PC qui rame a gogo

nichotV Messages postés 18 Statut Membre -  
nichotV Messages postés 18 Statut Membre -
Bonjour,
J'ai le PC de mon boulot qui rame a gogo, j'ai fait une analyse avec Bidefender, et ile me trouve 2 virus qu'il ne peut pas supprimer, voici sont rapport :

//-----------------------------------------------------------------
//
// Produit BitDefender Free Edition v10
// Produit 10.2
//
// Créé le: 15/02/2008 15:35:25
//
//-----------------------------------------------------------------

Statistiques

Chemin cible: C:\
Dossiers : 5608
Fichiers : 236689
Processus Mémoire analysés : 39
Archives : 1573
Fichiers enpaquetés : 8862
Virus trouvés : 3
Fichiers infectés : 4
Processus Mémoire infectés : 0
Fichiers suspects : 0
Alertes : 0
Fichiers désinfectés : 0
Fichiers effacés : 3
Fichiers déplacés : 0
Erreurs I/O : 1074
Temps d'analyse :=01:51:20
Fichiers/seconde :35

Statistiques Spywares

Registres analysés : 310
Registres infectés : 1
Cookies analysés : 28
Cookies infectés : 0
Fichiers spyware infectés : 0
Menaces Spyware détectées : 1

Définitions virus : 980960
Plugins d'analyse : 16
Plugins archives : 41
Plug-ins décompression : 7
Plug-ins messagerie : 6
Plug-ins système : 5

Options d'analyse

Détection
[X] Analyser le secteur de boot
[X] Processus mémoire
[X] Analyser les archives
[X] Analyser les fichiers enpaquetés
[X] Analyser la messagerie

Masque fichiers
[ ] Programmes
[X] Tous les fichiers
[ ] Extensions définies par l'utilisateur:
[ ] Exclure les extensions: ;

Action

Objets infectés
[ ] Ignorer
[ ] Désinfecter
[X] Effacer
[ ] Mettre en quarantaine
[ ] Demander l'action

Seconde action
[ ] Ignorer
[X] Effacer
[ ] Mettre en quarantaine
[ ] Demander l'action

Options d'analyse
[X] Activer les alertes
[X] Activer l'heuristique
[X] Afficher tous les fichiers dans le journal
[X] Fichier journal: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1203086125.log

Options d'analyse Spyware

[X] Analyse contre les risques non-viraux
[ ] Ecarter de l'analyse les dialers et les applications
[X] Clés de registres
[X] Cookies

Résumé:

<System>=>HKEY_USERS\S-1-5-21-1715567821-861567501-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Firewall auto setup=>C:\DOCUME~1\VAUDAU~1\LOCALS~1\TEMP\WINLOGON.EXE Détecté: Trojan.Dropper.LDPinch.Q
<System>=>HKEY_USERS\S-1-5-21-1715567821-861567501-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Firewall auto setup=>C:\DOCUME~1\VAUDAU~1\LOCALS~1\TEMP\WINLOGON.EXE Effacé
<System> La recompression des archives a échoué (actions marquées non effectuées)
C:\Documents and Settings\VAUDAUX SA\Local Settings\Temp\qrjatydi.exe Infecté: Trojan.FakeAlert.PS
C:\Documents and Settings\VAUDAUX SA\Local Settings\Temp\qrjatydi.exe Effacé
C:\Documents and Settings\VAUDAUX SA\Local Settings\Temp\sb8s.1=>(NSIS o)=>lzma_solid_nsis0004 Détecté: Adware.AdRotator.Gen
C:\Documents and Settings\VAUDAUX SA\Local Settings\Temp\sb8s.1=>(NSIS o)=>lzma_solid_nsis0004 Effacé
C:\Documents and Settings\VAUDAUX SA\Local Settings\Temp\sb8s.1=>(NSIS o) La recompression des archives a échoué (actions marquées non effectuées)
C:\WINDOWS\system32\isxrjsws.dll Infecté: Trojan.Vundo.DWB
C:\WINDOWS\system32\isxrjsws.dll Effacement impossible
C:\WINDOWS\system32\isxrjsws.dll Effacement impossible
C:\WINDOWS\system32\sprt_ads.dll Détecté: Adware.AdRotator.Gen
C:\WINDOWS\system32\sprt_ads.dll Effacement impossible
C:\WINDOWS\system32\sprt_ads.dll Effacement impossible

Est ce que quelqu'un a eu deja le meme probleme et comment le resoudre? car ca me ralenti ennormement mon PC.

Par avance merci

--

nichotV
Configuration: Windows XP
Firefox 2.0.0.12

9 réponses

  1. Powax Messages postés 570 Statut Membre 92
     
    J'avais demandé de faire Trojan Remover AVANT HiJackThis ...

    * Tu as 2 anti-virus: AVG et BitDefender, ça crée des conflits

    => désinstalle proprement l'un ou l'autre !

    * Tu n'as pas de pare-feu actif (celui de windows ne compte pas)

    => télécharge et installe:

    http://www.commentcamarche.net/telecharger/telecharger 206 kerio

    * Télécharge VundoFix: http://www.atribune.org/ccount/click.php?id=4

    Double-clique sur VundoFix.exe
    Clique sur le bouton Scan for Vundo
    Si le programme te demande de supprimer des fichiers, dis oui
    Lorsque le programme a fini de scanner ton pc, il doit être éteint, redémarre le.
    Copie/colle le contenu du rapport situé dans C:\vundofix.txt

    * Télécharge Combofix.exe sur ton Bureau: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Déconnecte-toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement
    Double clique sur Combofix.exe
    Mets le en langue française F
    Tape sur la touche 1 (Yes) pour démarrer le scan
    Lorsque le scan sera terminé, un rapport apparaîtra
    Poste le rapport sauvegardé: C:\Combofix.txt

    * Télécharge: http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    Exécute-le, double-clic sur Smitfraudfix.cmd, choisis l’option 1
    Il va générer un rapport : copie/colle son contenu
    1
  2. nichotV Messages postés 18 Statut Membre 26
     
    Un petit UP...

    Par avance merci
    0
  3. Powax Messages postés 570 Statut Membre 92
     
    Bonjour,

    1) télécharge et installe:

    http://www.commentcamarche.net/telecharger/telecharger 34055042 trojan remover

    Scanne et poste le rapport stp

    2) Télécharge HiJackThis:

    http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

    * Dézippe-le dans un dossier prévu à cet effet à la racine du disque. Par exemple C:\hijackthis
    * Exécute-le puis clic sur "Do a system scan and save a logfile"
    * Copie-colle le rapport dans ta prochaine réponse
    0
  4. nichotV Messages postés 18 Statut Membre 26
     
    voici le rapport avec HiJackThis :
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:52:01, on 21/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\WINDOWS\System32\Rundll32.exe
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\VAUDAUX SA\Bureau\trsetup.exe
    C:\DOCUME~1\VAUDAU~1\LOCALS~1\Temp\is-ISFN8.tmp\is-875VV.tmp
    C:\Program Files\Trojan Remover\trupd.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {084412BE-59F0-4913-884E-806A28A9C360} - C:\WINDOWS\system32\ddcyw.dll (file missing)
    O2 - BHO: MySidesearch Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
    O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll
    O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nscD6.dll (file missing)
    O2 - BHO: {6bdab348-3d88-beca-d914-693964ad3ff6} - {6ff3da46-9396-419d-aceb-88d3843badb6} - C:\WINDOWS\system32\gsipbpni.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: superiorads browser enhancer - {79F562E5-768C-4494-8E6C-824ADA4A9C2C} - C:\WINDOWS\system32\sprt_ads.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\isxrjsws.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: e404 helper - {C03FD59D-9104-44B7-929A-9EAA0BA05211} - C:\Program Files\Helper\1202832920.dll
    O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\jkkjkkj.dll (file missing)
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [986fac69] rundll32.exe "C:\WINDOWS\system32\fefmorpb.dll",b
    O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllStart
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\VAUDAU~1\LOCALS~1\Temp\winlogon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: FTP Utility.lnk = C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe
    O4 - Global Startup: Indago Updater.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://charon777.free.fr/plugins/hardwaredetection.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{28DBFA54-1A7D-4E4D-B64C-573B0A3EC3C3}: NameServer = 193.252.19.3,193.252.19.4
    O20 - Winlogon Notify: isxrjsws - C:\WINDOWS\SYSTEM32\isxrjsws.dll
    O20 - Winlogon Notify: jkkjkkj - jkkjkkj.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. nichotV Messages postés 18 Statut Membre 26
     
    voici le rapport avec trojan remover :

    ***** NORMAL SCAN FOR ACTIVE MALWARE *****
    Trojan Remover Ver 6.6.7.2515. For information, email support@simplysup1.com
    [Unregistered version]
    Scan started at: 21/02/2008 13:54:36
    Using Database v6939
    Operating System: Windows XP SP2
    File System: NTFS
    Data directory: C:\Documents and Settings\VAUDAUX SA\Application Data\Simply Super Software\Trojan Remover\
    Logfile directory: C:\Documents and Settings\VAUDAUX SA\Mes documents\Simply Super Software\Trojan Remover Logfiles\
    Program directory: C:\Program Files\Trojan Remover\
    Running with Administrator privileges

    **************************************************
    The following Anti-Malware program(s) are loaded:
    [AV Warnings are suppressed]
    AVG Anti-Virus
    Microsoft Windows Defender

    **************************************************

    **************************************************
    13:54:36: Scanning ----------WIN.INI-----------
    WIN.INI found in C:\WINDOWS

    **************************************************
    13:54:36: Scanning --------SYSTEM.INI---------
    SYSTEM.INI found in C:\WINDOWS

    **************************************************
    13:54:36: ----- SCANNING FOR ROOTKIT SERVICES -----
    No hidden Services were detected.

