Antivirus désactivé et impossible à réinstalé [Résolu/Fermé]

Signaler
-
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
-
Bonjour,

Sans m'en rendre compte de suite j'ai eu AVG qui à été désactivé ( peut être aussi en rapport powerdvd refuse de se lancer ) mais surtout je ne peut plus réinstaler d'autres antivirus : ça plante toujours au même moment pour chaque antivirus quand il instale son .EXE ????

J'ai repéré par des scan online ( securiser / kasper ) wintems.exe que j'ai éliminé par Elibagla comme indiqué sur ce forum ( merci ! ) j'ai aussi éliminé ntmlrs.exe qui semble être le même genre de saleté mais ça continu à part avast : ses fichiers manquant sont du à l'instale reporté ( en plein premier scan lors de son instale tres gros orage et j'ai du intérompre rapido ) mais je doute que je réussisse pour lui aussi ; là je retente mais au cas ou je post ce message pour devancer mon échec potentiel ...




Logfile of HijackThis v1.99.1
Scan saved at 20:28:35, on 16/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\program files\speed disk\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\MOZILLA FIREFOX\FIREFOX.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\explorer.exe
H:\Rar$EX79.640\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll (file missing)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\InstallShield\UpdateService\isuspm.exe -startup
O4 - HKLM\..\Run: [bifss32] C:\WINDOWS\system32\bifss32.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Nod32 Service] ntmlrs.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\RunServices: [Nod32 Service] ntmlrs.exe
O4 - HKLM\..\RunOnce: [ReEXEc] H:\FICHIERS TELECHARGE\_PC TOOLS\EliBaglA.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [LaunchList] H:\Studio 11\LaunchList2.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Desktop Currency Converter - {38C06FA6-BF6E-479a-9F32-494E09FC30CB} - C:\Program Files\Mioplanet\Desktop Currency Converter\Desktop Currency Converter.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (UpdateAdvisor Control) - http://www.cyberlink.com/multi/patch/prog/UpdateAdvisor.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avagnt - Unknown owner - C:\WINDOWS\system32\avagnt.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Speed Disk service - Symantec Corporation - c:\program files\speed disk\nopdb.exe

40 réponses

Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Bonsoir,

Il y a du boulot, avec un service avec un faux nom d'antivirus (entre autres). As-tu le rapport Elibagla ?

FillPCA
Salut FillPCA !

Apparemment j'ai un rootkit mais j'ai essayé d'instaler antivir et pareil ça coince .


Wed Jan 16 20:10:46 2008
EliBagle v10.85 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
Wed Jan 16 20:10:46 2008
EliBagle v10.85 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 10491
Nº Total de Ficheros: 326865
Nº de Ficheros Analizados: 12758
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Re,

1/ # Télécharge SDFix (créé par Andy Manchesta) et sauvegarde le sur ton Bureau : http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
# Imprime ceci.
# Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

* Redémarre ton ordinateur.
* Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (ou F5).
* A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
* Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
* Choisis ton compte.

# Déroule la liste des instructions ci-dessous :

* En mode sans échec, double-clique sur le fichier SDFix.exe et clique sur install,
* Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le script.
* Il va supprimer les services de certains trojans, effectuera aussi quelques réparations du Registre et il te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
* Enfin, ouvre le dossier de SDFix sur ton Bureau et copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.

2/ * Télécharge combofix.exe (par sUBs) sur ton Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Double clique combofix.exe et suis les invites.
* Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

Edite ces deux rapports et un rapport Hijackthis.

FillPCA
ma réponse de 3 .txt ( 500ko les 3 réunies ) doit être trop longue car elle refuse d'être enregister par le forum je vais essayé en trois messages séparés
c'est le premier avec sdfix qui est trop énorme , je peus te le mailer si c'est important ?

voilà les deux autres :


ComboFix 08-01-17.1 - Administrateur 2008-01-17 0:29:48.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1077 [GMT 1:00]
Running from: H:\FICHIERS TELECHARGE\_PC TOOLS\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system\smss.exe
C:\WINDOWS\system32\drivers\srosa.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SROSA
-------\srosa


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-16 to 2008-01-16 ))))))))))))))))))))))))))))))))))))
.

2008-01-17 00:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 00:16 . 2008-01-17 00:16 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-16 21:51 . 2008-01-16 21:51 <REP> d-------- C:\Program Files\Audacity
2008-01-16 18:40 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-16 18:40 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-16 18:40 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-16 18:40 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-16 18:40 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-16 18:40 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-16 18:40 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-16 18:40 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-16 18:39 . 2008-01-16 18:39 <REP> d-------- C:\Program Files\Alwil Software
2008-01-16 18:26 . 2008-01-16 18:26 <REP> d-------- C:\WINDOWS\system32\drivers\down
2008-01-16 18:02 . 2008-01-16 18:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-01-16 15:16 . 2008-01-16 15:16 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-15 23:04 . 2008-01-15 23:04 <REP> d-------- C:\WINDOWS\AU_Temp
2008-01-15 22:20 . 2008-01-16 18:32 73,760 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-15 22:20 . 2008-01-16 18:32 2,984 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-15 22:20 . 2008-01-16 18:32 2,312 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-15 22:20 . 2008-01-16 18:32 2,080 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-15 21:56 . 2008-01-15 22:35 <REP> d-------- C:\Program Files\BitDefender
2008-01-15 21:54 . 2008-01-15 21:54 35,063,081 --a------ C:\WINDOWS\VPTNFILE.945
2008-01-15 21:54 . 2008-01-15 21:54 35,063,081 --a------ C:\WINDOWS\LPT$VPN.945
2008-01-15 21:44 . 2008-01-15 21:46 <REP> d-------- C:\Program Files\RegCleaner
2008-01-15 16:47 . 2008-01-16 14:10 <REP> d-------- C:\Muestras
2008-01-15 15:21 . 2008-01-15 15:43 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-01-02 17:38 . 2008-01-02 17:38 88 --a------ C:\WINDOWS\LEXSTAT.INI
2008-01-02 17:37 . 2008-01-03 10:55 <REP> d-------- C:\Program Files\Lexmark X74-X75
2008-01-02 17:37 . 2001-08-23 17:47 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-01-02 17:37 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-02 17:34 . 2008-01-02 17:34 <REP> d-------- C:\lxkx75patch
2008-01-02 17:10 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-12-26 17:03 . 2007-12-26 17:03 <REP> d-------- C:\Program Files\Microsoft Silverlight
2007-12-23 01:08 . 2007-12-23 01:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-12-23 01:03 . 2007-12-23 01:08 24 ---hs---- C:\WINDOWS\S36732413.tmp
2007-12-23 01:01 . 2007-12-23 01:01 <REP> d-------- C:\Program Files\SlySoft
2007-12-20 22:02 . 2007-12-20 22:02 <REP> d-------- C:\Program Files\GDSMUX
2007-12-19 21:05 . 2007-12-19 21:05 97,216 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-12-19 20:59 . 2008-01-16 13:09 664 --a------ C:\WINDOWS\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 20:49 --------- d-----w C:\Program Files\FlashGet
2008-01-16 15:48 --------- d-----w C:\Program Files\eMule
2008-01-16 13:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-16 10:36 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Azureus
2008-01-16 00:52 --------- d-----w C:\Program Files\Copie de MPlayer for Windows
2008-01-15 22:04 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2008-01-15 22:04 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2008-01-15 20:54 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-01-15 20:54 267,845 ----a-w C:\WINDOWS\tsc.exe
2008-01-15 10:55 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AVG7
2008-01-08 18:28 --------- d-----w C:\Program Files\Avidemux 2.4
2008-01-08 18:21 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\gtk-2.0
2008-01-06 19:20 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\dvdcss
2007-12-31 22:14 --------- d-----w C:\Program Files\MKVtoolnix
2007-12-23 11:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-23 11:52 --------- d-----w C:\Program Files\CyberLink
2007-12-23 11:01 --------- d-----w C:\Program Files\Azureus
2007-12-20 21:02 --------- d-----w C:\Program Files\Haali
2007-12-16 21:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-13 23:16 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Bioshock
2007-12-12 11:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-12-09 13:40 --------- d-----w C:\Program Files\Skyline
2007-12-09 13:39 7,984,464 ----a-w C:\terraexplorer_terraexplorer_5.0.2.10_basic_francais_40985.exe
2007-12-09 12:18 --------- d-----w C:\Program Files\QuickTime Alternative
2007-12-09 12:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-09 12:02 --------- d-----w C:\Program Files\Apple Software Update
2007-12-09 12:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-08 22:23 --------- d-----w C:\Program Files\Zoom Player
2007-12-04 15:46 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-04 15:46 22,328 ----a-w C:\Documents and Settings\Administrateur\Application Data\PnkBstrK.sys
2007-12-03 15:11 --------- d-----w C:\Program Files\VideoLAN
2007-12-02 16:27 --------- d-----w C:\Program Files\DivX
2007-11-26 13:03 --------- d-----w C:\Program Files\CoreCodec
2007-11-25 19:52 --------- d-----w C:\Program Files\Lavalys
2007-11-21 19:17 --------- d-----w C:\Program Files\Gabest
2007-11-21 19:02 --------- d-----w C:\Program Files\URUSoft
2006-12-01 19:34 1 ----a-w C:\Documents and Settings\Administrateur\SI.bin
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
2007-02-12 20:23 61 --sh--w C:\WINDOWS\cnerolf.dat
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49 153136]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [ ]
"LaunchList"="H:\Studio 11\LaunchList2.exe" [2005-02-27 03:07 742160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 06:59 878080]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-05-16 11:58 86960]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-17 16:29 7700480]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 01:54 144384]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\InstallShield\UpdateService\isuspm.exe" [2006-05-16 11:58 213936]
"bifss32"="C:\WINDOWS\system32\bifss32.exe" [ ]
"ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2006-05-16 11:58 213936]
"nwiz"="nwiz.exe" [2006-11-17 16:29 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-11-17 16:29 86016 C:\WINDOWS\system32\nvmctray.dll]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [ ]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [ ]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 20:34 868352]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 06:12 729088]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2007-10-19 20:16 286720]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 21:01 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 21:01 54832]
"Lexmark X74-X75"="C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 21:11 57344]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [ ]
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ASUS WiFi-AP Solo.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ASUS WiFi-AP Solo.lnk
backup=C:\WINDOWS\pss\ASUS WiFi-AP Solo.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^LightSurf.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\LightSurf.lnk
backup=C:\WINDOWS\pss\LightSurf.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\blehbashlessrdr]
C:\Documents and Settings\All Users\Application Data\1 manager bleh bash\Wma dale.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 11:48 157592 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Horloge]
--a------ 2006-11-24 17:16 20058152 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2006-05-16 11:58 213936 C:\PROGRA~1\FICHIE~1\InstallShield\UpdateService\isuspm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
-r------- 2006-06-02 09:45 385024 C:\WINDOWS\system32\JMRaidTool.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\junkokay]
C:\DOCUME~1\ADMINI~1\APPLIC~1\bluecoal\Typeregs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-11-17 16:29 7700480 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-11-17 16:29 1622016 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-11-24 17:16 20058152 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 17:17 159744 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW20]
-ra------ 2006-09-07 11:13 208896 C:\WINDOWS\system32\sw20.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW24]
-ra------ 2006-09-07 11:14 69632 C:\WINDOWS\system32\sw24.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-02-27 01:01]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\[u]0[/u]00.fcl [2007-09-19 21:37]
R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2007-02-11 23:50]
R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2007-02-11 23:50]
S2 avagnt;avagnt;C:\WINDOWS\system32\avagnt.exe []
S3 BDSelfPr;BDSelfPr;C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys []
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-06-16 08:30]
S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2006-03-31 04:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e0c2612-ad8a-11db-8294-0090d0cd7c4f}]
\Shell\AutoRun\command - E:\Install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e0c2613-ad8a-11db-8294-0090d0cd7c4f}]
\Shell\AutoRun\command - G:\datas\autorun.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-15 19:31:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-16 23:00:00 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\FXR6xXAv.exe
"2008-01-16 08:00:00 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\FXR6xXAv.exe

"2008-01-16 09:00:00 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\FXR6xXAv.exe
"2008-01-16 10:00:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\FXR6xXAv.exe
"2008-01-15 11:00:00 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\FXR6xXAv.exe
"2008-01-16 12:00:00 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\FXR6xXAv.exe
"2008-01-15 13:00:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\FXR6xXAv.exe
"2008-01-16 14:00:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\FXR6xXAv.exe
"2008-01-16 15:00:00 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\FXR6xXAv.exe
"2008-01-16 16:00:00 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\FXR6xXAv.exe
"2008-01-16 17:00:00 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\FXR6xXAv.exe
"2008-01-16 00:00:00 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\FXR6xXAv.exe
"2008-01-15 18:00:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\FXR6xXAv.exe
"2008-01-14 19:00:00 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\FXR6xXAv.exe
"2008-01-16 20:00:00 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\FXR6xXAv.exe
"2008-01-16 21:00:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\FXR6xXAv.exe
"2008-01-16 22:00:00 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\FXR6xXAv.exe
"2008-01-16 01:00:00 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\FXR6xXAv.exe
"2008-01-16 02:00:00 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\FXR6xXAv.exe
"2008-01-16 03:00:00 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\FXR6xXAv.exe
"2008-01-16 04:00:00 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\FXR6xXAv.exe
"2008-01-16 05:00:00 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\FXR6xXAv.exe
"2008-01-16 06:00:00 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\FXR6xXAv.exe
"2008-01-16 07:00:00 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\FXR6xXAv.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 00:49:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-17 0:51:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-16 23:51:31









Logfile of HijackThis v1.99.1
Scan saved at 00:53, on 17/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\program files\speed disk\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\NOTEPAD.EXE
H:\FICHIERS TELECHARGE\_PC TOOLS\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll (file missing)
O3 - Toolbar: (no name) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - (no file)
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\InstallShield\UpdateService\isuspm.exe -startup
O4 - HKLM\..\Run: [bifss32] C:\WINDOWS\system32\bifss32.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [LaunchList] H:\Studio 11\LaunchList2.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Desktop Currency Converter - {38C06FA6-BF6E-479a-9F32-494E09FC30CB} - C:\Program Files\Mioplanet\Desktop Currency Converter\Desktop Currency Converter.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - https://www.cult3d.com/
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (UpdateAdvisor Control) - http://www.cyberlink.com/multi/patch/prog/UpdateAdvisor.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avagnt - Unknown owner - C:\WINDOWS\system32\avagnt.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Speed Disk service - Symantec Corporation - c:\program files\speed disk\nopdb.exe
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Bonjour,

Y a encore du monde.

1/ * Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
* Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
* Ouvre le dossier SReng2 et double-clique sur SREngPS.exe.
* Clique sur "smart scan".
* Clique sur le bouton "scan".
* Quand l'analyse est terminée, clique sur le bouton "save reports".
* Sauvegarde alors le rapport sur ton bureau.
* Copie/colle le contenu du rapport SREnglLOG.log dans ta prochaine réponse.

2/ * Télécharger smitfraudfix (de S!Ri) sur le bureau : http://siri.urz.free.fr/Fix/SmitfraudFix.exe
* Clique sur smitfraudfix.exe
* Choisis l'option 1 et colle dans ta réponse le rapport généré par smitfraudfix. Ce rapport se trouve dans la fenêtre du bloc-note qui s’ouvre.
* Ferme l'application en tapant sur la touche Q.

3/ Merci à Lazzzy

* Télécharger lopxpMH : http://www.alt-shift-return.org/Info/Fichiers/lopxpMH2.zip
* Dézippe-le au moyen d'un clic droit et extrais-le sur le bureau.
* Edite le rapport généré.

4/ Envoie-moi le rapport SDfix à l'adresse suivante : zhkfkptd@trashmail.net

FillPCA


Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Re,

J'aimerais que tu fasses aussi ceci, en plus de ce que je te demande au-dessus :

1/ Désactive temporairement ton antivirus.
2/ Télécharger haxfix.exe
(Merci à Marckie) et le sauvegarde sur le bureau.

* Double cliquer sur haxfix.exe pour installer haxfix. (l'installation standard est c:\program Files\haxfix) : http://users.telenet.be/marcvn/tools/haxfix.exe
* Cocher "Create a desktop icon"
* Cliquer "Next"
* Quand l'installation est terminée, s'assurer que "Launch HaxFix" est coché
* Cliquer "Finish"

Une "fenêtre DOS" à fond rouge s'ouvre avec les options suivantes:
1. Make logfile (créer un rapport)
2. Run auto fix (lancer la réparation en mode automatique)
3. Run manual fix (lancer la réparation en mode manuel)
E. Exit Haxfix (quitter Haxfix)

* Selectionner l'option 1. Make logfile en tapant 1 puis taper "Entrée"
* Haxfix va analyser le système. Quand il a fini, un rapport s'ouvrira: haxlog.txt > (c:\haxlog.txt)
* Copier le contenu de ce rapport et l'inclure (coller) dans votre réponse.

3/ Réactive ton antivirus et publie ce rapport.

FillPCA
En fait je n'ai plus aucun antivirus instalé pour l'instant , ça doit pas être géniale ...




