Trojan.Win32.BHO.agz

Résolu
bobdu78 Messages postés 16 Statut Membre -  
FillPCA Messages postés 2264 Statut Contributeur sécurité -
Bonjour,
j'ai un virus proveneant du trojan Trojan.Win32.BHO.agz, Kaspersky a detecté son emplacement "C:\WINDOWS\system32/cnvfate.dll" mais n'arrive pas à le supprimer ,car les privilèges d'écriture manquent.
Pouvez vous m'aider s'il vous plait.
Configuration: Windows XP

Voici mon rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:23:15, on 27/12/2007
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\pat\Bureau\HiJackThis_v2.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
O2 - BHO: (no name) - {903ACCC5-175E-476C-8645-E9FBB9C6621A} - c:\windows\system32\expsrve.dll
O2 - BHO: (no name) - {F1C0C3A9-4FF0-45CD-8B26-BC9A93109B62} - C:\WINDOWS\System32\cnvfate.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O20 - Winlogon Notify: zoeghflb - C:\WINDOWS\SYSTEM32\expsrve.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

--
End of file - 4065 bytes

Je vous remercie par avance
Configuration: Windows XP
Internet Explorer 6.0

34 réponses

  • 1
  • 2
  1. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Bonjour,

    Ton XP n'est pas du tout à jour. Est-il légal ?

    Tu n'as pas de pare-feu. Tu dois commencer par en installer un.
    Regarde ici pour en trouver un : https://pages.perso.orange.fr/pages-perso-error&r=403

    Edite un rapport Hijackthis en utilisant cette version stable :
    http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
    Démo en image
    http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    Fais un scan et poste l'analyse.

    FillPCA
    0
  2. bobdu78 Messages postés 16 Statut Membre
     
    Tout dabord FillPCA je te remercie pour ta réponse rapide.
    Pour mon xp c'est mon frère qui l'a installé et je ne sais pas si il est légal, je vais me renseigné.
    Voici mon nouveau rapport Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:58:00, on 27/12/2007
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\avgas.exe
    C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\msiexec.exe
    C:\Documents and Settings\pat\Bureau\HiJackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    O2 - BHO: (no name) - {903ACCC5-175E-476C-8645-E9FBB9C6621A} - c:\windows\system32\expsrve.dll
    O2 - BHO: (no name) - {F1C0C3A9-4FF0-45CD-8B26-BC9A93109B62} - C:\WINDOWS\System32\cnvfate.dll
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O20 - Winlogon Notify: zoeghflb - C:\WINDOWS\SYSTEM32\expsrve.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    0
  3. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    * Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    * Double clique combofix.exe et suis les invites.
    * Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    Edite aussi un nouveau rapport Hijackthis.

    FillPCA
    0
  4. bobdu78 Messages postés 16 Statut Membre
     
    re,
    Je ne suis pas arrivé à posté un rapport de combofix.exe mon ordi c'est bloqué, mais on dirait que le trojan a disparue, je te poste néammoins un nouveau rapport Hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:57, on 2007-12-27
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Documents and Settings\pat\Bureau\HiJackThis.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    O2 - BHO: (no name) - {903ACCC5-175E-476C-8645-E9FBB9C6621A} - c:\windows\system32\expsrve.dll
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O20 - Winlogon Notify: zoeghflb - C:\WINDOWS\SYSTEM32\expsrve.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    Non, l'infection est là et solidement ancrée. C'est très gênant que combofix ne passe pas.

    1/ * Ouvrir l'explorateur windows (Démarrer>programmes>Accessoires>Explorateur windows ou Démarrer>programmes>Explorateur windows).
    * Cliquer sur outils>options des dossiers>affichage.
    * Sélectionner :
    o afficher les fichiers et dossiers cachés,
    o décocher "masquer les extensions des fichiers dont le type est connu",
    o décocher masquer les fichiers protégés du système d'exploitation (recommandé)".

    * "appliquer" et "ok"

    2/ * Peux-tu tester ceci : C:\WINDOWS\SYSTEM32\expsrve.dll
    * Clique sur ce lien : http://www.virustotal.com/en/indexf.html
    * Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
    * Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.

    3/ Essaie de relancer Combofix et de publier son rapport.

    4/ * Télécharge DiagHelp.zip sur ton bureau(Merci Malekal) : http://www.malekal.com/download/DiagHelp.zip
    Tuto : http://www.malekal.com/DiagHelp/DiagHelp.php
    * Ne double-clique pas dessus !! Fais un clic droit sur le fichier et extraire tout.
    * Un nouveau dossier chercher va être créé.
    * Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
    * Une fenêtre va s'ouvrir, choisis l'option 1
    * L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande.
    * Pendant l'analyse après le rapport CATCHME sur l'écran rouge, tu dois appuyer sue entrée pour que l'outil continue ses recherches. Suis les consignes écrites.
    * Une fenêtre avec le rapport s'ouvre alors. Copie/colle son contenu. (Il se trouve aussi ici : c:\resultat.txt)
    * Double-clique sur ce fichier, Fais CTRL+A puis CTRL+C.
    * Dans ta prochaine réponse, colle le rapport en faisant CTRL+V.

    5/ * Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
    * Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
    * Ouvre le dossier SReng2 et double-clique sur SREng.exe.
    * Clique sur "smart scan".
    * Clique sur le bouton "scan".
    * Quand l'analyse est terminée, clique sur le bouton "save reports".
    * Sauvegarde alors le rapport sur ton bureau.
    * Copie/colle le contenu du rapport SREnglLOG.log dans ta prochaine réponse.

    6/ Edite les rapports demandés : Combofix (s'il est passé), Diaghelp et SREng.

    Edite aussi un rapport Hijackthis.

    FillPCA
    0
  7. bobdu78 Messages postés 16 Statut Membre
     
    RE,
    merci encore pour ton aide
    Je te joins 3 rapports et je fais suivre le combofix si j'y arrive

    1/voici le rapport de virus total :

    Fichier expsrve.dll reçu le 2007.12.27 15:03:58 (CET)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE

    Résultat: 5/32 (15.63%)
    en train de charger les informations du serveur...
    Votre fichier est dans la file d'attente, en position: 2.
    L'heure estimée de démarrage est entre 41 et 59 secondes.
    Ne fermez pas la fenêtre avant la fin de l'analyse.
    L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
    Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
    Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
    les résultats seront affichés au fur et à mesure de leur génération.
    Formaté Impression des résultats
    Votre fichier a expiré ou n'existe pas.
    Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

    Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
    Email:

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2007.12.27.10 2007.12.26 -
    AntiVir 7.6.0.46 2007.12.27 TR/Crypt.Morphine.Gen
    Authentium 4.93.8 2007.12.27 -
    Avast 4.7.1098.0 2007.12.26 -
    AVG 7.5.0.516 2007.12.26 Obfustat.ADMO
    BitDefender 7.2 2007.12.27 -
    CAT-QuickHeal 9.00 2007.12.27 -
    ClamAV 0.91.2 2007.12.27 -
    DrWeb 4.44.0.09170 2007.12.27 -
    eSafe 7.0.15.0 2007.12.26 -
    eTrust-Vet 31.3.5406 2007.12.27 -
    Ewido 4.0 2007.12.27 -
    FileAdvisor 1 2007.12.27 -
    Fortinet 3.14.0.0 2007.12.27 -
    F-Prot 4.4.2.54 2007.12.26 -
    F-Secure 6.70.13030.0 2007.12.27 -
    Ikarus T3.1.1.15 2007.12.27 -
    Kaspersky 7.0.0.125 2007.12.27 -
    McAfee 5193 2007.12.26 -
    Microsoft 1.3109 2007.12.27 VirTool:Win32/Obfuscator.Q
    NOD32v2 2750 2007.12.27 -
    Norman 5.80.02 2007.12.27 -
    Panda 9.0.0.4 2007.12.26 Suspicious file
    Prevx1 V2 2007.12.27 -
    Rising 20.24.32.00 2007.12.27 -
    Sophos 4.24.0 2007.12.27 -
    Sunbelt 2.2.907.0 2007.12.27 -
    Symantec 10 2007.12.27 -
    TheHacker 6.2.9.170 2007.12.26 -
    VBA32 3.12.2.5 2007.12.26 -
    VirusBuster 4.3.26:9 2007.12.26 -
    Webwasher-Gateway 6.6.2 2007.12.27 Trojan.Crypt.Morphine.Gen
    Information additionnelle
    File size: 84992 bytes
    MD5: 15878a929ef2b6abdb80807ea953b25a
    SHA1: 4a8d703b6452019fa43fc66f81ed86c7740a36b8
    PEiD: -
    packers: UPX

    2/ LE RAPPORT DIAGHELP

    DiagHelp version v1.4 - http://www.malekal.com
    excute le 2007-12-27 à 15:18:59.95

    Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
    C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->2007-12-27 15:18:43
    C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->2007-12-27 15:16:46
    C:\WINDOWS\prefetch\ACRORD32.EXE-356875A2.pf -->2007-12-27 15:11:19
    C:\WINDOWS\prefetch\PDFCREATOR.EXE-09D304A3.pf -->2007-12-27 15:10:50
    C:\WINDOWS\prefetch\PDFSPO~1.EXE-311A8C48.pf -->2007-12-27 15:10:41
    C:\WINDOWS\prefetch\RUNDLL32.EXE-268BFF96.pf -->2007-12-27 14:59:54
    C:\WINDOWS\prefetch\VLC.EXE-22DF01AA.pf -->2007-12-27 14:37:34
    C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->2007-12-27 14:33:06
    C:\WINDOWS\prefetch\SVCHOST.EXE-3530F672.pf -->2007-12-27 14:17:50
    C:\WINDOWS\prefetch\ACRORD32INFO.EXE-24548733.pf -->2007-12-27 14:17:47

    C:\WINDOWS\System32\drivers\fidbox.dat -->2007-12-27 15:15:41
    C:\WINDOWS\System32\drivers\fidbox2.dat -->2007-12-27 15:10:41
    C:\WINDOWS\System32\drivers\fidbox2.idx -->2007-12-27 11:04:16
    C:\WINDOWS\System32\drivers\fidbox.idx -->2007-12-27 11:04:15
    C:\WINDOWS\System32\drivers\klin.dat -->2007-12-20 19:59:06
    C:\WINDOWS\System32\drivers\dvrvytbv.dat -->2007-12-19 10:51:59
    C:\WINDOWS\System32\drivers\klick.dat -->2007-12-13 10:20:12