    **************************************************
    13:54:37: Scanning -----WINDOWS REGISTRY-----
    --------------------
    Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
    This key's "Shell" value calls the following program(s):
    File: Explorer.exe
    C:\WINDOWS\Explorer.exe
    1037312 bytes
    Created: 05/08/2004
    Modified: 13/06/2007
    Company: Microsoft Corporation
    ----------
    This key's "Userinit" value calls the following program(s):
    File: C:\WINDOWS\system32\userinit.exe
    C:\WINDOWS\system32\userinit.exe
    25088 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    This key's "System" value appears to be blank
    ----------
    This key's "UIHost" value calls the following program:
    File: logonui.exe
    C:\WINDOWS\system32\logonui.exe
    515584 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    --------------------
    Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    Value Name: load
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value Name: AVG7_CC
    Value Data: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    579072 bytes
    Created: 30/11/2006
    Modified: 21/12/2007
    Company: GRISOFT, s.r.o.
    --------------------
    Value Name: Acrobat Assistant 7.0
    Value Data: "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    483328 bytes
    Created: 24/09/2005
    Modified: 12/01/2006
    Company: Adobe Systems Inc.
    --------------------
    Value Name:
    Value Data:
    The Value Data for this entry appears to be blank
    --------------------
    Value Name: SunJavaUpdateSched
    Value Data: "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    132496 bytes
    Created: 14/11/2007
    Modified: 25/09/2007
    Company: Sun Microsystems, Inc.
    --------------------
    Value Name: Windows Defender
    Value Data: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    C:\Program Files\Windows Defender\MSASCui.exe
    866584 bytes
    Created: 03/11/2006
    Modified: 03/11/2006
    Company: Microsoft Corporation
    --------------------
    Value Name: TkBellExe
    Value Data: "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    185896 bytes
    Created: 18/01/2007
    Modified: 18/01/2007
    Company: RealNetworks, Inc.
    --------------------
    Value Name: ISUSPM
    Value Data: "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe [file not found to scan]
    --------------------
    Value Name: QuickTime Task
    Value Data: "C:\Program Files\QuickTime\qttask.exe" -atboottime
    C:\Program Files\QuickTime\qttask.exe
    282624 bytes
    Created: 01/09/2006
    Modified: 01/09/2006
    Company: Apple Computer, Inc.
    --------------------
    Value Name: NeroFilterCheck
    Value Data: C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    153136 bytes
    Created: 01/03/2007
    Modified: 01/03/2007
    Company: Nero AG
    --------------------
    Value Name: NBKeyScan
    Value Data: "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
    2213160 bytes
    Created: 03/12/2007
    Modified: 03/12/2007
    Company: Nero AG
    --------------------
    Value Name: 986fac69
    Value Data: rundll32.exe "C:\WINDOWS\system32\fefmorpb.dll",b
    C:\WINDOWS\system32\fefmorpb.dll [file not found to scan]
    --------------------
    Value Name: BDMCon
    Value Data: C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
    290816 bytes
    Created: 02/04/2007
    Modified: 02/04/2007
    Company: SOFTWIN S.R.L.
    --------------------
    Value Name: BDAgent
    Value Data: "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    69632 bytes
    Created: 26/03/2007
    Modified: 26/03/2007
    Company: SOFTWIN S.R.L.
    --------------------
    Value Name: spa_start
    Value Data: C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllStart
    C:\WINDOWS\system32\sprt_ads.dll
    60928 bytes
    Created: 20/02/2008
    Modified: 20/02/2008
    Company:
    --------------------
    Value Name: TrojanScanner
    Value Data: C:\Program Files\Trojan Remover\Trjscan.exe
    C:\Program Files\Trojan Remover\Trjscan.exe
    863824 bytes
    Created: 21/02/2008
    Modified: 21/02/2008
    Company: Simply Super Software
    --------------------
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    This Registry Key appears to be empty
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
    This Registry Key appears to be empty
    --------------------
    Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Value Name: ctfmon.exe
    Value Data: C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\ctfmon.exe
    15360 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Value Name: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
    Value Data: "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    1688872 bytes
    Created: 13/12/2007
    Modified: 13/12/2007
    Company: Nero AG
    --------------------
    Value Name: Firewall auto setup
    Value Data: C:\DOCUME~1\VAUDAU~1\LOCALS~1\Temp\winlogon.exe
    C:\DOCUME~1\VAUDAU~1\LOCALS~1\Temp\winlogon.exe [file not found to scan]
    --------------------
    --------------------
    Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    This Registry Key appears to be empty

    **************************************************
    13:54:38: Scanning -----SHELLEXECUTEHOOKS-----
    ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
    File: shell32.dll - this file is expected and has been left in place
    ----------
    ValueName: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
    Value: Microsoft AntiMalware ShellExecuteHook
    File: C:\PROGRA~1\WINDOW~4\MpShHook.dll
    C:\PROGRA~1\WINDOW~4\MpShHook.dll
    83224 bytes
    Created: 03/11/2006
    Modified: 03/11/2006
    Company: Microsoft Corporation
    ----------

    **************************************************
    13:54:38: Scanning -----HIDDEN REGISTRY ENTRIES-----
    Taskdir check completed
    ----------
    No Hidden File-loading Registry Entries found
    ----------

    **************************************************
    13:54:38: Scanning -----ACTIVE SCREENSAVER-----
    ScreenSaver: C:\WINDOWS\system32\ssmypics.scr
    C:\WINDOWS\system32\ssmypics.scr
    47104 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------

    **************************************************
    13:54:38: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
    Key: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
    Path: C:\WINDOWS\system32\ieudinit.exe
    C:\WINDOWS\system32\ieudinit.exe
    13824 bytes
    Created: 07/11/2006
    Modified: 06/12/2007
    Company: Microsoft Corporation
    ----------
    Key: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
    Path: C:\WINDOWS\inf\unregmp2.exe
    C:\WINDOWS\inf\unregmp2.exe
    318976 bytes
    Created: 05/08/2004
    Modified: 29/06/2007
    Company: Microsoft Corporation
    ----------
    Key: >{26923b43-4d38-484f-9b9e-de460746276c}
    Path: C:\WINDOWS\system32\ie4uinit.exe
    C:\WINDOWS\system32\ie4uinit.exe
    70656 bytes
    Created: 05/08/2004
    Modified: 06/12/2007
    Company: Microsoft Corporation
    ----------
    Key: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
    Path: %systemroot%\system32\shmgrate.exe
    C:\WINDOWS\system32\shmgrate.exe
    42496 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: {2C7339CF-2B09-4501-B3F3-F3508C9228ED}
    Path: %SystemRoot%\system32\regsvr32.exe
    C:\WINDOWS\system32\regsvr32.exe
    12288 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
    Path: %ProgramFiles%\Outlook Express\setup50.exe
    C:\Program Files\Outlook Express\setup50.exe
    73728 bytes
    Created: 29/11/2006
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: {7790769C-0471-11d2-AF11-00C04FA35D02}
    Path: %ProgramFiles%\Outlook Express\setup50.exe
    C:\Program Files\Outlook Express\setup50.exe
    73728 bytes
    Created: 29/11/2006
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: {89820200-ECBD-11cf-8B85-00AA005B4340}
    Path: regsvr32.exe
    C:\WINDOWS\system32\regsvr32.exe
    12288 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: {89820200-ECBD-11cf-8B85-00AA005B4383}
    Path: C:\WINDOWS\system32\ie4uinit.exe
    C:\WINDOWS\system32\ie4uinit.exe
    70656 bytes
    Created: 05/08/2004
    Modified: 06/12/2007
    Company: Microsoft Corporation
    ----------