[CODE]

2008-01-17,13:07:44

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><"C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"> [(Verified)Nero AG]
<WOOKIT><C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx> [N/A]
<LaunchList><H:\Studio 11\LaunchList2.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SpeedTouch USB Diagnostics><"C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon> [THOMSON]
<ISUSScheduler><"C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start> [(Verified)Macrovision Corporation]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<Synchronization Manager><%SystemRoot%\system32\mobsync.exe /logon> [(Verified)Microsoft Windows Publisher]
<ISUSPM Startup><C:\PROGRA~1\FICHIE~1\InstallShield\UpdateService\isuspm.exe -startup> [(Verified)Macrovision Corporation]
<bifss32><C:\WINDOWS\system32\bifss32.exe> [N/A]
<ISUSPM><"C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler> [(Verified)Macrovision Corporation]
<nwiz><nwiz.exe /install> []
<NvMediaCenter><RunDLL32.exe NvMCTray.dll,NvTaskbarInit> [NVIDIA Corporation]
<SecurDisc><C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe> [N/A]
<InCD><C:\Program Files\Nero\Nero 7\InCD\InCD.exe> [N/A]
<SoundMAXPnP><C:\Program Files\Analog Devices\Core\smax4pnp.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray> [Analog Devices, Inc.]
<QuickTime Task><"C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime> [Apple Inc.]
<RemoteControl><"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"> [(Verified)CyberLink]
<LanguageShortcut><"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"> [(Verified)CyberLink]
<Lexmark X74-X75><"C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"> [Lexmark International, Inc.]
<BitDefender Antiphishing Helper><"C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<blehbashlessrdr><; C:\Documents and Settings\All Users\Application Data\1 manager bleh bash\Wma dale.exe> [N/A]
<DAEMON Tools><; "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033> [(Verified)DAEMON Tools Code Signing Services]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Horloge><; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized> [(Verified)Skype Technologies SA]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ISUSPM Startup><; C:\PROGRA~1\FICHIE~1\InstallShield\UpdateService\isuspm.exe -startup> [(Verified)Macrovision Corporation]
<JMB36X Configure><; C:\WINDOWS\system32\JMRaidTool.exe boot> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<junkokay><; C:\DOCUME~1\ADMINI~1\APPLIC~1\bluecoal\Typeregs.exe> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe> [N/A]
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<nwiz><; nwiz.exe /install> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Skype><; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized> [(Verified)Skype Technologies SA]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Sony Ericsson PC Suite><; "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions> [Sony Ericsson Mobile Communications AB]
<SunJavaUpdateSched><; "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"> [Sun Microsystems, Inc.]
<SW20><; C:\WINDOWS\system32\sw20.exe> []
<SW24><; C:\WINDOWS\system32\sw24.exe> []
<TkBellExe><; "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot> [N/A]

==================================
Startup Folders
[Lancement rapide d'Adobe Reader]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk --> C:\PROGRA~1\Adobe\Acrobat 7.0\Reader\reader_sl.exe [Adobe Systems Incorporated]><N>
[Adobe Gamma]
<C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk --> C:\PROGRA~1\FICHIE~1\Adobe\Calibration\Adobe Gamma Loader.exe [Adobe Systems, Inc.]><N>
[MagicDisc]
<C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\MagicDisc.lnk --> C:\PROGRA~1\MagicDisc\MagicDisc.exe [MagicISO, Inc.]><N>

==================================
Services
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[avagnt / avagnt][Stopped/Auto Start]
<C:\WINDOWS\system32\avagnt.exe><N/A>
[Capture Device Service / Capture Device Service][Running/Auto Start]
<"C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe"><InterVideo Inc.>
[Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[InCD Helper / InCDsrv][Running/Auto Start]
<C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe><Nero AG>
[IviRegMgr / IviRegMgr][Running/Auto Start]
<C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe><InterVideo>
[LexBce Server / LexBceS][Running/Auto Start]
<C:\WINDOWS\system32\LEXBCES.EXE><Lexmark International, Inc.>
[MSSQL$SONY_MEDIAMGR / MSSQL$SONY_MEDIAMGR][Stopped/Manual Start]
<F:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
<C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[NBService / NBService][Stopped/Manual Start]
<C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe><Nero AG>
[NMIndexingService / NMIndexingService][Running/Manual Start]
<"C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe"><Nero AG>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[PCLEPCI / PCLEPCI][Stopped/Auto Start]
<C:\WINDOWS\system32\drivers\pclepci.sys><Pinnacle Systems GmbH>
[PnkBstrA / PnkBstrA][Running/Auto Start]
<C:\WINDOWS\system32\PnkBstrA.exe><N/A>
[Cyberlink RichVideo Service(CRVS) / RichVideo][Running/Auto Start]
<"C:\Program Files\CyberLink\Shared Files\RichVideo.exe"><>
[Speed Disk service / Speed Disk service][Running/Auto Start]
<c:\program files\speed disk\nopdb.exe><Symantec Corporation>
[SQLAgent$SONY_MEDIAMGR / SQLAgent$SONY_MEDIAMGR][Stopped/Manual Start]
<F:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup-->%SystemRoot%\System32\WUDFSvc.dll><Microsoft Corporation>

==================================
Drivers
[ADI DTS Filter Service / ADIDTSFiltService][Stopped/Manual Start]
<system32\drivers\adidts.sys><N/A>
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
<system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[AE Audio Service / AEAudio][Running/Manual Start]
<system32\drivers\AEAudio.sys><Andrea Electronics Corporation>
[AEGIS Protocol (IEEE 802.1x) v3.4.5.0 / AegisP][Running/Auto Start]
<system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) / alcan5wn][Stopped/Manual Start]
<system32\DRIVERS\alcan5wn.sys><THOMSON>
[SpeedTouch ADSL Modem ATM Transport / alcaudsl][Stopped/Manual Start]
<system32\DRIVERS\alcaudsl.sys><THOMSON>
[AnyDVD / AnyDVD][Running/Manual Start]
<System32\Drivers\AnyDVD.sys><SlySoft, Inc.>
[atksgt / atksgt][Running/Auto Start]
<system32\DRIVERS\atksgt.sys><N/A>
[BDSelfPr / BDSelfPr][Stopped/Manual Start]
<\??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys><N/A>
[catchme / catchme][Stopped/Manual Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys><N/A>
[ElbyCDIO Driver / ElbyCDIO][Running/System Start]
<System32\Drivers\ElbyCDIO.sys><Elaborate Bytes AG>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
<\??\D:\INSTALL\GMSIPCI.SYS><N/A>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[InCD File System / InCDfs][Running/Disabled]
<system32\drivers\InCDFs.sys><Nero AG>
[InCDPass / InCDPass][Running/System Start]
<system32\drivers\InCDPass.sys><Nero AG>
[InCD Reader / incdrm][Running/System Start]
<system32\drivers\InCDRm.sys><Nero AG>
[ithsgt / ithsgt][Running/Auto Start]
<system32\DRIVERS\ithsgt.sys><N/A>
[JMicron Hot-Plug Driver / JGOGO][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\JGOGO.sys><JMicron>
[JRAID / JRAID][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\jraid.sys><JMicron Technology Corp.>
[Sony Ericsson 750 driver (WDM) / k750bus][Stopped/Manual Start]
<system32\DRIVERS\k750bus.sys><MCCI>
[Sony Ericsson 750 USB WMC Modem Filter / k750mdfl][Stopped/Manual Start]
<system32\DRIVERS\k750mdfl.sys><MCCI>
[Sony Ericsson 750 USB WMC Modem Drivers / k750mdm][Stopped/Manual Start]
<system32\DRIVERS\k750mdm.sys><MCCI>
[Sony Ericsson 750 USB WMC Device Management Drivers / k750mgmt][Stopped/Manual Start]
<system32\DRIVERS\k750mgmt.sys><MCCI>
[Sony Ericsson 750 USB WMC OBEX Interface Drivers / k750obex][Stopped/Manual Start]
<system32\DRIVERS\k750obex.sys><MCCI>
[lilsgt / lilsgt][Running/Auto Start]
<system32\DRIVERS\lilsgt.sys><N/A>
[lirsgt / lirsgt][Running/Auto Start]
<system32\DRIVERS\lirsgt.sys><N/A>
[Pinnacle Marvin Bus / MarvinBus][Running/Manual Start]
<system32\DRIVERS\MarvinBus.sys><Pinnacle Systems GmbH>
[Driver for MagicISO SCSI Host Controller / mcdbus][Running/Manual Start]
<system32\DRIVERS\mcdbus.sys><MagicISO, Inc.>
[ATK0110 ACPI UTILITY / MTsensor][Running/Manual Start]
<system32\DRIVERS\ASACPI.sys><>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVIDIA PORT IO Control Driver / nvport][Running/System Start]
<\??\C:\WINDOWS\system32\Drivers\nvport.sys><NVIDIA Corporation.>
[oreans32 / oreans32][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\oreans32.sys><N/A>
[PCAMPR5 NDIS Protocol Driver / PCAMPR5][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\PCAMPR5.SYS><N/A>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[Padus ASPI Shell / pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter / RTLWUSB][Stopped/Manual Start]
<system32\DRIVERS\RTL8187.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Running/Auto Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SenFilt Service / SenFiltService][Running/Manual Start]
<system32\drivers\Senfilt.sys><Sensaura>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]
<\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver (version 2.x) / sfsync02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfsync02.sys><Protection Technology>
[SjyPkt / SjyPkt][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\Drivers\SjyPkt.sys><Windows (R) 2000 DDK provider>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Manual Start]
<system32\DRIVERS\WudfPf.sys><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start]
<system32\DRIVERS\wudfrd.sys><Microsoft Corporation>
[NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start]
<system32\DRIVERS\yk51x86.sys><Marvell>
[{95808DC4-FA4A-4C74-92FE-5B863F82066B} / {95808DC4-FA4A-4C74-92FE-5B863F82066B}][Running/Auto Start]
<\??\C:\Program Files\CyberLink\PowerDVD\000.fcl><N/A>

==================================
Browser Add-ons
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.>
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FlashGet\jccatch.dll, Amaze Soft>
[Java Plug-in 1.5.0_10]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.>
[Desktop Currency Converter]
{38C06FA6-BF6E-479a-9F32-494E09FC30CB} <C:\Program Files\Mioplanet\Desktop Currency Converter\Desktop Currency Converter.exe, N/A>
[]
{85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\flashget.exe, Amaze Soft>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, N/A>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[Cult3D ActiveX Player]
{31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} <C:\WINDOWS\system32\Cult3D\IECult.dll, Cycore AB>
[BDSCANONLINE Control]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\BDOSCAN8\oscan82.ocx, SOFTWIN>
[HouseCall Control]
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} <C:\WINDOWS\DOWNLO~1\xscan53.ocx, Trend Micro Inc.>
[Java Plug-in 1.5.0_10]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.>
[UpdateAdvisor Control]
{8FD07749-EFFA-48C6-947C-45A8D7BF422F} <C:\WINDOWS\DOWNLO~1\UpdateAdvisor.ocx, CyberLink>
[Java Plug-in 1.4.2_05]
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_09]
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_10]
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_10]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime Alternative\QTPlugin.ocx, Apple Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[TECollaboration.Manager]
{07FEE7FA-EA56-4790-AE41-2E227CCF6EB7} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[SkyGps Class]
{1D1342E2-B737-43C4-B2B2-BB855FC353F1} <C:\Program Files\Skyline\TerraExplorer\Tools\GPSTracking\SkyGps.dll, >
[TECollaboration.Plane]
{1E686889-C1F3-437F-A8CE-729C78AA3BEC} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[TECollaboration.VirtualCursor]
{2040FA1B-53B6-41BD-BF73-6400C4F40E49} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Cult3D ActiveX Player]
{31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} <C:\WINDOWS\system32\Cult3D\IECult.dll, Cycore AB>
[TerraExplorer Class]
{3a4f9191-65a8-11d5-85c1-0001023952c1} <C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll, Skyline software systems Inc.>
[TE3DWindow Class]
{3a4f9192-65a8-11d5-85c1-0001023952c1} <C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll, Skyline software systems Inc.>
[TEInformationWindow Class]
{3a4f9193-65a8-11d5-85c1-0001023952c1} <C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll, Skyline software systems Inc.>
[TENavigationMap Class]
{3a4f9194-65a8-11d5-85c1-0001023952c1} <C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll, Skyline software systems Inc.>
[QuickTime Object]
{4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime Alternative\QTPlugin.ocx, Apple Inc.>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[FalconViewObj Class]
{504AC303-A983-45B7-8663-CB5649B3AB1A} <C:\Program Files\Skyline\TerraExplorer\Tools\TEFVT\TEFVT.dll, >
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[BDSCANONLINE Control]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\BDOSCAN8\oscan82.ocx, SOFTWIN>
[CKAVReportCtrl Object]
{6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[TECollaboration.FlyFile]
{641ECCA4-28F2-4AE0-90E6-3152E62AFCA2} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[Comunication Class]
{662CB034-1B5F-46DE-83C8-8BDCA1424856} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\SLCU.dll, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[HouseCall Control]
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} <C:\WINDOWS\DOWNLO~1\xscan53.ocx, Trend Micro Inc.>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.>
[FVGps Class]
{765FB9BF-38D5-4678-9BD0-40DDE72906ED} <C:\Program Files\Skyline\TerraExplorer\Tools\GPSTracking\SkyGps.dll, >
[TECollaboration.Annotation]
{7A412365-8492-42A0-9411-BEE11106AAD6} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[TECollaboration.Chat]
{8120661B-1913-4C41-8C47-A0A9279715C6} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[Navigateur Web Microsoft]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Java Plug-in 1.5.0_10]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.>
[UpdateAdvisor Control]
{8FD07749-EFFA-48C6-947C-45A8D7BF422F} <C:\WINDOWS\DOWNLO~1\UpdateAdvisor.ocx, CyberLink>
[TECollaboration.Projection]
{984E67E2-6C7E-4D87-AC71-A640954D4495} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[FileManager Class]
{A3EEA80F-5A77-402B-8A2E-D1D9A08A497C} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\SLFM.dll, >
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FlashGet\jccatch.dll, Amaze Soft>
[TETest Class]
{A5606C7C-13E8-4403-B5C1-72CE1AEE1CA2} <C:\Documents and Settings\All Users\Application Data\Skyline\TEDetect.dll, Skyline software systems Inc.>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Fichiers communs\System\msadc\msadco.dll, Microsoft Corporation>
[CreateMPU Class]
{BF001C67-5DEE-40B5-85BE-A5B0E1AA0AD6} <C:\Program Files\Skyline\TerraExplorer\Tools\PyramidTool\SLMPU.dll, >
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__MPEG Moniker Class]
{CD3AFA89-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, N/A>
[Tout télécharger avec FlashGet]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[Télécharger avec FlashGet]
<C:\Program Files\FlashGet\jc_link.htm, N/A>

