Virus qui a efface mon antivirus?

russkov -
ep44 Messages postés 7432 Statut Contributeur - 12 juin 2008 à 19:34

Bonjour,
Logfile of HijackThis v1.99.1
Scan saved at 22:49:15, on 06/06/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\System32\ASWLSVC.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ASWL2K.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\DOCUME~1\damien\LOCALS~1\Temp\186e4e.exe
C:\DOCUME~1\damien\LOCALS~1\Temp\187c1d.exe
C:\Program Files\a-squared Anti-Malware\a2scan.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\DOCUME~1\damien\LOCALS~1\Temp\ARC17\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\TEMP\parFB97.tmp"
O2 - BHO: BhoApp Class - {32131238-5434-4234-4234-432432423432} - C:\Program Files\syscmd\mscmp32.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{080287B2-E1CB-493E-84DC-C79E7923CF19}: NameServer = 85.255.114.76,85.255.112.150
O17 - HKLM\System\CCS\Services\Tcpip\..\{9EBFE9D0-6E78-4367-B145-98CDDADDC509}: NameServer = 85.255.114.76,85.255.112.150
O17 - HKLM\System\CCS\Services\Tcpip\..\{A3999C0C-C904-40C3-8887-4FE7D5E276B4}: NameServer = 85.255.114.76,85.255.112.150
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF223EF9-BB7F-4663-A788-C3C477C86D03}: NameServer = 85.255.114.76,85.255.112.150
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.76 85.255.112.150
O17 - HKLM\System\CS1\Services\Tcpip\..\{080287B2-E1CB-493E-84DC-C79E7923CF19}: NameServer = 85.255.114.76,85.255.112.150
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.76 85.255.112.150
O17 - HKLM\System\CS2\Services\Tcpip\..\{080287B2-E1CB-493E-84DC-C79E7923CF19}: NameServer = 85.255.114.76,85.255.112.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.76 85.255.112.150
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: LBTWlgn - c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
O20 - Winlogon Notify: partnershipreg - C:\Documents and Settings\All Users\Documents\Settings\partnership.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\System32\ASWLSVC.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\System32\svchost.exe:ext.exe (file missing)
O23 - Service: Googles Onlines Search Services - Unknown owner - C:\WINDOWS\System32\wnslogan.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Planificateur de tâches (Schedule) - Unknown owner - C:\WINDOWS\system32\drivers\spools.exe (file missing)
O23 - Service: SRS Labs License Service - SRS Labs - C:\Program Files\Fichiers communs\SRS Labs Shared\Service\srslabslicenseservice.exe

J ai chope un bon nombre de virus et je ne sais plus quoi faire ..
.Le pc de ma copine est infecte aussi apparement elle ne peut plus lancer de connection internet ... y a t il une solution ?
SPASIBO ! )

Afficher la suite

A voir également:

Virus qui a efface mon antivirus?
Comodo antivirus - Télécharger - Sécurité
Virus mcafee - Accueil - Piratage
Panda antivirus - Télécharger - Antivirus & Antimalwares
Norton antivirus gratuit - Télécharger - Antivirus & Antimalwares
Comment recuperer un message effacé sur whatsapp - Guide

26 réponses

Réponse 21 / 26

Russkov

Bonsoir, voici le rapport :
11/06/2008 ---- 21:38:07,15

----------------------------------
§§§§§§ [ahr.exe] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete

********************
[Registre]
********************

Aucune entrée détectée

*******************
[Fichier]
*******************

*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté

Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------

Réponse 22 / 26

Russkov

et un ptit rapport Antivir ki s est enfin lance )

Avira AntiVir Personal
Report file date: mercredi 11 juin 2008 22:03

Scanning for 1165085 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (plain) [5.1.2600]
Boot mode: Normally booted
Username: damien
Computer name: PLICHON

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 07:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 06:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 06:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 06:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 08:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 11:08:58
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 17:12:34
ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 25/03/2008 06:27:50
Engineversion : 8.1.0.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 07:58:21
AESCRIPT.DLL : 8.1.0.19 229754 Bytes 07/04/2008 13:34:44
AESCN.DLL : 8.1.0.12 115060 Bytes 07/04/2008 13:34:44
AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 13:34:44
AEPACK.DLL : 8.1.1.0 364918 Bytes 18/03/2008 09:20:42
AEOFFICE.DLL : 8.1.0.15 192889 Bytes 07/04/2008 13:34:44
AEHEUR.DLL : 8.1.0.15 1147253 Bytes 07/04/2008 13:34:44
AEHELP.DLL : 8.1.0.11 115061 Bytes 07/04/2008 13:34:43
AEGEN.DLL : 8.1.0.15 299379 Bytes 07/04/2008 13:34:43
AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 13:34:43
AECORE.DLL : 8.1.0.25 168309 Bytes 08/04/2008 07:58:32
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 15:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 08:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 11:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 15:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 06:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 06:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 15:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 15:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 10:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 12:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 10:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, F:, G:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 11 juin 2008 22:03

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'rasautou.exe' - '1' Module(s) have been scanned
Scan process 'ASWL2K.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'ASWLSVC.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\Explorer.exe'
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'savedump.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'explorer.exe' has been terminated
C:\WINDOWS\Explorer.exe
[DETECTION] Is the Trojan horse TR/Agent.Patched.AL
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]