    **************************************************
    13:54:39: Scanning ----- SERVICEDLL REGISTRY KEYS -----
    Key: Alerter
    Path: %SystemRoot%\system32\alrsvc.dll
    C:\WINDOWS\system32\alrsvc.dll
    17408 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: AppMgmt
    Path: %SystemRoot%\System32\appmgmts.dll
    C:\WINDOWS\System32\appmgmts.dll
    176640 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: AudioSrv
    Path: %SystemRoot%\System32\audiosrv.dll
    C:\WINDOWS\System32\audiosrv.dll
    42496 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: BITS
    Path: C:\WINDOWS\system32\qmgr.dll
    C:\WINDOWS\system32\qmgr.dll
    382464 bytes
    Created: 29/11/2006
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: Browser
    Path: %SystemRoot%\System32\browser.dll
    C:\WINDOWS\System32\browser.dll
    77312 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: CryptSvc
    Path: %SystemRoot%\System32\cryptsvc.dll
    C:\WINDOWS\System32\cryptsvc.dll
    60416 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: DcomLaunch
    Path: %SystemRoot%\system32\rpcss.dll
    C:\WINDOWS\system32\rpcss.dll
    397824 bytes
    Created: 05/08/2004
    Modified: 26/07/2005
    Company: Microsoft Corporation
    --------------------
    Key: Dhcp
    Path: %SystemRoot%\System32\dhcpcsvc.dll
    C:\WINDOWS\System32\dhcpcsvc.dll
    112128 bytes
    Created: 05/08/2004
    Modified: 19/05/2006
    Company: Microsoft Corporation
    --------------------
    Key: dmserver
    Path: %SystemRoot%\System32\dmserver.dll
    C:\WINDOWS\System32\dmserver.dll
    24576 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corp.
    --------------------
    Key: Dnscache
    Path: %SystemRoot%\System32\dnsrslvr.dll
    C:\WINDOWS\System32\dnsrslvr.dll
    45568 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: ERSvc
    Path: %SystemRoot%\System32\ersvc.dll
    C:\WINDOWS\System32\ersvc.dll
    23040 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: EventSystem
    Path: C:\WINDOWS\system32\es.dll
    C:\WINDOWS\system32\es.dll
    243200 bytes
    Created: 05/08/2004
    Modified: 26/07/2005
    Company: Microsoft Corporation
    --------------------
    Key: FastUserSwitchingCompatibility
    Path: %SystemRoot%\System32\shsvcs.dll
    C:\WINDOWS\System32\shsvcs.dll
    135168 bytes
    Created: 05/08/2004
    Modified: 19/12/2006
    Company: Microsoft Corporation
    --------------------
    Key: helpsvc
    Path: %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    38912 bytes
    Created: 29/11/2006
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: HidServ
    %SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
    --------------------
    Key: HTTPFilter
    Path: %SystemRoot%\System32\w3ssl.dll
    C:\WINDOWS\System32\w3ssl.dll
    15872 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: lanmanserver
    Path: %SystemRoot%\System32\srvsvc.dll
    C:\WINDOWS\System32\srvsvc.dll
    96768 bytes
    Created: 05/08/2004
    Modified: 07/12/2004
    Company: Microsoft Corporation
    --------------------
    Key: lanmanworkstation
    Path: %SystemRoot%\System32\wkssvc.dll
    C:\WINDOWS\System32\wkssvc.dll
    132096 bytes
    Created: 05/08/2004
    Modified: 17/08/2006
    Company: Microsoft Corporation
    --------------------
    Key: LmHosts
    Path: %SystemRoot%\System32\lmhsvc.dll
    C:\WINDOWS\System32\lmhsvc.dll
    13824 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: Messenger
    Path: %SystemRoot%\System32\msgsvc.dll
    C:\WINDOWS\System32\msgsvc.dll
    33792 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: Netman
    Path: %SystemRoot%\System32\netman.dll
    C:\WINDOWS\System32\netman.dll
    197632 bytes
    Created: 05/08/2004
    Modified: 22/08/2005
    Company: Microsoft Corporation
    --------------------
    Key: Nla
    Path: %SystemRoot%\System32\mswsock.dll
    C:\WINDOWS\System32\mswsock.dll
    247808 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: NtmsSvc
    Path: %SystemRoot%\system32\ntmssvc.dll
    C:\WINDOWS\system32\ntmssvc.dll
    438272 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: RasAuto
    Path: %SystemRoot%\System32\rasauto.dll
    C:\WINDOWS\System32\rasauto.dll
    89088 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: RasMan
    Path: %SystemRoot%\System32\rasmans.dll
    C:\WINDOWS\System32\rasmans.dll
    181248 bytes
    Created: 05/08/2004
    Modified: 22/06/2006
    Company: Microsoft Corporation
    --------------------
    Key: RemoteAccess
    Path: %SystemRoot%\System32\mprdim.dll
    C:\WINDOWS\System32\mprdim.dll
    49152 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: RemoteRegistry
    Path: %SystemRoot%\system32\regsvc.dll
    C:\WINDOWS\system32\regsvc.dll
    59904 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: RpcSs
    Path: %SystemRoot%\system32\rpcss.dll
    C:\WINDOWS\system32\rpcss.dll
    397824 bytes
    Created: 05/08/2004
    Modified: 26/07/2005
    Company: Microsoft Corporation
    --------------------
    Key: Schedule
    Path: %SystemRoot%\system32\schedsvc.dll
    C:\WINDOWS\system32\schedsvc.dll
    193024 bytes
    Created: 29/11/2006
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: seclogon
    Path: %SystemRoot%\System32\seclogon.dll
    C:\WINDOWS\System32\seclogon.dll
    18944 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: SENS
    Path: %SystemRoot%\system32\sens.dll
    C:\WINDOWS\system32\sens.dll
    38912 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: SharedAccess
    Path: %SystemRoot%\System32\ipnathlp.dll
    C:\WINDOWS\System32\ipnathlp.dll
    332800 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: ShellHWDetection
    Path: %SystemRoot%\System32\shsvcs.dll
    C:\WINDOWS\System32\shsvcs.dll
    135168 bytes
    Created: 05/08/2004
    Modified: 19/12/2006
    Company: Microsoft Corporation
    --------------------
    Key: srservice
    Path: C:\WINDOWS\system32\srsvc.dll
    C:\WINDOWS\system32\srsvc.dll
    171008 bytes
    Created: 29/11/2006
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: SSDPSRV
    Path: %SystemRoot%\System32\ssdpsrv.dll
    C:\WINDOWS\System32\ssdpsrv.dll
    71680 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: stisvc
    Path: %SystemRoot%\system32\wiaservc.dll
    C:\WINDOWS\system32\wiaservc.dll
    334336 bytes
    Created: 05/08/2004
    Modified: 19/12/2006
    Company: Microsoft Corporation
    --------------------
    Key: TapiSrv
    Path: %SystemRoot%\System32\tapisrv.dll
    C:\WINDOWS\System32\tapisrv.dll
    249344 bytes
    Created: 05/08/2004
    Modified: 08/07/2005
    Company: Microsoft Corporation
    --------------------
    Key: TermService
    Path: %SystemRoot%\System32\termsrv.dll
    C:\WINDOWS\System32\termsrv.dll
    297984 bytes
    Created: 29/11/2006
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: Themes
    Path: %SystemRoot%\System32\shsvcs.dll
    C:\WINDOWS\System32\shsvcs.dll
    135168 bytes
    Created: 05/08/2004
    Modified: 19/12/2006
    Company: Microsoft Corporation
    --------------------
    Key: TrkWks
    Path: %SystemRoot%\system32\trkwks.dll
    C:\WINDOWS\system32\trkwks.dll
    90624 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: upnphost
    Path: %SystemRoot%\System32\upnphost.dll
    C:\WINDOWS\System32\upnphost.dll
    185344 bytes
    Created: 05/08/2004
    Modified: 05/02/2007
    Company: Microsoft Corporation
    --------------------
    Key: W32Time
    Path: C:\WINDOWS\system32\w32time.dll
    C:\WINDOWS\system32\w32time.dll
    177664 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: WebClient
    Path: %SystemRoot%\System32\webclnt.dll
    C:\WINDOWS\System32\webclnt.dll
    68096 bytes
    Created: 05/08/2004
    Modified: 04/01/2006
    Company: Microsoft Corporation
    --------------------
    Key: winmgmt
    Path: %SystemRoot%\system32\wbem\WMIsvc.dll
    C:\WINDOWS\system32\wbem\WMIsvc.dll
    145408 bytes
    Created: 29/11/2006
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: WmdmPmSN
    Path: C:\WINDOWS\system32\MsPMSNSv.dll
    C:\WINDOWS\system32\MsPMSNSv.dll
    27136 bytes
    Created: 05/08/2004
    Modified: 18/10/2006
    Company: Microsoft Corporation
    --------------------
    Key: Wmi
    Path: %SystemRoot%\System32\advapi32.dll
    C:\WINDOWS\System32\advapi32.dll
    685056 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: wscsvc
    Path: %SYSTEMROOT%\system32\wscsvc.dll
    C:\WINDOWS\system32\wscsvc.dll
    81408 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: wuauserv
    Path: C:\WINDOWS\system32\wuauserv.dll
    C:\WINDOWS\system32\wuauserv.dll
    6656 bytes
    Created: 29/11/2006
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: WudfSvc
    Path: %SystemRoot%\System32\WUDFSvc.dll
    C:\WINDOWS\System32\WUDFSvc.dll
    55808 bytes
    Created: 28/09/2006
    Modified: 28/09/2006
    Company: Microsoft Corporation
    --------------------
    Key: WZCSVC
    Path: %SystemRoot%\System32\wzcsvc.dll
    C:\WINDOWS\System32\wzcsvc.dll
    359936 bytes
    Created: 04/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------
    Key: xmlprov
    Path: %SystemRoot%\System32\xmlprov.dll
    C:\WINDOWS\System32\xmlprov.dll
    129536 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    --------------------