==================================
Running Processes
[PID: 716 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 776 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 800 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 844 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 880 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1044 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1108 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1172 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1240 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1272 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1316 / SYSTEM][C:\WINDOWS\system32\LEXBCES.EXE] [Lexmark International, Inc., 7.4]
[C:\WINDOWS\system32\lexp2p32.dll] [Lexmark International, Inc., 7.4]
[C:\WINDOWS\system32\lex2kusb.dll] [Lexmark International, Inc., 7.4]
[PID: 1340 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\LEXLMPM.DLL] [Lexmark International, Inc., 7.4]
[C:\WINDOWS\system32\LexBce.dll] [Lexmark International, Inc., 7.4]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\LXBBPP5C.dll] [Lexmark International, 1.0.6.0]
[C:\WINDOWS\system32\LXBBpwr.dll] [Lexmark International, Inc., 1, 0, 1, 0]
[PID: 1412 / SYSTEM][C:\WINDOWS\system32\LEXPPS.EXE] [Lexmark International, Inc., 7.4]
[C:\WINDOWS\system32\LEXBCE.DLL] [Lexmark International, Inc., 7.4]
[PID: 1456 / SYSTEM][C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe] [InterVideo Inc., 1.0.0.1]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\InterVideo\Common\Bin\MpgTsRdr.ax] [N/A, ]
[C:\Program Files\InterVideo\Common\Bin\IVInav.ax] [InterVideo Inc., 8.0.6.104]
[PID: 1536 / SYSTEM][C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe] [Nero AG, 5, 5, 1, 23]
[C:\Program Files\Nero\Nero 7\InCD\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Nero\Nero 7\InCD\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Fichiers communs\Ahead\Lib\AdvrCntr2.dll] [Nero AG, 8,6,0, 10800]
[C:\Program Files\Fichiers communs\Ahead\Lib\DriveLocker.dll] [Nero AG, 1, 0, 0, 18]
[C:\Program Files\Nero\Nero 7\InCD\incdshx.dll] [Nero AG, 5, 5, 1, 23]
[C:\Program Files\Nero\Nero 7\InCD\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[PID: 1596 / SYSTEM][C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe] [InterVideo, 1, 0, 1, 0]
[PID: 1616 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.9381]
[C:\WINDOWS\system32\nvapi.dll] [N/A, ]
[PID: 1672 / SYSTEM][C:\WINDOWS\system32\PnkBstrA.exe] [N/A, ]
[PID: 1776 / SYSTEM][C:\Program Files\CyberLink\Shared Files\RichVideo.exe] [, 2.0.0425 ]
[PID: 1808 / SYSTEM][c:\program files\speed disk\nopdb.exe] [Symantec Corporation, 6.0.0.20]
[c:\program files\speed disk\SDException.dll] [Symantec Corporation, 6.0.0.20]
[c:\program files\speed disk\SDOptions.DLL] [Symantec Corporation, 6.0.0.20]
[PID: 1828 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 428 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1156 / Administrateur][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll] [Sony Ericsson Mobile Communications AB, 1, 3, 11, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrguil.dll] [Sony Ericsson Mobile Communications AB, 1, 3, 4, 0]
[C:\WINDOWS\system32\nview.dll] [, ]
[C:\WINDOWS\system32\NVWRSFR.DLL] [NVIDIA Corporation, 6.14.10.11061]
[C:\WINDOWS\system32\nvwddi.dll] [NVIDIA Corporation, 6.14.10.9381]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400]
[C:\PROGRA~1\FlashGet\jccatch.dll] [Amaze Soft, 1, 1, 4, 0]
[C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll] [N/A, ]
[C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll] [N/A, ]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\PROGRA~1\WINZIP\WZSHLSTB.DLL] [WinZip Computing LP, 4.1 (32-bit)]
[C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll] [Nero AG, 2, 7, 3, 2]
[C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[PID: 1372 / Administrateur][C:\WINDOWS\system32\wscntfy.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\nview.dll] [, ]
[C:\WINDOWS\system32\NVWRSFR.DLL] [NVIDIA Corporation, 6.14.10.11061]
[PID: 708 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2196 / Administrateur][C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe] [Macrovision Corporation, 5, 01, 100, 47363]
[C:\WINDOWS\system32\nview.dll] [, ]
[C:\WINDOWS\system32\NVWRSFR.DLL] [NVIDIA Corporation, 6.14.10.11061]
[PID: 2236 / Administrateur][C:\WINDOWS\system32\RunDLL32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NvMCTray.dll] [NVIDIA Corporation, 6.14.10.9381]
[C:\WINDOWS\system32\nvapi.dll] [N/A, ]
[C:\WINDOWS\system32\NVRSFR.DLL] [NVIDIA Corporation, 6.14.10.9381]
[C:\WINDOWS\system32\nview.dll] [, ]
[C:\WINDOWS\system32\NVWRSFR.DLL] [NVIDIA Corporation, 6.14.10.11061]
[PID: 2240 / Administrateur][C:\Program Files\Analog Devices\Core\smax4pnp.exe] [Analog Devices, Inc., 6,0,6000,81]
[C:\Program Files\Analog Devices\Core\SMWDMIF.dll] [Analog Devices, Inc., 6, 0, 6000, 003]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\nview.dll] [, ]
[C:\WINDOWS\system32\NVWRSFR.DLL] [NVIDIA Corporation, 6.14.10.11061]
[PID: 2284 / Administrateur][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\nview.dll] [, ]
[C:\WINDOWS\system32\NVWRSFR.DLL] [NVIDIA Corporation, 6.14.10.11061]
[C:\WINDOWS\system32\nvwddi.dll] [NVIDIA Corporation, 6.14.10.9381]
[C:\WINDOWS\system32\nvapi.dll] [N/A, ]
[C:\WINDOWS\system32\nvshell.dll] [, ]
[PID: 2292 / Administrateur][C:\Program Files\Analog Devices\SoundMAX\Smax4.exe] [Analog Devices, Inc., 5, 2, 0, 30]
[C:\WINDOWS\system32\nview.dll] [, ]
[C:\WINDOWS\system32\NVWRSFR.DLL] [NVIDIA Corporation, 6.14.10.11061]
[PID: 2312 / Administrateur][C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe] [Cyberlink Corp., 7.00.2406]
[C:\Program Files\Cyberlink\PowerDVD\CLRCEngine3.dll] [CyberLink Corp., 7.00.1711 ]
[C:\Program Files\Cyberlink\PowerDVD\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\nview.dll] [, ]
[C:\WINDOWS\system32\NVWRSFR.DLL] [NVIDIA Corporation, 6.14.10.11061]
[PID: 2332 / Administrateur][C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe] [Lexmark International, Inc., 1.0.6.0]
[C:\WINDOWS\system32\nview.dll] [, ]
[C:\WINDOWS\system32\NVWRSFR.DLL] [NVIDIA Corporation, 6.14.10.11061]
[PID: 2348 / Administrateur][C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe] [Nero AG, 2,0,5,0]
[C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Fichiers communs\Ahead\Lib\AdvrCntr2.dll] [Nero AG, 8,6,0, 10800]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingServicePS.dll] [Nero AG, 2,0,5,0]
[C:\WINDOWS\system32\nview.dll] [, ]
[C:\WINDOWS\system32\NVWRSFR.DLL] [NVIDIA Corporation, 6.14.10.11061]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvrPS.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMDataServices.dll] [Nero AG, 2,0,5,0]
[PID: 2400 / Administrateur][C:\Program Files\Lexmark X74-X75\lxbbbmon.exe] [Lexmark International, Inc., 1.0.6.0]
[C:\WINDOWS\system32\nview.dll] [, ]
[C:\WINDOWS\system32\NVWRSFR.DLL] [NVIDIA Corporation, 6.14.10.11061]
[PID: 2496 / SYSTEM][C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe] [Nero AG, 2,0,5,0]
[C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingServicePS.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMLogCxx.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Fichiers communs\Ahead\Lib\log4cxx.dll] [Nero AG, 1, 0, 0, 0]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMDataServices.dll] [Nero AG, 2,0,5,0]
[PID: 2600 / Administrateur][C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe] [Nero AG, 2,0,5,0]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMSQLDB.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMLogCxx.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Fichiers communs\Ahead\Lib\log4cxx.dll] [Nero AG, 1, 0, 0, 0]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingServicePS.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMCoFoundation.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMPluginBase.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMFullTextExtraction.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMSearchPluginSimilarImages.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Fichiers communs\Ahead\Lib\NeroIPP.dll] [Nero AG, 4,9,4,1]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMDataServices.dll] [Nero AG, 2,0,5,0]
[C:\WINDOWS\system32\nview.dll] [, ]
[C:\WINDOWS\system32\NVWRSFR.DLL] [NVIDIA Corporation, 6.14.10.11061]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvrPS.dll] [Nero AG, 2,0,5,0]
[PID: 2656 / Administrateur][C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe] [Adobe Systems Incorporated, 7.0.0.0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\nview.dll] [, ]
[C:\WINDOWS\system32\NVWRSFR.DLL] [NVIDIA Corporation, 6.14.10.11061]
[PID: 2736 / Administrateur][C:\Program Files\MagicDisc\MagicDisc.exe] [MagicISO, Inc., 2.5.0.79]
[C:\WINDOWS\system32\nview.dll] [, ]
[C:\WINDOWS\system32\NVWRSFR.DLL] [NVIDIA Corporation, 6.14.10.11061]
[C:\WINDOWS\system32\nvwddi.dll] [NVIDIA Corporation, 6.14.10.9381]
[PID: 2856 / Administrateur][C:\WINDOWS\system32\NOTEPAD.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\nview.dll] [, ]
[C:\WINDOWS\system32\NVWRSFR.DLL] [NVIDIA Corporation, 6.14.10.11061]
[C:\WINDOWS\system32\nvwddi.dll] [NVIDIA Corporation, 6.14.10.9381]
[PID: 3164 / Administrateur][C:\Documents and Settings\Administrateur\Bureau\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\nview.dll] [, ]
[C:\WINDOWS\system32\NVWRSFR.DLL] [NVIDIA Corporation, 6.14.10.11061]
[C:\WINDOWS\system32\nvwddi.dll] [NVIDIA Corporation, 6.14.10.9381]
[C:\Documents and Settings\Administrateur\Bureau\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1616, C:\WINDOWS\SYSTEM32\NVSVC32.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1156, C:\WINDOWS\EXPLORER.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2292, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2332, C:\PROGRAM FILES\LEXMARK X74-X75\LXBBBMGR.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2656, C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\READER_SL.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2736, C:\PROGRAM FILES\MAGICDISC\MAGICDISC.EXE]

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


[/CODE]












SmitFraudFix v2.274

Rapport fait à 13:09:05,90, 17/01/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\program files\speed disk\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\Tasks\At?.job PRESENT !
C:\WINDOWS\Tasks\At??.job PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin







Rapport lopxpMH2 version 2.0 fait à 13:12:33,34 le 17/01/2008
C:\Documents and Settings\Administrateur\Bureau\lopxpMH2

******************************************
## Répertoires Application Data

Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est BC82-7FD5

Répertoire de C:\Documents and Settings\Administrateur\Application Data

30/11/2006 14:32 <REP> .
30/11/2006 14:32 <REP> ..
18/12/2006 15:32 <REP> ACD Systems
04/12/2006 18:55 <REP> Adobe
04/12/2006 18:55 <REP> AdobeUM
01/03/2007 20:58 <REP> Ahead
04/05/2007 17:23 <REP> Apple Computer
01/11/2007 21:20 <REP> AVG7
15/06/2007 19:31 <REP> Azureus
06/12/2007 15:53 <REP> Bioshock
17/12/2006 19:12 <REP> BitTorrent
25/01/2007 10:25 <REP> bluecoal
17/12/2006 22:44 <REP> CrystalSpace
03/03/2007 18:16 <REP> CyberLink
19/07/2007 23:10 <REP> DivX
13/01/2007 12:21 <REP> dvdcss
14/02/2007 10:42 <REP> Google
02/03/2007 17:56 <REP> GRETECH
26/09/2007 23:13 <REP> gtk-2.0
09/12/2006 23:22 <REP> Help
30/11/2006 14:39 <REP> Identities
28/12/2006 14:18 <REP> InstallShield
25/03/2007 00:21 <REP> InterVideo
01/08/2007 16:25 <REP> iota-calc prefs
26/01/2007 11:12 <REP> Lavasoft
30/08/2007 13:32 <REP> Lectra
30/11/2006 20:48 <REP> Macromedia
03/03/2007 19:01 <REP> Media Player Classic
30/11/2006 14:32 <REP> Microsoft
01/11/2007 20:57 <REP> Mozilla
10/02/2007 13:10 <REP> MPEG Streamclip
17/02/2007 19:35 <REP> MyOddWeb
07/04/2007 18:39 <REP> NewsBin
04/08/2007 12:08 <REP> PACE Anti-Piracy
06/10/2007 17:30 <REP> Publish Providers
10/02/2007 20:08 <REP> Real
06/02/2007 20:52 <REP> River Past G4
26/02/2007 23:54 <REP> SecuROM
21/12/2006 17:51 <REP> Skype
06/10/2007 17:28 <REP> Sony
02/12/2006 12:49 <REP> Sony Ericsson
01/12/2006 09:57 <REP> Sun
27/12/2006 17:05 <REP> Syntrillium
01/11/2007 20:58 <REP> Talkback
02/12/2006 12:49 <REP> Teleca
05/10/2007 14:32 <REP> Ulead Systems
30/11/2006 21:09 <REP> vlc
26/11/2007 14:28 680 coreavc.ini
30/11/2006 14:32 62 desktop.ini
04/12/2007 16:46 22 328 PnkBstrK.sys
3 fichier(s) 23 070 octets
47 Rép(s) 9 660 755 968 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est BC82-7FD5

Répertoire de C:\Documents and Settings\Administrateur\Local Settings\Application Data

30/11/2006 14:32 <REP> .
30/11/2006 14:32 <REP> ..
18/12/2006 15:32 <REP> ACD Systems
04/12/2006 18:55 <REP> Adobe
08/02/2007 12:38 <REP> Ahead
09/12/2007 13:02 <REP> Apple
20/02/2007 20:59 <REP> Apple Computer
14/02/2007 11:04 <REP> ApplicationHistory
07/03/2007 12:39 <REP> ArmA Demo
26/11/2007 00:29 <REP> CyberLink
14/02/2007 10:42 <REP> Google
09/12/2006 23:22 <REP> Help
04/12/2006 23:28 <REP> Identities
30/11/2006 14:32 <REP> Microsoft
01/11/2007 20:57 <REP> Mozilla
30/11/2006 23:10 <REP> Oblivion
04/08/2007 12:08 <REP> PACE Anti-Piracy
26/08/2007 17:42 <REP> QuickPar
02/12/2006 12:50 <REP> Sony Ericsson
01/12/2006 09:56 <REP> Sun
30/11/2006 21:08 151 040 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
14/02/2007 11:04 137 fusioncache.dat
30/11/2006 21:59 28 080 GDIPFONTCACHEV1.DAT
13/03/2007 02:16 3 188 528 IconCache.db
4 fichier(s) 3 367 785 octets
20 Rép(s) 9 660 751 872 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est BC82-7FD5

Répertoire de C:\Documents and Settings\All Users\Application Data

30/11/2006 15:19 <REP> .
30/11/2006 15:19 <REP> ..
23/01/2007 23:14 <REP> 1 manager bleh bash
18/12/2006 15:30 <REP> ACD Systems
03/03/2007 20:22 <REP> Adobe
09/12/2007 13:02 <REP> Apple
18/12/2006 15:30 <REP> Apple Computer
01/11/2007 20:27 <REP> Avg7
17/01/2008 01:39 <REP> Avira
15/06/2007 19:31 <REP> Azureus
03/03/2007 18:15 <REP> CyberLink
02/03/2007 17:57 <REP> GRETECH
12/12/2007 12:38 <REP> Installations
09/12/2006 21:45 <REP> InstallShield
16/01/2008 18:02 <REP> Kaspersky Lab Setup Files
30/11/2006 15:19 <REP> Microsoft
10/05/2007 12:16 <REP> Nero
30/11/2006 21:59 <REP> NVIDIA
01/05/2007 15:09 <REP> NVIDIA Corporation
30/11/2006 21:20 <REP> nView_Profiles
04/08/2007 12:08 <REP> PACE Anti-Piracy
17/10/2007 09:30 <REP> Pinnacle
17/10/2007 10:01 <REP> Pinnacle Studio
03/05/2007 17:54 <REP> Real
06/02/2007 20:46 <REP> River Past G4
20/08/2007 23:13 <REP> Skyline
23/12/2007 01:08 <REP> SlySoft
05/10/2007 14:30 <REP> SmartSound Software Inc
06/10/2007 17:27 <REP> Sony
02/12/2006 12:48 <REP> Sony Ericsson
02/12/2006 12:48 <REP> Teleca
15/12/2006 20:32 <REP> TEMP
01/04/2007 10:26 <REP> Test Drive Unlimited
12/02/2007 15:47 <REP> Trymedia
01/12/2006 20:39 <REP> Ubisoft
05/10/2007 14:28 <REP> Ulead Systems
01/05/2007 09:57 <REP> Windows Genuine Advantage
23/12/2007 01:08 40 .zreglib
17/10/2007 10:08 24 __FileUploader.log
17/01/2008 01:40 305 addr_file.html
30/11/2006 15:19 62 desktop.ini
04/05/2007 17:14 3 311 QTSBandwidthCache
5 fichier(s) 3 742 octets
37 Rép(s) 9 660 751 872 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est BC82-7FD5

Répertoire de C:\Documents and Settings\Boomscud\Application Data

30/11/2006 14:37 <REP> .
30/11/2006 14:37 <REP> ..
30/11/2006 14:37 <REP> Sun
0 fichier(s) 0 octets
3 Rép(s) 9 660 751 872 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est BC82-7FD5

Répertoire de C:\Documents and Settings\Boomscud\Local Settings

Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est BC82-7FD5

Répertoire de C:\Documents and Settings\Default User\Application Data

30/11/2006 15:19 <REP> .
30/11/2006 15:19 <REP> ..
30/11/2006 15:19 <REP> Microsoft
30/11/2006 15:19 62 desktop.ini
1 fichier(s) 62 octets
3 Rép(s) 9 660 751 872 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est BC82-7FD5

Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

30/11/2006 15:19 <REP> .
30/11/2006 15:19 <REP> ..
30/11/2006 14:28 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 9 660 751 872 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est BC82-7FD5

Répertoire de C:\Documents and Settings\LocalService\Application Data

30/11/2006 14:32 <REP> .
30/11/2006 14:32 <REP> ..
10/05/2007 12:46 <REP> Ahead
01/11/2007 21:20 <REP> AVG7
30/11/2006 14:32 <REP> Microsoft
0 fichier(s) 0 octets
5 Rép(s) 9 660 747 776 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est BC82-7FD5

Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

30/11/2006 14:32 <REP> .
30/11/2006 14:32 <REP> ..
30/11/2006 14:32 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 9 660 747 776 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est BC82-7FD5

Répertoire de C:\Documents and Settings\NetworkService\Application Data

30/11/2006 14:32 <REP> .
30/11/2006 14:32 <REP> ..
30/11/2006 14:32 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 9 660 747 776 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est BC82-7FD5

Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

30/11/2006 14:32 <REP> .
30/11/2006 14:32 <REP> ..
25/12/2007 20:31 <REP> Apple
30/11/2006 14:32 <REP> Microsoft
0 fichier(s) 0 octets
4 Rép(s) 9 660 747 776 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est BC82-7FD5

Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

30/11/2006 14:31 <REP> .
30/11/2006 14:31 <REP> ..
30/11/2006 14:31 <REP> Microsoft
30/11/2006 14:31 62 desktop.ini
1 fichier(s) 62 octets
3 Rép(s) 9 660 747 776 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est BC82-7FD5

Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

30/11/2006 14:31 <REP> .
30/11/2006 14:31 <REP> ..
30/11/2006 14:31 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 9 660 747 776 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks


C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
 T5ÂL…5‡F‡³{&¬F±F ê <
s  €!Ø     : C : \ P r o g r a m F i l e s \ A p p l e S o f t w a r e U p d a t e \ S o f t w a r e U p d a t e . e x e  - t a s k  S Y S T E M   0 ×     

C:\WINDOWS\Tasks\At1.job
 (*|ÊúAJ“è¼­×qF ä <
s   ¨!×    ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 ×       hq4¤oçeŽ) –=ó;þf©Õþ!¶\¯¾0Šl*yUÉæè´¤aÏK¿¶ûŸ ›XRäž+KeŸfÓi~J

C:\WINDOWS\Tasks\At10.job
 ¶ˆŒ¹oLóE¼jÿþWÍ4F ä <
s   ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 ×        $XÙñýÈBœ›ÍHÅ>€°óò%žEX õ|°1<ï¼8B¥ÁKrð¡j°ð ID†'†.s1÷ysôoO


C:\WINDOWS\Tasks\At11.job
s   ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 × 
      þ¿9v¾],ö”ÙL-Z“£!y.>Xp
ªsH†|ŸËMI|+hèz#à¥ʼsð9p®Bï¶ít´ T1ŒDS

C:\WINDOWS\Tasks\At12.job
 ç J·LH·R[Œ›fd3F ä <
s   ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 ×        Gèh$†Õµ&‰œDQ 'ð¡a[ÓƒÁ.ˆM„ÜâdrË°
ÉçàíÃ“Ü ~‹šý¯Màõ»CHa«ŠÜ†

C:\WINDOWS\Tasks\At13.job
 Œa¨ß÷^Ož%J"“^iF ä <
s   ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 ×        ö=¼ HaâšSÃçÛ&ñÆ$uóm3Q“¿EÁxfÞÇïÄoþcKƒ¡,Â.OÈtÀÏ0Os=&–ôÕ8

C:\WINDOWS\Tasks\At14.job
 @I—=W÷J—ºá²žð ÝF ä <
s   ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 × 
      gÆƉ5˜›B\. D…Ür",ÛZü‘ñ…k"ªÎLÏ{™—QKe šìŒä1ÕúÙ%vq‹Cb?Ÿ~Ébé›Ûrö

C:\WINDOWS\Tasks\At15.job
 ÄeÄ4cJñLƒ#¿F ä <
s   ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 ×         Œ3{‚X‹´i}»:@]«Ñyd_


C:\WINDOWS\Tasks\At16.job
 @S½“)jO”ÐÓA­ÍaöF ä <
s
bizarre il manque la fin de mon post , j'ai la poisse décidémment , heureusement que tu es là pour remonter le morale !