26 processes with 25 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '25' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\damien\Local Settings\Temp\10e42e8.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\damien\Local Settings\Temp\2a448.exe
[DETECTION] Contains suspicious code HEUR/Malware
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\Documents and Settings\damien\Local Settings\Temp\2c8029.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\damien\Local Settings\Temp\2c8c9a.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\damien\Local Settings\Temp\7b62a.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\damien\Local Settings\Temp\7c273.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\damien\Local Settings\Temporary Internet Files\Content.IE5\SPIN85Y3\zevends[2].js
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48c61582.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DB41P30J\krab[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DB41P30J\krab[2].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DB41P30J\krab[3].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TVTWJ07B\krab[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TVTWJ07B\krab[2].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\TVTWJ07B\krab[3].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W78DB5IC\krab[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\X6Y7GUPB\krab[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\X6Y7GUPB\krab[2].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\X6Y7GUPB\krab[3].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\X6Y7GUPB\krab[4].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\Program Files\a-squared Anti-Malware\a2upd.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\WINDOWS\explorer.exe
[DETECTION] Is the Trojan horse TR/Agent.Patched.AL
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <Autres>
Begin scan in 'E:\' <TELECHARG>
Begin scan in 'F:\' <LOGICIELS>
Begin scan in 'G:\' <PROGRAMS>

End of the scan: mercredi 11 juin 2008 23:30
Used time: 1:27:40 min

The scan has been done completely.

4229 Scanning directories
193996 Files were scanned
20 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
17 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
193976 Files not concerned
1721 Archives were scanned
6 Warnings
18 Notes

Pour le reste je vois demain car j arrive tjours pas a lancer la mode sans echec ...

Réponse 23 / 26

jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 617

bonjour, si vous me permettez pour le mode sans echec regarde j'ai trouvé ça http://www.assistepc.com/forum/reparer-le-mode-sans-echec-de-windows-vt867.html si des fois ça peut aider

Réponse 24 / 26

ep44 Messages postés 7432 Statut Contributeur 3

Bonsoir

Merci jacques pour ce lien ;-)

Russkov,

Télécharge DiagHelp.zip sur ton bureau http://www.malekal.com/download/DiagHelp.zip
==> Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
==> Un nouveau dossier chercher va être créé DiagHelp
==> Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
==> Une fenêtre va s'ouvrir, choisis l'option 1
==> L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
==> Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
==> Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
==> A nouveau menu Edition / copier
==> Dans un nouveau message ici, faire un clic droit / coller
@+

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 25 / 26

Russkov

Salut ep44 voici le rapport :

DiagHelp version v1.4 - http://www.malekal.com
excute le 12/06/2008 à 10:53:31,80

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->12/06/2008 10:53:30
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->12/06/2008 10:53:19
C:\WINDOWS\prefetch\IMAPI.EXE-0BF740A4.pf -->12/06/2008 10:52:51
C:\WINDOWS\prefetch\EXPLORER.EXE-082F38A9.pf -->12/06/2008 10:52:47
C:\WINDOWS\prefetch\TASKMGR.EXE-20256C55.pf -->12/06/2008 10:52:31
C:\WINDOWS\prefetch\DUMPREP.EXE-1B46F901.pf -->12/06/2008 10:52:30
C:\WINDOWS\prefetch\MSIEXEC.EXE-2F8A8CAE.pf -->12/06/2008 10:51:47
C:\WINDOWS\prefetch\REGSVR32.EXE-25EEFE2F.pf -->12/06/2008 10:50:26
C:\WINDOWS\prefetch\RUNONCE.EXE-2803F297.pf -->12/06/2008 10:50:23
C:\WINDOWS\prefetch\RUNDLL32.EXE-20A8C272.pf -->12/06/2008 10:50:23

C:\WINDOWS\System32\drivers\mbamcatchme.sys -->05/06/2008 16:04:16
C:\WINDOWS\System32\drivers\mbam.sys -->05/06/2008 16:04:12
C:\WINDOWS\System32\drivers\amon.sys -->31/05/2008 12:12:08
C:\WINDOWS\System32\drivers\nod32drv.sys -->31/05/2008 12:12:07
C:\WINDOWS\System32\drivers\NSDriver.sys -->29/04/2008 11:20:00
C:\WINDOWS\System32\drivers\Awrtrd.sys -->29/04/2008 11:19:54
C:\WINDOWS\System32\drivers\Awrtpd.sys -->29/04/2008 11:19:50

C:\WINDOWS\System32\tmp.txt -->10/06/2008 22:03:46
C:\WINDOWS\System32\tmp.reg -->10/06/2008 22:03:46
C:\WINDOWS\System32\wpa.dbl -->10/06/2008 21:56:17
C:\WINDOWS\System32\schedsvc.dll -->08/06/2008 14:12:01
C:\WINDOWS\System32\mstinit.exe -->08/06/2008 14:12:01
C:\WINDOWS\System32\mstask.dll -->08/06/2008 14:12:01
C:\WINDOWS\System32\netapi32.dll -->08/06/2008 14:12:00
C:\WINDOWS\System32\browser.dll -->08/06/2008 14:12:00
C:\WINDOWS\System32\nwiz.exe -->07/06/2008 18:45:14
C:\WINDOWS\System32\notepad.exe -->07/06/2008 18:45:08
C:\WINDOWS\System32\itss.dll -->07/06/2008 15:36:18
C:\WINDOWS\System32\FNTCACHE.DAT -->07/06/2008 00:17:09
C:\WINDOWS\System32\d3d9caps.dat -->01/06/2008 18:36:19
C:\WINDOWS\System32\imon.dll -->31/05/2008 12:12:10
C:\WINDOWS\System32\MRT.exe -->30/05/2008 03:35:11
C:\WINDOWS\System32\VACFix.exe -->29/05/2008 09:35:36
C:\WINDOWS\System32\IEDFix.exe -->18/05/2008 21:40:35
C:\WINDOWS\System32\404Fix.exe -->18/05/2008 21:40:35
C:\WINDOWS\System32\jupdate-1.6.0_05-b13.log -->16/05/2008 22:35:42
C:\WINDOWS\System32\lsdelete.exe -->16/05/2008 11:58:04
C:\WINDOWS\System32\bdod.bin -->14/04/2008 22:17:47
C:\WINDOWS\System32\bdss.log -->14/04/2008 22:12:22
C:\WINDOWS\System32\testscript.tmp -->13/04/2008 12:12:39
C:\WINDOWS\System32\MRT.INI -->08/04/2008 22:56:15
C:\WINDOWS\System32\perfh00C.dat -->06/04/2008 21:00:42