    **************************************************
    13:54:42: Scanning ----- SERVICES REGISTRY KEYS -----
    Key: ACPI
    ImagePath: system32\DRIVERS\ACPI.sys
    C:\WINDOWS\system32\DRIVERS\ACPI.sys
    188672 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: Adobe LM Service
    ImagePath: "C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe"
    C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    69632 bytes
    Created: 30/11/2006
    Modified: 30/11/2006
    Company: Adobe Systems
    ----------
    Key: aeaudio
    ImagePath: system32\drivers\aeaudio.sys
    C:\WINDOWS\system32\drivers\aeaudio.sys
    4816 bytes
    Created: 30/11/2006
    Modified: 01/04/2002
    Company: Andrea Electronics Corporation
    ----------
    Key: aec
    ImagePath: system32\drivers\aec.sys
    C:\WINDOWS\system32\drivers\aec.sys
    142464 bytes
    Created: 30/11/2006
    Modified: 15/02/2006
    Company: Microsoft Corporation
    ----------
    Key: AFD
    ImagePath: \SystemRoot\System32\drivers\afd.sys
    C:\WINDOWS\System32\drivers\afd.sys
    138496 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: ALG
    ImagePath: %SystemRoot%\System32\alg.exe
    C:\WINDOWS\System32\alg.exe
    44544 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: aspnet_state
    ImagePath: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
    C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
    32768 bytes
    Created: 15/07/2004
    Modified: 15/07/2004
    Company: Microsoft Corporation
    ----------
    Key: AsyncMac
    ImagePath: system32\DRIVERS\asyncmac.sys
    C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    14336 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: atapi
    ImagePath: system32\DRIVERS\atapi.sys
    C:\WINDOWS\system32\DRIVERS\atapi.sys
    95360 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: Atmarpc
    ImagePath: system32\DRIVERS\atmarpc.sys
    C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    59904 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: audstub
    ImagePath: system32\DRIVERS\audstub.sys
    C:\WINDOWS\system32\DRIVERS\audstub.sys
    3072 bytes
    Created: 29/11/2006
    Modified: 17/08/2001
    Company: Microsoft Corporation
    ----------
    Key: Avg7Alrt
    ImagePath: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    418816 bytes
    Created: 30/11/2006
    Modified: 25/10/2007
    Company: GRISOFT, s.r.o.
    ----------
    Key: Avg7Core
    ImagePath: \SystemRoot\System32\Drivers\avg7core.sys
    C:\WINDOWS\System32\Drivers\avg7core.sys
    821856 bytes
    Created: 30/11/2006
    Modified: 25/10/2007
    Company: GRISOFT, s.r.o.
    ----------
    Key: Avg7RsW
    ImagePath: \SystemRoot\System32\Drivers\avg7rsw.sys
    C:\WINDOWS\System32\Drivers\avg7rsw.sys
    4224 bytes
    Created: 30/11/2006
    Modified: 30/11/2006
    Company: GRISOFT, s.r.o.
    ----------
    Key: Avg7RsXP
    ImagePath: \SystemRoot\System32\Drivers\avg7rsxp.sys
    C:\WINDOWS\System32\Drivers\avg7rsxp.sys
    27776 bytes
    Created: 30/11/2006
    Modified: 24/02/2007
    Company: GRISOFT, s.r.o.
    ----------
    Key: Avg7UpdSvc
    ImagePath: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    49664 bytes
    Created: 30/11/2006
    Modified: 30/11/2006
    Company: GRISOFT, s.r.o.
    ----------
    Key: AvgClean
    ImagePath: \SystemRoot\System32\Drivers\avgclean.sys
    C:\WINDOWS\System32\Drivers\avgclean.sys
    10760 bytes
    Created: 30/11/2006
    Modified: 21/12/2007
    Company: GRISOFT, s.r.o.
    ----------
    Key: AVGEMS
    ImagePath: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    406528 bytes
    Created: 30/11/2006
    Modified: 21/12/2007
    Company: GRISOFT, s.r.o.
    ----------
    Key: AvgTdi
    ImagePath: \SystemRoot\System32\Drivers\avgtdi.sys
    C:\WINDOWS\System32\Drivers\avgtdi.sys
    4960 bytes
    Created: 30/11/2006
    Modified: 30/11/2006
    Company: GRISOFT, s.r.o.
    ----------
    Key: bdfdll
    ImagePath: \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys
    C:\Program Files\Softwin\BitDefender10\bdfdll.sys
    8704 bytes
    Created: 04/12/2006
    Modified: 04/12/2006
    Company:
    ----------
    Key: BDRsDrv
    ImagePath: \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys
    C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys - this registry value has been removed [file not found to scan]
    ERROR: Unhandled Exception calling in procedure ScanForm.WriteToRegValRemoveFile
    ----------
    Key: bdss
    ImagePath: "C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service
    C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
    81920 bytes
    Created: 19/01/2007
    Modified: 19/01/2007
    Company:
    ----------
    Key: Cdrom
    ImagePath: system32\DRIVERS\cdrom.sys
    C:\WINDOWS\system32\DRIVERS\cdrom.sys
    49536 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: CiSvc
    ImagePath: %SystemRoot%\system32\cisvc.exe
    C:\WINDOWS\system32\cisvc.exe
    5632 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: ClipSrv
    ImagePath: %SystemRoot%\system32\clipsrv.exe
    C:\WINDOWS\system32\clipsrv.exe
    33280 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: COMSysApp
    ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    C:\WINDOWS\system32\dllhost.exe
    5120 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: diperto5c29-39cf
    ImagePath: \??\C:\WINDOWS\system32\diperto5c29-39cf.sys
    C:\WINDOWS\system32\diperto5c29-39cf.sys - this registry value has been removed [file not found to scan]
    ERROR: Unhandled Exception calling in procedure ScanForm.WriteToRegValRemoveFile
    ----------
    Key: Disk
    ImagePath: system32\DRIVERS\disk.sys
    C:\WINDOWS\system32\DRIVERS\disk.sys
    36352 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: dmadmin
    ImagePath: %SystemRoot%\System32\dmadmin.exe /com
    C:\WINDOWS\System32\dmadmin.exe
    225280 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corp., Veritas Software
    ----------
    Key: dmboot
    ImagePath: System32\drivers\dmboot.sys
    C:\WINDOWS\System32\drivers\dmboot.sys
    800256 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corp., Veritas Software
    ----------
    Key: dmio
    ImagePath: System32\drivers\dmio.sys
    C:\WINDOWS\System32\drivers\dmio.sys
    154496 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corp., Veritas Software
    ----------
    Key: dmload
    ImagePath: System32\drivers\dmload.sys
    C:\WINDOWS\System32\drivers\dmload.sys
    5888 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corp., Veritas Software.
    ----------
    Key: DMusic
    ImagePath: system32\drivers\DMusic.sys
    C:\WINDOWS\system32\drivers\DMusic.sys
    52864 bytes
    Created: 30/11/2006
    Modified: 03/08/2004
    Company: Microsoft Corporation
    ----------
    Key: drmkaud
    ImagePath: system32\drivers\drmkaud.sys
    C:\WINDOWS\system32\drivers\drmkaud.sys
    2944 bytes
    Created: 30/11/2006
    Modified: 03/08/2004
    Company: Microsoft Corporation
    ----------
    Key: Esdpdx01
    ImagePath: \??\C:\WINDOWS\system32\Drivers\ESDPDX01.SYS
    C:\WINDOWS\system32\Drivers\ESDPDX01.SYS
    58314 bytes
    Created: 28/11/2002
    Modified: 28/11/2002
    Company: MK Systems CO., LTD.
    ----------
    Key: Eventlog
    ImagePath: %SystemRoot%\system32\services.exe
    C:\WINDOWS\system32\services.exe
    108544 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: Fdc
    ImagePath: system32\DRIVERS\fdc.sys
    C:\WINDOWS\system32\DRIVERS\fdc.sys
    27392 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: Flpydisk