    C:\WINDOWS\System32\PerfStringBackup.INI -->2007-12-27 11:50:03
    C:\WINDOWS\System32\perfh00C.dat -->2007-12-27 11:50:03
    C:\WINDOWS\System32\perfh009.dat -->2007-12-27 11:50:03
    C:\WINDOWS\System32\perfc00C.dat -->2007-12-27 11:50:03
    C:\WINDOWS\System32\perfc009.dat -->2007-12-27 11:50:03
    C:\WINDOWS\System32\expsrve.dll -->2007-12-27 11:22:58
    C:\WINDOWS\System32\jqnrpqmu.dat -->2007-12-26 14:38:56
    C:\WINDOWS\System32\CRUNX.BIN -->2007-12-26 11:47:30
    C:\WINDOWS\System32\wpa.dbl -->2007-12-25 13:35:44
    C:\WINDOWS\System32\kdfsocpe.dat -->2007-12-19 10:51:58
    C:\WINDOWS\System32\shulcrzr.dat -->2007-12-14 17:01:19
    C:\WINDOWS\System32\libssl32.dll -->2007-12-14 17:01:19
    C:\WINDOWS\System32\libeay32.dll -->2007-12-14 17:01:19
    C:\WINDOWS\System32\ifuxffjq.dat -->2007-12-14 17:01:19
    C:\WINDOWS\System32\blymsfug.dat -->2007-12-14 17:01:19
    C:\WINDOWS\System32\swreg.exe -->2007-12-13 21:26:50
    C:\WINDOWS\System32\swsc.exe -->2007-12-04 01:00:42
    C:\WINDOWS\System32\wunilog.ini -->2007-11-28 20:54:35
    C:\WINDOWS\System32\rightonadz-uninst.exe -->2007-11-03 01:01:56
    C:\WINDOWS\System32\adssite-remove.exe -->2007-11-03 01:01:08
    C:\WINDOWS\System32\ssldivx.dll -->2007-07-27 00:06:12
    C:\WINDOWS\System32\libdivx.dll -->2007-07-27 00:06:12
    C:\WINDOWS\System32\ldr1E.tmp -->2007-05-29 22:14:38
    C:\WINDOWS\System32\ldr1C.tmp -->2007-05-29 22:14:34
    C:\WINDOWS\System32\ldr1A.tmp -->2007-05-29 22:14:33

    C:\WINDOWS\wiaservc.log -->2007-12-27 14:17:41
    C:\WINDOWS\wiadebug.log -->2007-12-27 14:17:41
    C:\WINDOWS\Sti_Trace.log -->2007-12-27 14:17:40
    C:\WINDOWS\Windows Update.log -->2007-12-27 11:49:51
    C:\WINDOWS\setupapi.log -->2007-12-27 11:49:21
    C:\WINDOWS\0.log -->2007-12-27 11:48:18
    C:\WINDOWS\bootstat.dat -->2007-12-27 11:48:11
    C:\WINDOWS\SchedLgU.Txt -->2007-12-27 11:04:06
    C:\WINDOWS\Mda.INI -->2007-12-26 12:16:10
    C:\WINDOWS\win.ini -->2007-12-26 11:47:30
    C:\WINDOWS\Bbt97.INI -->2007-12-03 19:57:40
    C:\WINDOWS\iun6002.exe -->2007-10-31 20:31:52
    C:\WINDOWS\SoundConverter.INI -->2007-08-13 09:15:23
    C:\WINDOWS\BELOTEXP.INI -->2007-08-07 23:45:36
    C:\WINDOWS\PDFCreator_Toolbar_Uninstaller_5500.exe -->2007-07-07 10:22:32

    winlogon.exe
    Verified: Signed
    svchost.exe
    Verified: Signed
    ws2_32.dll
    Verified: Signed
    user32.dll
    Verified: Signed
    tcpip.sys
    Verified: Signed
    ndis.sys
    Verified: Signed
    null.sys
    Verified: Signed

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    explorer.exe pid: 1868
    Command line: C:\WINDOWS\Explorer.EXE

    Base Size Version Path
    0x01000000 0xf8000 6.00.2600.0000 C:\WINDOWS\Explorer.EXE
    *** Loaded C:\WINDOWS\system32\kernel32.dll differs from file image:
    *** File timestamp: Thu Aug 23 18:43:58 2001
    *** Loaded image timestamp: Thu Aug 23 18:43:59 2001
    0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
    0x77290000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll
    0x77390000 0x802000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll
    0x770e0000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll
    0x75f10000 0xfc000 6.00.2600.0000 C:\WINDOWS\System32\BROWSEUI.dll
    *** Loaded C:\WINDOWS\System32\SHDOCVW.dll differs from file image:
    *** File timestamp: Thu Aug 23 18:44:03 2001
    *** Loaded image timestamp: Thu Aug 23 18:46:10 2001
    *** 0x76960000 0x149000 6.00.2600.0000 C:\WINDOWS\System32\SHDOCVW.dll
    0x5b090000 0x34000 6.00.2600.0000 C:\WINDOWS\System32\UxTheme.dll
    0x71950000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
    0x77300000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\comctl32.dll
    0x76f80000 0x78000 2001.12.4414.0042 C:\WINDOWS\System32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\System32\COMRes.dll
    0x5b950000 0x71000 6.00.2600.0000 C:\WINDOWS\System32\themeui.dll
    0x10000000 0x25000 6.00.0002.0614 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll
    0x76ac0000 0x15000 3.00.9238.0000 C:\WINDOWS\System32\ATL.DLL
    0x76190000 0x98000 6.00.2600.0000 C:\WINDOWS\system32\WININET.dll
    0x76250000 0x8c000 5.131.2600.0000 C:\WINDOWS\system32\CRYPT32.dll
    0x76080000 0x78000 6.00.2600.0000 C:\WINDOWS\system32\urlmon.dll
    0x00cf0000 0x31000 c:\windows\system32\expsrve.dll
    0x02130000 0x2c6000 3.01.4000.2435 C:\WINDOWS\System32\msi.dll
    0x74aa0000 0x43000 6.00.2600.0000 C:\WINDOWS\System32\webcheck.dll
    0x74a60000 0x9000 6.00.2600.0000 C:\WINDOWS\System32\BatMeter.dll
    0x74a40000 0x7000 6.00.2600.0000 C:\WINDOWS\System32\POWRPROF.dll
    0x73d20000 0xf2000 6.00.8665.0000 C:\WINDOWS\System32\MFC42.DLL
    0x61d70000 0xe000 6.00.8665.0000 C:\WINDOWS\System32\MFC42LOC.DLL
    0x6b080000 0x31000 0.09.0007.0003 C:\WINDOWS\system32\libssl32.dll
    0x61d80000 0xe6000 0.09.0007.0003 C:\WINDOWS\System32\libeay32.dll
    0x02670000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
    0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
    0x028a0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
    0x723a0000 0x13000 6.00.2600.0000 C:\WINDOWS\System32\browselc.dll
    0x1f7b0000 0x31000 3.520.7713.0000 C:\WINDOWS\System32\ODBC32.dll
    0x76340000 0x46000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll
    0x1f850000 0x18000 3.520.7713.0000 C:\WINDOWS\System32\odbcint.dll
    0x00ef0000 0x13000 7.05.0001.0036 C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\shellexecutehook.dll
    0x76100000 0x8e000 6.00.2600.0000 C:\WINDOWS\System32\shdoclc.dll
    0x71ca0000 0x1b000 6.00.2600.0000 C:\WINDOWS\System32\actxprxy.dll
    0x746e0000 0x8f000 6.00.2600.0000 C:\WINDOWS\System32\MLANG.dll
    0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
    0x732d0000 0x51000 6.00.2600.0000 C:\WINDOWS\System32\zipfldr.dll

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    winlogon.exe pid: 848
    Command line: winlogon.exe

    Base Size Version Path
    0x01000000 0x6f000 \??\C:\WINDOWS\system32\winlogon.exe
    *** Loaded C:\WINDOWS\system32\kernel32.dll differs from file image:
    *** File timestamp: Thu Aug 23 18:43:58 2001
    *** Loaded image timestamp: Thu Aug 23 18:43:59 2001
    0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
    0x76250000 0x8c000 5.131.2600.0000 C:\WINDOWS\system32\CRYPT32.dll
    0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\system32\WINTRUST.dll
    0x77390000 0x802000 6.00.2600.0000 C:\WINDOWS\system32\SHELL32.dll
    0x77290000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll
    0x77300000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\COMCTL32.dll
    0x1f7b0000 0x31000 3.520.7713.0000 C:\WINDOWS\system32\ODBC32.dll
    0x76340000 0x46000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll
    0x00930000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
    0x1f850000 0x18000 3.520.7713.0000 C:\WINDOWS\system32\odbcint.dll
    0x76b70000 0x1f000 6.00.2600.0000 C:\WINDOWS\system32\SHSVCS.dll
    0x5b090000 0x34000 6.00.2600.0000 C:\WINDOWS\system32\uxtheme.dll
    0x012f0000 0x33000 6.00.0002.0614 C:\WINDOWS\System32\klogon.dll
    0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll
    0x01730000 0x31000 C:\WINDOWS\system32\expsrve.dll
    0x770e0000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\oleaut32.dll
    0x76ac0000 0x15000 3.00.9238.0000 C:\WINDOWS\system32\ATL.DLL
    0x76190000 0x98000 6.00.2600.0000 C:\WINDOWS\system32\wininet.dll
    0x76f80000 0x78000 2001.12.4414.0042 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\system32\COMRes.dll
    0x6b080000 0x31000 0.09.0007.0003 C:\WINDOWS\system32\libssl32.dll
    0x61d80000 0xe6000 0.09.0007.0003 C:\WINDOWS\system32\libeay32.dll
    0x76080000 0x78000 6.00.2600.0000 C:\WINDOWS\system32\urlmon.dll

    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 9885-2061

    Répertoire de C:\WINDOWS\system32

    2001-08-28 12:00 4,096 csrss.exe
    1 fichier(s) 4,096 octets
    0 Rép(s) 26,584,559,616 octets libres

    Contenu de Downloaded Program Files
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 9885-2061

    Répertoire de C:\WINDOWS\Downloaded Program Files

    2007-12-17 23:01 <REP> .
    2007-12-17 23:01 <REP> ..
    2007-03-27 15:19 273,744 AdVerifierADP.dll
    2007-02-28 21:17 65 desktop.ini
    2007-11-20 16:04 1,523,536 FP_AX_CAB_INSTALLER.exe
    2000-01-20 14:25 1,162 Microsoft XML Parser for Java.osd
    2007-11-20 15:50 247 swflash.inf
    2007-03-19 18:54 23,600 tvichw32.sys
    2004-08-11 01:22 3,024 wma9dmo.inf
    2004-08-11 02:22 3,036 wmv9dmo.inf
    2003-06-30 22:41 1,689 WMV9VCM.inf
    9 fichier(s) 1,830,103 octets

    Total des fichiers listés :
    9 fichier(s) 1,830,103 octets
    2 Rép(s) 26,584,559,616 octets libres

    Recherche de rootkit! (Merci S!Ri)

    Recherche d'infections connues

    Export des clefs sensibles..

    Liste des fichiers en exception sur le pare-feu XP SP2

    Export de la clef SharedTaskScheduler

    [SharedTaskScheduler]

    exports des policies
    REGEDIT4

    [system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    Export des clefs sensibles..
    Rechercher adresses sensibles dans le fichier HOSTS...
    catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-27 15:20:54
    Windows 5.1.2600 NTFS

    scanning hidden services & system hive ...

    IPC error: 2 Le fichier spécifié est introuvable.
    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden services: 0
    hidden files: 0

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    ENUMERATION OF PROCESS LIST TERMINATED ABNORMALLY.
    RESULTS MAY BE INACCURATE!