C:\WINDOWS\0.log -->12/06/2008 10:23:56
C:\WINDOWS\wiadebug.log -->12/06/2008 10:23:43
C:\WINDOWS\wiaservc.log -->12/06/2008 10:23:39
C:\WINDOWS\bootstat.dat -->12/06/2008 10:23:17
C:\WINDOWS\WindowsUpdate.log -->11/06/2008 23:44:22
C:\WINDOWS\SchedLgU.Txt -->11/06/2008 23:44:20
C:\WINDOWS\ntbtlog.txt -->08/06/2008 20:12:35
C:\WINDOWS\xpsp1hfm.log -->08/06/2008 14:17:20
C:\WINDOWS\KB823182.log -->08/06/2008 14:17:19
C:\WINDOWS\setupapi.log -->08/06/2008 14:17:18
C:\WINDOWS\KB839645.log -->08/06/2008 14:13:21
C:\WINDOWS\KB841873.log -->08/06/2008 14:12:35
C:\WINDOWS\wmsetup.log -->08/06/2008 14:06:34
C:\WINDOWS\KB840315.log -->07/06/2008 17:38:25
C:\WINDOWS\dahotfix.log -->07/06/2008 17:37:45

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 1584
Command line: Explorer.exe ""

Base Size Version Path
0x01000000 0x106000 6.00.2600.0000 C:\WINDOWS\Explorer.exe
0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
0x77290000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll
0x77390000 0x7fd000 6.00.2600.0151 C:\WINDOWS\system32\SHELL32.dll
0x770e0000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll
0x75f10000 0xfc000 6.00.2600.0000 C:\WINDOWS\System32\BROWSEUI.dll
0x76960000 0x149000 6.00.2600.0000 C:\WINDOWS\System32\SHDOCVW.dll
0x5b090000 0x34000 6.00.2600.0000 C:\WINDOWS\System32\UxTheme.dll
0x71950000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
0x77300000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\comctl32.dll
0x7c620000 0x81000 2001.12.4414.0053 C:\WINDOWS\System32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\System32\COMRes.dll
0x5b950000 0x71000 6.00.2600.0000 C:\WINDOWS\System32\themeui.dll
0x71ca0000 0x1b000 6.00.2600.0000 C:\WINDOWS\System32\actxprxy.dll
0x76ac0000 0x15000 3.00.9238.0000 C:\WINDOWS\System32\ATL.DLL
0x01110000 0x2c6000 3.01.4000.2435 C:\WINDOWS\System32\msi.dll
0x723a0000 0x13000 6.00.2600.0000 C:\WINDOWS\System32\browselc.dll
0x76190000 0x98000 6.00.2600.0000 C:\WINDOWS\system32\WININET.dll
0x76250000 0x8a000 5.131.2600.1123 C:\WINDOWS\system32\CRYPT32.dll
0x76080000 0x78000 6.00.2600.0000 C:\WINDOWS\system32\urlmon.dll
0x1f7b0000 0x31000 3.520.7713.0000 C:\WINDOWS\System32\ODBC32.dll
0x76340000 0x46000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll
0x1f850000 0x18000 3.520.7713.0000 C:\WINDOWS\System32\odbcint.dll
0x74aa0000 0x43000 6.00.2600.0000 C:\WINDOWS\System32\webcheck.dll
0x74a60000 0x9000 6.00.2600.0000 C:\WINDOWS\System32\BatMeter.dll
0x74a40000 0x7000 6.00.2600.0000 C:\WINDOWS\System32\POWRPROF.dll
0x20b00000 0x4b000 2.70.0031.0000 C:\WINDOWS\System32\imon.dll
0x20c00000 0xd000 C:\Program Files\Eset\pr_imon.dll
0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\System32\WINTRUST.dll
0x10000000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
0x72380000 0x19000 6.00.2600.0000 C:\WINDOWS\System32\mydocs.dll
0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll
0x70ee0000 0x7000 1.01.0000.3917 C:\WINDOWS\System32\asfsipc.dll
0x60980000 0x7000 3.01.4000.1823 C:\WINDOWS\System32\MSISIP.DLL
0x74e10000 0x10000 5.06.0000.6626 C:\WINDOWS\System32\wshext.dll
0x59000000 0xe000 5.06.0000.6626 C:\WINDOWS\System32\wshFR.DLL
0x365a0000 0x15000 10.00.2625.0000 C:\PROGRA~1\MICROS~2\Office10\MCPS.DLL
0x76010000 0x61000 6.00.8972.0000 C:\WINDOWS\System32\MSVCP60.DLL