    ImagePath: system32\DRIVERS\flpydisk.sys
    C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    20480 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: FltMgr
    ImagePath: system32\DRIVERS\fltMgr.sys
    C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    128896 bytes
    Created: 29/11/2006
    Modified: 21/08/2006
    Company: Microsoft Corporation
    ----------
    Key: Ftdisk
    ImagePath: system32\DRIVERS\ftdisk.sys
    C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    126080 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: gagp30kx
    ImagePath: system32\DRIVERS\gagp30kx.sys
    C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
    46464 bytes
    Created: 29/11/2006
    Modified: 04/08/2004
    Company: Microsoft Corporation
    ----------
    Key: Gpc
    ImagePath: system32\DRIVERS\msgpc.sys
    C:\WINDOWS\system32\DRIVERS\msgpc.sys
    35072 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: HidUsb
    ImagePath: system32\DRIVERS\hidusb.sys
    C:\WINDOWS\system32\DRIVERS\hidusb.sys
    9600 bytes
    Created: 01/12/2006
    Modified: 17/08/2001
    Company: Microsoft Corporation
    ----------
    Key: HTTP
    ImagePath: System32\Drivers\HTTP.sys
    C:\WINDOWS\System32\Drivers\HTTP.sys
    262784 bytes
    Created: 05/08/2004
    Modified: 17/03/2006
    Company: Microsoft Corporation
    ----------
    Key: i8042prt
    ImagePath: system32\DRIVERS\i8042prt.sys
    C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    54400 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: Imapi
    ImagePath: system32\DRIVERS\imapi.sys
    C:\WINDOWS\system32\DRIVERS\imapi.sys
    41856 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: ImapiService
    ImagePath: C:\WINDOWS\system32\imapi.exe
    C:\WINDOWS\system32\imapi.exe
    150016 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: Ip6Fw
    ImagePath: system32\DRIVERS\Ip6Fw.sys
    C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    29056 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: IpFilterDriver
    ImagePath: system32\DRIVERS\ipfltdrv.sys
    C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    32896 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: IpInIp
    ImagePath: system32\DRIVERS\ipinip.sys
    C:\WINDOWS\system32\DRIVERS\ipinip.sys
    20992 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: IpNat
    ImagePath: system32\DRIVERS\ipnat.sys
    C:\WINDOWS\system32\DRIVERS\ipnat.sys
    134912 bytes
    Created: 05/08/2004
    Modified: 29/09/2004
    Company: Microsoft Corporation
    ----------
    Key: iPod Service
    ImagePath: "C:\Program Files\iPod\bin\iPodService.exe"
    C:\Program Files\iPod\bin\iPodService.exe - this registry value has been removed [file not found to scan]
    ERROR: Unhandled Exception calling in procedure ScanForm.WriteToRegValRemoveFile
    ----------
    Key: IPSec
    ImagePath: system32\DRIVERS\ipsec.sys
    C:\WINDOWS\system32\DRIVERS\ipsec.sys
    74752 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: IRENUM
    ImagePath: system32\DRIVERS\irenum.sys
    C:\WINDOWS\system32\DRIVERS\irenum.sys
    11264 bytes
    Created: 29/11/2006
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: isapnp
    ImagePath: system32\DRIVERS\isapnp.sys
    C:\WINDOWS\system32\DRIVERS\isapnp.sys
    36224 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: Kbdclass
    ImagePath: system32\DRIVERS\kbdclass.sys
    C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    25216 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: kmixer
    ImagePath: system32\drivers\kmixer.sys
    C:\WINDOWS\system32\drivers\kmixer.sys
    172416 bytes
    Created: 30/11/2006
    Modified: 14/06/2006
    Company: Microsoft Corporation
    ----------
    Key: LIVESRV
    ImagePath: "C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service
    C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
    237568 bytes
    Created: 22/10/2007
    Modified: 22/10/2007
    Company: SOFTWIN S.R.L.
    ----------
    Key: MDM
    ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE"
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    322120 bytes
    Created: 19/06/2003
    Modified: 19/06/2003
    Company: Microsoft Corporation
    ----------
    Key: mnmsrvc
    ImagePath: C:\WINDOWS\system32\mnmsrvc.exe
    C:\WINDOWS\system32\mnmsrvc.exe
    32768 bytes
    Created: 29/11/2006
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: Mouclass
    ImagePath: system32\DRIVERS\mouclass.sys
    C:\WINDOWS\system32\DRIVERS\mouclass.sys
    23680 bytes
    Created: 04/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: mouhid
    ImagePath: system32\DRIVERS\mouhid.sys
    C:\WINDOWS\system32\DRIVERS\mouhid.sys
    12288 bytes
    Created: 01/12/2006
    Modified: 23/08/2001
    Company: Microsoft Corporation
    ----------
    Key: MRxDAV
    ImagePath: system32\DRIVERS\mrxdav.sys
    C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    179584 bytes
    Created: 05/08/2004
    Modified: 18/12/2007
    Company: Microsoft Corporation
    ----------
    Key: MRxSmb
    ImagePath: system32\DRIVERS\mrxsmb.sys
    C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    453120 bytes
    Created: 05/08/2004
    Modified: 05/05/2006
    Company: Microsoft Corporation
    ----------
    Key: MSDTC
    ImagePath: C:\WINDOWS\system32\msdtc.exe
    C:\WINDOWS\system32\msdtc.exe
    6144 bytes
    Created: 29/11/2006
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: MSIServer
    ImagePath: C:\WINDOWS\system32\msiexec.exe /V
    C:\WINDOWS\system32\msiexec.exe
    78848 bytes
    Created: 05/08/2004
    Modified: 04/05/2005
    Company: Microsoft Corporation
    ----------
    Key: MSKSSRV
    ImagePath: system32\drivers\MSKSSRV.sys
    C:\WINDOWS\system32\drivers\MSKSSRV.sys
    7552 bytes
    Created: 30/11/2006
    Modified: 03/08/2004
    Company: Microsoft Corporation
    ----------
    Key: MSPCLOCK
    ImagePath: system32\drivers\MSPCLOCK.sys
    C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    5376 bytes
    Created: 30/11/2006
    Modified: 03/08/2004
    Company: Microsoft Corporation
    ----------
    Key: MSPQM
    ImagePath: system32\drivers\MSPQM.sys
    C:\WINDOWS\system32\drivers\MSPQM.sys
    4992 bytes
    Created: 30/11/2006
    Modified: 03/08/2004
    Company: Microsoft Corporation
    ----------
    Key: mssmbios
    ImagePath: system32\DRIVERS\mssmbios.sys
    C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    15488 bytes
    Created: 04/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: MSSQL$MICROSOFTSMLBIZ
    ImagePath: "C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    9150464 bytes
    Created: 04/05/2005
    Modified: 04/05/2005
    Company: Microsoft Corporation
    ----------
    Key: MSSQLServerADHelper
    ImagePath: "C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe"
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
    73728 bytes
    Created: 03/05/2005
    Modified: 03/05/2005
    Company: Microsoft Corporation
    ----------
    Key: msupdate
    ImagePath: c:\windows\system32\msvcrtd.exe
    c:\windows\system32\msvcrtd.exe
    35840 bytes
    Created: 12/02/2008
    Modified: 12/02/2008
    Company:
    c:\windows\system32\msvcrtd.exe appears to be in-use/locked
    c:\windows\system32\msvcrtd.exe - this registry value has been removed
    ERROR: Unhandled Exception calling in procedure ScanForm.WriteToRegValRemoveFile
    c:\windows\system32\msvcrtd.exe - process is either not running or could not be terminated
    c:\windows\system32\msvcrtd.exe - file ownership assigned to: PC-VTE-2\VAUDAUX SA
