\system32\uxtuneup.dll] [TuneUp Software GmbH, 1.0.0.2]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 1416 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1476 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 1676 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 1736 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswRes.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 1932 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\hpzll4pi.dll] [Hewlett-Packard Company, 60.061.243.00]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp4pi.dll] [Hewlett-Packard Corporation, 60.061.243.00]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
[PID: 480 / SYSTEM][C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe] [Lavasoft AB, 7, 0, 1, 5]
[C:\Program Files\Lavasoft\Ad-Aware 2007\CEAPI.dll] [Lavasoft AB, 7, 0, 1, 5]
[C:\Program Files\Lavasoft\Ad-Aware 2007\PKArchive84cb.dll] [PKWARE, Inc., 8.4.219.0]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Program Files\Lavasoft\Ad-Aware 2007\Update.dll] [N/A, ]
[PID: 764 / SYSTEM][C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe] [Apple, Inc., 1, 14, 0, 0]
[PID: 808 / SYSTEM][C:\Program Files\Fichiers communs\InstallShield Shared\Service\InstallShield Licensing Service.exe] [Macrovision , 2.80.002]
[PID: 904 / SYSTEM][C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\1036\mdmui.dll] [Microsoft Corporation, 7.00.9466]
[PID: 972 / SYSTEM][C:\WINDOWS\system32\o2flash.exe] [N/A, ]
[PID: 1188 / SYSTEM][C:\WINDOWS\system32\HPZipm12.exe] [HP, 10, 1, 1, 5]
[PID: 1380 / fsc][C:\WINDOWS\RTHDCPL.EXE] [Realtek Semiconductor Corp., 2.0.9.6]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1396 / fsc][C:\WINDOWS\sm56hlpr.exe] [Motorola Inc., 6.11.06]
[C:\WINDOWS\sm56eng.dll] [N/A, ]
[C:\WINDOWS\sm56fra.dll] [N/A, ]
[C:\WINDOWS\sm56brz.dll] [N/A, ]
[C:\WINDOWS\sm56chs.dll] [N/A, ]
[C:\WINDOWS\sm56cht.dll] [N/A, ]
[C:\WINDOWS\sm56ger.dll] [N/A, ]
[C:\WINDOWS\sm56itl.dll] [N/A, ]
[C:\WINDOWS\sm56jpn.dll] [N/A, ]
[C:\WINDOWS\sm56spn.dll] [N/A, ]
[PID: 1500 / fsc][C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.30.5]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 1512 / fsc][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
[c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]
[c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1612 / fsc][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1632 / fsc][C:\Program Files\Messenger\msmsgs.exe] [Microsoft Corporation, 4.7.3001]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[PID: 2908 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3672 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 632 / fsc][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
[C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\msxml5.dll] [Microsoft Corporation, 5.20.1072.0]
[PID: 896 / fsc][C:\Documents and Settings\fsc\Bureau\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
[C:\Documents and Settings\fsc\Bureau\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 764, C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE]

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

[/CODE]
0
Réponse 22 / 31
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
re

il faudrait faire ceci également

Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX

Télécharge Rav antivirus:
http://ww25.evosla.com/compteur.php?soft=rav_antivirus

* Clique droit sur le fichier .ZIP > Extraire sur > le Bureau
* Doucle clic sur >> RAV.exe << afin de lancer l'outil.
* Une fois RAV ANTIVIRUS lancé, laissez-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
* Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
* Retirez vos disques amovibles et redémarrez votre ordinateur en mode normal.