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Driver/Module list by traversal of PsLoadedModuleList

    804D0000 - \WINDOWS\system32\ntoskrnl.exe
    806B9000 - \WINDOWS\system32\hal.dll
    F8A51000 - \WINDOWS\system32\KDCOM.DLL
    F8961000 - \WINDOWS\system32\BOOTVID.dll
    F8504000 - ACPI.sys
    F8A53000 - \WINDOWS\System32\DRIVERS\WMILIB.SYS
    F8551000 - pci.sys
    F8561000 - isapnp.sys
    F8571000 - ohci1394.sys
    F8581000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS
    F87D1000 - dvrvytbv.dat
    F8965000 - compbatt.sys
    F8969000 - \WINDOWS\System32\DRIVERS\BATTC.SYS
    F8B19000 - pciide.sys
    F87D9000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
    F84E7000 - pcmcia.sys
    F8591000 - MountMgr.sys
    F84C8000 - ftdisk.sys
    F8A55000 - dmload.sys
    F84A4000 - dmio.sys
    F896D000 - ACPIEC.sys
    F8B1A000 - \WINDOWS\System32\DRIVERS\OPRGHDLR.SYS
    F87E1000 - PartMgr.sys
    F85A1000 - VolSnap.sys
    F848E000 - atapi.sys
    F85B1000 - disk.sys
    F85C1000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
    F847C000 - sr.sys
    F8468000 - KSecDD.sys
    F83E5000 - Ntfs.sys
    F83BD000 - NDIS.sys
    F83A0000 - Teefer.sys
    F85D1000 - SISAGPX.sys
    F8386000 - Mup.sys
    F836A000 - kl1.sys
    F8971000 - \WINDOWS\System32\drivers\TDI.SYS
    F7CFC000 - \SystemRoot\System32\DRIVERS\processr.sys
    F833A000 - \SystemRoot\System32\DRIVERS\gameenum.sys
    F8641000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
    F8879000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
    F8881000 - \SystemRoot\System32\DRIVERS\mouclass.sys
    F8651000 - \SystemRoot\System32\Drivers\Serial.SYS
    F8889000 - \SystemRoot\System32\DRIVERS\irsir.sys
    F8336000 - \SystemRoot\System32\DRIVERS\irenum.sys
    F7CE9000 - \SystemRoot\System32\DRIVERS\parport.sys
    F8661000 - \SystemRoot\System32\Drivers\Imapi.SYS
    F8671000 - \SystemRoot\System32\DRIVERS\cdrom.sys
    F8691000 - \SystemRoot\System32\DRIVERS\redbook.sys
    F7CC8000 - \SystemRoot\System32\DRIVERS\ks.sys
    F7C93000 - \SystemRoot\System32\DRIVERS\HSFHWSIS.sys
    F7B96000 - \SystemRoot\System32\DRIVERS\HSF_DPV.sys
    F7AE7000 - \SystemRoot\System32\DRIVERS\HSF_CNXT.sys
    F8891000 - \SystemRoot\System32\Drivers\Modem.SYS
    F7A50000 - \SystemRoot\system32\drivers\ALCXWDM.SYS
    F7A2F000 - \SystemRoot\system32\drivers\portcls.sys
    F86A1000 - \SystemRoot\system32\drivers\drmk.sys
    F79CD000 - \SystemRoot\system32\drivers\ALCXSENS.SYS
    F832A000 - \SystemRoot\System32\DRIVERS\usbohci.sys
    F79AE000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
    F8899000 - \SystemRoot\System32\DRIVERS\sisnic.sys
    F86C1000 - \SystemRoot\System32\DRIVERS\nic1394.sys
    F8326000 - \SystemRoot\System32\DRIVERS\CmBatt.sys
    F8A81000 - \SystemRoot\System32\DRIVERS\ATKACPI.sys
    F8C30000 - \SystemRoot\System32\DRIVERS\audstub.sys
    F86D1000 - \SystemRoot\System32\DRIVERS\bridge.sys
    F88A1000 - \SystemRoot\System32\DRIVERS\rasirda.sys
    F86E1000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
    F8083000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
    F7970000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
    F86F1000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
    F8701000 - \SystemRoot\System32\DRIVERS\raspptp.sys
    F795F000 - \SystemRoot\System32\DRIVERS\psched.sys
    F8711000 - \SystemRoot\System32\DRIVERS\msgpc.sys
    F88A9000 - \SystemRoot\System32\DRIVERS\ptilink.sys
    F88B1000 - \SystemRoot\System32\DRIVERS\raspti.sys
    F7932000 - \SystemRoot\System32\DRIVERS\rdpdr.sys
    F8721000 - \SystemRoot\System32\DRIVERS\termdd.sys
    F8C37000 - \SystemRoot\System32\DRIVERS\swenum.sys
    F7910000 - \SystemRoot\System32\DRIVERS\update.sys
    F8751000 - \SystemRoot\System32\Drivers\NDProxy.SYS
    F8781000 - \SystemRoot\System32\DRIVERS\usbhub.sys
    F8A83000 - \SystemRoot\System32\DRIVERS\USBD.SYS
    F8A05000 - \SystemRoot\System32\DRIVERS\hidusb.sys
    F87B1000 - \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
    F88B9000 - \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
    F88C1000 - \SystemRoot\System32\DRIVERS\usbprint.sys
    F8A11000 - \SystemRoot\System32\DRIVERS\mouhid.sys
    F8A85000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
    F8C86000 - \SystemRoot\System32\Drivers\Null.SYS
    F8A87000 - \SystemRoot\System32\Drivers\Beep.SYS
    F8C88000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys
    F88E1000 - \SystemRoot\System32\drivers\vga.sys
    F8601000 - \SystemRoot\System32\drivers\VIDEOPRT.SYS
    F8A89000 - \SystemRoot\System32\Drivers\mnmdd.SYS
    F8A8B000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
    F88E9000 - \SystemRoot\System32\Drivers\Msfs.SYS
    F88F1000 - \SystemRoot\System32\Drivers\Npfs.SYS
    F8A1D000 - \SystemRoot\System32\DRIVERS\rasacd.sys
    F8631000 - \SystemRoot\System32\DRIVERS\ipsec.sys
    B2EDA000 - \SystemRoot\System32\DRIVERS\tcpip.sys
    F8611000 - \SystemRoot\System32\DRIVERS\arp1394.sys
    F7D8C000 - \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys
    F7D7C000 - \SystemRoot\System32\DRIVERS\wanarp.sys
    B2E8D000 - \SystemRoot\System32\DRIVERS\netbt.sys
    F7D6C000 - \SystemRoot\System32\DRIVERS\netbios.sys
    B2E65000 - \SystemRoot\System32\DRIVERS\rdbss.sys
    B2E01000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
    B2DC6000 - \??\C:\WINDOWS\System32\drivers\klif.sys
    F7D4C000 - \SystemRoot\System32\Drivers\Fips.SYS
    F8B28000 - \??\C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\guard.sys
    B2FBA000 - \SystemRoot\System32\Drivers\Cdfs.SYS
    B2CB9000 - \SystemRoot\System32\Drivers\dump_atapi.sys
    F8A9D000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    BF800000 - \??\C:\WINDOWS\system32\win32k.sys
    F7986000 - \??\C:\WINDOWS\system32\watchdog.sys
    BFF80000 - \SystemRoot\System32\drivers\dxg.sys
    F8B52000 - \SystemRoot\System32\drivers\dxgthk.sys
    BFF70000 - \SystemRoot\System32\framebuf.dll
    AEBF9000 - \SystemRoot\System32\drivers\afd.sys
    B2D22000 - \SystemRoot\System32\DRIVERS\irda.sys
    AEC79000 - \SystemRoot\System32\DRIVERS\ndisuio.sys
    AEBDD000 - \SystemRoot\SYSTEM32\Drivers\wg3n.sys
    AEB25000 - \SystemRoot\SYSTEM32\Drivers\wg4n.sys
    AEB15000 - \SystemRoot\SYSTEM32\Drivers\wg5n.sys
    AEA55000 - \SystemRoot\SYSTEM32\Drivers\wg6n.sys
    AE8D6000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
    F8AC9000 - \SystemRoot\System32\Drivers\ParVdm.SYS
    AE7AA000 - \SystemRoot\system32\drivers\wdmaud.sys
    AE9A9000 - \SystemRoot\system32\drivers\sysaudio.sys
    AE716000 - \SystemRoot\System32\DRIVERS\srv.sys
    AE8BA000 - \SystemRoot\System32\DRIVERS\mdmxsdk.sys
    AE2EB000 - \SystemRoot\System32\DRIVERS\ipnat.sys
    ADCD5000 - \SystemRoot\system32\drivers\kmixer.sys
    F8BF8000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

    Total number of drivers = 134

    Liste des programmes installes

    802.11b USB Wireless LAN Adapter
    Adobe Flash Player 9 ActiveX
    Adobe Flash Player ActiveX
    Adobe Reader 8.1.1 - Français
    Adobe® Photoshop® Album Edition Découverte 3.0
    Adssite Advanced Toolbar
    Adssite Browser Optimizer
    Adssite Games Collection
    Archiveur WinRAR
    ASUS ATK0100 ACPI UTILITY
    ATI - Software Uninstall Utility
    AVG Anti-Spyware 7.5
    Browser Optimizer Rightonadz
    CCleaner (remove only)
    Ciel eSauvegarde V2
    Ciel Multi Devis du Bâtiment
    Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]
    DivX Content Uploader
    DivX Web Player
    dScope Series III
    Désinstallation du logiciel d'imprimante IBM
    eMule
    eMule Plus 1.2
    EVEREST Home Edition v2.20
    Generic USB Card Reader Driver v2.2c
    Golden Riviera French
    Google Toolbar for Internet Explorer
    HijackThis 2.0.2
    J2SE Runtime Environment 5.0 Update 3
    Kaspersky Anti-Virus 6.0
    Kaspersky Anti-Virus 6.0
    LimeWire 4.14.10
    Ludiclub.com
    Ma-Config.com plugin
    Microsoft .NET Framework 2.0
    Microsoft .NET Framework 2.0
    Microsoft Office 2003 Web Components
    Microsoft Office FrontPage 2003
    Microsoft Office Professional Edition 2003
    Microsoft Office XP Web Components
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox (2.0.0.2)
    Nokia Connectivity Adapter Cable DKU-5
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    Nokia Software Updater
    Package de pilotes Windows - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
    Package de pilotes Windows - Nokia Modem (02/15/2007 3.1)
    PC Connectivity Solution
    PCFriendly
    PDFCreator
    PDFCreator Toolbar
    Realtek AC'97 Audio
    Registry Mechanic 6.0
    SiSAGP driver
    Soft Data Fax Modem with SmartCP
    Sygate Personal Firewall
    VideoLAN VLC media player 0.8.6c
    WebFldrs XP
    Winamax Poker (remove only)
    Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
    Windows Installer 3.0 (KB884016)
    Windows Installer 3.1 (KB893803)
    Wireless LAN Utility
    YesMessenger 2.1.05