    c:\windows\system32\msvcrtd.exe - process is either not running or could not be terminated
    ERROR: Unhandled Exception calling TFileStream.Create/Free in procedure MainForm.ExtractFileFromResource
    [File Utility could not be created]
    [Error initialising File Utility]
    c:\windows\system32\msvcrtd.exe - marked for renaming when the PC is restarted
    ----------
    Key: NdisTapi
    ImagePath: system32\DRIVERS\ndistapi.sys
    C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    9600 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: Ndisuio
    ImagePath: system32\DRIVERS\ndisuio.sys
    C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    12928 bytes
    Created: 04/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: NdisWan
    ImagePath: system32\DRIVERS\ndiswan.sys
    C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    91776 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: NetBIOS
    ImagePath: system32\DRIVERS\netbios.sys
    C:\WINDOWS\system32\DRIVERS\netbios.sys
    34560 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: NetBT
    ImagePath: system32\DRIVERS\netbt.sys
    C:\WINDOWS\system32\DRIVERS\netbt.sys
    162816 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: NetDDE
    ImagePath: %SystemRoot%\system32\netdde.exe
    C:\WINDOWS\system32\netdde.exe
    114176 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: NetDDEdsdm
    ImagePath: %SystemRoot%\system32\netdde.exe
    C:\WINDOWS\system32\netdde.exe
    114176 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: Netlogon
    ImagePath: %SystemRoot%\system32\lsass.exe
    C:\WINDOWS\system32\lsass.exe
    13312 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: NtLmSsp
    ImagePath: %SystemRoot%\system32\lsass.exe
    C:\WINDOWS\system32\lsass.exe
    13312 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: nv
    ImagePath: system32\DRIVERS\nv4_mini.sys
    C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    1897408 bytes
    Created: 29/11/2006
    Modified: 03/08/2004
    Company: NVIDIA Corporation
    ----------
    Key: NwlnkFlt
    ImagePath: system32\DRIVERS\nwlnkflt.sys
    C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    12416 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: NwlnkFwd
    ImagePath: system32\DRIVERS\nwlnkfwd.sys
    C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    32512 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: ose
    ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
    C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
    89136 bytes
    Created: 28/07/2003
    Modified: 28/07/2003
    Company: Microsoft Corporation
    ----------
    Key: Parport
    ImagePath: system32\DRIVERS\parport.sys
    C:\WINDOWS\system32\DRIVERS\parport.sys
    80384 bytes
    Created: 04/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: PCI
    ImagePath: system32\DRIVERS\pci.sys
    C:\WINDOWS\system32\DRIVERS\pci.sys
    68608 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: PlugPlay
    ImagePath: %SystemRoot%\system32\services.exe
    C:\WINDOWS\system32\services.exe
    108544 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: PolicyAgent
    ImagePath: %SystemRoot%\system32\lsass.exe
    C:\WINDOWS\system32\lsass.exe
    13312 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: PptpMiniport
    ImagePath: system32\DRIVERS\raspptp.sys
    C:\WINDOWS\system32\DRIVERS\raspptp.sys
    48384 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: Processor
    ImagePath: system32\DRIVERS\processr.sys
    C:\WINDOWS\system32\DRIVERS\processr.sys
    39552 bytes
    Created: 04/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: Profos
    ImagePath: \??\C:\PROGRA~1\Softwin\BITDEF~1\profos.sys
    C:\PROGRA~1\Softwin\BITDEF~1\profos.sys
    13568 bytes
    Created: 19/08/2006
    Modified: 19/08/2006
    Company:
    ----------
    Key: ProtectedStorage
    ImagePath: %SystemRoot%\system32\lsass.exe
    C:\WINDOWS\system32\lsass.exe
    13312 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: PSched
    ImagePath: system32\DRIVERS\psched.sys
    C:\WINDOWS\system32\DRIVERS\psched.sys
    69120 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: Ptilink
    ImagePath: system32\DRIVERS\ptilink.sys
    C:\WINDOWS\system32\DRIVERS\ptilink.sys
    17792 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Parallel Technologies, Inc.
    ----------
    Key: RasAcd
    ImagePath: system32\DRIVERS\rasacd.sys
    C:\WINDOWS\system32\DRIVERS\rasacd.sys
    8832 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: Rasl2tp
    ImagePath: system32\DRIVERS\rasl2tp.sys
    C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    51328 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: RasPppoe
    ImagePath: system32\DRIVERS\raspppoe.sys
    C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    41472 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: Raspti
    ImagePath: system32\DRIVERS\raspti.sys
    C:\WINDOWS\system32\DRIVERS\raspti.sys
    16512 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: Rdbss
    ImagePath: system32\DRIVERS\rdbss.sys
    C:\WINDOWS\system32\DRIVERS\rdbss.sys
    174592 bytes
    Created: 05/08/2004
    Modified: 05/05/2006
    Company: Microsoft Corporation
    ----------
    Key: RDPCDD
    ImagePath: System32\DRIVERS\RDPCDD.sys
    C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
    4224 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: rdpdr
    ImagePath: system32\DRIVERS\rdpdr.sys
    C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    196864 bytes
    Created: 29/11/2006
    Modified: 03/08/2004
    Company: Microsoft Corporation
    ----------
    Key: RDSessMgr
    ImagePath: C:\WINDOWS\system32\sessmgr.exe
    C:\WINDOWS\system32\sessmgr.exe
    142336 bytes
    Created: 29/11/2006
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: redbook
    ImagePath: system32\DRIVERS\redbook.sys
    C:\WINDOWS\system32\DRIVERS\redbook.sys
    58496 bytes
    Created: 29/11/2006
    Modified: 04/08/2004
    Company: Microsoft Corporation
    ----------
    Key: RpcLocator
    ImagePath: %SystemRoot%\system32\locator.exe
    C:\WINDOWS\system32\locator.exe
    75264 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: RSVP
    ImagePath: %SystemRoot%\system32\rsvp.exe
    C:\WINDOWS\system32\rsvp.exe
    132608 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: SamSs
    ImagePath: %SystemRoot%\system32\lsass.exe
    C:\WINDOWS\system32\lsass.exe
    13312 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: SCardSvr
    ImagePath: %SystemRoot%\System32\SCardSvr.exe
    C:\WINDOWS\System32\SCardSvr.exe
    100352 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: Secdrv
    ImagePath: system32\DRIVERS\secdrv.sys
    C:\WINDOWS\system32\DRIVERS\secdrv.sys
    20480 bytes
    Created: 05/08/2004
    Modified: 13/11/2007
    Company: Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
    ----------
    Key: serenum
    ImagePath: system32\DRIVERS\serenum.sys
    C:\WINDOWS\system32\DRIVERS\serenum.sys
    15488 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: Serial
    ImagePath: system32\DRIVERS\serial.sys
    C:\WINDOWS\system32\DRIVERS\serial.sys
    66560 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: smwdm
    ImagePath: system32\drivers\smwdm.sys
    C:\WINDOWS\system32\drivers\smwdm.sys
    578368 bytes
    Created: 30/11/2006
    Modified: 15/07/2003
    Company: Analog Devices, Inc.
    ----------
    Key: SoundMAX Agent Service (default)
    ImagePath: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    45056 bytes