----
Il n'y a jamais de raccourci vers les endroits qui en valent la peine - Beverley Sills
* Si je ne réponds pas de suite, je ne vous ai pas oublié. Quand je commence un post, je termine :)
0
Réponse 23 / 31
ghoulghoul Messages postés 36 Statut Membre
 
re;
ordinateur sain!!
0
Réponse 24 / 31
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
ok
mais c'est étrange tout de même au vu du rapport de combo.
Je vais creuser encore
je reprends donc où j'en étais resté. Réponse dans un ......petit moment
me faut digérer tes rapports
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 31
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
on va continuer comme ceci :

Sélectionne le texte suivant : 

driver::
kfibamma

file::
C:\WINDOWS\system32\drivers\urcpojcr.dat 
C:\WINDOWS\system32\actived.dll 
C:\WINDOWS\system32\vidpy.exe

registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{biueaxge-ylft-fbsw-ybpg-ofmxrkfqqqlt}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C89EBC8B-8B5D-48D1-BA60-2ACD02C87247}]


# Copie le texte sélectionné (CTRL+C).
# Ouvre le bloc-note (programme>Accessoire>bloc-note).
# Colle le texte copié dans ce bloc-note (CTRL+V).
# Sauvegarde ce fichier sous le nom de CFScript.txt
# Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
# Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
# Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
# Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
# Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


---

Il n'y a jamais de raccourci vers les endroits qui en valent la peine - Beverley Sills
* Si je ne réponds pas de suite, je ne vous ai pas oublié. Quand je commence un post, je termine :)
0
Réponse 26 / 31
ghoulghoul Messages postés 36 Statut Membre
 
re;
voici le logfile et merciiii
ComboFix 07-12-21.4 - fsc 2007-12-28 0:27:01.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.593 [GMT 1:00]
Running from: C:\Documents and Settings\fsc\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\fsc\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\actived.dll
C:\WINDOWS\system32\drivers\urcpojcr.dat
C:\WINDOWS\system32\vidpy.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\actived.dll
C:\WINDOWS\system32\drivers\urcpojcr.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_KFIBAMMA
-------\kfibamma

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-27 to 2007-12-27 ))))))))))))))))))))))))))))))))))))
.

2007-12-26 23:36 . 2007-12-27 00:37 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-12-25 00:01 . 2007-12-26 20:21 <REP> d-------- C:\Documents and Settings\fsc\Application Data\skypePM
2007-12-25 00:01 . 2007-12-25 00:01 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-24 23:59 . 2007-12-26 22:26 <REP> d-------- C:\Documents and Settings\fsc\Application Data\Skype
2007-12-24 23:58 . 2007-12-24 23:58 <REP> d-------- C:\Program Files\Skype
2007-12-24 23:58 . 2007-12-24 23:58 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2007-12-24 22:10 . 2007-12-24 22:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2007-12-24 22:06 . 2007-12-24 22:10 <REP> d-------- C:\Program Files\Fichiers communs\InstallShield Shared
2007-12-24 22:06 . 2007-12-24 22:06 <REP> d-------- C:\Program Files\Fichiers communs\Articulate
2007-12-24 22:06 . 2007-12-24 22:06 <REP> d-------- C:\Program Files\Articulate
2007-12-24 00:52 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-24 00:52 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-24 00:52 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-24 00:52 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-24 00:52 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-24 00:52 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-24 00:52 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-24 00:52 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-23 21:59 . 2007-12-23 21:59 <REP> d-------- C:\Program Files\Lavasoft
2007-12-23 21:59 . 2007-12-23 21:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-23 20:58 . 2007-12-27 22:12 <REP> d-------- C:\HiJackThis
2007-12-19 00:44 . 2007-12-19 00:44 <REP> d-------- C:\Program Files\AxBx
2007-12-17 01:52 . 2007-11-19 14:02 983,040 --a------ C:\WINDOWS\PowerISO.exe
2007-12-10 11:50 . 2007-12-10 11:50 8,521 --a------ C:\WINDOWS\lmpcl2a.ini
2007-12-10 11:50 . 2007-12-04 22:25 67 --a------ C:\WINDOWS\system32\Monitor.bak
2007-12-10 11:49 . 2007-12-10 11:49 <REP> d-------- C:\Program Files\Lexmark
2007-12-09 22:48 . 2007-11-19 14:02 1,721,344 --a------ C:\WINDOWS\MagicISO.exe
2007-12-04 22:25 . 2007-12-10 11:50 67 --a------ C:\WINDOWS\system32\Monitor.inf
2007-12-04 22:22 . 2007-12-04 22:22 <REP> d-------- C:\lexmark
2007-11-30 23:21 . 2007-03-04 13:55 1,936,528 --a------ C:\WINDOWS\system32\ltmm15.dll
2007-11-30 23:21 . 2007-11-30 23:20 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-11-30 23:21 . 2007-03-04 13:55 135,168 --a------ C:\WINDOWS\system32\DSKernel2.dll
2007-11-30 23:20 . 2007-11-30 23:25 <REP> d-------- C:\Program Files\Replay Converter
2007-11-30 23:08 . 2007-11-30 23:08 <REP> d-------- C:\WINDOWS\Freecorder Toolbar
2007-11-30 23:06 . 2007-11-30 23:20 <REP> d-------- C:\Documents and Settings\fsc\Application Data\GetRightToGo
2007-11-30 23:06 . 2007-11-30 23:07 2,293,848 --a------ C:\Program Files\FLV PlayerFCSetup.exe
2007-11-30 23:04 . 2007-11-30 23:04 <REP> d-------- C:\WINDOWS\FLV Player
2007-11-30 23:04 . 2007-11-30 23:04 <REP> d-------- C:\Program Files\FLV Player