    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 9885-2061

    Répertoire de C:\Program Files

    2007-12-27 10:53 <REP> .
    2007-12-27 10:53 <REP> ..
    2007-03-20 18:30 22,845,992 AdbeRdr80_fr_FR.exe
    2007-06-13 17:02 <REP> Adobe
    2007-11-03 01:02 <REP> Adssite Advanced Toolbar
    2007-11-03 01:01 <REP> Adssite Games Collection
    2007-03-21 19:35 <REP> ATI Technologies
    2007-05-31 17:56 <REP> CCleaner
    2007-09-07 16:35 <REP> Ciel
    2007-09-07 16:29 80,565,663 CIEL DEVIS.exe
    2007-11-28 20:50 <REP> CONEXANT
    2007-09-30 11:10 <REP> DIFX
    2007-09-25 19:16 <REP> DivX
    2007-03-25 23:38 <REP> eMule
    2007-12-27 11:22 <REP> Fichiers communs
    2007-10-31 20:32 <REP> Generic
    2007-08-11 08:37 <REP> Google
    2007-11-28 20:43 <REP> HardwareDetection
    2007-02-28 21:53 <REP> IBM
    2007-11-11 18:46 <REP> Internet Explorer
    2007-03-27 18:21 <REP> Java
    2007-02-28 22:17 <REP> Kaspersky Lab
    2007-03-11 21:18 <REP> Lavalys
    2007-11-26 10:08 <REP> LimeWire
    2007-11-30 14:15 <REP> Ludiclub
    2007-11-28 20:43 <REP> ma-config.com
    2007-02-28 21:38 <REP> Messenger
    2007-02-28 21:19 <REP> microsoft frontpage
    2007-03-11 19:07 <REP> Microsoft Office
    2007-03-04 11:23 <REP> Microsoft Visual Studio
    2007-03-04 11:23 <REP> Microsoft Works
    2007-03-11 19:08 <REP> Microsoft.NET
    2007-02-28 21:16 <REP> Movie Maker
    2007-11-03 01:01 <REP> Mozilla Firefox
    2007-02-28 21:14 <REP> MSN
    2007-02-28 21:14 <REP> MSN Gaming Zone
    2007-02-28 21:16 <REP> NetMeeting
    2007-12-18 15:15 <REP> Nokia
    2007-02-28 21:16 <REP> Outlook Express
    2007-09-30 11:10 <REP> PC Connectivity Solution
    2007-05-13 18:07 <REP> PCFriendly
    2007-07-07 10:23 <REP> PDFCreator
    2007-07-07 10:22 <REP> PDFCreator Toolbar
    2007-03-03 17:15 <REP> Prism Sound
    2007-03-20 18:27 7,218,088 psa30se_fr_fr.exe
    2007-03-19 19:38 <REP> Registry Mechanic
    2007-02-28 21:17 <REP> Services en ligne
    2007-11-28 20:54 <REP> SiS162u
    2007-11-28 20:27 <REP> sisagp
    2007-03-19 19:23 <REP> sound-SIS7012
    2007-12-27 10:53 <REP> Sygate
    2007-03-06 18:15 <REP> VideoLAN
    2007-12-25 20:14 <REP> WinamaxPoker
    2007-08-13 08:15 <REP> Windows Media Player
    2007-02-28 21:14 <REP> Windows NT
    2007-06-24 18:30 <REP> WinRAR
    2007-06-24 18:22 <REP> WinZip
    2007-11-28 20:54 <REP> Wireless LAN Utility
    2007-02-28 21:19 <REP> xerox
    2007-06-07 00:59 <REP> YesMessenger
    3 fichier(s) 110,629,743 octets
    57 Rép(s) 26,507,911,168 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 9885-2061

    Répertoire de C:\Program Files\fichiers communs

    2007-12-27 11:22 <REP> .
    2007-12-27 11:22 <REP> ..
    2007-09-03 10:00 <REP> Adobe
    2007-03-04 11:23 <REP> DESIGNER
    2007-09-07 16:31 <REP> InstallShield
    2007-03-27 18:20 <REP> Java
    2007-12-18 15:10 <REP> Microsoft Shared
    2007-02-28 21:16 <REP> MSSoap
    2007-12-18 15:15 <REP> Nokia
    2007-02-28 21:06 <REP> ODBC
    2007-08-13 09:18 <REP> PCSuite
    2007-02-28 21:16 <REP> Services
    2007-02-28 21:06 <REP> SpeechEngines
    2007-03-11 19:06 <REP> System
    2007-12-27 10:52 <REP> Wise Installation Wizard
    0 fichier(s) 0 octets
    15 Rép(s) 26,507,907,072 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 9885-2061

    Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

    2007-03-04 11:23 <REP> .
    2007-03-04 11:23 <REP> ..
    2007-03-04 11:23 <REP> 1033
    2007-03-04 11:23 <REP> 1036
    2003-07-11 10:15 1,292,872 MSONSEXT.DLL
    2003-07-15 06:52 35,896 MSOSV.DLL
    1999-06-03 14:09 122,937 MSOWS409.DLL
    2001-03-07 09:00 127,033 MSOWS40c.DLL
    2003-07-11 02:25 80,448 PKMWS.DLL
    5 fichier(s) 1,659,186 octets
    4 Rép(s) 26,507,907,072 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est 9885-2061

    Répertoire de C:\

    2007-03-03 17:08 677,632 atimcatw.exe
    2007-03-03 17:13 19,195,392 ds3_V111e.exe
    2007-02-28 22:28 247,931 InstallWinamaxPoker.exe
    2007-03-04 23:20 1,892,654 lcplugin22.exe
    2005-10-31 16:56 700,416 StubInstaller.exe
    2007-03-25 22:39 914,172 TELECARGER.exe
    2007-04-01 14:26 8,197,548 vlc-0.8.5-freehd-win32.exe
    2007-03-06 18:15 9,453,630 vlc-0.8.6a-win32.exe
    2007-03-03 16:52 25,839,688 wmp11-windowsxp-x86-FR-FR.exe
    2007-10-11 08:33 361 wnddbup.exe
    10 fichier(s) 67,119,424 octets
    0 Rép(s) 26,507,907,072 octets libres

    c:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\nokia_nokia_pc_suite_6.84.10.3_4261.exe
    c:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstCCD.exe
    c:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCS.exe
    c:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCSFEMsi.exe
    c:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\uninstaller.exe
    c:\Documents and Settings\All Users\Menu Démarrer\Programmes\Télécharger des logiciels.exe
    c:\Documents and Settings\pat\ie_update3r.exe
    c:\Documents and Settings\pat\.limewire\.NetworkShare\LimeWireWin4.14.12.exe
    c:\Documents and Settings\pat\Application Data\Microsoft\Installer\{1EA5C1B8-7413-481E-A0FC-4A11653949DF}\ARPPRODUCTICON.exe
    c:\Documents and Settings\pat\Application Data\Microsoft\Installer\{1EA5C1B8-7413-481E-A0FC-4A11653949DF}\New_Shortcut_S3476_C8C2ED38FDF24BB684BE8D2F7BF0AEF0.exe
    c:\Documents and Settings\pat\Application Data\Microsoft\Installer\{1EA5C1B8-7413-481E-A0FC-4A11653949DF}\New_Shortcut_S3545_C8C2ED38FDF24BB684BE8D2F7BF0AEF0.exe
    c:\Documents and Settings\pat\Bureau\atimcatw.exe
    c:\Documents and Settings\pat\Bureau\ccsetup140.exe
    c:\Documents and Settings\pat\Bureau\emule_7593.exe
    c:\Documents and Settings\pat\Bureau\eMule0.47c-Installer.exe
    c:\Documents and Settings\pat\Bureau\Fixwareout.exe
    c:\Documents and Settings\pat\Bureau\HiJackThis.exe
    c:\Documents and Settings\pat\Bureau\PDFX3.exe
    c:\Documents and Settings\pat\Bureau\WindowsXP-KB822603-x86-FRA.exe
    c:\Documents and Settings\pat\Bureau\winzip100.exe
    c:\Documents and Settings\pat\Bureau\anti spywere\avgas-setup-7.5.1.43.exe
    c:\Documents and Settings\pat\Bureau\anti spywere\ComboFix.exe
    c:\Documents and Settings\pat\Bureau\anti spywere\spf.exe
    c:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\avgas.exe
    c:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\guard.exe
    c:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\Uninstall.exe
    c:\Documents and Settings\pat\Bureau\anti spywere\DiagHelp\DiagHelp\catchme.exe
    c:\Documents and Settings\pat\Bureau\anti spywere\DiagHelp\DiagHelp\diff.exe
    c:\Documents and Settings\pat\Bureau\anti spywere\DiagHelp\DiagHelp\dumphive.exe
    c:\Documents and Settings\pat\Bureau\anti spywere\DiagHelp\DiagHelp\FilesInfoCmd.exe
    c:\Documents and Settings\pat\Bureau\anti spywere\DiagHelp\DiagHelp\find2.exe
    c:\Documents and Settings\pat\Bureau\anti spywere\DiagHelp\DiagHelp\Fport.exe
    c:\Documents and Settings\pat\Bureau\anti spywere\DiagHelp\DiagHelp\grep.exe
    c:\Documents and Settings\pat\Bureau\anti spywere\DiagHelp\DiagHelp\gzip.exe
    c:\Documents and Settings\pat\Bureau\anti spywere\DiagHelp\DiagHelp\KProcCheck.exe
    c:\Documents and Settings\pat\Bureau\anti spywere\DiagHelp\DiagHelp\LFiles.exe
    c:\Documents and Settings\pat\Bureau\anti spywere\DiagHelp\DiagHelp\LISTDLLS.exe
    c:\Documents and Settings\pat\Bureau\anti spywere\DiagHelp\DiagHelp\md5sums.exe
    c:\Documents and Settings\pat\Bureau\anti spywere\DiagHelp\DiagHelp\pslist.exe
    c:\Documents and Settings\pat\Bureau\anti spywere\DiagHelp\DiagHelp\sigcheck.exe
    c:\Documents and Settings\pat\Bureau\anti spywere\DiagHelp\DiagHelp\streams.exe
    c:\Documents and Settings\pat\Bureau\anti spywere\DiagHelp\DiagHelp\swreg.exe
    c:\Documents and Settings\pat\Bureau\anti spywere\DiagHelp\DiagHelp\tar.exe
    c:\Documents and Settings\pat\Bureau\AUDIO\alcchkid.exe
    c:\Documents and Settings\pat\Bureau\AUDIO\alcrmv.exe
    c:\Documents and Settings\pat\Bureau\AUDIO\alcrmv9x.exe
    c:\Documents and Settings\pat\Bureau\AUDIO\alcupd.exe
    c:\Documents and Settings\pat\Bureau\AUDIO\ALCXDEV.EXE
    c:\Documents and Settings\pat\Bureau\AUDIO\GETDXVER.EXE
    c:\Documents and Settings\pat\Bureau\AUDIO\SetCDfmt.exe
    c:\Documents and Settings\pat\Bureau\AUDIO\Setup.exe
    c:\Documents and Settings\pat\Bureau\LIMEWIRE\LimeWireWin.exe
    c:\Documents and Settings\pat\Bureau\WDM\ChCfg.exe
    c:\Documents and Settings\pat\Bureau\WDM\RTLCPL.exe
    c:\Documents and Settings\pat\Bureau\WDM\SoundMan.exe
    c:\Documents and Settings\pat\Local Settings\Temporary Internet Files\Content.IE5\HGGN1TG9\ComboFix[1].exe
    c:\Documents and Settings\pat\Local Settings\Temporary Internet Files\Content.IE5\OPUZK1AR\avgas-setup-7.5.1.43[1].exe
    c:\Documents and Settings\pat\Local Settings\Temporary Internet Files\Content.IE5\W1ANCPQV\HiJackThis[1].exe
    c:\Documents and Settings\pat\Local Settings\Temporary Internet Files\Content.IE5\W1ANCPQV\spf[1].exe
    c:\Documents and Settings\pat\Mes documents\clean\pskill.exe
    c:\Documents and Settings\pat\Mes documents\clean\clean\pskill.exe
    c:\Documents and Settings\pat\Mes documents\clean\clean\clean\pskill.exe
    c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
    c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Bases\avcmhk4.dll
    c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav6\6.0.2.614\adialhk.dll
    c:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Data\Updater\Temporary Files\temporaryFolder\bases\av\avc\i386\ForDiff\unp035.avc.dll
    c:\Documents and Settings\All Users\Application Data\Microsoft\USMT\iconlib.dll
    c:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
    c:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
    c:\Documents and Settings\pat\Application Data\Mozilla\Firefox\Profiles\pc5zka9o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
    c:\Documents and Settings\pat\Application Data\Mozilla\Firefox\Profiles\pc5zka9o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll