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 972
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x6f000 \??\C:\WINDOWS\system32\winlogon.exe
0x77be0000 0x53000 7.00.2600.0000 C:\WINDOWS\system32\msvcrt.dll
0x76250000 0x8a000 5.131.2600.1123 C:\WINDOWS\system32\CRYPT32.dll
0x77390000 0x7fd000 6.00.2600.0151 C:\WINDOWS\system32\SHELL32.dll
0x77290000 0x63000 6.00.2600.0000 C:\WINDOWS\system32\SHLWAPI.dll
0x77300000 0x8b000 5.82.2600.0000 C:\WINDOWS\system32\COMCTL32.dll
0x1f7b0000 0x31000 3.520.7713.0000 C:\WINDOWS\system32\ODBC32.dll
0x76340000 0x46000 6.00.2600.0000 C:\WINDOWS\system32\comdlg32.dll
0x007a0000 0xe4000 6.00.2600.0000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
0x1f850000 0x18000 3.520.7713.0000 C:\WINDOWS\system32\odbcint.dll
0x76b70000 0x1f000 6.00.2600.0000 C:\WINDOWS\system32\SHSVCS.dll
0x76be0000 0x2b000 5.131.2600.0000 C:\WINDOWS\system32\WINTRUST.dll
0x5b090000 0x34000 6.00.2600.0000 C:\WINDOWS\system32\uxtheme.dll
0x10000000 0x12000 4.24.0099.0000 c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
0x0ffd0000 0x22000 5.01.2518.0000 C:\WINDOWS\System32\rsaenh.dll
0x013a0000 0x23000 4.24.0099.0000 c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll
0x77000000 0xd4000 2001.12.4414.0042 C:\WINDOWS\system32\COMRes.dll
0x770e0000 0x8b000 3.50.5014.0000 C:\WINDOWS\system32\OLEAUT32.dll
0x7c620000 0x81000 2001.12.4414.0053 C:\WINDOWS\system32\CLBCATQ.DLL

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 307D-18E0

Répertoire de C:\WINDOWS\system32

28/08/2001 16:00 4 096 csrss.exe
1 fichier(s) 4 096 octets
0 Rép(s) 56 120 782 848 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 307D-18E0

Répertoire de C:\WINDOWS\Downloaded Program Files

07/06/2008 16:47 <REP> .
07/06/2008 16:47 <REP> ..
09/01/2008 15:01 32 bdcore.dll
09/01/2008 15:01 118 784 bdupd.dll
04/12/2007 02:11 65 desktop.ini
12/07/2001 16:42 24 576 dwusplay.dll
12/07/2001 16:42 167 936 dwusplay.exe
11/04/2007 15:55 1 292 erma.inf
20/11/2007 19:04 1 523 536 FP_AX_CAB_INSTALLER.exe
09/01/2008 15:01 53 248 ipsupd.dll
26/02/2008 15:42 7 724 lang.ini
09/01/2008 15:01 32 libfn.dll
21/01/2008 17:43 130 live.ini
18/11/1999 14:49 992 msaudio.inf
07/02/2008 14:06 1 248 oscan8.inf
26/02/2008 15:59 487 424 oscan82.ocx
09/01/2008 15:01 6 828 scanoptions.tsi
14/02/2007 17:30 144 setup.inf
20/11/2007 18:50 247 swflash.inf
11/08/2004 03:22 3 036 wmv9dmo.inf
30/06/2003 23:41 1 689 WMV9VCM.inf
19 fichier(s) 2 398 963 octets

Total des fichiers listés :
19 fichier(s) 2 398 963 octets
2 Rép(s) 56 120 782 848 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2