Rapport lopxpMH2 version 2.0 fait à 13:12:33,34 le 17/01/2008
C:\Documents and Settings\Administrateur\Bureau\lopxpMH2

******************************************
## Répertoires Application Data

Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est BC82-7FD5

Répertoire de C:\Documents and Settings\Administrateur\Application Data

30/11/2006 14:32 <REP> .
30/11/2006 14:32 <REP> ..
18/12/2006 15:32 <REP> ACD Systems
04/12/2006 18:55 <REP> Adobe
04/12/2006 18:55 <REP> AdobeUM
01/03/2007 20:58 <REP> Ahead
04/05/2007 17:23 <REP> Apple Computer
01/11/2007 21:20 <REP> AVG7
15/06/2007 19:31 <REP> Azureus
06/12/2007 15:53 <REP> Bioshock
17/12/2006 19:12 <REP> BitTorrent
25/01/2007 10:25 <REP> bluecoal
17/12/2006 22:44 <REP> CrystalSpace
03/03/2007 18:16 <REP> CyberLink
19/07/2007 23:10 <REP> DivX
13/01/2007 12:21 <REP> dvdcss
14/02/2007 10:42 <REP> Google
02/03/2007 17:56 <REP> GRETECH
26/09/2007 23:13 <REP> gtk-2.0
09/12/2006 23:22 <REP> Help
30/11/2006 14:39 <REP> Identities
28/12/2006 14:18 <REP> InstallShield
25/03/2007 00:21 <REP> InterVideo
01/08/2007 16:25 <REP> iota-calc prefs
26/01/2007 11:12 <REP> Lavasoft
30/08/2007 13:32 <REP> Lectra
30/11/2006 20:48 <REP> Macromedia
03/03/2007 19:01 <REP> Media Player Classic
30/11/2006 14:32 <REP> Microsoft
01/11/2007 20:57 <REP> Mozilla
10/02/2007 13:10 <REP> MPEG Streamclip
17/02/2007 19:35 <REP> MyOddWeb
07/04/2007 18:39 <REP> NewsBin
04/08/2007 12:08 <REP> PACE Anti-Piracy
06/10/2007 17:30 <REP> Publish Providers
10/02/2007 20:08 <REP> Real
06/02/2007 20:52 <REP> River Past G4
26/02/2007 23:54 <REP> SecuROM
21/12/2006 17:51 <REP> Skype
06/10/2007 17:28 <REP> Sony
02/12/2006 12:49 <REP> Sony Ericsson
01/12/2006 09:57 <REP> Sun
27/12/2006 17:05 <REP> Syntrillium
01/11/2007 20:58 <REP> Talkback
02/12/2006 12:49 <REP> Teleca
05/10/2007 14:32 <REP> Ulead Systems
30/11/2006 21:09 <REP> vlc
26/11/2007 14:28 680 coreavc.ini
30/11/2006 14:32 62 desktop.ini
04/12/2007 16:46 22 328 PnkBstrK.sys
3 fichier(s) 23 070 octets
47 Rép(s) 9 660 755 968 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est BC82-7FD5

Répertoire de C:\Documents and Settings\Administrateur\Local Settings\Application Data

30/11/2006 14:32 <REP> .
30/11/2006 14:32 <REP> ..
18/12/2006 15:32 <REP> ACD Systems
04/12/2006 18:55 <REP> Adobe
08/02/2007 12:38 <REP> Ahead
09/12/2007 13:02 <REP> Apple
20/02/2007 20:59 <REP> Apple Computer
14/02/2007 11:04 <REP> ApplicationHistory
07/03/2007 12:39 <REP> ArmA Demo
26/11/2007 00:29 <REP> CyberLink
14/02/2007 10:42 <REP> Google
09/12/2006 23:22 <REP> Help
04/12/2006 23:28 <REP> Identities
30/11/2006 14:32 <REP> Microsoft
01/11/2007 20:57 <REP> Mozilla
30/11/2006 23:10 <REP> Oblivion
04/08/2007 12:08 <REP> PACE Anti-Piracy
26/08/2007 17:42 <REP> QuickPar
02/12/2006 12:50 <REP> Sony Ericsson
01/12/2006 09:56 <REP> Sun
30/11/2006 21:08 151 040 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
14/02/2007 11:04 137 fusioncache.dat
30/11/2006 21:59 28 080 GDIPFONTCACHEV1.DAT
13/03/2007 02:16 3 188 528 IconCache.db
4 fichier(s) 3 367 785 octets
20 Rép(s) 9 660 751 872 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est BC82-7FD5

Répertoire de C:\Documents and Settings\All Users\Application Data

30/11/2006 15:19 <REP> .
30/11/2006 15:19 <REP> ..
23/01/2007 23:14 <REP> 1 manager bleh bash
18/12/2006 15:30 <REP> ACD Systems
03/03/2007 20:22 <REP> Adobe
09/12/2007 13:02 <REP> Apple
18/12/2006 15:30 <REP> Apple Computer
01/11/2007 20:27 <REP> Avg7
17/01/2008 01:39 <REP> Avira
15/06/2007 19:31 <REP> Azureus
03/03/2007 18:15 <REP> CyberLink
02/03/2007 17:57 <REP> GRETECH
12/12/2007 12:38 <REP> Installations
09/12/2006 21:45 <REP> InstallShield
16/01/2008 18:02 <REP> Kaspersky Lab Setup Files
30/11/2006 15:19 <REP> Microsoft
10/05/2007 12:16 <REP> Nero
30/11/2006 21:59 <REP> NVIDIA
01/05/2007 15:09 <REP> NVIDIA Corporation
30/11/2006 21:20 <REP> nView_Profiles
04/08/2007 12:08 <REP> PACE Anti-Piracy
17/10/2007 09:30 <REP> Pinnacle
17/10/2007 10:01 <REP> Pinnacle Studio
03/05/2007 17:54 <REP> Real
06/02/2007 20:46 <REP> River Past G4
20/08/2007 23:13 <REP> Skyline
23/12/2007 01:08 <REP> SlySoft
05/10/2007 14:30 <REP> SmartSound Software Inc
06/10/2007 17:27 <REP> Sony
02/12/2006 12:48 <REP> Sony Ericsson
02/12/2006 12:48 <REP> Teleca
15/12/2006 20:32 <REP> TEMP
01/04/2007 10:26 <REP> Test Drive Unlimited
12/02/2007 15:47 <REP> Trymedia
01/12/2006 20:39 <REP> Ubisoft
05/10/2007 14:28 <REP> Ulead Systems
01/05/2007 09:57 <REP> Windows Genuine Advantage
23/12/2007 01:08 40 .zreglib
17/10/2007 10:08 24 __FileUploader.log
17/01/2008 01:40 305 addr_file.html
30/11/2006 15:19 62 desktop.ini
04/05/2007 17:14 3 311 QTSBandwidthCache
5 fichier(s) 3 742 octets
37 Rép(s) 9 660 751 872 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est BC82-7FD5

Répertoire de C:\Documents and Settings\Boomscud\Application Data

30/11/2006 14:37 <REP> .
30/11/2006 14:37 <REP> ..
30/11/2006 14:37 <REP> Sun
0 fichier(s) 0 octets
3 Rép(s) 9 660 751 872 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est BC82-7FD5

Répertoire de C:\Documents and Settings\Boomscud\Local Settings

Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est BC82-7FD5

Répertoire de C:\Documents and Settings\Default User\Application Data

30/11/2006 15:19 <REP> .
30/11/2006 15:19 <REP> ..
30/11/2006 15:19 <REP> Microsoft
30/11/2006 15:19 62 desktop.ini
1 fichier(s) 62 octets
3 Rép(s) 9 660 751 872 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est BC82-7FD5

Répertoire de C:\Documents and Settings\Default User\Local Settings\Application Data

30/11/2006 15:19 <REP> .
30/11/2006 15:19 <REP> ..
30/11/2006 14:28 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 9 660 751 872 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est BC82-7FD5

Répertoire de C:\Documents and Settings\LocalService\Application Data

30/11/2006 14:32 <REP> .
30/11/2006 14:32 <REP> ..
10/05/2007 12:46 <REP> Ahead
01/11/2007 21:20 <REP> AVG7
30/11/2006 14:32 <REP> Microsoft
0 fichier(s) 0 octets
5 Rép(s) 9 660 747 776 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est BC82-7FD5

Répertoire de C:\Documents and Settings\LocalService\Local Settings\Application Data

30/11/2006 14:32 <REP> .
30/11/2006 14:32 <REP> ..
30/11/2006 14:32 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 9 660 747 776 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est BC82-7FD5

Répertoire de C:\Documents and Settings\NetworkService\Application Data

30/11/2006 14:32 <REP> .
30/11/2006 14:32 <REP> ..
30/11/2006 14:32 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 9 660 747 776 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est BC82-7FD5

Répertoire de C:\Documents and Settings\NetworkService\Local Settings\Application Data

30/11/2006 14:32 <REP> .
30/11/2006 14:32 <REP> ..
25/12/2007 20:31 <REP> Apple
30/11/2006 14:32 <REP> Microsoft
0 fichier(s) 0 octets
4 Rép(s) 9 660 747 776 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est BC82-7FD5

Répertoire de C:\WINDOWS\system32\config\systemprofile\Application Data

30/11/2006 14:31 <REP> .
30/11/2006 14:31 <REP> ..
30/11/2006 14:31 <REP> Microsoft
30/11/2006 14:31 62 desktop.ini
1 fichier(s) 62 octets
3 Rép(s) 9 660 747 776 octets libres
Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est BC82-7FD5

Répertoire de C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data

30/11/2006 14:31 <REP> .
30/11/2006 14:31 <REP> ..
30/11/2006 14:31 <REP> Microsoft
0 fichier(s) 0 octets
3 Rép(s) 9 660 747 776 octets libres

******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks


C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
 T5ÂL…5‡F‡³{&¬F±F ê <
s  €!Ø     : C : \ P r o g r a m F i l e s \ A p p l e S o f t w a r e U p d a t e \ S o f t w a r e U p d a t e . e x e  - t a s k  S Y S T E M   0 ×     

C:\WINDOWS\Tasks\At1.job
 (*|ÊúAJ“è¼­×qF ä <
s   ¨!×    ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 ×       hq4¤oçeŽ) –=ó;þf©Õþ!¶\¯¾0Šl*yUÉæè´¤aÏK¿¶ûŸ ›XRäž+KeŸfÓi~J

C:\WINDOWS\Tasks\At10.job
 ¶ˆŒ¹oLóE¼jÿþWÍ4F ä <
s   ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 ×        $XÙñýÈBœ›ÍHÅ>€°óò%žEX õ|°1<ï¼8B¥ÁKrð¡j°ð ID†'†.s1÷ysôoO


C:\WINDOWS\Tasks\At11.job
s   ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 × 
      þ¿9v¾],ö”ÙL-Z“£!y.>Xp
ªsH†|ŸËMI|+hèz#à¥ʼsð9p®Bï¶ít´ T1ŒDS

C:\WINDOWS\Tasks\At12.job
 ç J·LH·R[Œ›fd3F ä <
s   ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 ×        Gèh$†Õµ&‰œDQ 'ð¡a[ÓƒÁ.ˆM„ÜâdrË°
ÉçàíÃ“Ü ~‹šý¯Màõ»CHa«ŠÜ†

C:\WINDOWS\Tasks\At13.job
 Œa¨ß÷^Ož%J"“^iF ä <
s   ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 ×        ö=¼ HaâšSÃçÛ&ñÆ$uóm3Q“¿EÁxfÞÇïÄoþcKƒ¡,Â.OÈtÀÏ0Os=&–ôÕ8

C:\WINDOWS\Tasks\At14.job
 @I—=W÷J—ºá²žð ÝF ä <
s   ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 × 
      gÆƉ5˜›B\. D…Ür",ÛZü‘ñ…k"ªÎLÏ{™—QKe šìŒä1ÕúÙ%vq‹Cb?Ÿ~Ébé›Ûrö

C:\WINDOWS\Tasks\At15.job
 ÄeÄ4cJñLƒ#¿F ä <
s   ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 ×         Œ3{‚X‹´i}»:@]«Ñyd_


C:\WINDOWS\Tasks\At16.job
 @S½“)jO”ÐÓA­ÍaöF ä <
s   ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 ×         ïÕ§Ùp,nÕ/ž¡oHo£½!‚z=T=‚›ÖEm’ÍŒít¥ïhÝW¦?J7p„|IaLçú÷†¯[4®÷áþ~˜]

C:\WINDOWS\Tasks\At17.job
 %*¨ˆ¢öiL±Z‡º®F ä <
s   ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 ×         ¹wCA"ÿg¢0ÙŪ²Õ©ÂbŠÀër®È YFŸ6¹N©†þðw̼¸V·åVèU® Ãi(S;Ñó¹

C:\WINDOWS\Tasks\At18.job
 /è'‡ø$J©(šß¿ÀI^F ä <
s   ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 ×         Ãúÿ´<v˜^rÇ?Å-Ö¬ó¨%Päí$VÛ†‡=øBïä4wÔMÇš¬I{mÞ3Ì"Í‘s¥ šLÝã.AÛâ


C:\WINDOWS\Tasks\At19.job
 ±ŸÖ·Ò»£J£íÃýA×ê-F ä <
s   ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 ×         Q“é»BÒ@‰$T÷ù@»‘ ãE‚akÞ‘Iµ³Õƒ xm,dC¥åßôêväÆÙÖQ#•k§9NT

C:\WINDOWS\Tasks\At2.job
 ×[pHœLš x€WC(üF ä <
s   ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 ×         úÓäj¨W´(¹FkÞFé­ñ °“ß]ù@i–ÍÒzí0‹Yüÿq¤Û©è¦~ò–Ó.†

C:\WINDOWS\Tasks\At20.job
s   ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 ×         ×-†Žu‡R¡úSÉlûgÔ4Tð<;Û=˜
±%(uÁK¿ËÅ4ë‰Mcâ|ýHc½³ºˆU+Vêä¡q

C:\WINDOWS\Tasks\At21.job
s   ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 ×         ®­.Ÿ’Ç)
¿Å¢@úì˜ÑüV§Z¿‘nÁn§Ü!P-¶CýKLÛ"zRK­Šù¤•kÞ¶²w°ñLÂðêÆ:R

C:\WINDOWS\Tasks\At22.job
 韴×&î=I¬¾EÄša¢F ä <
s   ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 ×         Òs=•&yštÞ#q›HðS÷ºÝ&ãÏAVwúì󄥋$„ݏ9V4Éjv½Æ¹˜vK¯/qbãôëNß+

C:\WINDOWS\Tasks\At23.job
 »ªÏÆà§<@ª\ÞÄi˜ØF ä <
s   ¨!×    ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 ×         {°:¨¢Ý­Nñ$‰Öž¯åÅx| 2'£Ýu96”‘Ã&¥9¹Àen'pPfƒ7µÞW~|\9ށ5u.t