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-27 23:20 --------- d-----w C:\Documents and Settings\fsc\Application Data\MegauploadToolbar
2007-12-24 22:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-12-23 20:58 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-15 19:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-13 17:51 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-11-28 20:00 --------- d-----w C:\Documents and Settings\fsc\Application Data\uTorrent
2007-11-23 22:24 --------- d-----w C:\Program Files\MySpeed PC Lite Edition
2007-11-22 22:17 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2007-11-21 19:41 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-21 19:40 30,615 ----a-w C:\Documents and Settings\fsc\x.exe
2007-11-21 19:40 --------- d-----w C:\Program Files\VisualRoute
2007-11-15 19:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-14 01:29 --------- d-----w C:\Program Files\DSL Speed
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-13 01:13 --------- d-----w C:\Documents and Settings\fsc\Application Data\Apple Computer
2007-11-13 01:00 --------- d-----w C:\Program Files\uTorrent
2007-11-13 00:55 --------- d-----w C:\Program Files\QuickTime
2007-11-13 00:55 --------- d-----w C:\Program Files\iTunes
2007-11-13 00:55 --------- d-----w C:\Program Files\iPod
2007-11-13 00:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-13 00:54 --------- d-----w C:\Program Files\Apple Software Update
2007-11-13 00:53 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-11-13 00:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-11-13 00:19 --------- d-----w C:\Program Files\BitComet
2007-11-07 21:09 --------- d-----w C:\Program Files\MSBuild
2007-11-07 21:09 --------- d-----w C:\Program Files\Microsoft Works
2007-11-07 21:08 --------- d-----w C:\Program Files\Microsoft.NET
2007-11-07 21:06 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2007-11-04 16:38 --------- d-----w C:\Program Files\MSECache
2007-11-04 16:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2007-11-01 19:47 --------- d-----w C:\Program Files\MegauploadToolbar
2007-11-01 19:10 --------- d-----w C:\Program Files\AskTBar
2007-11-01 18:40 --------- d-----w C:\Program Files\Ahead
2007-10-31 12:26 --------- d-----w C:\Program Files\Google
2007-10-31 12:21 --------- d-----w C:\Program Files\DivX
2007-02-01 22:36 0 ----a-w C:\Documents and Settings\fsc\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2007-12-27_22.54.55,32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2007-12-27 21:09:08 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6c8.dat
+ 2007-12-27 23:32:22 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6c8.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fsc-reminder.exe"="C:\WINDOWS\reminder\fsc-reminder.exe" [2005-01-19 17:10]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 10:44 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 C:\WINDOWS\SkyTel.exe]
"SMSERIAL"="sm56hlpr.exe" [2006-01-20 12:34 C:\WINDOWS\sm56hlpr.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