    Created: 30/11/2006
    Modified: 20/09/2002
    Company: Analog Devices, Inc.
    ----------
    Key: splitter
    ImagePath: system32\drivers\splitter.sys
    C:\WINDOWS\system32\drivers\splitter.sys
    6400 bytes
    Created: 30/11/2006
    Modified: 14/06/2006
    Company: Microsoft Corporation
    ----------
    Key: Spooler
    ImagePath: %SystemRoot%\system32\spoolsv.exe
    C:\WINDOWS\system32\spoolsv.exe
    57856 bytes
    Created: 05/08/2004
    Modified: 11/06/2005
    Company: Microsoft Corporation
    ----------
    Key: SQLAgent$MICROSOFTSMLBIZ
    ImagePath: "C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE
    323584 bytes
    Created: 03/05/2005
    Modified: 03/05/2005
    Company: Microsoft Corporation
    ----------
    Key: sr
    ImagePath: system32\DRIVERS\sr.sys
    C:\WINDOWS\system32\DRIVERS\sr.sys
    73600 bytes
    Created: 29/11/2006
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: Srv
    ImagePath: system32\DRIVERS\srv.sys
    C:\WINDOWS\system32\DRIVERS\srv.sys
    332928 bytes
    Created: 05/08/2004
    Modified: 14/08/2006
    Company: Microsoft Corporation
    ----------
    Key: swenum
    ImagePath: system32\DRIVERS\swenum.sys
    C:\WINDOWS\system32\DRIVERS\swenum.sys
    4352 bytes
    Created: 03/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: swmidi
    ImagePath: system32\drivers\swmidi.sys
    C:\WINDOWS\system32\drivers\swmidi.sys
    54272 bytes
    Created: 30/11/2006
    Modified: 17/08/2001
    Company: Microsoft Corporation
    ----------
    Key: SwPrv
    ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{84950551-B26F-4BD6-A8AB-57AF48EC1149}
    C:\WINDOWS\system32\dllhost.exe
    5120 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: sysaudio
    ImagePath: system32\drivers\sysaudio.sys
    C:\WINDOWS\system32\drivers\sysaudio.sys
    60800 bytes
    Created: 30/11/2006
    Modified: 03/08/2004
    Company: Microsoft Corporation
    ----------
    Key: SysLibrary
    ImagePath: \??\C:\WINDOWS\system32\DefLib.sys
    C:\WINDOWS\system32\DefLib.sys - this registry value has been removed [file not found to scan]
    ERROR: Unhandled Exception calling in procedure ScanForm.WriteToRegValRemoveFile
    ----------
    Key: SysmonLog
    ImagePath: %SystemRoot%\system32\smlogsvc.exe
    C:\WINDOWS\system32\smlogsvc.exe
    93184 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: Tcpip
    ImagePath: system32\DRIVERS\tcpip.sys
    C:\WINDOWS\system32\DRIVERS\tcpip.sys
    360064 bytes
    Created: 05/08/2004
    Modified: 30/10/2007
    Company: Microsoft Corporation
    ----------
    Key: TermDD
    ImagePath: system32\DRIVERS\termdd.sys
    C:\WINDOWS\system32\DRIVERS\termdd.sys
    40840 bytes
    Created: 29/11/2006
    Modified: 04/08/2004
    Company: Microsoft Corporation
    ----------
    Key: TlntSvr
    ImagePath: C:\WINDOWS\system32\tlntsvr.exe
    C:\WINDOWS\system32\tlntsvr.exe
    75264 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: Trufos
    ImagePath: \??\C:\PROGRA~1\Softwin\BITDEF~1\trufos.sys
    C:\PROGRA~1\Softwin\BITDEF~1\trufos.sys
    22656 bytes
    Created: 16/08/2006
    Modified: 16/08/2006
    Company:
    ----------
    Key: Update
    ImagePath: system32\DRIVERS\update.sys
    C:\WINDOWS\system32\DRIVERS\update.sys
    209408 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: UPS
    ImagePath: %SystemRoot%\System32\ups.exe
    C:\WINDOWS\System32\ups.exe
    18432 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: usbehci
    ImagePath: system32\DRIVERS\usbehci.sys
    C:\WINDOWS\system32\DRIVERS\usbehci.sys
    26624 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: usbhub
    ImagePath: system32\DRIVERS\usbhub.sys
    C:\WINDOWS\system32\DRIVERS\usbhub.sys
    57600 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: usbscan
    ImagePath: system32\DRIVERS\usbscan.sys
    C:\WINDOWS\system32\DRIVERS\usbscan.sys
    15104 bytes
    Created: 01/12/2006
    Modified: 03/08/2004
    Company: Microsoft Corporation
    ----------
    Key: USBSTOR
    ImagePath: system32\DRIVERS\USBSTOR.SYS
    C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    26496 bytes
    Created: 30/11/2006
    Modified: 03/08/2004
    Company: Microsoft Corporation
    ----------
    Key: usbuhci
    ImagePath: system32\DRIVERS\usbuhci.sys
    C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    20480 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: usnjsvc
    ImagePath: "C:\Program Files\MSN Messenger\usnsvc.exe"
    C:\Program Files\MSN Messenger\usnsvc.exe
    97136 bytes
    Created: 19/01/2007
    Modified: 19/01/2007
    Company: Microsoft Corporation
    ----------
    Key: VgaSave
    ImagePath: \SystemRoot\System32\drivers\vga.sys
    C:\WINDOWS\System32\drivers\vga.sys
    20992 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: ViaIde
    ImagePath: system32\DRIVERS\viaide.sys
    C:\WINDOWS\system32\DRIVERS\viaide.sys
    5376 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: viasraid
    ImagePath: system32\DRIVERS\viasraid.sys
    C:\WINDOWS\system32\DRIVERS\viasraid.sys
    -R- 77312 bytes
    Created: 30/11/2006
    Modified: 31/10/2003
    Company: VIA Technologies inc,.ltd
    ----------
    Key: VSS
    ImagePath: %SystemRoot%\System32\vssvc.exe
    C:\WINDOWS\System32\vssvc.exe
    295424 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: VSSERV
    ImagePath: "C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service
    C:\Program Files\Softwin\BitDefender10\vsserv.exe
    462848 bytes
    Created: 24/10/2007
    Modified: 24/10/2007
    Company: SOFTWIN S.R.L.
    ----------
    Key: Wanarp
    ImagePath: system32\DRIVERS\wanarp.sys
    C:\WINDOWS\system32\DRIVERS\wanarp.sys
    34560 bytes
    Created: 05/08/2004
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: wdmaud
    ImagePath: system32\drivers\wdmaud.sys
    C:\WINDOWS\system32\drivers\wdmaud.sys
    82944 bytes
    Created: 30/11/2006
    Modified: 14/06/2006
    Company: Microsoft Corporation
    ----------
    Key: wer32
    ImagePath: \??\C:\WINDOWS\system32\jkghje.dll
    C:\WINDOWS\system32\jkghje.dll
    54762 bytes
    Created: 12/02/2008
    Modified: 12/02/2008
    Company:
    C:\WINDOWS\system32\jkghje.dll appears to be in-use/locked
    C:\WINDOWS\system32\jkghje.dll - this registry value has been removed
    ERROR: Unhandled Exception calling in procedure ScanForm.WriteToRegValRemoveFile
    C:\WINDOWS\system32\jkghje.dll - unable to take ownership/change permissions (file may not exist)
    ERROR: Unhandled Exception calling TFileStream.Create/Free in procedure MainForm.ExtractFileFromResource
    [File Utility could not be created]
    [Error initialising File Utility]
    C:\WINDOWS\system32\jkghje.dll - marked for renaming when the PC is restarted
    ----------
    Key: WinDefend
    ImagePath: "C:\Program Files\Windows Defender\MsMpEng.exe"
    C:\Program Files\Windows Defender\MsMpEng.exe
    13592 bytes
    Created: 03/11/2006
    Modified: 03/11/2006
    Company: Microsoft Corporation
    ----------
    Key: WmiApSrv
    ImagePath: C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    126464 bytes
    Created: 29/11/2006
    Modified: 05/08/2004
    Company: Microsoft Corporation
    ----------
    Key: WMPNetworkSvc
    ImagePath: "C:\Program Files\Windows Media Player\WMPNetwk.exe"
    C:\Program Files\Windows Media Player\WMPNetwk.exe
    918016 bytes
    Created: 03/11/2006
    Modified: 03/11/2006
    Company: Microsoft Corporation
    ----------
    Key: WudfPf
    ImagePath: system32\DRIVERS\WudfPf.sys
    C:\WINDOWS\s
    0
  7. nichotV Messages postés 18 Statut Membre 26
     