C:\WINDOWS\Tasks\At24.job
s   ¨!×    ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 ×       ô–   ¥|ÿÙè E£çà s÷U67—ƒ×ùÓ§ãö11¥š…:¼TÄEÈSeh=ø½w¦Êú—ݝõöl2ÌÃú<

C:\WINDOWS\Tasks\At3.job
s   ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 ×         k ˆª*#@Òæ±åËšãuëI¾äG`Ã@i OX8A5“xþ„Œ{³òUm#`ão­q


C:\WINDOWS\Tasks\At4.job
 ±P}ÜòRL›0ùòîÞÙF ä <
s   ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 ×         äL@SêqV•X^D ”W¡®]ÔÜõÝpX¨Qú¹oçj‘“r<nµVnª{%
ñߟ XÙŠÀ:Ìg“X¨{yÉq!Éš

C:\WINDOWS\Tasks\At5.job
s   ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 ×         ðÿq
‚ÑXjÔP^ÇÃg Ì‚€HMu©äbP%ˆy„¹1ÎakZÁ/rüù\á^¢’¨€‰E‚v+YÚ[ÐK


C:\WINDOWS\Tasks\At6.job
s   ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 ×         †/¹“·c{‚%(ýA(Ö$ƒí×›´RI£ÝJ`êWU¾û/¸1T$¥Þk$®ŒÅEÄjχí0zW*C‹ò

C:\WINDOWS\Tasks\At7.job
 –S2ø*¯"I„<@Æ®^˜JF ä <
s   ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 ×         Ú‘°6ñåœ%XÕn“dÅ·ç[Ƚf¸žM™ÌxÑS_HÜmwňå<àeWGò[žy *Ø™² ŠÝа‹

C:\WINDOWS\Tasks\At8.job
s   ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 ×         ›vU£Ñ€‡2<=ŠJq—¬¾hK½!¬—æl„ã’@?nf¿ƒ7]áƒðÜtÛâ…=ÒÆå¿m¢|

C:\WINDOWS\Tasks\At9.job
 C‹ËòߧIŒiÒzSÐO÷F ä <
s   ¨! ! C : \ W I N D O W S \ s y s t e m 3 2 \ F X R 6 x X A v . e x e  S Y S T E M  C r é é p a r N e t S c h e d u l e J o b A d d .   €  0 ×         5Mæ¢ÕÂݯç0§êÍäéÍ„yöE²Èw™”nøyµu, ¸q™Àâ+ƒP1§Q9t>»8)ü‹öÚjԁö9û–
******************************************
## Répertoires de C:\Program Files

Le volume dans le lecteur C s'appelle Disque local
Le numéro de série du volume est BC82-7FD5

Répertoire de C:\Program Files

17/01/2008 03:21 <REP> .
17/01/2008 03:21 <REP> ..
30/12/2006 19:21 <REP> AC3+DTS XForm
30/11/2006 22:48 <REP> AC3Filter
18/12/2006 15:30 <REP> ACD Systems
05/10/2007 23:12 <REP> Adobe
20/02/2007 11:41 <REP> Aerosoft
01/03/2007 13:43 <REP> Ahead
29/01/2007 15:26 <REP> AIDA32 - Enterprise System Information
30/11/2006 14:37 <REP> Alcohol Soft
16/01/2008 18:39 <REP> Alwil Software
15/08/2007 21:17 <REP> Analog Devices
09/12/2007 13:02 <REP> Apple Software Update
07/03/2007 11:58 <REP> Aripacalc
30/11/2006 14:57 <REP> ASUS WiFi-AP Solo
16/01/2008 21:51 <REP> Audacity
04/02/2007 20:45 <REP> AVI MPEG RM WMV Joiner
08/01/2008 19:28 <REP> Avidemux 2.4
16/02/2007 00:21 <REP> AviSynth 2.5
23/12/2007 12:01 <REP> Azureus
15/01/2008 22:35 <REP> BitDefender
09/05/2007 10:06 <REP> BitTorrent
05/03/2007 00:08 <REP> CamStudio
30/12/2006 19:19 <REP> CD Audio Reader Filter
10/05/2007 10:21 <REP> CDBurnerXP Pro 3
30/11/2006 22:44 <REP> Combined Community Codec Pack
30/11/2006 14:24 <REP> ComPlus Applications
05/03/2007 21:01 <REP> convert
07/03/2007 12:17 <REP> ConvertEuro
23/06/2007 11:11 <REP> coolpro2
11/07/2007 14:05 <REP> Copie (2) de Zoom Player
06/07/2007 08:56 <REP> Copie de eMule
19/02/2007 20:18 <REP> Copie de FSC
16/01/2008 01:52 <REP> Copie de MPlayer for Windows
11/07/2007 13:24 <REP> Copie de Xvid
11/07/2007 10:48 <REP> Copie de Zoom Player
26/11/2007 14:03 <REP> CoreCodec
23/12/2007 12:52 <REP> CyberLink
26/01/2007 23:22 <REP> DAEMON Tools
04/08/2007 16:14 <REP> Desktop Currency Converter
10/01/2007 14:56 <REP> DiMAGE Viewer
11/07/2007 10:53 <REP> DirectVobSub
02/12/2007 17:27 <REP> DivX
11/07/2007 13:45 <REP> DScaler5
30/12/2006 19:18 <REP> DS-MP3 Source
07/02/2007 21:01 <REP> DVDInfoPro
04/08/2007 12:07 <REP> DxO Labs
11/07/2007 10:15 <REP> Elecard
16/01/2008 16:48 <REP> eMule
16/02/2007 00:21 <REP> eRightSoft
15/01/2008 22:35 <REP> Fichiers communs
02/12/2006 15:25 <REP> FileZilla
17/01/2008 11:50 <REP> FlashGet
28/05/2007 14:16 <REP> FSBuild
20/02/2007 00:35 <REP> FSC
10/01/2007 18:15 <REP> FTP Explorer
26/05/2007 21:00 <REP> Fx Audio Conveter
21/11/2007 20:17 <REP> Gabest
20/12/2007 22:02 <REP> GDSMUX
20/08/2007 23:06 <REP> Google
12/12/2006 22:30 <REP> GrabClipSave
07/04/2007 18:31 <REP> GrabIt
02/03/2007 17:56 <REP> GRETECH
15/01/2008 13:59 <REP> Grisoft
20/12/2007 22:02 <REP> Haali
30/12/2006 12:30 <REP> HexEdit
27/12/2006 15:23 <REP> Horloge
30/11/2006 14:43 <REP> Intel
06/10/2007 17:21 <REP> Internet Explorer
01/04/2007 23:56 <REP> InterVideo
01/04/2007 23:57 <REP> InterVideo Information Service
20/03/2007 23:52 <REP> Inventel
29/12/2006 19:42 <REP> Jane's Combat Simulations
19/12/2006 10:11 <REP> Java
03/05/2007 18:04 <REP> KC Softwares
06/02/2007 20:53 <REP> lame3.96.1
25/11/2007 20:52 <REP> Lavalys
26/01/2007 11:12 <REP> Lavasoft
30/08/2007 13:29 <REP> Lectra Systemes
03/01/2008 10:55 <REP> Lexmark X74-X75
06/01/2007 20:34 <REP> LightSurf
05/10/2007 14:25 <REP> MagicDisc
30/11/2006 14:55 <REP> Marvell
30/12/2006 19:18 <REP> Matroska
02/03/2007 17:59 <REP> MaXimus DVD v1.2
03/05/2007 17:54 <REP> Media Player Classic
10/07/2007 21:54 <REP> MediaInfo
30/11/2006 14:28 <REP> microsoft frontpage
10/02/2007 12:01 <REP> Microsoft Games
08/01/2007 11:09 <REP> Microsoft Office
26/12/2007 17:03 <REP> Microsoft Silverlight
06/10/2007 17:27 <REP> Microsoft SQL Server
04/01/2007 22:09 <REP> Mioplanet
31/12/2007 23:14 <REP> MKVtoolnix
30/12/2006 19:19 <REP> Monkey Audio Source Filter
30/11/2006 14:28 <REP> movie maker
17/01/2008 11:46 <REP> Mozilla Firefox
30/11/2006 14:28 <REP> msn gaming zone
07/02/2007 15:48 <REP> MSXML 4.0
17/02/2007 19:33 <REP> MyOddWeb
14/02/2007 10:57 <REP> NASA
17/02/2007 14:37 <REP> Navigraph
10/05/2007 12:16 <REP> Nero
30/11/2006 14:26 <REP> NetMeeting
26/05/2007 11:39 <REP> NewsBin
01/05/2007 15:09 <REP> NVIDIA Corporation
07/03/2007 12:31 <REP> OpenAL
30/11/2006 14:25 <REP> Outlook Express
25/01/2007 14:03 <REP> Packard Bell ImageWriter
07/03/2007 12:15 <REP> PsyLove - Conversion Euro
07/03/2007 12:07 <REP> Quick Exchange
27/04/2007 18:49 <REP> QuickPar
02/12/2006 15:30 <REP> QuickTime
09/12/2007 13:18 <REP> QuickTime Alternative
14/12/2006 23:38 <REP> RADVideo
10/02/2007 20:08 <REP> Real
03/05/2007 17:54 <REP> Real Alternative
15/01/2008 21:46 <REP> RegCleaner
16/05/2007 08:48 <REP> Ripp-it_AM
06/02/2007 20:46 <REP> River Past
30/11/2006 14:37 <REP> Satsuki Decodeur Pack
20/03/2007 23:52 <REP> Securitoo
30/11/2006 14:26 <REP> Services en ligne
30/12/2006 19:18 <REP> SHOUTcast Source
09/12/2007 14:40 <REP> Skyline
21/12/2006 17:51 <REP> Skype
23/12/2007 01:01 <REP> SlySoft
05/10/2007 14:30 <REP> SmartSound Software
02/12/2006 12:48 <REP> Sony Ericsson
09/12/2006 23:33 <REP> Speed Disk
01/03/2007 21:18 <REP> SuperBlank
09/12/2006 23:20 <REP> Symantec
07/03/2007 12:17 <REP> Taux de change
23/12/2006 22:37 <REP> Technodev
30/11/2006 15:08 <REP> Thomson
23/08/2006 20:24 <REP> TSH Hi-Res
21/11/2007 20:02 <REP> URUSoft
10/02/2007 14:11 <REP> VDMSound
03/12/2007 16:11 <REP> VideoLAN
25/04/2007 18:38 <REP> VirtualDubMOD1.5
06/10/2007 17:27 <REP> Vstplugins
21/03/2007 00:27 <REP> Wanadoo
03/03/2007 18:57 <REP> Webteh
05/10/2007 14:29 <REP> Windows Media Components
01/05/2007 11:15 <REP> Windows Media Player
30/11/2006 14:28 <REP> Windows NT
21/01/2007 00:05 <REP> WinRAR
26/02/2007 23:33 <REP> WinZip
25/06/2007 22:07 <REP> Womble Multimedia
30/11/2006 14:28 <REP> xerox
02/12/2006 15:30 <REP> Xilisoft
11/07/2007 13:25 <REP> Xvid
03/01/2007 21:38 <REP> XVid;-)
04/09/2007 23:05 <REP> Yamb
08/12/2007 23:23 <REP> Zoom Player
01/08/2007 10:33 <REP> ZSGCalc
0 fichier(s) 0 octets
156 Rép(s) 9 660 727 296 octets libres

******************************************
## Popups autorisées

* Internet Explorer

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow
www.divx-digest.com REG_BINARY
PopupMgr REG_SZ yes

* Mozilla Firefox (1 autorisé 2 interdit)

---------- C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\BEJVUI63.DEFAULT\HOSTPERM.1
host popup 1 www.fox.com
host popup 1 www.commentcamarche.net
host popup 1 didivideo.ifrance.com
host popup 1 www.thehdweb.com
host popup 1 www.scifi.com

******************************************
## Registre

* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
blehbashlessrdr REG_SZ ; C:\Documents and Settings\All Users\Application Data\1 manager bleh bash\Wma dale.exe
Sony Ericsson PC Suite REG_SZ ; "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

* [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
junkokay REG_SZ ; C:\DOCUME~1\ADMINI~1\APPLIC~1\bluecoal\Typeregs.exe

******************************************
## Zones de sécurité

* HKCU Domains (4)

* P3P History (5)

******************************************
## Recherche C:\WINDOWS\*.htm, "C:\WINDOWS\*.gif"


*************** Fin du rapport ****************
HAXFIX logfile - by Marckie

version 5.00.0
17/01/2008 13:18:42,73
running from C:\HaxFix

--- Checking for Haxdoor ---

checking for a3d files
a3d files not found

checking for matching notify keys
no matching notify keys found

checking for matching services
matching services found
Aspi32

checking for matching safeboot services
no matching safeboot services found


--- Checking for Goldun ---

checking for SSODL keys
no ssodl keys found

checking for notify keys
no notify keys found

checking for services
no services found

checking iexplore.exe
iexplore.exe is not infected


--- Checking for other Goldun and Haxdoor files ---
no other Haxdoor or Goldun files found


--- Catchme logfile - thank you Gmer ---

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 13:18:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:93441d9d
"s2"=dword:0f1ac2b0
"h0"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:71,4d,fb,d6,bd,b1,4b,a9,63,23,36,2c,a8,f8,59,9f,97,23,11,12,d6,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:3e,76,ba,10,88,92,e9,f6,2c,cf,96,35,98,c4,06,b7,85,51,41,38,a6,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,c5,5c,cd,d6,72,d1,2e,7f,cd,d1,8b,50,c3,06,ce,d7,bb,..
"khjeh"=hex:3a,e9,ef,30,89,ec,6e,b9,a0,5e,37,dc,dd,48,e0,05,b2,be,60,6f,64,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:05,58,0a,4f,dd,eb,00,6b,79,35,a7,1b,85,0c,e7,88,3f,38,67,f6,aa,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:ea,93,6c,38,a8,18,59,28,e7,99,89,db,84,93,17,59,77,ec,17,c4,97,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:74,bf,51,78,f3,0d,bb,9a,36,98,67,54,7a,1c,2b,68,44,51,28,2d,e9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:f1,36,bf,4c,2b,63,ee,31,4a,37,08,59,26,07,f3,18,65,02,31,96,b7,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
"h0"=dword:00000001
"ujdew"=hex:71,4d,fb,d6,bd,b1,4b,a9,63,23,36,2c,a8,f8,59,9f,97,23,11,12,d6,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:3e,76,ba,10,88,92,e9,f6,2c,cf,96,35,98,c4,06,b7,85,51,41,38,a6,..
"p0"="C:\Program Files\DAEMON Tools\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,c5,5c,cd,d6,72,d1,2e,7f,cd,d1,8b,50,c3,06,ce,d7,bb,..
"khjeh"=hex:3a,e9,ef,30,89,ec,6e,b9,a0,5e,37,dc,dd,48,e0,05,b2,be,60,6f,64,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:05,58,0a,4f,dd,eb,00,6b,79,35,a7,1b,85,0c,e7,88,3f,38,67,f6,aa,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
"khjeh"=hex:ea,93,6c,38,a8,18,59,28,e7,99,89,db,84,93,17,59,77,ec,17,c4,97,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
"khjeh"=hex:74,bf,51,78,f3,0d,bb,9a,36,98,67,54,7a,1c,2b,68,44,51,28,2d,e9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
"khjeh"=hex:f1,36,bf,4c,2b,63,ee,31,4a,37,08,59,26,07,f3,18,65,02,31,96,b7,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000336

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


--- Analysing Catchme logfile ---

no matching regkeys found


Finished!
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Re,

Très bien. On attaque.

1/ Désinstalle Haxfix via ajout/suppression des programmes.

2/ * Imprimer ceci.
* Redémarrer l'ordinateur en mode sans échec en tapotant sur F5 (ou F8). L'accès à Internet devient alors impossible.
* Double cliquer sur Smitfraudfix.exe.
* Sélectionner 2 pour supprimer les fichiers responsables de l'infection.
* A la question Voulez-vous nettoyer le registre ?], répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection. Le fix déterminera si le fichier wininet.dll est infecté.
* A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.
* Quitter le programme en appuyant sur Q.
* Redémarrer normalement et coller sur le forum le rapport généré.

3/ * Sélectionne le texte suivant :

Driver::
oreans32
avagn

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bifss32"=-
" blehbashlessrdr"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"junkokay"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\junkokay]

Folder::
C:\WINDOWS\system32\drivers\down
C:\lxkx75patch
C:\Documents and Settings\All Users\Application Data\1 manager bleh bash
C:\Documents and Settings\Administrateur\Application Data\bluecoal

File::
C:\WINDOWS\system32\drivers\oreans32.sys
C:\WINDOWS\system32\avagnt.exe
C:\WINDOWS\S36732413.tmp
C:\WINDOWS\system32\bifss32.exe


* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-note (programme>Accessoire>bloc-note).
* Colle le texte copié dans ce bloc-note (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

4/ A quoi correspondent E et G ? Des clés USB ? Disque dur externe ?

5/ * Ouvrir l'explorateur windows (Démarrer>programmes>Accessoires>Explorateur windows ou Démarrer>programmes>Explorateur windows).
* Cliquer sur outils>options des dossiers>affichage.
* Sélectionner :
o afficher les fichiers et dossiers cachés,
o décocher "masquer les extensions des fichiers dont le type est connu",
o décocher masquer les fichiers protégés du système d'exploitation (recommandé)".