    ****** Fin du rapport DiagHelp
    Veuillez svp envoyer le fichier C:\upload_moi_AOG-9N4NC3MP3SU.tar.gz a l'adresse http://upload.malekal.com

    <gras>3/ LE RAPPORT SREng</gras>

    [CODE]

    2007-12-27,15:40:15

    System Repair Engineer 2.5.16.900
    Smallfrogs (http://www.KZTechs.com)

    Windows XP Professional (Build 2600) - Administrative User - Completed Functions Allowed

    Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File
    Process Privileges Scan

    Boot Items
    Registry
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]
    <PCSuiteTrayApplication><C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup> [Nokia]
    <!AVG Anti-Spyware><"C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [(Verified)GRISOFT LTD]
    <SmcService><C:\PROGRA~1\Sygate\SPF\smc.exe -startgui> [(Verified)"Sygate Technologies, Inc."]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher (Europe)]
    <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows XP Publisher (Europe)]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><> [N/A]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher (Europe)]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\shellexecutehook.dll> [(Verified)GRISOFT LTD]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\System32\klogon.dll> [Kaspersky Lab]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\zoeghflb]
    <WinlogonNotify: zoeghflb><expsrve.dll> []
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Lecteur Windows Media Microsoft 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT> [(Verified)Microsoft Windows XP Publisher (Europe)]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows XP Publisher (Europe)]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.0><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser> [(Verified)Microsoft Windows XP Publisher (Europe)]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player 8><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows XP Publisher (Europe)]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install> [Microsoft Corporation]

    ==================================
    Startup Folders
    N/A

    ==================================
    Services
    [Gestion d'applications / AppMgmt][Stopped/Manual Start]
    <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
    [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
    <C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.>
    [Kaspersky Anti-Virus 6.0 / AVP][Running/Auto Start]
    <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -r><Kaspersky Lab>
    [Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
    <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
    [InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
    <C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe><Macrovision Corporation>
    [ServiceLayer / ServiceLayer][Stopped/Disabled]
    <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><Nokia.>
    [Sygate Personal Firewall / SmcService][Stopped/Auto Start]
    <C:\Program Files\Sygate\SPF\smc.exe><Sygate Technologies, Inc.>
    [AGP Bus x4ba5 Support / spxfnfnm][Running/Auto Start]
    <C:\WINDOWS\System32\svchost.exe -k netsvcs-->c:\windows\system32\expsrve.dll><N/A>

    ==================================
    Drivers
    [afsdtkcq / afsdtkcq][Running/Boot Start]
    <\SystemRoot\system32\drivers\dvrvytbv.dat><N/A>
    [Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
    <system32\drivers\ALCXSENS.SYS><Sensaura>
    [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
    <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
    [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
    <\??\C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\guard.sys><N/A>
    [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
    <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
    [catchme / catchme][Stopped/Manual Start]
    <\??\C:\DOCUME~1\pat\LOCALS~1\Temp\catchme.sys><N/A>
    [driverhardwarev2 / driverhardwarev2][Stopped/Manual Start]
    <\??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys><Ma-Config.com>
    [HSFHWSIS / HSFHWSIS][Running/Manual Start]
    <System32\DRIVERS\HSFHWSIS.sys><Conexant Systems, Inc.>
    [HSF_DPV / HSF_DPV][Running/Manual Start]
    <System32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.>
    [kl1 / kl1][Running/Boot Start]
    <\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
    [klif / klif][Running/System Start]
    <\??\C:\WINDOWS\System32\drivers\klif.sys><Kaspersky Lab>
    [mdmxsdk / mdmxsdk][Running/Auto Start]
    <System32\DRIVERS\mdmxsdk.sys><Conexant>
    [ATK0100 ACPI UTILITY / MTsensor][Running/Manual Start]
    <System32\DRIVERS\ATKACPI.sys><ASUSTek COMPUTER INC.>
    [Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
    <system32\drivers\nmwcd.sys><Nokia>
    [Nokia USB Generic / nmwcdc][Stopped/Manual Start]
    <system32\drivers\nmwcdc.sys><Nokia>
    [Nokia USB Port / nmwcdcj][Stopped/Manual Start]
    <system32\drivers\nmwcdcj.sys><Nokia>
    [Nokia USB Modem / nmwcdcm][Stopped/Manual Start]
    <system32\drivers\nmwcdcm.sys><Nokia>
    [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
    <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
    [Secdrv / Secdrv][Stopped/Manual Start]
    <System32\DRIVERS\secdrv.sys><N/A>
    [SiS 162 usb Wireless LAN Adapter Driver / SIS162u][Stopped/Manual Start]
    <System32\DRIVERS\sis162u.sys><SiS Corporation>
    [SiS AGP Filter / SISAGP][Running/Boot Start]
    <\SystemRoot\System32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation>
    [Pilote de carte Fast Ethernet PCI SiS / SISNIC][Running/Manual Start]
    <System32\DRIVERS\sisnic.sys><SiS Corporation>
    [Teefer for NT / Teefer][Running/Boot Start]
    <\SystemRoot\SYSTEM32\Drivers\Teefer.sys><Sygate Technologies, Inc.>
    [TVICHW32 / TVICHW32][Stopped/Manual Start]
    <\??\C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS><EnTech Taiwan>
    [SyGate for NT, wg3n / wg3n][Running/Auto Start]
    <\SystemRoot\SYSTEM32\Drivers\wg3n.sys><Sygate Technologies, Inc.>
    [SyGate for NT, wg4n / wg4n][Running/Auto Start]
    <\SystemRoot\SYSTEM32\Drivers\wg4n.sys><Sygate Technologies, Inc.>
    [SyGate for NT, wg5n / wg5n][Running/Auto Start]
    <\SystemRoot\SYSTEM32\Drivers\wg5n.sys><Sygate Technologies, Inc.>
    [SyGate for NT, wg6n / wg6n][Running/Auto Start]
    <\SystemRoot\SYSTEM32\Drivers\wg6n.sys><Sygate Technologies, Inc.>
    [winachsf / winachsf][Running/Manual Start]
    <System32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
    [wpsdrvnt / wpsdrvnt][Running/System Start]
    <\??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys><Sygate Technologies, Inc.>

    ==================================
    Browser Add-ons
    []
    {903ACCC5-175E-476C-8645-E9FBB9C6621A} <c:\windows\system32\expsrve.dll, N/A>
    [Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>

    ==================================
    Running Processes
    [PID: 768 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 824 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 848 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\klogon.dll] [Kaspersky Lab, 6.0.2.614]
    [C:\WINDOWS\system32\expsrve.dll] [N/A, ]
    [C:\WINDOWS\system32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\libssl32.dll] [OpenSSL <www.openssl.org>, 0.9.7c]
    [C:\WINDOWS\system32\libeay32.dll] [OpenSSL <www.openssl.org>, 0.9.7c]
    [PID: 896 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 908 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 1100 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 1220 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [c:\windows\system32\expsrve.dll] [N/A, ]
    [C:\WINDOWS\system32\libssl32.dll] [OpenSSL <www.openssl.org>, 0.9.7c]
    [C:\WINDOWS\System32\libeay32.dll] [OpenSSL <www.openssl.org>, 0.9.7c]
    [C:\WINDOWS\System32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 1624 / SERVICE RÉSEAU][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 1644 / SERVICE LOCAL][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 1868 / pat][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 6.0.2.614]
    [c:\windows\system32\expsrve.dll] [N/A, ]
    [C:\WINDOWS\System32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\AppCert\wnl32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\libssl32.dll] [OpenSSL <www.openssl.org>, 0.9.7c]
    [C:\WINDOWS\System32\libeay32.dll] [OpenSSL <www.openssl.org>, 0.9.7c]
    [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
    [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
    [C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Adobe\Reader 8.0\Reader\viewerps.dll] [, 1, 0, 0, 1]
    [PID: 1900 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\system32\pdfcmnnt.dll] [N/A, ]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\PS5UI.DLL] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\PSCRIPT5.DLL] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\System32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 2044 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 392 / SYSTEM][C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
    [C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\1036\mdmui.dll] [Microsoft Corporation, 7.00.9466]
    [PID: 1348 / pat][C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\avgas.exe] [GRISOFT s.r.o., 7, 5, 1, 43]
    [C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\engine.dll] [GRISOFT s.r.o., 4, 2, 0, 19]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 6.0.2.614]
    [PID: 3304 / pat][C:\WINDOWS\System32\wuauclt.exe] [Microsoft Corporation, 5.4.2600.0 (XPClient.010817-1148)]
    [PID: 3776 / pat][C:\Program Files\internet explorer\iexplore.exe] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 6.0.2.614]
    [c:\windows\system32\expsrve.dll] [N/A, ]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.2.614]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll] [Kaspersky Lab, 6.0.2.614]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.2.614]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.2.614]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\params.ppl] [Kaspersky Lab, 6.0.2.614]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.2.614]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.2.614]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.2.614]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.2.614]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\basegui.ppl] [Kaspersky Lab, 6.0.2.614]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\thpimpl.ppl] [Kaspersky Lab, 6.0.2.614]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\FSSync.dll] [Kaspersky Lab, 6.0.5.614]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\winreg.ppl] [Kaspersky Lab, 6.0.2.614]
    [C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\libssl32.dll] [OpenSSL <www.openssl.org>, 0.9.7c]
    [C:\WINDOWS\System32\libeay32.dll] [OpenSSL <www.openssl.org>, 0.9.7c]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\IIAAE1DA.DLL] [Lexmark International, Inc., 8.2.1]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\IIAAE1DL.DLL] [Lexmark International, Inc., 8.2.1]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\IIAAE1DF.DLL] [Lexmark International, Inc., 8.2.1]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\IIAAE1DD.dll] [Lexmark International, Inc., 8.2.1]
    [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\PS5UI.DLL] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\PSCRIPT5.DLL] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
    [C:\WINDOWS\System32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9e.ocx] [Adobe Systems, Inc., 9,0,115,0]
    [PID: 2744 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 2316 / pat][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 6.0.2.614]
    [c:\windows\system32\expsrve.dll] [N/A, ]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\libssl32.dll] [OpenSSL <www.openssl.org>, 0.9.7c]
    [C:\WINDOWS\System32\libeay32.dll] [OpenSSL <www.openssl.org>, 0.9.7c]
    [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
    [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
    [C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 1576 / pat][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
    [C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36]
    [C:\WINDOWS\System32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 6.0.2.614]
    [PID: 3008 / pat][C:\DOCUME~1\pat\LOCALS~1\Temp\Rar$EX07.594\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
    [C:\DOCUME~1\pat\LOCALS~1\Temp\Rar$EX07.594\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