"C:\\Documents and Settings\\LocalService\\Application Data\\printer.exe"="C:\\Documents and Settings\\LocalService\\Application Data\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\damien\\Menu Démarrer\\Programmes\\Démarrage\\findfast.exe"="C:\\Documents and Settings\\damien\\Menu Démarrer\\Programmes\\Démarrage\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\autorun.exe"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\TEMP\\par69E0.tmp"="C:\\WINDOWS\\TEMP\\par69E0.tmp:*:Enabled:ipsec"
"C:\\WINDOWS\\TEMP\\parFB97.tmp"="C:\\WINDOWS\\TEMP\\parFB97.tmp:*:Enabled:ipsec"
"C:\\WINDOWS\\TEMP\\par44D2.tmp"="C:\\WINDOWS\\TEMP\\par44D2.tmp:*:Enabled:ipsec"
"C:\\WINDOWS\\TEMP\\89004.exe"="C:\\WINDOWS\\TEMP\\89004.exe:*:Enabled:ipsec"
"C:\\WINDOWS\\TEMP\\winnhrhn.exe"="C:\\WINDOWS\\TEMP\\winnhrhn.exe:*:Enabled:ipsec"
"C:\\WINDOWS\\System32\\nwiz.exe"="C:\\WINDOWS\\System32\\nwiz.exe:*:Enabled:ipsec"
"C:\\Program Files\\Fichiers communs\\Logitech\\QCDriver\\LVCOMS.EXE"="C:\\Program Files\\Fichiers communs\\Logitech\\QCDriver\\LVCOMS.EXE:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winuniibq.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winuniibq.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1d3dcd.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1d3dcd.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winihjfol.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winihjfol.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winejoevf.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winejoevf.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\ytb3.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\ytb3.exe:*:Enabled:ipsec"
"C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnd.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winxbma.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winxbma.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1de4a5.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1de4a5.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winygsai.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winygsai.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winkyhc.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winkyhc.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winwlvuw.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winwlvuw.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winojvvu.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winojvvu.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winyesn.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winyesn.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winloty.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winloty.exe:*:Enabled:ipsec"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:ipsec"
"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\reader_sl.exe:*:Enabled:ipsec"
"C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnf.exe"="C:\\Program Files\\Hewlett-Packard\\HP Share-to-Web\\hpgs2wnf.exe:*:Enabled:ipsec"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\a1af6.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\a1af6.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\wintcxrbo.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\wintcxrbo.exe:*:Enabled:ipsec"
"C:\\Program Files\\AVerTV 6.1\\AVerTV.exe"="C:\\Program Files\\AVerTV 6.1\\AVerTV.exe:*:Enabled:ipsec"
"C:\\WINDOWS\\Explorer.exe"="C:\\WINDOWS\\Explorer.exe:*:Enabled:ipsec"
"C:\\Program Files\\eChanblard\\emule.exe"="C:\\Program Files\\eChanblard\\emule.exe:*:Enabled:ipsec"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpobnz08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpobnz08.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\wincvdjyg.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\wincvdjyg.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winvuklgq.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winvuklgq.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1cee8c.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1cee8c.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winitsh.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winitsh.exe:*:Enabled:ipsec"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:ipsec"
"C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe"="C:\\Program Files\\Softwin\\BitDefender10\\bdagent.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winspawt.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winspawt.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1d0a16.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1d0a16.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winndhgvl.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winndhgvl.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1cdfae.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1cdfae.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\38778d.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\38778d.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\388104.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\388104.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\540de4.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\540de4.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\54170c.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\54170c.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\6fa4aa.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\6fa4aa.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\6fad78.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\6fad78.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\8b3d6f.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\8b3d6f.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\8b468c.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\8b468c.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\a6d395.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\a6d395.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\a6dd84.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\a6dd84.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winisojml.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\winisojml.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\c292a5.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\c292a5.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\c29cdb.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\c29cdb.exe:*:Enabled:ipsec"
"C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\30963c.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\30963c.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\309f13.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\309f13.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\30b77c.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\30b77c.exe:*:Enabled:ipsec"
"C:\\Program Files\\AVerTV 6.1\\AVerQT.exe"="C:\\Program Files\\AVerTV 6.1\\AVerQT.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\3097a5.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\3097a5.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\30a1d0.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\30a1d0.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\30b74a.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\30b74a.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\5e8cec.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\5e8cec.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\5e972b.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\5e972b.exe:*:Enabled:ipsec"
"C:\\Program Files\\ASUS\\WLAN Card Utilities\\Center.exe"="C:\\Program Files\\ASUS\\WLAN Card Utilities\\Center.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\307bc0.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\307bc0.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\308452.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\308452.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\3097eb.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\3097eb.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\5e6b1f.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\5e6b1f.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\5e737e.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\5e737e.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\8c5a2e.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\8c5a2e.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\8c62a1.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\8c62a1.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\ba496e.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\ba496e.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\ba51e1.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\ba51e1.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\e83df7.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\e83df7.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\e8466a.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\e8466a.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1162d6a.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1162d6a.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\11639a8.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\11639a8.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1442c00.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1442c00.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\144344b.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\144344b.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1722440.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1722440.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1722cbd.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1722cbd.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1a01363.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1a01363.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1a01bd6.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1a01bd6.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1ce0588.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1ce0588.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1ce0e60.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1ce0e60.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1fbf790.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1fbf790.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1fc0067.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1fc0067.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\229eae2.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\229eae2.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\229f4c8.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\229f4c8.exe:*:Enabled:ipsec"
"C:\\WINDOWS\\System32\\wuauclt.exe"="C:\\WINDOWS\\System32\\wuauclt.exe:*:Enabled:ipsec"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposol08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposol08.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\30a4f2.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\30a4f2.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\30afdc.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\30afdc.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\5e88f8.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\5e88f8.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\5e9482.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\5e9482.exe:*:Enabled:ipsec"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Bin\\hpoSTS08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Bin\\hpoSTS08.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\2ff511.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\2ff511.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\30099a.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\30099a.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\5deec3.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\5deec3.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\5dfca6.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\5dfca6.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\8bdbd3.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\8bdbd3.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\8c00c1.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\8c00c1.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\b9de3f.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\b9de3f.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\b9e8f7.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\b9e8f7.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\e7c23b.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\e7c23b.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\e7cd07.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\e7cd07.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\115a66a.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\115a66a.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\115b30d.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\115b30d.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1438c47.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1438c47.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1439713.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1439713.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1717012.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1717012.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1717b88.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1717b88.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\19f5898.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\19f5898.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\19f63c8.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\19f63c8.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1cd3c94.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1cd3c94.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1cd4b2c.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1cd4b2c.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1fb27ce.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1fb27ce.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1fb3268.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1fb3268.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\2290b2a.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\2290b2a.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\22915c4.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\22915c4.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\256fdf0.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\256fdf0.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\2570876.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\2570876.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\284e138.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\284e138.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\284f214.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\284f214.exe:*:Enabled:ipsec"