* "appliquer" et "ok"

6/ * Peux-tu tester ceci : C:\WINDOWS\tsc.exe
* Clique sur ce lien : http://www.virustotal.com/en/indexf.html
* Clique sur parcourir et indique le chemin du fichier que j’ai désigné.
* Clique sur send. Au bout de quelques minutes, un rapport est généré. Poste-le dans ta prochaine réponse.

Recommence avec ces deux fichiers :
C:\WINDOWS\cnerolf.dat
C:\WINDOWS\System32\Drivers\SjyPkt.sys


7/ Edite les rapports suivants, sans oublier de répondre à ma question en 4/ :
Smitfraudfix, Combofix, Les 3 rapports virustotal, un nouveau rapport SREng et un rapport Hijackthis.

Poste les rapports en plusieurs réponses, sinon, ça ne passera pas.

8/ Dis-moi si tu constates une amélioration.
j'ai pas encore effectué les dernières instruction car les dernières modifes m'avaient réactivé l'icone en bas à droite de protection de windows mais indiquant que ni le firewall ni l'antivirus étaient activé .

je lance l'instale de kasper en trial et là il s'instale nickel puis j'ai eu du mal à le lancer , pas d'icone en bas à droite et quand j'ai fini par le lancer il m'a repéré smss.exe en risque mais surtout quand j'ai voulu mettre à jour sa base de donnée , rien ; j'ia redémaré le pc et là plus d'antivirus et wintems qui m'est réapparu ; c'est vraiement une saleté ce wintems , je l'éfface en mode sans echec et il revien toujours ...

pour les disque E et G se sont d'ancien disques virtuels ou durs que je ne me sert plus , seul D est utilisé par le DVD .

J'étais totu content de voir kasper s'instalé mais bon c'est pas encore ça ; je poursuit tes instructions , a toute
Messages postés
2241
Date d'inscription
samedi 21 avril 2007
Statut
Contributeur sécurité
Dernière intervention
27 octobre 2012
122
Re,

L'une des infections attrapées est Bagle. Sa caractéristique est de se propager par p2p ou par mail et de désactiver antivirus et firewall. Ce n'est donc pas étonnant.

Laisse tomber Kaspersky dans l'immédiat.

FillPCA
ok , voilà le rapport

SmitFraudFix v2.274

Rapport fait à 15:09:18,09, 17/01/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\Tasks\At?.job supprimé
C:\WINDOWS\Tasks\At??.job supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin
ComboFix 08-01-17.1 - Administrateur 2008-01-17 15:36:03.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1119 [GMT 1:00]
Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE
C:\WINDOWS\S36732413.tmp
C:\WINDOWS\system32\avagnt.exe
C:\WINDOWS\system32\bifss32.exe
C:\WINDOWS\system32\drivers\oreans32.sys
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur\Application Data\bluecoal
C:\Documents and Settings\All Users\Application Data\1 manager bleh bash
C:\Documents and Settings\All Users\Application Data\1 manager bleh bash\Glue Mail Bin
C:\lxkx75patch
C:\lxkx75patch\license.txt
C:\lxkx75patch\patch.exe
C:\lxkx75patch\patch2k.ini
C:\lxkx75patch\patch9X.ini
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\100250.exe
C:\WINDOWS\system32\drivers\down\100625.exe
C:\WINDOWS\system32\drivers\down\101687.exe
C:\WINDOWS\system32\drivers\down\103218.exe
C:\WINDOWS\system32\drivers\down\103265.exe
C:\WINDOWS\system32\drivers\down\103343.exe
C:\WINDOWS\system32\drivers\down\103671.exe
C:\WINDOWS\system32\drivers\down\105125.exe
C:\WINDOWS\system32\drivers\down\106156.exe
C:\WINDOWS\system32\drivers\down\106390.exe
C:\WINDOWS\system32\drivers\down\106421.exe
C:\WINDOWS\system32\drivers\down\107812.exe
C:\WINDOWS\system32\drivers\down\109812.exe
C:\WINDOWS\system32\drivers\down\110562.exe
C:\WINDOWS\system32\drivers\down\112218.exe
C:\WINDOWS\system32\drivers\down\113406.exe
C:\WINDOWS\system32\drivers\down\113687.exe
C:\WINDOWS\system32\drivers\down\113796.exe
C:\WINDOWS\system32\drivers\down\114218.exe
C:\WINDOWS\system32\drivers\down\116796.exe
C:\WINDOWS\system32\drivers\down\117578.exe
C:\WINDOWS\system32\drivers\down\119390.exe
C:\WINDOWS\system32\drivers\down\120781.exe
C:\WINDOWS\system32\drivers\down\121187.exe
C:\WINDOWS\system32\drivers\down\122453.exe
C:\WINDOWS\system32\drivers\down\125140.exe
C:\WINDOWS\system32\drivers\down\125531.exe
C:\WINDOWS\system32\drivers\down\126000.exe
C:\WINDOWS\system32\drivers\down\127687.exe
C:\WINDOWS\system32\drivers\down\128531.exe
C:\WINDOWS\system32\drivers\down\132765.exe
C:\WINDOWS\system32\drivers\down\133250.exe
C:\WINDOWS\system32\drivers\down\133906.exe
C:\WINDOWS\system32\drivers\down\134671.exe
C:\WINDOWS\system32\drivers\down\135843.exe
C:\WINDOWS\system32\drivers\down\137546.exe
C:\WINDOWS\system32\drivers\down\139125.exe
C:\WINDOWS\system32\drivers\down\140984.exe
C:\WINDOWS\system32\drivers\down\142765.exe
C:\WINDOWS\system32\drivers\down\14554734.exe
C:\WINDOWS\system32\drivers\down\14559953.exe
C:\WINDOWS\system32\drivers\down\14560375.exe
C:\WINDOWS\system32\drivers\down\14562593.exe
C:\WINDOWS\system32\drivers\down\14565546.exe
C:\WINDOWS\system32\drivers\down\14569828.exe
C:\WINDOWS\system32\drivers\down\14577375.exe
C:\WINDOWS\system32\drivers\down\14579140.exe
C:\WINDOWS\system32\drivers\down\14581250.exe
C:\WINDOWS\system32\drivers\down\14581265.exe
C:\WINDOWS\system32\drivers\down\14585437.exe
C:\WINDOWS\system32\drivers\down\14587500.exe
C:\WINDOWS\system32\drivers\down\14589046.exe
C:\WINDOWS\system32\drivers\down\14590046.exe
C:\WINDOWS\system32\drivers\down\14591843.exe
C:\WINDOWS\system32\drivers\down\14596734.exe
C:\WINDOWS\system32\drivers\down\14598515.exe
C:\WINDOWS\system32\drivers\down\14599312.exe
C:\WINDOWS\system32\drivers\down\14599468.exe
C:\WINDOWS\system32\drivers\down\14599625.exe
C:\WINDOWS\system32\drivers\down\14599812.exe
C:\WINDOWS\system32\drivers\down\14601000.exe
C:\WINDOWS\system32\drivers\down\14602406.exe
C:\WINDOWS\system32\drivers\down\146031.exe
C:\WINDOWS\system32\drivers\down\14628468.exe
C:\WINDOWS\system32\drivers\down\14630093.exe
C:\WINDOWS\system32\drivers\down\147218.exe
C:\WINDOWS\system32\drivers\down\147453.exe
C:\WINDOWS\system32\drivers\down\147984.exe
C:\WINDOWS\system32\drivers\down\148703.exe
C:\WINDOWS\system32\drivers\down\148828.exe
C:\WINDOWS\system32\drivers\down\149859.exe
C:\WINDOWS\system32\drivers\down\150640.exe
C:\WINDOWS\system32\drivers\down\151078.exe
C:\WINDOWS\system32\drivers\down\154156.exe
C:\WINDOWS\system32\drivers\down\154625.exe
C:\WINDOWS\system32\drivers\down\156359.exe
C:\WINDOWS\system32\drivers\down\157437.exe
C:\WINDOWS\system32\drivers\down\158578.exe
C:\WINDOWS\system32\drivers\down\159234.exe
C:\WINDOWS\system32\drivers\down\160671.exe
C:\WINDOWS\system32\drivers\down\161609.exe
C:\WINDOWS\system32\drivers\down\166484.exe
C:\WINDOWS\system32\drivers\down\170484.exe
C:\WINDOWS\system32\drivers\down\172734.exe
C:\WINDOWS\system32\drivers\down\173718.exe
C:\WINDOWS\system32\drivers\down\184218.exe
C:\WINDOWS\system32\drivers\down\185921.exe
C:\WINDOWS\system32\drivers\down\203234.exe
C:\WINDOWS\system32\drivers\down\208687.exe
C:\WINDOWS\system32\drivers\down\216453.exe
C:\WINDOWS\system32\drivers\down\217203.exe
C:\WINDOWS\system32\drivers\down\221609.exe
C:\WINDOWS\system32\drivers\down\227375.exe
C:\WINDOWS\system32\drivers\down\231156.exe
C:\WINDOWS\system32\drivers\down\237609.exe
C:\WINDOWS\system32\drivers\down\241890.exe
C:\WINDOWS\system32\drivers\down\244078.exe
C:\WINDOWS\system32\drivers\down\245125.exe
C:\WINDOWS\system32\drivers\down\246640.exe
C:\WINDOWS\system32\drivers\down\247328.exe
C:\WINDOWS\system32\drivers\down\248906.exe
C:\WINDOWS\system32\drivers\down\250890.exe
C:\WINDOWS\system32\drivers\down\252437.exe
C:\WINDOWS\system32\drivers\down\254359.exe
C:\WINDOWS\system32\drivers\down\255109.exe
C:\WINDOWS\system32\drivers\down\255953.exe
C:\WINDOWS\system32\drivers\down\263656.exe
C:\WINDOWS\system32\drivers\down\264953.exe
C:\WINDOWS\system32\drivers\down\266031.exe
C:\WINDOWS\system32\drivers\down\266406.exe
C:\WINDOWS\system32\drivers\down\267718.exe
C:\WINDOWS\system32\drivers\down\271343.exe
C:\WINDOWS\system32\drivers\down\273296.exe
C:\WINDOWS\system32\drivers\down\274140.exe
C:\WINDOWS\system32\drivers\down\275343.exe
C:\WINDOWS\system32\drivers\down\277203.exe
C:\WINDOWS\system32\drivers\down\285406.exe
C:\WINDOWS\system32\drivers\down\289062.exe
C:\WINDOWS\system32\drivers\down\29035671.exe
C:\WINDOWS\system32\drivers\down\29042593.exe
C:\WINDOWS\system32\drivers\down\29042843.exe
C:\WINDOWS\system32\drivers\down\29043750.exe
C:\WINDOWS\system32\drivers\down\29046921.exe
C:\WINDOWS\system32\drivers\down\29049937.exe
C:\WINDOWS\system32\drivers\down\29057343.exe
C:\WINDOWS\system32\drivers\down\29059484.exe
C:\WINDOWS\system32\drivers\down\29061312.exe
C:\WINDOWS\system32\drivers\down\29061328.exe
C:\WINDOWS\system32\drivers\down\29065531.exe
C:\WINDOWS\system32\drivers\down\29077187.exe
C:\WINDOWS\system32\drivers\down\29079375.exe
C:\WINDOWS\system32\drivers\down\29083390.exe
C:\WINDOWS\system32\drivers\down\29085421.exe
C:\WINDOWS\system32\drivers\down\29090765.exe
C:\WINDOWS\system32\drivers\down\29092375.exe
C:\WINDOWS\system32\drivers\down\29093265.exe
C:\WINDOWS\system32\drivers\down\29093453.exe
C:\WINDOWS\system32\drivers\down\29093593.exe
C:\WINDOWS\system32\drivers\down\29093765.exe
C:\WINDOWS\system32\drivers\down\29095500.exe
C:\WINDOWS\system32\drivers\down\29096765.exe
C:\WINDOWS\system32\drivers\down\29123906.exe
C:\WINDOWS\system32\drivers\down\29125140.exe
C:\WINDOWS\system32\drivers\down\291281.exe
C:\WINDOWS\system32\drivers\down\291890.exe
C:\WINDOWS\system32\drivers\down\298515.exe
C:\WINDOWS\system32\drivers\down\300937.exe
C:\WINDOWS\system32\drivers\down\302203.exe
C:\WINDOWS\system32\drivers\down\302687.exe
C:\WINDOWS\system32\drivers\down\304000.exe
C:\WINDOWS\system32\drivers\down\308515.exe
C:\WINDOWS\system32\drivers\down\310500.exe
C:\WINDOWS\system32\drivers\down\315515.exe
C:\WINDOWS\system32\drivers\down\316796.exe
C:\WINDOWS\system32\drivers\down\318296.exe
C:\WINDOWS\system32\drivers\down\318937.exe
C:\WINDOWS\system32\drivers\down\322328.exe
C:\WINDOWS\system32\drivers\down\326062.exe
C:\WINDOWS\system32\drivers\down\331078.exe
C:\WINDOWS\system32\drivers\down\333062.exe
C:\WINDOWS\system32\drivers\down\402500.exe
C:\WINDOWS\system32\drivers\down\408109.exe
C:\WINDOWS\system32\drivers\down\408703.exe
C:\WINDOWS\system32\drivers\down\451562.exe
C:\WINDOWS\system32\drivers\down\455109.exe
C:\WINDOWS\system32\drivers\down\464265.exe
C:\WINDOWS\system32\drivers\down\466343.exe
C:\WINDOWS\system32\drivers\down\46687.exe
C:\WINDOWS\system32\drivers\down\467750.exe
C:\WINDOWS\system32\drivers\down\468296.exe
C:\WINDOWS\system32\drivers\down\471437.exe
C:\WINDOWS\system32\drivers\down\486921.exe
C:\WINDOWS\system32\drivers\down\489390.exe
C:\WINDOWS\system32\drivers\down\490968.exe
C:\WINDOWS\system32\drivers\down\492859.exe
C:\WINDOWS\system32\drivers\down\501203.exe
C:\WINDOWS\system32\drivers\down\502625.exe
C:\WINDOWS\system32\drivers\down\504078.exe
C:\WINDOWS\system32\drivers\down\505171.exe
C:\WINDOWS\system32\drivers\down\505546.exe
C:\WINDOWS\system32\drivers\down\506062.exe
C:\WINDOWS\system32\drivers\down\508296.exe
C:\WINDOWS\system32\drivers\down\509937.exe
C:\WINDOWS\system32\drivers\down\51421.exe
C:\WINDOWS\system32\drivers\down\51656.exe
C:\WINDOWS\system32\drivers\down\52203.exe
C:\WINDOWS\system32\drivers\down\53250.exe
C:\WINDOWS\system32\drivers\down\537562.exe
C:\WINDOWS\system32\drivers\down\541062.exe
C:\WINDOWS\system32\drivers\down\54312.exe
C:\WINDOWS\system32\drivers\down\57593.exe
C:\WINDOWS\system32\drivers\down\57703.exe
C:\WINDOWS\system32\drivers\down\58687.exe
C:\WINDOWS\system32\drivers\down\59453.exe
C:\WINDOWS\system32\drivers\down\59625.exe
C:\WINDOWS\system32\drivers\down\61390.exe
C:\WINDOWS\system32\drivers\down\62156.exe
C:\WINDOWS\system32\drivers\down\65625.exe
C:\WINDOWS\system32\drivers\down\68500.exe
C:\WINDOWS\system32\drivers\down\69234.exe
C:\WINDOWS\system32\drivers\down\70984.exe
C:\WINDOWS\system32\drivers\down\72984.exe
C:\WINDOWS\system32\drivers\down\73562.exe
C:\WINDOWS\system32\drivers\down\73781.exe
C:\WINDOWS\system32\drivers\down\77031.exe
C:\WINDOWS\system32\drivers\down\80859.exe
C:\WINDOWS\system32\drivers\down\81781.exe
C:\WINDOWS\system32\drivers\down\81953.exe
C:\WINDOWS\system32\drivers\down\84046.exe
C:\WINDOWS\system32\drivers\down\84859.exe
C:\WINDOWS\system32\drivers\down\85859.exe
C:\WINDOWS\system32\drivers\down\86500.exe
C:\WINDOWS\system32\drivers\down\87375.exe
C:\WINDOWS\system32\drivers\down\88828.exe
C:\WINDOWS\system32\drivers\down\89015.exe
C:\WINDOWS\system32\drivers\down\89562.exe
C:\WINDOWS\system32\drivers\down\89796.exe
C:\WINDOWS\system32\drivers\down\90328.exe
C:\WINDOWS\system32\drivers\down\92515.exe
C:\WINDOWS\system32\drivers\down\93046.exe
C:\WINDOWS\system32\drivers\down\94234.exe
C:\WINDOWS\system32\drivers\down\96593.exe
C:\WINDOWS\system32\drivers\down\97921.exe
C:\WINDOWS\system32\drivers\down\98031.exe
C:\WINDOWS\system32\drivers\down\98375.exe
C:\WINDOWS\system32\drivers\down\98968.exe
C:\WINDOWS\system32\drivers\down\99171.exe
C:\WINDOWS\system32\drivers\down\99578.exe
C:\WINDOWS\system32\drivers\oreans32.sys
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\S36732413.tmp . . . . Echec de suppression

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_OREANS32
-------\LEGACY_SROSA
-------\oreans32
-------\srosa


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))))))))
.