    ==================================
    File Associations
    .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
    .EXE OK. ["%1" %*]
    .COM OK. ["%1" %*]
    .PIF OK. ["%1" %*]
    .REG OK. [regedit.exe "%1"]
    .BAT OK. ["%1" %*]
    .SCR OK. ["%1" /S]
    .CHM OK. ["C:\WINDOWS\hh.exe" %1]
    .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
    .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
    .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
    .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
    .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
    .LNK OK. [{00021401-0000-0000-C000-000000000046}]

    ==================================
    Winsock Provider
    N/A

    ==================================
    Autorun.Inf
    N/A

    ==================================
    HOSTS File
    127.0.0.1 localhost

    ==================================
    Process Privileges Scan
    Special Privilege Enabled: SeDebugPrivilege [PID = 1576, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1576, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]

    ==================================
    API HOOK
    RVA Error: LoadLibraryA (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\System32\drivers\klif.sys)
    RVA Error: LoadLibraryExA (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\System32\drivers\klif.sys)
    RVA Error: LoadLibraryExW (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\System32\drivers\klif.sys)
    RVA Error: LoadLibraryW (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\System32\drivers\klif.sys)
    RVA Error: GetProcAddress (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\System32\drivers\klif.sys)

    ==================================
    Hidden Process
    N/A

    ==================================

    [/CODE]
    0
  8. bobdu78 Messages postés 16 Statut Membre
     
    je n'arrive toujours pas à avoir le rapport de combofix voici ce qu'il me dit :

    Deleting files/folders :
    C:\windows\systeme32\EXPSRVE.DLL
    0
  9. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    1/ Clique sur démarrer>Exécuter>cmd

    Tape ceci :
    sc stop afsdtkcq
    sc delete afsdtkcq


    2/ Ouvre le dossier DiagHelp.
    Double-clique sur catchme.exe (le .exe peut ne pas apparaître).

    Une fenêtre va s'ouvrir, va dans l'onglet Script.
    Copie/colle ceci :

    files to kill:
    C:\Windows\system32\drivers\dvrvytbv.dat
    c:\windows\system32\expsrve.dll


    Clique sur Run.

    3/ Edite un nouveau rapport Hijackthis.

    FillPCA
    0
  10. bobdu78 Messages postés 16 Statut Membre
     
    re,
    voici le rapport hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:33, on 2007-12-27
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\alg.exe
    C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\System32\cmd.exe
    C:\Documents and Settings\pat\Bureau\HiJackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    O2 - BHO: (no name) - {903ACCC5-175E-476C-8645-E9FBB9C6621A} - c:\windows\system32\expsrve.dll
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O20 - Winlogon Notify: zoeghflb - C:\WINDOWS\SYSTEM32\expsrve.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    0
  11. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    As-tu vu mon message ?
    Je reviens plus tard.

    FillPCA
    0
  12. bobdu78 Messages postés 16 Statut Membre
     
    re,
    oui je l'ai exécuter mais je me suis peut etre tromper

    patrick
    0
  13. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    Ton rapport précédent est réalisé après l'utilisation de catchme ?

    FillPCA
    0
  14. bobdu78 Messages postés 16 Statut Membre
     
    re,
    oui normalement
    patrick
    0
  15. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    Icesword est un outil dangereux et ne doit pas être utilisé par quelqu'un d'autre. Ces consignes sont destinées au cas présent et à personne d'autre.

    Suis très exactement ceci :

    1/ Télécharge Icesword ici : https://www.majorgeeks.com/downloadget.php?id=5199&file=9&evp=0d36c3ec48c6373fd5daac78f0c6a417

    Extrais l'archive Icesword sur ton bureau, puis, dans ce dossier, double-clique sur icesword.exe

    Choisis la fonction "file" en bas à gauche. Par l'arboressence fournie, choisis ce fichier :
    C:\Windows\system32\drivers\dvrvytbv.dat
    Fais un clic droit dessus et choisis "delete".

    Fais la même chose avec ce fichier :
    c:\windows\system32\expsrve.dll

    À gauche, vers le haut maintenant, clique sur le bouton Registry (juste sous Functions) ;

    - Par l'arborescence fournie, retrouve cette clé :

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afsdtkcq
    - Dans la fenêtre de gauche, fais un clic droit sur le petit dossier nommé afsdtkcq et clique Delete

    Choisis le bouton "function" puis le bouton BHO. Fais un clic droit sur cette BHO et choisis delete :
    {903ACCC5-175E-476C-8645-E9FBB9C6621A}

    2/ Edite les rapports suivants :
    SREng, Hijackthis.

    FillPCA
    0
  16. bobdu78 Messages postés 16 Statut Membre
     
    re,
    j'ai suivi tes indications et je te poste le rapport hijackthis
    apparament je n'arrive pas à supprimer 903ACCC5-175E-476C-8645-E9FBB9C6621A
    merci pour ton aide

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:20, on 2007-12-27
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\pat\Bureau\HiJackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    O2 - BHO: (no name) - {903ACCC5-175E-476C-8645-E9FBB9C6621A} - c:\windows\system32\expsrve.dll
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O20 - Winlogon Notify: zoeghflb - C:\WINDOWS\SYSTEM32\expsrve.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    0
  17. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Icesword est un outil dangereux et ne doit pas être utilisé par quelqu'un d'autre. Ces consignes sont destinées au cas présent et à personne d'autre.

    Je reprends la procédure.

    Suis très exactement ceci :

    DESACTIVE TON ANTIVIRUS

    1/ * Télécharge KillAFile (par Marckie) sur ton Bureau : http://users.telenet.be/marcvn/tools/KillAFile.exe
    * Double clique sur KillAFile.exe afin de le lancer. Une fenêtre DOS au fond rouge apparaîtra.
    * Tape le chiffre 1 puis valide avec la touche Entrée pour choisir "Delete a file on reboot".
    * Tu verras maintenant une nouvelle invite : "Insert full path and filename to delete. and then press enter:"
    * Tu dois taper ceci, au complet et très exactement :

    c:\windows\system32\expsrve.dll

    * Appuie sur la touche Entrée.
    * À l'invite qui suit, appuie sur n'importe quelle touche pour valider (Entrée par exemple).
    * Ton PC va maintenant redémarrer.
    * Edite le rapport généré par killafile. Il se trouve aussi ici : C:\kaflog.txt

    2/ Dans le dossier Icesword, double-clique sur icesword.exe

    Choisis la fonction "file" en bas à gauche. Par l'arboressence fournie, choisis ce fichier :
    C:\Windows\system32\drivers\dvrvytbv.dat
    Fais un clic droit dessus et choisis "delete".

    Fais la même chose avec ce fichier :
    c:\windows\system32\expsrve.dll

    À gauche, vers le haut maintenant, clique sur le bouton Registry (juste sous Functions) ;

    - Par l'arborescence fournie, retrouve cette clé :

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\afsdtkcq
    - Dans la fenêtre de gauche, fais un clic droit sur le petit dossier nommé afsdtkcq et clique Delete

    Choisis le bouton "function" puis le bouton BHO. Fais un clic droit sur cette BHO et choisis delete :
    {903ACCC5-175E-476C-8645-E9FBB9C6621A}

    3/ Edite les rapports suivants :
    C:\kaflog.txt, SREng, Hijackthis.

    FillPCA
    0
  18. bobdu78 Messages postés 16 Statut Membre
     
    re,

    voici le rapport kaflog.txt

    KILLAFILE - logfile

    Running from: "C:\Documents and Settings\pat\Bureau"

    Delete on reboot: c:\windows\system32\expsrve.dll

    --- Rebooting the computer ---

    rapport SREng

    [CODE]

    2007-12-27,23:24:28

    System Repair Engineer 2.5.16.900
    Smallfrogs (http://www.KZTechs.com)

    Windows XP Professional (Build 2600) - Administrative User - Completed Functions Allowed

    Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File
    Process Privileges Scan

    Boot Items
    Registry
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]
    <PCSuiteTrayApplication><C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup> [Nokia]
    <!AVG Anti-Spyware><"C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [(Verified)GRISOFT LTD]
    <SmcService><C:\PROGRA~1\Sygate\SPF\smc.exe -startgui> [(Verified)"Sygate Technologies, Inc."]
    <KillAFile><C:\Documents and Settings\pat\Bureau\KillAFile.exe /r> [N/A]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher (Europe)]
    <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows XP Publisher (Europe)]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><> [N/A]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher (Europe)]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\shellexecutehook.dll> [(Verified)Microsoft Windows XP Publisher (Europe)]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\System32\klogon.dll> [Kaspersky Lab]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\zoeghflb]
    <WinlogonNotify: zoeghflb><expsrve.dll> []
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Lecteur Windows Media Microsoft 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT> [(Verified)Microsoft Windows XP Publisher (Europe)]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows XP Publisher (Europe)]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.0><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser> [(Verified)Microsoft Windows XP Publisher (Europe)]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player 8><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows XP Publisher (Europe)]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install> [Microsoft Corporation]

    ==================================
    Startup Folders
    N/A

    ==================================
    Services
    [Gestion d'applications / AppMgmt][Stopped/Manual Start]
    <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
    [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
    <C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.>
    [Kaspersky Anti-Virus 6.0 / AVP][Running/Auto Start]
    <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -r><Kaspersky Lab>
    [Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
    <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
    [InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
    <C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe><Macrovision Corporation>
    [ServiceLayer / ServiceLayer][Stopped/Disabled]
    <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><Nokia.>
    [Sygate Personal Firewall / SmcService][Stopped/Auto Start]
    <C:\Program Files\Sygate\SPF\smc.exe><Sygate Technologies, Inc.>
    [AGP Bus t2b30 Controller / spxfnfnm][Running/Auto Start]
    <C:\WINDOWS\System32\svchost.exe -k netsvcs-->c:\windows\system32\expsrve.dll><N/A>