"C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoevm08.exe"="C:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoevm08.exe:*:Enabled:ipsec"
"C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"="C:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\3071f9.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\3071f9.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\307be8.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\307be8.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\556acb.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\556acb.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\55749c.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\55749c.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\7a6722.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\7a6722.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\7a70ea.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\7a70ea.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\14758.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\14758.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\4ed44.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\4ed44.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\29f92d.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\29f92d.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\4f1927.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\4f1927.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\73f665.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\73f665.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\2768eb.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\2768eb.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\4c41e6.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\4c41e6.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\263478.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\263478.exe:*:Enabled:ipsec"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:ipsec"
"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:ipsec"
"C:\\WINDOWS\\System32\\RUNDLL32.EXE"="C:\\WINDOWS\\System32\\RUNDLL32.EXE:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\27855c.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\27855c.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\278fd8.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\278fd8.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\4c6557.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\4c6557.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\4c70eb.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\4c70eb.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\715566.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\715566.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\716443.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\716443.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\9640a5.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\9640a5.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\964ae4.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\964ae4.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\bb3ad5.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\bb3ad5.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\bb4583.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\bb4583.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\e039c2.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\e039c2.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\e043e3.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\e043e3.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\27a4ed.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\27a4ed.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\27af7d.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\27af7d.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\4ca79b.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\4ca79b.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\4cb37f.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\4cb37f.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\719782.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\719782.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\71a637.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\71a637.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\967972.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\967972.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\968990.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\968990.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\bbb578.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\bbb578.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\bbc315.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\bbc315.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\105ecaa.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\105ecaa.exe:*:Enabled:ipsec"
"C:\\WINDOWS\\System32\\ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\a3503.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\a3503.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\a435f.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\a435f.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\2f140e.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\2f140e.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\2f1f5c.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\2f1f5c.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\5e608f.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\5e608f.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\5e6b0b.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\5e6b0b.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\83410c.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\83410c.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\834c97.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\834c97.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\a8088a.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\a8088a.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\a82428.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\a82428.exe:*:Enabled:ipsec"
"C:\\Documents and Settings\\damien\\Bureau\\ccsetup205.exe"="C:\\Documents and Settings\\damien\\Bureau\\ccsetup205.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\b8aa76.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\b8aa76.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\dd8836.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\dd8836.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\dd9398.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\dd9398.exe:*:Enabled:ipsec"
"C:\\Program Files\\a-squared Anti-Malware\\a2start.exe"="C:\\Program Files\\a-squared Anti-Malware\\a2start.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\38b61a.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\38b61a.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\43c38f.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\43c38f.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\9eaf6.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\9eaf6.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\9f70d.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\9f70d.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\3c34dd.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\3c34dd.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\3c40d6.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\3c40d6.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\b19f0.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\b19f0.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\b26a6.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\b26a6.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\10c136.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\10c136.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\10cf56.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\10cf56.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\71975.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\71975.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\728e8.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\728e8.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\186e4e.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\186e4e.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\187c1d.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\187c1d.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\3d5a19.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\3d5a19.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\3d6a2d.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\3d6a2d.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\6320ff.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\6320ff.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\634d51.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\634d51.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\71edb.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\71edb.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\72bcd.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\72bcd.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\80ef7.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\80ef7.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\81aa9.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\81aa9.exe:*:Enabled:ipsec"
"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe"="C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe:*:Enabled:ipsec"
"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\GUARDGUI.EXE"="C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\GUARDGUI.EXE:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\280a5d.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\280a5d.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\28189a.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\28189a.exe:*:Enabled:ipsec"
"C:\\WINDOWS\\system32\\notepad.exe"="C:\\WINDOWS\\system32\\notepad.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\91fd1.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\91fd1.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\92be8.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\92be8.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\11a9c6.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\11a9c6.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\11b623.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\11b623.exe:*:Enabled:ipsec"
"C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avcenter.exe"="C:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avcenter.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\90d47.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\90d47.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\91921.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\91921.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\5e2da.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\5e2da.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\5f03b.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\5f03b.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\7b62a.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\7b62a.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\7c273.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\7c273.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\2c8029.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\2c8029.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\2c8c9a.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\2c8c9a.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\5147a7.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\5147a7.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\51538b.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\51538b.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\760edf.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\760edf.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\762051.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\762051.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\9ae526.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\9ae526.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\9af2b9.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\9af2b9.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\bfb680.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\bfb680.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\bfc585.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\bfc585.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\10e42e8.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\10e42e8.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\10e50df.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\10e50df.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\264cf5.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\264cf5.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\26589d.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\26589d.exe:*:Enabled:ipsec"
"C:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"="C:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\4dc40.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\4dc40.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\4ecf4.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\4ecf4.exe:*:Enabled:ipsec"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\11d67c.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\11d67c.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\11e2ed.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\11e2ed.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\2a448.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\2a448.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\2b087.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\2b087.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\2c4a2.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\2c4a2.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\27733f.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\27733f.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\2790c8.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\2790c8.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\4c5e92.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\4c5e92.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\4c6f14.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\4c6f14.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\IXP000.TMP\\bootstrap.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\IXP000.TMP\\bootstrap.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1c230d.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1c230d.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1c2f37.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1c2f37.exe:*:Enabled:ipsec"
"C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1c3f7d.exe"="C:\\DOCUME~1\\damien\\LOCALS~1\\Temp\\1c3f7d.exe:*:Enabled:ipsec"