    rapport avec vundofix :

    VundoFix V6.7.8

    Checking Java version...

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 17:17:31 21/02/2008

    Listing files found while scanning....

    C:\windows\system32\gharuwsd.dllbox
    C:\WINDOWS\system32\isxrjsws.dll
    C:\windows\system32\isxrjsws.dllbox

    Beginning removal...

    Attempting to delete C:\windows\system32\gharuwsd.dllbox
    C:\windows\system32\gharuwsd.dllbox Has been deleted!

    Attempting to delete C:\WINDOWS\system32\isxrjsws.dll
    C:\WINDOWS\system32\isxrjsws.dll Has been deleted!

    Attempting to delete C:\windows\system32\isxrjsws.dllbox
    C:\windows\system32\isxrjsws.dllbox Has been deleted!

    Performing Repairs to the registry.
    Done!

    j'installe l'autre prog et lance l'applic

    Merci
    0
  8. nichotV Messages postés 18 Statut Membre 26
     
    voici le rapport avec Combofix :

    ComboFix 08-02-21 - VAUDAUX SA 2008-02-21 18:11:55.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.629 [GMT 1:00]
    Endroit: C:\Documents and Settings\VAUDAUX SA\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Application Data\storageprotector
    C:\Documents and Settings\All Users\Application Data\storageprotector\Data\ac
    C:\Documents and Settings\All Users\Application Data\storageprotector\Data\em
    C:\Documents and Settings\All Users\Application Data\storageprotector\Data\oid
    C:\Documents and Settings\All Users\Application Data\storageprotector\Data\user
    C:\Documents and Settings\VAUDAUX SA\Application Data\storageprotector
    C:\Documents and Settings\VAUDAUX SA\Application Data\storageprotector\Logs\update.log
    C:\Program Files\Helper
    C:\Program Files\Helper\1202832920.dll
    C:\WINDOWS\system32\bpromfef.ini
    C:\WINDOWS\system32\msvcrtd.exe
    C:\WINDOWS\system32\sprt_ads.dll
    C:\WINDOWS\system32\svcp.csv
    C:\WINDOWS\system32\windows
    C:\WINDOWS\system32\winsub.xml
    C:\WINDOWS\system32\wycdd.ini
    C:\WINDOWS\system32\wycdd.ini2

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_MSUPDATE
    -------\LEGACY_NTMLSVC
    -------\LEGACY_SYSLIBRARY
    -------\msupdate
    -------\NtmlSvc
    -------\SysLibrary

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-21 to 2008-02-21 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-21 17:52 . 2008-02-21 17:52 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
    2008-02-21 17:17 . 2008-02-21 18:06 <REP> d-------- C:\VundoFix Backups
    2008-02-21 17:16 . 2008-02-21 17:16 <REP> d-------- C:\Program Files\Sunbelt Software
    2008-02-21 13:53 . 2008-02-21 17:08 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-02-21 13:42 . 2008-02-21 14:04 <REP> d-------- C:\Program Files\Trojan Remover
    2008-02-21 13:42 . 2008-02-21 13:42 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-21 13:42 . 2008-02-21 13:42 <REP> d-------- C:\Documents and Settings\VAUDAUX SA\Application Data\Simply Super Software
    2008-02-21 13:42 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
    2008-02-21 13:42 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
    2008-02-15 09:43 . 2008-02-15 09:43 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
    2008-02-14 17:38 . 2008-02-14 17:38 <REP> d--h----- C:\WINDOWS\PIF
    2008-02-14 12:31 . 2008-02-21 17:07 81,984 --a------ C:\WINDOWS\system32\bdod.bin
    2008-02-14 12:26 . 2008-02-21 17:08 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
    2008-02-13 13:35 . 2008-02-13 13:35 0 --a------ C:\WINDOWS\Irremote.ini
    2008-02-13 13:17 . 2008-02-21 14:03 19,128 --ahs---- C:\WINDOWS\system32\isxrjsws.dllbox.vir
    2008-02-13 13:13 . 2008-02-13 13:13 <REP> d-------- C:\Program Files\MaXimus DVD v1.2
    2008-02-12 20:23 . 2008-02-12 20:23 <REP> d-------- C:\spoolerlogs
    2008-02-12 17:13 . 2008-02-13 13:16 41,641 --a------ C:\WINDOWS\system32\diperto.ini
    2008-02-12 17:12 . 2008-02-12 17:12 2 --a------ C:\-1737511738
    2008-02-12 17:11 . 2008-02-12 17:11 54,762 --a------ C:\WINDOWS\system32\jkghje.dll
    2008-02-08 15:52 . 2008-02-08 15:52 335,872 --a------ C:\WINDOWS\system32\mysidesearch_sidebar.dll
    2008-02-05 13:20 . 2008-02-05 13:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-02-05 13:20 . 2008-02-05 13:20 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-02-04 13:35 . 2008-02-04 13:36 1,905 --a------ C:\WINDOWS\diagwrn.xml
    2008-02-04 13:35 . 2008-02-04 13:36 1,905 --a------ C:\WINDOWS\diagerr.xml
    2008-02-01 14:05 . 2008-02-01 14:05 46,300 --a------ C:\WINDOWS\system32\DcadsSocial-uninstall.exe
    2008-02-01 14:03 . 2008-02-12 15:46 84,729 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
    2008-02-01 14:03 . 2008-02-01 14:03 80,097 --a------ C:\WINDOWS\system32\dcads-remove.exe
    2008-02-01 14:03 . 2008-02-20 17:12 40,730 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
    2008-02-01 10:08 . 2008-02-08 10:57 <REP> d-------- C:\Documents and Settings\VAUDAUX SA\Application Data\dvdcss
    2008-01-31 14:01 . 2008-01-31 14:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
    2008-01-22 17:28 . 2008-02-07 11:03 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-01-22 15:29 . 2008-01-22 15:29 <REP> d-------- C:\Documents and Settings\VAUDAUX SA\Application Data\Nero
    2008-01-22 15:25 . 2008-01-22 15:25 <REP> d-------- C:\Program Files\Nero
    2008-01-22 15:25 . 2008-01-22 15:27 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-01-22 15:25 . 2008-01-22 15:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-01-22 14:19 . 2008-01-22 14:19 <REP> d-------- C:\Program Files\DVD Shrink
    2008-01-22 14:19 . 2008-02-12 16:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-21 16:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
    2008-02-12 16:11 --------- d-----w C:\Program Files\BitTornado
    2008-02-04 23:05 --------- d-----w C:\Documents and Settings\VAUDAUX SA\Application Data\LimeWire
    2008-01-31 13:00 --------- d-----w C:\Program Files\SlySoft
    2008-01-18 10:06 294,912 ----a-w C:\WINDOWS\system32\iebrowserc.dll
    2008-01-09 10:11 --------- d-----w C:\Program Files\INFACO
    2007-12-21 16:06 --------- d-----w C:\Documents and Settings\VAUDAUX SA\Application Data\vlc
    2007-12-21 16:01 --------- d-----w C:\Program Files\VideoLAN
    2007-12-13 18:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
    2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
    2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
    2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
    2007-12-03 17:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
    2008-02-08 15:52 335872 --a------ C:\WINDOWS\system32\mysidesearch_sidebar.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D8282E6-BC4F-469B-AAED-7E4FF077AD93}]
    2008-01-18 11:06 294912 --a------ C:\WINDOWS\system32\iebrowserc.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 09:27 579072]
    "Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-01-18 16:27 185896]
    "ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [ ]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
    "NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
    "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
    "986fac69"="C:\WINDOWS\system32\fefmorpb.dll" [ ]
    "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-02-21 13:52 863824]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 08:28 219136]

    R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 04:22]
    R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-03-16 09:56]
    R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-03-16 09:56]
    R3 Esdpdx01;Esdpdx01;C:\WINDOWS\system32\Drivers\ESDPDX01.SYS [2002-11-28 23:00]
    R3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\yukonx86.sys [2003-10-16 23:27]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##serv-vetraz#Partage]
    \Shell\AutoRun\command - setup.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-02-21 13:21:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-02-21 17:20:30 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-21 18:23:38
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
    -> C:\Program Files\WinRAR\rarext.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
    C:\Program Files\3M\PSNLite\PsnLite.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-21 18:26:08 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-02-21 17:26:00
    .
    2008-02-14 09:07:17 --- E O F ---
    0
  9. nichotV Messages postés 18 Statut Membre 26
     
    rapport avec Smitfraudfix.

    SmitFraudFix v2.292

    Rapport fait à 8:46:55,12, 22/02/2008
    Executé à partir de C:\Documents and Settings\VAUDAUX SA\Bureau\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\3M\PSNLite\PsnLite.exe
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\VAUDAUX SA

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\VAUDAUX SA\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\VAUDAU~1\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45 - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 193.252.19.3
    DNS Server Search Order: 193.252.19.4

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{28DBFA54-1A7D-4E4D-B64C-573B0A3EC3C3}: NameServer=193.252.19.3,193.252.19.4
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{28DBFA54-1A7D-4E4D-B64C-573B0A3EC3C3}: NameServer=193.252.19.3,193.252.19.4
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{28DBFA54-1A7D-4E4D-B64C-573B0A3EC3C3}: NameServer=193.252.19.3,193.252.19.4

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    Merci

    0
  10. Powax Messages postés 570 Statut Membre 92
     
    ok, on a avancé ;o)

    Poste un nouveau rapport HiJack stp

    @+
    0
    1. nichotV Messages postés 18 Statut Membre 26
       
      Oui en effet, j'ai bossé toute la matine sur mon PC sans a avoir a le redemarrer donc c'est super cool....

      voici le rapport.

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:58:06, on 27/02/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16608)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
      C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\3M\PSNLite\PsnLite.exe
      C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
      C:\PROGRA~1\3M\PSNLite\PSNGive.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
      C:\Program Files\Grisoft\AVG Free\avgcc.exe
      C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
      C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\BitTornado\btdownloadgui.exe
      C:\Program Files\BitTornado\btdownloadgui.exe
      C:\Program Files\BitTornado\btdownloadgui.exe
      C:\Program Files\BitTornado\btdownloadgui.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\msiexec.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: MySidesearch Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
      O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: FTP Utility.lnk = C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe
      O4 - Global Startup: Indago Updater.lnk = ?
      O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
      O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
      O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
      O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://charon777.free.fr/plugins/hardwaredetection.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{28DBFA54-1A7D-4E4D-B64C-573B0A3EC3C3}: NameServer = 193.252.19.3,193.252.19.4
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
      O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      0