    ==================================
    Drivers
    [Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
    <system32\drivers\ALCXSENS.SYS><Sensaura>
    [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
    <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
    [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
    <\??\C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\guard.sys><N/A>
    [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
    <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
    [catchme / catchme][Stopped/Manual Start]
    <\??\C:\DOCUME~1\pat\LOCALS~1\Temp\catchme.sys><N/A>
    [driverhardwarev2 / driverhardwarev2][Stopped/Manual Start]
    <\??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys><Ma-Config.com>
    [HSFHWSIS / HSFHWSIS][Running/Manual Start]
    <System32\DRIVERS\HSFHWSIS.sys><Conexant Systems, Inc.>
    [HSF_DPV / HSF_DPV][Running/Manual Start]
    <System32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.>
    [kl1 / kl1][Running/Boot Start]
    <\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
    [klif / klif][Running/System Start]
    <\??\C:\WINDOWS\System32\drivers\klif.sys><Kaspersky Lab>
    [mdmxsdk / mdmxsdk][Running/Auto Start]
    <System32\DRIVERS\mdmxsdk.sys><Conexant>
    [ATK0100 ACPI UTILITY / MTsensor][Running/Manual Start]
    <System32\DRIVERS\ATKACPI.sys><ASUSTek COMPUTER INC.>
    [Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
    <system32\drivers\nmwcd.sys><Nokia>
    [Nokia USB Generic / nmwcdc][Stopped/Manual Start]
    <system32\drivers\nmwcdc.sys><Nokia>
    [Nokia USB Port / nmwcdcj][Stopped/Manual Start]
    <system32\drivers\nmwcdcj.sys><Nokia>
    [Nokia USB Modem / nmwcdcm][Stopped/Manual Start]
    <system32\drivers\nmwcdcm.sys><Nokia>
    [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
    <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
    [Secdrv / Secdrv][Stopped/Manual Start]
    <System32\DRIVERS\secdrv.sys><N/A>
    [SiS 162 usb Wireless LAN Adapter Driver / SIS162u][Stopped/Manual Start]
    <System32\DRIVERS\sis162u.sys><SiS Corporation>
    [SiS AGP Filter / SISAGP][Running/Boot Start]
    <\SystemRoot\System32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation>
    [Pilote de carte Fast Ethernet PCI SiS / SISNIC][Running/Manual Start]
    <System32\DRIVERS\sisnic.sys><SiS Corporation>
    [Teefer for NT / Teefer][Running/Boot Start]
    <\SystemRoot\SYSTEM32\Drivers\Teefer.sys><Sygate Technologies, Inc.>
    [TVICHW32 / TVICHW32][Stopped/Manual Start]
    <\??\C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS><EnTech Taiwan>
    [SyGate for NT, wg3n / wg3n][Running/Auto Start]
    <\SystemRoot\SYSTEM32\Drivers\wg3n.sys><Sygate Technologies, Inc.>
    [SyGate for NT, wg4n / wg4n][Running/Auto Start]
    <\SystemRoot\SYSTEM32\Drivers\wg4n.sys><Sygate Technologies, Inc.>
    [SyGate for NT, wg5n / wg5n][Running/Auto Start]
    <\SystemRoot\SYSTEM32\Drivers\wg5n.sys><Sygate Technologies, Inc.>
    [SyGate for NT, wg6n / wg6n][Running/Auto Start]
    <\SystemRoot\SYSTEM32\Drivers\wg6n.sys><Sygate Technologies, Inc.>
    [winachsf / winachsf][Running/Manual Start]
    <System32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
    [wpsdrvnt / wpsdrvnt][Running/System Start]
    <\??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys><Sygate Technologies, Inc.>

    ==================================
    Browser Add-ons
    []
    {903ACCC5-175E-476C-8645-E9FBB9C6621A} <c:\windows\system32\expsrve.dll, N/A>
    [Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>

    ==================================
    Running Processes
    [PID: 772 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 824 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 852 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\klogon.dll] [Kaspersky Lab, 6.0.2.614]
    [C:\WINDOWS\system32\expsrve.dll] [N/A, ]
    [C:\WINDOWS\system32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\libssl32.dll] [OpenSSL <www.openssl.org>, 0.9.7c]
    [C:\WINDOWS\system32\libeay32.dll] [OpenSSL <www.openssl.org>, 0.9.7c]
    [PID: 900 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 912 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 1104 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 1224 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [c:\windows\system32\expsrve.dll] [N/A, ]
    [C:\WINDOWS\system32\libssl32.dll] [OpenSSL <www.openssl.org>, 0.9.7c]
    [C:\WINDOWS\System32\libeay32.dll] [OpenSSL <www.openssl.org>, 0.9.7c]
    [C:\WINDOWS\System32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 1444 / SERVICE RÉSEAU][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 1476 / SERVICE LOCAL][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 1716 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\system32\pdfcmnnt.dll] [N/A, ]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
    [PID: 1892 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 2004 / SYSTEM][C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
    [C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\1036\mdmui.dll] [Microsoft Corporation, 7.00.9466]
    [PID: 616 / pat][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 6.0.2.614]
    [C:\WINDOWS\System32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\AppCert\wnl32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [c:\windows\system32\expsrve.dll] [N/A, ]
    [C:\WINDOWS\system32\libssl32.dll] [OpenSSL <www.openssl.org>, 0.9.7c]
    [C:\WINDOWS\System32\libeay32.dll] [OpenSSL <www.openssl.org>, 0.9.7c]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
    [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
    [C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36]
    [PID: 168 / pat][C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe] [Nokia, 6, 82, 70, 2]
    [C:\Program Files\PC Connectivity Solution\ConnAPI.DLL] [Nokia., 6, 84, 89, 1]
    [C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll] [Nokia, 6, 82, 77, 0]
    [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Nokia\Nokia PC Suite 6\PCSSupportSetup.DLL] [Nokia, 6, 82, 20, 2]
    [C:\WINDOWS\System32\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\PC Connectivity Solution\ConfServer.dll] [Nokia, 6, 84, 37, 0]
    [C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL] [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Nokia\Nokia PC Suite 6\Lang\LaunchApplication_fre.NLR] [Nokia, 6, 82, 69, 3]
    [PID: 816 / pat][C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\avgas.exe] [GRISOFT s.r.o., 7, 5, 1, 43]
    [C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\engine.dll] [GRISOFT s.r.o., 4, 2, 0, 19]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 6.0.2.614]
    [PID: 2544 / pat][C:\WINDOWS\System32\wuauclt.exe] [Microsoft Corporation, 5.4.2600.0 (XPClient.010817-1148)]
    [PID: 3724 / pat][C:\Program Files\internet explorer\iexplore.exe] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 6.0.2.614]
    [c:\windows\system32\expsrve.dll] [N/A, ]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\klscav.dll] [Kaspersky Lab, 6.0.2.614]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll] [Kaspersky Lab, 6.0.2.614]
    [C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\libssl32.dll] [OpenSSL <www.openssl.org>, 0.9.7c]
    [C:\WINDOWS\System32\libeay32.dll] [OpenSSL <www.openssl.org>, 0.9.7c]
    [PID: 3340 / pat][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
    [C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll] [Nokia, 6, 82, 63, 9]
    [C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll] [Nokia, 6, 82, 77, 0]
    [C:\Program Files\PC Connectivity Solution\ConnAPI.DLL] [Nokia., 6, 84, 89, 1]
    [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_fre.nlr] [Nokia, 6, 82, 36, 1]
    [C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr] [Nokia, 6, 82, 14, 0]
    [C:\WINDOWS\System32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 6.0.2.614]
    [PID: 3480 / pat][C:\DOCUME~1\pat\LOCALS~1\Temp\Rar$EX00.532\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
    [C:\DOCUME~1\pat\LOCALS~1\Temp\Rar$EX00.532\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

    ==================================
    File Associations
    .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
    .EXE OK. ["%1" %*]
    .COM OK. ["%1" %*]
    .PIF OK. ["%1" %*]
    .REG OK. [regedit.exe "%1"]
    .BAT OK. ["%1" %*]
    .SCR OK. ["%1" /S]
    .CHM OK. ["C:\WINDOWS\hh.exe" %1]
    .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
    .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
    .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
    .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
    .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
    .LNK OK. [{00021401-0000-0000-C000-000000000046}]

    ==================================
    Winsock Provider
    N/A

    ==================================
    Autorun.Inf
    N/A

    ==================================
    HOSTS File
    127.0.0.1 localhost

    ==================================
    Process Privileges Scan
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 168, C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\LAUNCHAPPLICATION.EXE]
    Special Privilege Enabled: SeDebugPrivilege [PID = 3340, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3340, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]

    ==================================
    API HOOK
    RVA Error: LoadLibraryA (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\System32\drivers\klif.sys)
    RVA Error: LoadLibraryExA (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\System32\drivers\klif.sys)
    RVA Error: LoadLibraryExW (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\System32\drivers\klif.sys)
    RVA Error: LoadLibraryW (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\System32\drivers\klif.sys)
    RVA Error: GetProcAddress (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\System32\drivers\klif.sys)

    ==================================
    Hidden Process
    N/A

    ==================================

    [/CODE]

    rapport hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:26, on 2007-12-27
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Documents and Settings\pat\Bureau\HiJackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    O2 - BHO: (no name) - {903ACCC5-175E-476C-8645-E9FBB9C6621A} - c:\windows\system32\expsrve.dll
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [KillAFile] C:\Documents and Settings\pat\Bureau\KillAFile.exe /r
    O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O20 - Winlogon Notify: zoeghflb - C:\WINDOWS\SYSTEM32\expsrve.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    0
  19. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Re,

    Je regarde ceci et te donne une réponse demain. C'est une nouvelle variante.

    FillPCA
    0
  20. FillPCA Messages postés 2264 Statut Contributeur sécurité 123
     
    Bonjour,

    Tu l'as compris, la bestiole est toujours là. Il y a du progrès car l'un des drivers a été éliminé.

    Icesword est un outil dangereux et ne doit pas être utilisé par quelqu'un d'autre. Ces consignes sont destinées au cas présent et à personne d'autre.

    Suis très exactement ceci :

    1/ Ouvre Icesword.
    a/ À gauche, vers le haut, clique sur le bouton Registry (juste sous Functions) ;
    Par l'arborescence fournie, retrouve cette clé :

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spxfnfnm
    - Dans la fenêtre de gauche, fais un clic droit sur le petit dossier nommé spxfnfnm et clique Delete

    Supprime aussi cette clé :
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\zoeghflb

    b/ Choisis la fonction "file" en bas à gauche. Par l'arborescence fournie, choisis ce fichier :
    c:\windows\system32\expsrve.dll
    Fais un clic droit dessus et choisis "delete".

    c/ Choisis le bouton "function" puis le bouton BHO. Fais un clic droit sur cette BHO et choisis delete :
    {903ACCC5-175E-476C-8645-E9FBB9C6621A}

    2/ Ouvre killafile.
    Choisis l'option 1 : "Delete a file on reboot".
    Tape très exactement ceci :
    c:\windows\system32\expsrve.dll

    # À l'invite qui suit, appuie sur n'importe quelle touche pour valider (Entrée par exemple).
    # Ton PC va maintenant redémarrer. S'il ne redémarre pas, pfais-le toi-même.
    # Edite le rapport généré par killafile. Il se trouve aussi ici : C:\kaflog.txt

    3/ Edite les rapports suivants :
    killafile, SREng, Hijackthis.

    FillPCA
    0
  21. bobdu78 Messages postés 16 Statut Membre
     
    Bonjour FillPCA,
    je te remercie pour ta percévérance et te joins les nouveaux rapports

    KILLAFILE - logfile

    Running from: "C:\Documents and Settings\pat\Bureau\anti spywere"

    Delete on reboot: c:\windows\system32\expsrve.dll

    --- Rebooting the computer ---

    c:\windows\system32\expsrve.dll not deleted

    Finished!