"C:\\Documents and Settings\\LocalService\\Application Data\\printer.exe"="C:\\Documents and Settings\\LocalService\\Application Data\\printer.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\damien\\Menu Démarrer\\Programmes\\Démarrage\\findfast.exe"="C:\\Documents and Settings\\damien\\Menu Démarrer\\Programmes\\Démarrage\\findfast.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\autorun.exe"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\autorun.exe:*:Enabled:@xpsp2res.dll,-22019"

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"EnableLUA"=dword:00000000

Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
272 - spoolsv.exe
304 - msnmsgr.exe
460 - 1c3f7d.exe
548 - 1c230d.exe
616 - ASWLSVC.exe
688 - nvsvc32.exe
732 - RichVideo.exe
948 - csrss.exe
972 - winlogon.exe
1016 - services.exe
1028 - lsass.exe
1188 - svchost.exe
1240 - svchost.exe
1312 - svchost.exe
1328 - ASWL2K.exe
1396 - svchost.exe
1428 - aawservice.exe
1584 - explorer.exe
1692 - 1c2f37.exe
2056 - cmd.exe
3160 - KProcCheck.exe
4008 - msiexec.exe

Total number of processes = 23
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D0000 - \WINDOWS\system32\ntoskrnl.exe
8069C000 - \WINDOWS\system32\hal.dll
F90B0000 - \WINDOWS\system32\KDCOM.DLL
F8FC0000 - \WINDOWS\system32\BOOTVID.dll
F8AA5000 - sptd.sys
F90B2000 - \WINDOWS\System32\Drivers\WMILIB.SYS
F8A8F000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
F8A63000 - ACPI.sys
F8BB0000 - pci.sys
F8BC0000 - ohci1394.sys
F8BD0000 - \WINDOWS\System32\DRIVERS\1394BUS.SYS
F8BE0000 - isapnp.sys
F90B4000 - intelide.sys
F8E30000 - \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
F8BF0000 - MountMgr.sys
F8A44000 - ftdisk.sys
F90B6000 - dmload.sys
F8A20000 - dmio.sys
F8E38000 - PartMgr.sys
F8C00000 - VolSnap.sys
F8A0A000 - atapi.sys
F8C10000 - disk.sys
F8C20000 - \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
F89F8000 - sr.sys
F8C30000 - avgntmgr.sys
F8C40000 - PxHelp20.sys
F89E4000 - KSecDD.sys
F8961000 - Ntfs.sys
F8939000 - NDIS.sys
F891F000 - Mup.sys
F88ED000 - Cwes74.sys
F8E40000 - agp440.sys
F8127000 - \SystemRoot\System32\DRIVERS\processr.sys
F7EDB000 - \SystemRoot\System32\DRIVERS\nv4_mini.sys
F8117000 - \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
F7E80000 - \SystemRoot\System32\DRIVERS\bcmwl5.sys
F7D8F000 - \SystemRoot\System32\DRIVERS\AVerBDA3x.sys
F7D6F000 - \SystemRoot\System32\DRIVERS\ks.sys
F90AC000 - \SystemRoot\System32\DRIVERS\BdaSup.SYS
F8107000 - \SystemRoot\system32\drivers\es1371mp.sys
F7D4E000 - \SystemRoot\system32\drivers\portcls.sys
F80F7000 - \SystemRoot\system32\drivers\drmk.sys
F8EF8000 - \SystemRoot\System32\DRIVERS\fdc.sys
F7D3B000 - \SystemRoot\System32\DRIVERS\parport.sys
F80E7000 - \SystemRoot\System32\DRIVERS\serial.sys
F88C9000 - \SystemRoot\System32\DRIVERS\serenum.sys
F80D7000 - \SystemRoot\System32\DRIVERS\i8042prt.sys
F88C5000 - \SystemRoot\System32\DRIVERS\L8042Kbd.sys
F8F00000 - \SystemRoot\System32\DRIVERS\kbdclass.sys
F80C7000 - \SystemRoot\System32\DRIVERS\L8042mou.Sys
F7D29000 - \SystemRoot\System32\DRIVERS\LMouKE.Sys
F8F08000 - \SystemRoot\System32\DRIVERS\mouclass.sys
F80B7000 - \SystemRoot\System32\Drivers\Imapi.SYS
F80A7000 - \SystemRoot\System32\Drivers\AFS2K.SYS
F8C70000 - \SystemRoot\System32\DRIVERS\cdrom.sys
F8C80000 - \SystemRoot\System32\DRIVERS\redbook.sys
F8F10000 - \SystemRoot\System32\DRIVERS\usbuhci.sys
F7CC5000 - \SystemRoot\System32\DRIVERS\USBPORT.SYS
F7C5E000 - \SystemRoot\System32\Drivers\aq4v1dkn.SYS
F8C90000 - \SystemRoot\system32\drivers\srs_sscfilter.sys
F8F70000 - \SystemRoot\system32\drivers\wowhd_kern_i386.sys
F8CA0000 - \SystemRoot\system32\drivers\csiidecoder_kern_i386.sys
F8CB0000 - \SystemRoot\system32\drivers\surroundhp_kern_i386.sys
F8CC0000 - \SystemRoot\system32\drivers\tshd4_kern_i386.sys
F9272000 - \SystemRoot\System32\DRIVERS\audstub.sys
F8CD0000 - \SystemRoot\System32\DRIVERS\rasl2tp.sys
F8889000 - \SystemRoot\System32\DRIVERS\ndistapi.sys
F7C48000 - \SystemRoot\System32\DRIVERS\ndiswan.sys
F8CE0000 - \SystemRoot\System32\DRIVERS\raspppoe.sys
F8CF0000 - \SystemRoot\System32\DRIVERS\raspptp.sys
F8885000 - \SystemRoot\System32\DRIVERS\TDI.SYS
F7C37000 - \SystemRoot\System32\DRIVERS\psched.sys
F8D00000 - \SystemRoot\System32\DRIVERS\msgpc.sys
F8F78000 - \SystemRoot\System32\DRIVERS\ptilink.sys
F8F80000 - \SystemRoot\System32\DRIVERS\raspti.sys
F7B6A000 - \SystemRoot\System32\DRIVERS\rdpdr.sys
F8D20000 - \SystemRoot\System32\DRIVERS\termdd.sys
F7B58000 - \SystemRoot\System32\DRIVERS\bdfndisf.sys
F928B000 - \SystemRoot\System32\DRIVERS\swenum.sys
F7B36000 - \SystemRoot\System32\DRIVERS\update.sys
F8D30000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F7CEC000 - \SystemRoot\System32\DRIVERS\gameenum.sys
F8FA0000 - \SystemRoot\System32\DRIVERS\flpydisk.sys
F8D70000 - \SystemRoot\System32\DRIVERS\usbhub.sys
F9110000 - \SystemRoot\System32\DRIVERS\USBD.SYS
F8FB0000 - \SystemRoot\System32\DRIVERS\usbccgp.sys
F69B0000 - \SystemRoot\System32\DRIVERS\LV551AV.sys
F8D80000 - \SystemRoot\System32\DRIVERS\STREAM.SYS
F88AD000 - \SystemRoot\System32\DRIVERS\LVBulk.sys
F88A9000 - \SystemRoot\System32\DRIVERS\usbscan.sys
F8FB8000 - \SystemRoot\System32\DRIVERS\usbprint.sys
F8E58000 - \SystemRoot\System32\DRIVERS\HPZius12.sys
F8E60000 - \SystemRoot\System32\DRIVERS\USBSTOR.SYS
F8D90000 - \SystemRoot\System32\DRIVERS\HPZid412.sys
F889D000 - \SystemRoot\System32\DRIVERS\HPZipr12.sys
F9120000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F91B9000 - \SystemRoot\System32\Drivers\Null.SYS
F9122000 - \SystemRoot\System32\Drivers\Beep.SYS
F8E70000 - \SystemRoot\System32\drivers\vga.sys
F9124000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F9126000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F8E78000 - \SystemRoot\System32\Drivers\Msfs.SYS
F8E80000 - \SystemRoot\System32\Drivers\Npfs.SYS
F8891000 - \SystemRoot\System32\DRIVERS\rasacd.sys
F8DA0000 - \SystemRoot\System32\DRIVERS\ipsec.sys
F692F000 - \SystemRoot\System32\DRIVERS\tcpip.sys
F8E88000 - \??\C:\Program Files\Softwin\BitDefender10\bdpredir.sys
F691C000 - \??\C:\Program Files\Fichiers communs\Softwin\BitDefender Firewall\bdftdif.sys
F68F7000 - \SystemRoot\System32\DRIVERS\netbt.sys
F8DB0000 - \SystemRoot\System32\DRIVERS\netbios.sys
F8E90000 - \SystemRoot\System32\Drivers\StarOpen.SYS
F68CF000 - \SystemRoot\System32\DRIVERS\rdbss.sys
F9128000 - \SystemRoot\system32\drivers\nod32drv.sys
F686F000 - \SystemRoot\System32\DRIVERS\mrxsmb.sys
F8DC0000 - \SystemRoot\System32\Drivers\Fips.SYS
F8DD0000 - \SystemRoot\System32\DRIVERS\wanarp.sys
F6770000 - \SystemRoot\System32\Drivers\Fastfat.SYS
F675A000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F9132000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \??\C:\WINDOWS\system32\win32k.sys
F69F2000 - \??\C:\WINDOWS\system32\watchdog.sys
BFF80000 - \SystemRoot\System32\drivers\dxg.sys
F9257000 - \SystemRoot\System32\drivers\dxgthk.sys
BF9B8000 - \SystemRoot\System32\nv4_disp.dll
F4920000 - \SystemRoot\System32\drivers\afd.sys
F909C000 - \SystemRoot\System32\drivers\ws2ifsl.sys
F8ED0000 - \SystemRoot\System32\DRIVERS\AegisP.sys
F4768000 - \SystemRoot\System32\Drivers\Cdfs.SYS
F3D0D000 - \SystemRoot\System32\DRIVERS\mrxdav.sys
F3CD1000 - \SystemRoot\system32\drivers\wdmaud.sys
F6804000 - \SystemRoot\system32\drivers\sysaudio.sys
F9130000 - \SystemRoot\System32\Drivers\ParVdm.SYS
F3C13000 - \SystemRoot\system32\drivers\amon.sys
F3EE4000 - \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys
F3A84000 - \SystemRoot\System32\DRIVERS\srv.sys
F3B7B000 - \SystemRoot\System32\DRIVERS\ipfltdrv.sys
F3F24000 - \??\C:\WINDOWS\System32\ASNDIS5.SYS
F911C000 - \??\C:\WINDOWS\System32\drivers\njqpnn.sys
F9185000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 139