R0 O2MDRDR;O2MDRDR;C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-02-27 15:00]
R0 O2SDRDR;O2SDRDR;C:\WINDOWS\system32\DRIVERS\o2sd.sys [2006-02-20 16:01]
R0 SiSRaid2;SiSRaid2;C:\WINDOWS\system32\drivers\SiSRaid2.sys [2005-01-11 16:58]
R0 viamraid;viamraid;C:\WINDOWS\system32\drivers\viamraid.sys [2006-03-31 01:18]
R2 UxTuneUp;Extension de conception TuneUp;C:\WINDOWS\System32\svchost.exe -k netsvcs []
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2981de28-9797-11dc-8db9-001302de3af9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2981de29-9797-11dc-8db9-001302de3af9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{39007acc-d64e-11db-8c20-001302de3af9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f5c0226-81a9-11dc-8d73-001302de3af9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66d6887c-1e99-11dc-8c9e-001302de3af9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6b4387f5-ec66-11db-8c45-001302de3af9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76007698-9d9f-11dc-8dc6-001302de3af9}]
\Shell\AutoRun\command - fooool.exe
\Shell\explore\Command - fooool.exe
\Shell\open\Command - fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bf4ef754-a8a3-11dc-8df3-001302de3af9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c576e3dd-2e3a-11dc-8cb6-001302de3af9}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c576e3de-2e3a-11dc-8cb6-001302de3af9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb0b46aa-24f4-11dc-8cab-001302de3af9}]
\Shell\AutoRun\command - fooool.exe
\Shell\explore\Command - fooool.exe
\Shell\open\Command - fooool.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d7aba6ba-e058-11db-8c30-001302de3af9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ea18bf45-a888-11dc-8df2-001302de3af9}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4a417e9-2004-11dc-8ca1-001302de3af9}]
\Shell\AutoRun\command - fooool.exe
\Shell\explore\Command - fooool.exe
\Shell\open\Command - fooool.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-19 06:06:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-28 00:33:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-28 0:35:42 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-27 22:55
.
2007-12-12 16:46:06 --- E O F ---
0
Réponse 27 / 31
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
re

* Assure toi d'avoir accès à tous les fichiers

-démarrer

-poste de travail ou autre dossier

-menu outils

-options de dossier

-onglet affichage

puis

- activer la case : Afficher les fichiers et dossiers cachés

- désactiver la case : Masquer les extensions des fichiers dont le type est connu

- désactiver la case : Masquer les fichier protégés du système d'exploitation

Puis - Appliquer
puis
supprime

C:\Documents and Settings\fsc\Application Data\wklnhst.dat

où en es tu de tes problèmes ? comment se comporte ton pc actuellement ?

0
Réponse 28 / 31
ghoulghoul Messages postés 36 Statut Membre
 
re
j'ai fais comme tu m'a indiqué
pour le moment je n'ai plus cette alerte de sécurité!!
0
Réponse 29 / 31
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
les dernières choses ont été virées je pense que maintenant tout doit être ok

tu peux

* Lance OTmoveIT.
* Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargé).
NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder a internet, Autorise le.
* Une liste apparait dans la partie gauche d'OTmoveIT.
* Un message apparait pour confirmer le nettoyage. Confirme.

puis IMPORTANT
afin de repartir sur de bonnes bases

* démarrer-----------panneau de configuration------------système----------
onglet Restauration système-----------coche la case (Désactiver la restauration système)--------------
redémarre l'ordinateur
réactive la ensuite
http://pageperso.aol.fr/loraline60/desactiver_restauration_systeme.htm

.

* Pour améliorer la sécurité de ton PC prend quelques instants pour lire

CECI

bonne nuit et bonne fin d'année
0
Réponse 30 / 31
ghoulghoul Messages postés 36 Statut Membre
 
merci philae
tu es vraiment un ange
je suis trés reconnaissant
0
Réponse 31 / 31
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonjour.

alors si je suis un ange......merci et ravie d'avoir pu t'aider.

bonne continuation
0

Discussions similaires

Sécurité de l'URL
ghaouar -
fiddy -

2 réponses
comment lire un message masqué????
linx33 -
linx33 -

6 réponses
La nouvelle messagerie du Boncoin....
Utilisateur anonyme -
Madabatro -

69 réponses
Message erreur : la sécurité s'arrête systématiquement
Pseudonymedemiss -
ALAIN -

229 réponses