    SREng

    [CODE]

    2007-12-28,11:03:15

    System Repair Engineer 2.5.16.900
    Smallfrogs (http://www.KZTechs.com)

    Windows XP Professional (Build 2600) - Administrative User - Completed Functions Allowed

    Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File
    Process Privileges Scan

    Boot Items
    Registry
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"> [Kaspersky Lab]
    <PCSuiteTrayApplication><C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup> [Nokia]
    <!AVG Anti-Spyware><"C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [(Verified)GRISOFT LTD]
    <SmcService><C:\PROGRA~1\Sygate\SPF\smc.exe -startgui> [(Verified)"Sygate Technologies, Inc."]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe> [(Verified)Microsoft Windows XP Publisher (Europe)]
    <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows XP Publisher (Europe)]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><> [N/A]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe> [(Verified)Microsoft Windows XP Publisher (Europe)]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\shellexecutehook.dll> [(Verified)GRISOFT LTD]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\System32\klogon.dll> [Kaspersky Lab]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\zoeghflb]
    <WinlogonNotify: zoeghflb><expsrve.dll> []
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Lecteur Windows Media Microsoft 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT> [(Verified)Microsoft Windows XP Publisher (Europe)]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows XP Publisher (Europe)]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.0><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser> [(Verified)Microsoft Windows XP Publisher (Europe)]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player 8><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows XP Publisher (Europe)]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install> [Microsoft Corporation]

    ==================================
    Startup Folders
    N/A

    ==================================
    Services
    [Gestion d'applications / AppMgmt][Stopped/Manual Start]
    <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
    [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
    <C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.>
    [Kaspersky Anti-Virus 6.0 / AVP][Running/Auto Start]
    <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe -r><Kaspersky Lab>
    [Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
    <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
    [InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
    <C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe><Macrovision Corporation>
    [ServiceLayer / ServiceLayer][Stopped/Disabled]
    <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><Nokia.>
    [Sygate Personal Firewall / SmcService][Stopped/Auto Start]
    <C:\Program Files\Sygate\SPF\smc.exe><Sygate Technologies, Inc.>
    [PCI Bus p10e4 Monitor / spxfnfnm][Running/Auto Start]
    <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\expsrve.dll><N/A>

    ==================================
    Drivers
    [Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
    <system32\drivers\ALCXSENS.SYS><Sensaura>
    [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
    <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
    [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
    <\??\C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\guard.sys><N/A>
    [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
    <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
    [catchme / catchme][Stopped/Manual Start]
    <\??\C:\DOCUME~1\pat\LOCALS~1\Temp\catchme.sys><N/A>
    [driverhardwarev2 / driverhardwarev2][Stopped/Manual Start]
    <\??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys><Ma-Config.com>
    [HSFHWSIS / HSFHWSIS][Running/Manual Start]
    <System32\DRIVERS\HSFHWSIS.sys><Conexant Systems, Inc.>
    [HSF_DPV / HSF_DPV][Running/Manual Start]
    <System32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.>
    [kl1 / kl1][Running/Boot Start]
    <\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
    [klif / klif][Running/System Start]
    <\??\C:\WINDOWS\System32\drivers\klif.sys><Kaspersky Lab>
    [mdmxsdk / mdmxsdk][Running/Auto Start]
    <System32\DRIVERS\mdmxsdk.sys><Conexant>
    [ATK0100 ACPI UTILITY / MTsensor][Running/Manual Start]
    <System32\DRIVERS\ATKACPI.sys><ASUSTek COMPUTER INC.>
    [Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
    <system32\drivers\nmwcd.sys><Nokia>
    [Nokia USB Generic / nmwcdc][Stopped/Manual Start]
    <system32\drivers\nmwcdc.sys><Nokia>
    [Nokia USB Port / nmwcdcj][Stopped/Manual Start]
    <system32\drivers\nmwcdcj.sys><Nokia>
    [Nokia USB Modem / nmwcdcm][Stopped/Manual Start]
    <system32\drivers\nmwcdcm.sys><Nokia>
    [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
    <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
    [Secdrv / Secdrv][Stopped/Manual Start]
    <System32\DRIVERS\secdrv.sys><N/A>
    [SiS 162 usb Wireless LAN Adapter Driver / SIS162u][Stopped/Manual Start]
    <System32\DRIVERS\sis162u.sys><SiS Corporation>
    [SiS AGP Filter / SISAGP][Running/Boot Start]
    <\SystemRoot\System32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation>
    [Pilote de carte Fast Ethernet PCI SiS / SISNIC][Running/Manual Start]
    <System32\DRIVERS\sisnic.sys><SiS Corporation>
    [Teefer for NT / Teefer][Running/Boot Start]
    <\SystemRoot\SYSTEM32\Drivers\Teefer.sys><Sygate Technologies, Inc.>
    [TVICHW32 / TVICHW32][Stopped/Manual Start]
    <\??\C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS><EnTech Taiwan>
    [SyGate for NT, wg3n / wg3n][Running/Auto Start]
    <\SystemRoot\SYSTEM32\Drivers\wg3n.sys><Sygate Technologies, Inc.>
    [SyGate for NT, wg4n / wg4n][Running/Auto Start]
    <\SystemRoot\SYSTEM32\Drivers\wg4n.sys><Sygate Technologies, Inc.>
    [SyGate for NT, wg5n / wg5n][Running/Auto Start]
    <\SystemRoot\SYSTEM32\Drivers\wg5n.sys><Sygate Technologies, Inc.>
    [SyGate for NT, wg6n / wg6n][Running/Auto Start]
    <\SystemRoot\SYSTEM32\Drivers\wg6n.sys><Sygate Technologies, Inc.>
    [winachsf / winachsf][Running/Manual Start]
    <System32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
    [wpsdrvnt / wpsdrvnt][Running/System Start]
    <\??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys><Sygate Technologies, Inc.>

    ==================================
    Browser Add-ons
    []
    {903ACCC5-175E-476C-8645-E9FBB9C6621A} <c:\windows\system32\expsrve.dll, N/A>
    [Shockwave Flash Object]
    {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>

    ==================================
    Running Processes
    [PID: 772 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 828 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 852 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\klogon.dll] [Kaspersky Lab, 6.0.2.614]
    [C:\WINDOWS\system32\expsrve.dll] [N/A, ]
    [C:\WINDOWS\system32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\libssl32.dll] [OpenSSL <www.openssl.org>, 0.9.7c]
    [C:\WINDOWS\system32\libeay32.dll] [OpenSSL <www.openssl.org>, 0.9.7c]
    [PID: 900 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 912 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 1104 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 1224 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [c:\windows\system32\expsrve.dll] [N/A, ]
    [C:\WINDOWS\system32\libssl32.dll] [OpenSSL <www.openssl.org>, 0.9.7c]
    [C:\WINDOWS\System32\libeay32.dll] [OpenSSL <www.openssl.org>, 0.9.7c]
    [C:\WINDOWS\System32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 1444 / SERVICE RÉSEAU][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 1456 / SERVICE LOCAL][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 1648 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\system32\pdfcmnnt.dll] [N/A, ]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
    [PID: 1828 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [PID: 2016 / SYSTEM][C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
    [C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\1036\mdmui.dll] [Microsoft Corporation, 7.00.9466]
    [PID: 756 / pat][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 6.0.2.614]
    [C:\WINDOWS\System32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\AppCert\wnl32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\expsrve.dll] [N/A, ]
    [C:\WINDOWS\system32\libssl32.dll] [OpenSSL <www.openssl.org>, 0.9.7c]
    [C:\WINDOWS\System32\libeay32.dll] [OpenSSL <www.openssl.org>, 0.9.7c]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
    [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
    [C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36]
    [PID: 968 / pat][C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe] [Nokia, 6, 82, 70, 2]
    [C:\Program Files\PC Connectivity Solution\ConnAPI.DLL] [Nokia., 6, 84, 89, 1]
    [C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll] [Nokia, 6, 82, 77, 0]
    [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Nokia\Nokia PC Suite 6\PCSSupportSetup.DLL] [Nokia, 6, 82, 20, 2]
    [C:\WINDOWS\System32\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\PC Connectivity Solution\ConfServer.dll] [Nokia, 6, 84, 37, 0]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.2.614]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\nfio.ppl] [Kaspersky Lab, 6.0.2.614]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.2.614]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\basegui.ppl] [Kaspersky Lab, 6.0.2.614]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\thpimpl.ppl] [Kaspersky Lab, 6.0.2.614]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\FSSync.dll] [Kaspersky Lab, 6.0.5.614]
    [c:\program files\kaspersky lab\kaspersky anti-virus 6.0\winreg.ppl] [Kaspersky Lab, 6.0.2.614]
    [C:\WINDOWS\System32\wdmaud.drv] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\libssl32.dll] [OpenSSL <www.openssl.org>, 0.9.7c]
    [C:\WINDOWS\System32\libeay32.dll] [OpenSSL <www.openssl.org>, 0.9.7c]
    [PID: 3504 / pat][C:\WINDOWS\System32\wuauclt.exe] [Microsoft Corporation, 5.4.2600.0 (XPClient.010817-1148)]
    [PID: 2504 / pat][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
    [C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll] [Nokia, 6, 82, 63, 9]
    [C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll] [Nokia, 6, 82, 77, 0]
    [C:\Program Files\PC Connectivity Solution\ConnAPI.DLL] [Nokia., 6, 84, 89, 1]
    [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_fre.nlr] [Nokia, 6, 82, 36, 1]
    [C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr] [Nokia, 6, 82, 14, 0]
    [C:\WINDOWS\System32\AppCert\wsil32.dll] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll] [Kaspersky Lab, 6.0.2.614]
    [PID: 2744 / pat][C:\DOCUME~1\pat\LOCALS~1\Temp\Rar$EX00.656\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
    [C:\DOCUME~1\pat\LOCALS~1\Temp\Rar$EX00.656\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

    ==================================
    File Associations
    .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
    .EXE OK. ["%1" %*]
    .COM OK. ["%1" %*]
    .PIF OK. ["%1" %*]
    .REG OK. [regedit.exe "%1"]
    .BAT OK. ["%1" %*]
    .SCR OK. ["%1" /S]
    .CHM OK. ["C:\WINDOWS\hh.exe" %1]
    .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
    .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
    .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
    .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
    .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
    .LNK OK. [{00021401-0000-0000-C000-000000000046}]

    ==================================
    Winsock Provider
    N/A

    ==================================
    Autorun.Inf
    N/A

    ==================================
    HOSTS File
    127.0.0.1 localhost

    ==================================
    Process Privileges Scan
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 968, C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\LAUNCHAPPLICATION.EXE]
    Special Privilege Enabled: SeDebugPrivilege [PID = 2504, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
    Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2504, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]

    ==================================
    API HOOK
    RVA Error: LoadLibraryA (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\System32\drivers\klif.sys)
    RVA Error: LoadLibraryExA (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\System32\drivers\klif.sys)
    RVA Error: LoadLibraryExW (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\System32\drivers\klif.sys)
    RVA Error: LoadLibraryW (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\System32\drivers\klif.sys)
    RVA Error: GetProcAddress (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\System32\drivers\klif.sys)

    ==================================
    Hidden Process
    N/A

    ==================================

    [/CODE]

    Hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:05, on 2007-12-28
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\alg.exe
    C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Documents and Settings\pat\Bureau\HiJackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    O2 - BHO: (no name) - {903ACCC5-175E-476C-8645-E9FBB9C6621A} - c:\windows\system32\expsrve.dll
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
    O20 - Winlogon Notify: zoeghflb - C:\WINDOWS\SYSTEM32\expsrve.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\pat\Bureau\anti spywere\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
    0
  • 1
  • 2