2008-01-17 15:42 . 2008-01-17 15:42 0 --------- C:\WINDOWS\S36732413.tmp
2008-01-17 13:38 . 2008-01-17 13:38 <REP> d-------- C:\Program Files\Kaspersky Lab
2008-01-17 13:38 . 2008-01-17 14:16 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-17 13:38 . 2008-01-17 13:38 91,492 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-17 13:38 . 2008-01-17 13:38 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-17 13:18 . 2008-01-17 13:22 <REP> d-------- C:\HaxFix
2008-01-17 13:09 . 2008-01-17 15:09 5,960 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-17 12:54 . 2008-01-17 14:35 1,551,995 --a------ C:\ComboFix.exe
2008-01-17 12:24 . 2008-01-17 12:24 1,752 --a------ C:\Documents and Settings\Administrateur\clean.reg
2008-01-17 02:31 . 2008-01-17 15:39 519,712 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-17 02:31 . 2008-01-17 15:27 32,800 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-17 02:31 . 2008-01-17 15:04 9,308 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-17 02:31 . 2008-01-17 15:04 5,924 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-17 02:13 . 2008-01-17 14:01 70,660 --a------ C:\WINDOWS\system32\mdelk.exe
2008-01-17 01:39 . 2008-01-17 01:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-17 00:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-17 00:16 . 2008-01-17 00:16 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-16 21:51 . 2008-01-16 21:51 <REP> d-------- C:\Program Files\Audacity
2008-01-16 18:39 . 2008-01-16 18:39 <REP> d-------- C:\Program Files\Alwil Software
2008-01-16 18:02 . 2008-01-16 18:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-01-16 15:16 . 2008-01-16 15:16 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-15 23:04 . 2008-01-15 23:04 <REP> d-------- C:\WINDOWS\AU_Temp
2008-01-15 21:56 . 2008-01-15 22:35 <REP> d-------- C:\Program Files\BitDefender
2008-01-15 21:54 . 2008-01-15 21:54 35,063,081 --a------ C:\WINDOWS\VPTNFILE.945
2008-01-15 21:54 . 2008-01-15 21:54 35,063,081 --a------ C:\WINDOWS\LPT$VPN.945
2008-01-15 21:44 . 2008-01-15 21:46 <REP> d-------- C:\Program Files\RegCleaner
2008-01-15 16:47 . 2008-01-17 03:13 <REP> d-------- C:\Muestras
2008-01-15 15:21 . 2008-01-15 15:43 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-01-10 16:11 . 2008-01-10 16:11 33,203,386 --a------ C:\kis7.0.1.321.fr.01NET.exe
2008-01-02 17:38 . 2008-01-02 17:38 88 --a------ C:\WINDOWS\LEXSTAT.INI
2008-01-02 17:37 . 2001-08-23 17:47 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-01-02 17:37 . 2001-08-23 17:47 87,040 --a--c--- C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-01-02 17:37 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-02 17:10 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-12-26 17:03 . 2007-12-26 17:03 <REP> d-------- C:\Program Files\Microsoft Silverlight
2007-12-23 01:08 . 2007-12-23 01:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-12-23 01:01 . 2007-12-23 01:01 <REP> d-------- C:\Program Files\SlySoft
2007-12-20 22:02 . 2007-12-20 22:02 <REP> d-------- C:\Program Files\GDSMUX
2007-12-19 21:05 . 2007-12-19 21:05 97,216 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2007-12-19 20:59 . 2008-01-17 02:43 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-12-18 00:44 . 2007-12-18 00:44 219,664 --a------ C:\WINDOWS\system32\klogon.dll
2007-12-18 00:43 . 2007-12-18 00:43 23,396 --a------ C:\WINDOWS\system32\drivers\klopp.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-17 12:51 --------- d-----w C:\Program Files\eMule
2008-01-17 12:36 --------- d-----w C:\Program Files\FlashGet
2008-01-16 13:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-16 10:36 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Azureus
2008-01-16 00:52 --------- d-----w C:\Program Files\Copie de MPlayer for Windows
2008-01-15 22:04 86,094 ----a-w C:\WINDOWS\BPMNT.dll
2008-01-15 22:04 1,163,344 ----a-w C:\WINDOWS\vsapi32.dll
2008-01-15 20:54 71,749 ----a-w C:\WINDOWS\hcextoutput.dll
2008-01-15 20:54 267,845 ----a-w C:\WINDOWS\tsc.exe
2008-01-15 10:55 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\AVG7
2008-01-08 18:28 --------- d-----w C:\Program Files\Avidemux 2.4
2008-01-08 18:21 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\gtk-2.0
2008-01-06 19:20 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\dvdcss
2007-12-31 22:14 --------- d-----w C:\Program Files\MKVtoolnix
2007-12-23 11:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-23 11:52 --------- d-----w C:\Program Files\CyberLink
2007-12-23 11:01 --------- d-----w C:\Program Files\Azureus
2007-12-20 21:02 --------- d-----w C:\Program Files\Haali
2007-12-16 21:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-13 23:16 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Bioshock
2007-12-13 12:28 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
2007-12-12 11:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2007-12-09 13:40 --------- d-----w C:\Program Files\Skyline
2007-12-09 13:39 7,984,464 ----a-w C:\terraexplorer_terraexplorer_5.0.2.10_basic_francais_40985.exe
2007-12-09 12:18 --------- d-----w C:\Program Files\QuickTime Alternative
2007-12-09 12:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-09 12:02 --------- d-----w C:\Program Files\Apple Software Update
2007-12-09 12:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-08 22:23 --------- d-----w C:\Program Files\Zoom Player
2007-12-04 15:46 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe
2007-12-04 15:46 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-12-04 15:46 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-04 15:46 22,328 ----a-w C:\Documents and Settings\Administrateur\Application Data\PnkBstrK.sys
2007-12-04 15:46 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-03 15:11 --------- d-----w C:\Program Files\VideoLAN
2007-12-02 16:27 --------- d-----w C:\Program Files\DivX
2007-11-26 13:03 --------- d-----w C:\Program Files\CoreCodec
2007-11-25 19:52 --------- d-----w C:\Program Files\Lavalys
2007-11-21 19:17 --------- d-----w C:\Program Files\Gabest
2007-11-21 19:02 --------- d-----w C:\Program Files\URUSoft
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2006-12-01 19:34 1 ----a-w C:\Documents and Settings\Administrateur\SI.bin
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
2007-02-12 20:23 61 --sh--w C:\WINDOWS\cnerolf.dat
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
.

((((((((((((((((((((((((((((( snapshot_2008-01-17_13.03.51.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-16 23:29:26 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-17 14:35:39 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-16 23:29:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-17 14:35:39 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-16 23:29:26 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
+ 2008-01-17 14:35:39 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
- 2008-01-16 23:29:26 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-17 14:35:39 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-16 23:29:27 11,689,984 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
+ 2008-01-17 14:35:39 11,698,176 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
- 2008-01-16 23:29:27 253,952 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-17 14:35:39 253,952 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2007-10-31 12:41:16 110,096 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
+ 2007-12-19 13:49:38 194,832 ----a-w C:\WINDOWS\system32\drivers\klif.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49 153136]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [ ]
"LaunchList"="H:\Studio 11\LaunchList2.exe" [2005-02-27 03:07 742160]
"Horloge"="C:\Program Files\Skype\Phone\Skype.exe" [2006-11-24 17:16 20058152]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-11-24 17:16 20058152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" [2003-09-05 06:59 878080]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-05-16 11:58 86960]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-11-17 16:29 7700480]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 01:54 144384]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\InstallShield\UpdateService\isuspm.exe" [2006-05-16 11:58 213936]
"ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2006-05-16 11:58 213936]
"nwiz"="nwiz.exe" [2006-11-17 16:29 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-11-17 16:29 86016 C:\WINDOWS\system32\nvmctray.dll]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [ ]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [ ]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 20:34 868352]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 06:12 729088]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2007-10-19 20:16 286720]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 21:01 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 21:01 54832]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [ ]
"blehbashlessrdr"="C:\Documents and Settings\All Users\Application Data\1 manager bleh bash\Wma dale.exe" [ ]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 09:45 385024]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ ]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 15:07 49263]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-09-07 11:13 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-09-07 11:14 69632]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ASUS WiFi-AP Solo.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\ASUS WiFi-AP Solo.lnk
backup=C:\WINDOWS\pss\ASUS WiFi-AP Solo.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^LightSurf.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\LightSurf.lnk
backup=C:\WINDOWS\pss\LightSurf.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e0c2612-ad8a-11db-8294-0090d0cd7c4f}]
\Shell\AutoRun\command - E:\Install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9e0c2613-ad8a-11db-8294-0090d0cd7c4f}]
\Shell\AutoRun\command - G:\datas\autorun.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-15 19:31:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 15:42:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-17 15:45:37 - machine was rebooted [Administrateur]
ComboFix-quarantined-files.txt 2008-01-17 14:45:34
ComboFix2.txt 2008-01-17 12:04:03
ComboFix3.txt 2008-01-16 23:51:34
Fichier tsc.exe reçu le 2007.12.26 12:28:38 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - suspicious Trojan/Worm
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -

Information additionnelle
MD5: 998e77387cc6f78a152d4e3e3b921991
SHA1: d05a8fda77a3c95f409f593aec1ce49f0211c27b
SHA256: 3433a7e254b3098fc0c61de39ee6f3eafbd64a8cb28feab88cc306f8bb74f506
SHA512: e726bd4b3e1af6733b6f138d09552cc791346939cf69321b907ae276eb4bab19 86179c403d0482bf7a85e4362dd6f4a40454f27c16a242b747cfe264c708cf8c
<table border="1"><tr><td colspan="4">Fichier tsc.exe reçu le 2007.12.26 12:28:38 (CET)</td></tr><tr><td>Antivirus</td><td>Version</td><td>Dernière mise à jour</td><td>Résultat</td</tr><tr><td>AhnLab-V3</td><td>-</td><td>-</td><td>-</td</tr><tr><td>AntiVir</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Authentium</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Avast</td><td>-</td><td>-</td><td>-</td</tr><tr><td>AVG</td><td>-</td><td>-</td><td>-</td</tr><tr><td>BitDefender</td><td>-</td><td>-</td><td>-</td</tr><tr><td>CAT-QuickHeal</td><td>-</td><td>-</td><td>-</td</tr><tr><td>ClamAV</td><td>-</td><td>-</td><td>-</td</tr><tr><td>DrWeb</td><td>-</td><td>-</td><td>-</td</tr><tr><td>eSafe</td><td>-</td><td>-</td><td style="color: red;">suspicious Trojan/Worm</td</tr><tr><td>eTrust-Vet</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Ewido</td><td>-</td><td>-</td><td>-</td</tr><tr><td>FileAdvisor</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Fortinet</td><td>-</td><td>-</td><td>-</td</tr><tr><td>F-Prot</td><td>-</td><td>-</td><td>-</td</tr><tr><td>F-Secure</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Ikarus</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Kaspersky</td><td>-</td><td>-</td><td>-</td</tr><tr><td>McAfee</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Microsoft</td><td>-</td><td>-</td><td>-</td</tr><tr><td>NOD32v2</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Norman</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Panda</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Prevx1</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Rising</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Sophos</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Sunbelt</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Symantec</td><td>-</td><td>-</td><td>-</td</tr><tr><td>TheHacker</td><td>-</td><td>-</td><td>-</td</tr><tr><td>VBA32</td><td>-</td><td>-</td><td>-</td</tr><tr><td>VirusBuster</td><td>-</td><td>-</td><td>-</td</tr><tr><td>Webwasher-Gateway</td><td>-</td><td>-</td><td>-</td</tr><tr><td colspan="4"> </td></tr><tr><td colspan="4">Information additionnelle</td></tr><tr><td colspan="4">MD5: 998e77387cc6f78a152d4e3e3b921991</td></tr><tr><td colspan="4">SHA1: d05a8fda77a3c95f409f593aec1ce49f0211c27b</td></tr><tr><td colspan="4">SHA256: 3433a7e254b3098fc0c61de39ee6f3eafbd64a8cb28feab88cc306f8bb74f506</td></tr><tr><td colspan="4">SHA512: e726bd4b3e1af6733b6f138d09552cc791346939cf69321b907ae276eb4bab19 86179c403d0482bf7a85e4362dd6f4a40454f27c16a242b747cfe264c708cf8c</td></tr></table>
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - suspicious Trojan/Worm
eTrust-Vet - - -
Ewido - - -
FileAdvisor - - -
Fortinet - - -
F-Prot - - -
F-Secure - - -
Ikarus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32v2 - - -
Norman - - -
Panda - - -
Prevx1 - - -
Rising - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
VBA32 - - -
VirusBuster - - -
Webwasher-Gateway - - -

Information additionnelle
MD5: 998e77387cc6f78a152d4e3e3b921991
SHA1: d05a8fda77a3c95f409f593aec1ce49f0211c27b
SHA256: 3433a7e254b3098fc0c61de39ee6f3eafbd64a8cb28feab88cc306f8bb74f506
SHA512: e726bd4b3e1af6733b6f138d09552cc791346939cf69321b907ae276eb4bab19 86179c403d0482bf7a85e4362dd6f4a40454f27c16a242b747cfe264c708cf8c
Fichier cnerolf.dat reçu le 2008.01.17 15:52:07 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


Résultat: 0/32 (0%)



Suspect : Fichier C:\WINDOWS\System32\Drivers\SjyPkt.sys est appelé avz00004.dta dans le résultat ????

Fichier avz00004.dta reçu le 2008.01.15 22:23:00 (CET)
Situation actuelle: terminé

Résultat: 0/32 (0.00%)
[CODE]

2008-01-17,16:09:14

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><"C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"> [(Verified)Nero AG]
<WOOKIT><C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx> [N/A]
<LaunchList><H:\Studio 11\LaunchList2.exe> []
<Horloge><; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized> [(Verified)Skype Technologies SA]
<Skype><; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized> [(Verified)Skype Technologies SA]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<SpeedTouch USB Diagnostics><"C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon> [THOMSON]
<ISUSScheduler><"C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start> [(Verified)Macrovision Corporation]
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<Synchronization Manager><%SystemRoot%\system32\mobsync.exe /logon> [(Verified)Microsoft Windows Publisher]
<ISUSPM Startup><; C:\PROGRA~1\FICHIE~1\InstallShield\UpdateService\isuspm.exe -startup> [(Verified)Macrovision Corporation]
<ISUSPM><"C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" -scheduler> [(Verified)Macrovision Corporation]
<nwiz><; nwiz.exe /install> []
<NvMediaCenter><RunDLL32.exe NvMCTray.dll,NvTaskbarInit> [NVIDIA Corporation]
<SecurDisc><C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe> [N/A]
<InCD><C:\Program Files\Nero\Nero 7\InCD\InCD.exe> [N/A]
<SoundMAXPnP><C:\Program Files\Analog Devices\Core\smax4pnp.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SoundMAX><"C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray> [Analog Devices, Inc.]
<QuickTime Task><"C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime> [Apple Inc.]
<RemoteControl><"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"> [(Verified)CyberLink]
<LanguageShortcut><"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"> [(Verified)CyberLink]
<BitDefender Antiphishing Helper><"C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"> [N/A]
<blehbashlessrdr><; C:\Documents and Settings\All Users\Application Data\1 manager bleh bash\Wma dale.exe> [N/A]
<DAEMON Tools><; "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033> [(Verified)DAEMON Tools Code Signing Services]
<JMB36X Configure><; C:\WINDOWS\system32\JMRaidTool.exe boot> [N/A]
<NeroFilterCheck><; C:\WINDOWS\system32\NeroCheck.exe> [N/A]
<Sony Ericsson PC Suite><; "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions> [Sony Ericsson Mobile Communications AB]
<SunJavaUpdateSched><; "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"> [Sun Microsystems, Inc.]
<SW20><; C:\WINDOWS\system32\sw20.exe> []
<SW24><; C:\WINDOWS\system32\sw24.exe> []
<TkBellExe><; "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll> [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]

==================================
Startup Folders
[Lancement rapide d'Adobe Reader]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk --> C:\PROGRA~1\Adobe\Acrobat 7.0\Reader\reader_sl.exe [Adobe Systems Incorporated]><N>
[Adobe Gamma]
<C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk --> C:\PROGRA~1\FICHIE~1\Adobe\Calibration\Adobe Gamma Loader.exe [Adobe Systems, Inc.]><N>
[MagicDisc]
<C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\MagicDisc.lnk --> C:\PROGRA~1\MagicDisc\MagicDisc.exe [MagicISO, Inc.]><N>

==================================
Services
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[avagnt / avagnt][Stopped/Auto Start]
<C:\WINDOWS\system32\avagnt.exe><N/A>
[Kaspersky Internet Security 7.0 / AVP][Stopped/Auto Start]
<"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r><N/A>
[Capture Device Service / Capture Device Service][Running/Auto Start]
<"C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe"><InterVideo Inc.>
[Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[InCD Helper / InCDsrv][Running/Auto Start]
<C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe><Nero AG>
[IviRegMgr / IviRegMgr][Running/Auto Start]
<C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe><InterVideo>
[MSSQL$SONY_MEDIAMGR / MSSQL$SONY_MEDIAMGR][Stopped/Manual Start]
<F:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
<C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[NBService / NBService][Stopped/Manual Start]
<C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe><Nero AG>
[NMIndexingService / NMIndexingService][Running/Manual Start]
<"C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe"><Nero AG>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[PCLEPCI / PCLEPCI][Stopped/Auto Start]
<C:\WINDOWS\system32\drivers\pclepci.sys><Pinnacle Systems GmbH>
[PnkBstrA / PnkBstrA][Running/Auto Start]
<C:\WINDOWS\system32\PnkBstrA.exe><N/A>
[Cyberlink RichVideo Service(CRVS) / RichVideo][Running/Auto Start]
<"C:\Program Files\CyberLink\Shared Files\RichVideo.exe"><>
[Speed Disk service / Speed Disk service][Running/Auto Start]
<c:\program files\speed disk\nopdb.exe><Symantec Corporation>
[SQLAgent$SONY_MEDIAMGR / SQLAgent$SONY_MEDIAMGR][Stopped/Manual Start]
<F:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup-->%SystemRoot%\System32\WUDFSvc.dll><Microsoft Corporation>

==================================
Drivers
[ADI DTS Filter Service / ADIDTSFiltService][Stopped/Manual Start]
<system32\drivers\adidts.sys><N/A>
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
<system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[AE Audio Service / AEAudio][Running/Manual Start]
<system32\drivers\AEAudio.sys><Andrea Electronics Corporation>
[AEGIS Protocol (IEEE 802.1x) v3.4.5.0 / AegisP][Running/Auto Start]
<system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[SpeedTouch USB ADSL PPP Networking Driver (NDISWAN) / alcan5wn][Stopped/Manual Start]
<system32\DRIVERS\alcan5wn.sys><THOMSON>
[SpeedTouch ADSL Modem ATM Transport / alcaudsl][Stopped/Manual Start]
<system32\DRIVERS\alcaudsl.sys><THOMSON>
[AnyDVD / AnyDVD][Running/Manual Start]
<System32\Drivers\AnyDVD.sys><SlySoft, Inc.>
[atksgt / atksgt][Running/Auto Start]
<system32\DRIVERS\atksgt.sys><N/A>
[BDSelfPr / BDSelfPr][Stopped/Manual Start]
<\??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys><N/A>
[catchme / catchme][Stopped/Manual Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys><N/A>
[ElbyCDIO Driver / ElbyCDIO][Running/System Start]
<System32\Drivers\ElbyCDIO.sys><Elaborate Bytes AG>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
<\??\D:\INSTALL\GMSIPCI.SYS><N/A>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[InCD File System / InCDfs][Running/Disabled]
<system32\drivers\InCDFs.sys><Nero AG>
[InCDPass / InCDPass][Running/System Start]
<system32\drivers\InCDPass.sys><Nero AG>
[InCD Reader / incdrm][Running/System Start]
<system32\drivers\InCDRm.sys><Nero AG>
[ithsgt / ithsgt][Running/Auto Start]
<system32\DRIVERS\ithsgt.sys><N/A>
[JMicron Hot-Plug Driver / JGOGO][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\JGOGO.sys><JMicron>
[JRAID / JRAID][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\jraid.sys><JMicron Technology Corp.>
[Sony Ericsson 750 driver (WDM) / k750bus][Stopped/Manual Start]
<system32\DRIVERS\k750bus.sys><MCCI>
[Sony Ericsson 750 USB WMC Modem Filter / k750mdfl][Stopped/Manual Start]
<system32\DRIVERS\k750mdfl.sys><MCCI>
[Sony Ericsson 750 USB WMC Modem Drivers / k750mdm][Stopped/Manual Start]
<system32\DRIVERS\k750mdm.sys><MCCI>
[Sony Ericsson 750 USB WMC Device Management Drivers / k750mgmt][Stopped/Manual Start]
<system32\DRIVERS\k750mgmt.sys><MCCI>
[Sony Ericsson 750 USB WMC OBEX Interface Drivers / k750obex][Stopped/Manual Start]
<system32\DRIVERS\k750obex.sys><MCCI>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
<system32\DRIVERS\klim5.sys><Kaspersky Lab>
[lilsgt / lilsgt][Running/Auto Start]
<system32\DRIVERS\lilsgt.sys><N/A>
[lirsgt / lirsgt][Running/Auto Start]
<system32\DRIVERS\lirsgt.sys><N/A>
[Pinnacle Marvin Bus / MarvinBus][Running/Manual Start]
<system32\DRIVERS\MarvinBus.sys><Pinnacle Systems GmbH>
[Driver for MagicISO SCSI Host Controller / mcdbus][Running/Manual Start]
<system32\DRIVERS\mcdbus.sys><MagicISO, Inc.>
[ATK0110 ACPI UTILITY / MTsensor][Running/Manual Start]
<system32\DRIVERS\ASACPI.sys><>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVIDIA PORT IO Control Driver / nvport][Running/System Start]
<\??\C:\WINDOWS\system32\Drivers\nvport.sys><NVIDIA Corporation.>
[PCAMPR5 NDIS Protocol Driver / PCAMPR5][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\PCAMPR5.SYS><N/A>
[PCANDIS5 NDIS Protocol Driver / PCANDIS5][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[Padus ASPI Shell / pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter / RTLWUSB][Stopped/Manual Start]
<system32\DRIVERS\RTL8187.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Running/Auto Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SenFilt Service / SenFiltService][Running/Manual Start]
<system32\drivers\Senfilt.sys><Sensaura>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]
<\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver (version 2.x) / sfsync02][Running/Boot Start]
<\SystemRoot\System32\drivers\sfsync02.sys><Protection Technology>
[SjyPkt / SjyPkt][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\Drivers\SjyPkt.sys><Windows (R) 2000 DDK provider>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Manual Start]
<system32\DRIVERS\WudfPf.sys><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start]
<system32\DRIVERS\wudfrd.sys><Microsoft Corporation>
[NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Running/Manual Start]
<system32\DRIVERS\yk51x86.sys><Marvell>
[{95808DC4-FA4A-4C74-92FE-5B863F82066B} / {95808DC4-FA4A-4C74-92FE-5B863F82066B}][Running/Auto Start]
<\??\C:\Program Files\CyberLink\PowerDVD\000.fcl><N/A>

==================================
Browser Add-ons
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.>
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FlashGet\jccatch.dll, Amaze Soft>
[Java Plug-in 1.5.0_10]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.>
[Statistiques d’Anti-Virus Internet]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll, Kaspersky Lab>
[Desktop Currency Converter]
{38C06FA6-BF6E-479a-9F32-494E09FC30CB} <C:\Program Files\Mioplanet\Desktop Currency Converter\Desktop Currency Converter.exe, N/A>
[]
{85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\flashget.exe, Amaze Soft>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, N/A>
[BDSCANONLINE Control]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\BDOSCAN8\oscan82.ocx, SOFTWIN>
[Java Plug-in 1.5.0_10]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.4.2_05]
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_09]
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_10]
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime Alternative\QTPlugin.ocx, Apple Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[TECollaboration.Manager]
{07FEE7FA-EA56-4790-AE41-2E227CCF6EB7} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[SkyGps Class]
{1D1342E2-B737-43C4-B2B2-BB855FC353F1} <C:\Program Files\Skyline\TerraExplorer\Tools\GPSTracking\SkyGps.dll, >
[TECollaboration.Plane]
{1E686889-C1F3-437F-A8CE-729C78AA3BEC} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[TECollaboration.VirtualCursor]
{2040FA1B-53B6-41BD-BF73-6400C4F40E49} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[TerraExplorer Class]
{3a4f9191-65a8-11d5-85c1-0001023952c1} <C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll, Skyline software systems Inc.>
[TE3DWindow Class]
{3a4f9192-65a8-11d5-85c1-0001023952c1} <C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll, Skyline software systems Inc.>
[TEInformationWindow Class]
{3a4f9193-65a8-11d5-85c1-0001023952c1} <C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll, Skyline software systems Inc.>
[TENavigationMap Class]
{3a4f9194-65a8-11d5-85c1-0001023952c1} <C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll, Skyline software systems Inc.>
[QuickTime Object]
{4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime Alternative\QTPlugin.ocx, Apple Inc.>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[FalconViewObj Class]
{504AC303-A983-45B7-8663-CB5649B3AB1A} <C:\Program Files\Skyline\TerraExplorer\Tools\TEFVT\TEFVT.dll, >
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[BDSCANONLINE Control]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\BDOSCAN8\oscan82.ocx, SOFTWIN>
[CKAVReportCtrl Object]
{6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[TECollaboration.FlyFile]
{641ECCA4-28F2-4AE0-90E6-3152E62AFCA2} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[Comunication Class]
{662CB034-1B5F-46DE-83C8-8BDCA1424856} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\SLCU.dll, >
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.>
[FVGps Class]
{765FB9BF-38D5-4678-9BD0-40DDE72906ED} <C:\Program Files\Skyline\TerraExplorer\Tools\GPSTracking\SkyGps.dll, >
[TECollaboration.Annotation]
{7A412365-8492-42A0-9411-BEE11106AAD6} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[TECollaboration.Chat]
{8120661B-1913-4C41-8C47-A0A9279715C6} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[Navigateur Web Microsoft]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Java Plug-in 1.5.0_10]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.>
[TECollaboration.Projection]
{984E67E2-6C7E-4D87-AC71-A640954D4495} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll, Skyline>
[FileManager Class]
{A3EEA80F-5A77-402B-8A2E-D1D9A08A497C} <C:\Program Files\Skyline\TerraExplorer\Tools\Collaboration\SLFM.dll, >
[IeCatch2 Class]
{A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FlashGet\jccatch.dll, Amaze Soft>
[TETest Class]
{A5606C7C-13E8-4403-B5C1-72CE1AEE1CA2} <C:\Documents and Settings\All Users\Application Data\Skyline\TEDetect.dll, Skyline software systems Inc.>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Fichiers communs\System\msadc\msadco.dll, Microsoft Corporation>
[CreateMPU Class]
{BF001C67-5DEE-40B5-85BE-A5B0E1AA0AD6} <C:\Program Files\Skyline\TerraExplorer\Tools\PyramidTool\SLMPU.dll, >
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__MPEG Moniker Class]
{CD3AFA89-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[FlashGet Bar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, N/A>
[Tout télécharger avec FlashGet]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[Télécharger avec FlashGet]
<C:\Program Files\FlashGet\jc_link.htm, N/A>

==================================
Running Processes
[PID: 1028 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1104 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1128 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.321]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 7.0.1.321]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1172 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.321]
[PID: 1192 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.321]
[PID: 1388 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.321]
[PID: 1484 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.321]
[PID: 1612 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.321]
[PID: 1680 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.321]
[PID: 1816 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.321]
[PID: 1872 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.321]
[PID: 2020 / SYSTEM][C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe] [InterVideo Inc., 1.0.0.1]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\InterVideo\Common\Bin\MpgTsRdr.ax] [N/A, ]
[C:\Program Files\InterVideo\Common\Bin\IVInav.ax] [InterVideo Inc., 8.0.6.104]
[PID: 192 / SYSTEM][C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe] [Nero AG, 5, 5, 1, 23]
[C:\Program Files\Nero\Nero 7\InCD\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Nero\Nero 7\InCD\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Fichiers communs\Ahead\Lib\AdvrCntr2.dll] [Nero AG, 8,6,0, 10800]
[C:\Program Files\Fichiers communs\Ahead\Lib\DriveLocker.dll] [Nero AG, 1, 0, 0, 18]
[C:\Program Files\Nero\Nero 7\InCD\incdshx.dll] [Nero AG, 5, 5, 1, 23]
[C:\Program Files\Nero\Nero 7\InCD\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.321]
[PID: 292 / SYSTEM][C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe] [InterVideo, 1, 0, 1, 0]
[PID: 368 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.9381]
[C:\WINDOWS\system32\nvapi.dll] [N/A, ]
[PID: 428 / SYSTEM][C:\WINDOWS\system32\PnkBstrA.exe] [N/A, ]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.321]
[PID: 556 / SYSTEM][C:\Program Files\CyberLink\Shared Files\RichVideo.exe] [, 2.0.0425 ]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.321]
[PID: 712 / SYSTEM][c:\program files\speed disk\nopdb.exe] [Symantec Corporation, 6.0.0.20]
[c:\program files\speed disk\SDException.dll] [Symantec Corporation, 6.0.0.20]
[c:\program files\speed disk\SDOptions.DLL] [Symantec Corporation, 6.0.0.20]
[PID: 764 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.321]
[PID: 1672 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.321]
[PID: 888 / Administrateur][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.1.321]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400]
[C:\PROGRA~1\FlashGet\jccatch.dll] [Amaze Soft, 1, 1, 4, 0]
[C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll] [N/A, ]
[C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll] [N/A, ]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrgui.dll] [Sony Ericsson Mobile Communications AB, 1, 3, 11, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Sony Ericsson\Mobile2\File Manager\fmgrguil.dll] [Sony Ericsson Mobile Communications AB, 1, 3, 4, 0]
[C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll] [Nero AG, 2, 7, 3, 2]
[C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRA~1\WINZIP\WZSHLSTB.DLL] [WinZip Computing LP, 4.1 (32-bit)]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[PID: 968 / Administrateur][C:\WINDOWS\system32\wscntfy.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.321]
[PID: 3116 / Administrateur][C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe] [Macrovision Corporation, 5, 01, 100, 47363]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.321]
[PID: 3196 / Administrateur][C:\WINDOWS\system32\RunDLL32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.321]
[C:\WINDOWS\system32\NvMCTray.dll] [NVIDIA Corporation, 6.14.10.9381]
[C:\WINDOWS\system32\nvapi.dll] [N/A, ]
[C:\WINDOWS\system32\NVRSFR.DLL] [NVIDIA Corporation, 6.14.10.9381]
[PID: 412 / Administrateur][C:\Program Files\Analog Devices\Core\smax4pnp.exe] [Analog Devices, Inc., 6,0,6000,81]
[C:\Program Files\Analog Devices\Core\SMWDMIF.dll] [Analog Devices, Inc., 6, 0, 6000, 003]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.321]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3232 / Administrateur][C:\Program Files\Analog Devices\SoundMAX\Smax4.exe] [Analog Devices, Inc., 5, 2, 0, 30]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.321]
[PID: 3288 / Administrateur][C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe] [Cyberlink Corp., 7.00.2406]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Cyberlink\PowerDVD\CLRCEngine3.dll] [CyberLink Corp., 7.00.1711 ]
[C:\Program Files\Cyberlink\PowerDVD\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[PID: 3384 / Administrateur][C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe] [Nero AG, 2,0,5,0]
[C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Fichiers communs\Ahead\Lib\AdvrCntr2.dll] [Nero AG, 8,6,0, 10800]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingServicePS.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvrPS.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMDataServices.dll] [Nero AG, 2,0,5,0]
[PID: 3396 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.321]
[PID: 3448 / SYSTEM][C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe] [Nero AG, 2,0,5,0]
[C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingServicePS.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMLogCxx.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Fichiers communs\Ahead\Lib\log4cxx.dll] [Nero AG, 1, 0, 0, 0]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMDataServices.dll] [Nero AG, 2,0,5,0]
[PID: 3740 / Administrateur][C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe] [Nero AG, 2,0,5,0]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMSQLDB.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Fichiers communs\Ahead\Lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Fichiers communs\Ahead\Lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMLogCxx.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Fichiers communs\Ahead\Lib\log4cxx.dll] [Nero AG, 1, 0, 0, 0]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.321]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingServicePS.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMCoFoundation.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMFullTextExtraction.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMSearchPluginSimilarImages.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Fichiers communs\Ahead\Lib\NeroIPP.dll] [Nero AG, 4,9,4,1]
[C:\Program Files\Fichiers communs\Ahead\Lib\NMDataServices.dll] [Nero AG, 2,0,5,0]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\oeas.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.1.321]
[PID: 396 / Administrateur][C:\Program Files\MagicDisc\MagicDisc.exe] [MagicISO, Inc., 2.5.0.79]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.321]
[PID: 2228 / Administrateur][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll] [Sun Microsystems, Inc., 5.0.100.3]
[C:\PROGRA~1\FlashGet\jccatch.dll] [Amaze Soft, 1, 1, 4, 0]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.321]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\msxml4.dll] [Microsoft Corporation, 4.20.9818.0]
[C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll] [N/A, ]
[C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll] [N/A, ]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 1.1.4322.2032]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Shfusion.dll] [Microsoft Corporation, 1.1.4322.573]
[PID: 3264 / Administrateur][C:\Documents and Settings\Administrateur\Bureau\sreng2\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900]
[C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Documents and Settings\Administrateur\Bureau\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\miscr3.dll] [Kaspersky Lab, 7.0.1.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\fssync.dll] [Kaspersky Lab, 7.0.5.321]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\dnsq.dll] [Kaspersky Lab, 7.0.1.321]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 368, C:\WINDOWS\SYSTEM32\NVSVC32.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 888, C:\WINDOWS\EXPLORER.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3232, C:\PROGRAM FILES\ANALOG DEVICES\SOUNDMAX\SMAX4.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 396, C:\PROGRAM FILES\MAGICDISC\MAGICDISC.EXE]

==================================
API HOOK
RVA Error: LoadLibraryA (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA Error: LoadLibraryExA (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA Error: LoadLibraryExW (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA Error: LoadLibraryW (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA Error: GetProcAddress (Dangerous Level: High, Hooked by Module: \??\C:\WINDOWS\system32\drivers\klif.sys)

==================================
Hidden Process
N/A

==================================


[/CODE]