Liste des programmes installes

a-squared Anti-Malware 3.5
Ad-Aware
Adobe Flash Player ActiveX
Adobe Reader 7.0.9 - Français
Analyseur et SDK XML Microsoft
ASUS WLAN Card Utilities/Driver
AutoUpdate
AVerTV 6.1
AVerTV 6.1
BitDefender Internet Security v10
CCleaner (remove only)
CDDRV_Installer
Correctif pour le Lecteur Windows Media [Voir Q828026 pour plus d'informations]
Correctif Windows XP - KB823559
Correctif Windows XP - KB825119
Correctif Windows XP - KB828035
Correctif Windows XP - KB828741
Correctif Windows XP - KB833987
Correctif Windows XP - KB835732
Correctif Windows XP - KB837001
Correctif Windows XP - KB839645
Correctif Windows XP - KB840315
Correctif Windows XP - KB840374
Correctif Windows XP - KB840987
Correctif Windows XP - KB841356
Correctif Windows XP - KB841533
Correctif Windows XP - KB841873
Correctif Windows XP - KB842773
Correctif Windows XP - KB873376
Correctif Windows XP - KB887822
Digital Photo Navigator 1.5
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Easy Audio Cutter V1.5
HijackThis 2.0.2
hp psc 2200 series
IZArc 3.81
Java(TM) 6 Update 3
Java(TM) 6 Update 5
KhalInstallWrapper
Logitech Desktop Messenger
Logitech QuickCam
Logitech SetPoint
Malwarebytes' Anti-Malware
Messenger Beta
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0
Microsoft ActiveSync
Microsoft Data Access Components KB870669
Microsoft Office XP Professional avec FrontPage
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.14)
mscompare
Navitel Navigator
NOD32 Antivirus System
NVIDIA Display Driver
OpenOffice.org Installer 1.0
Outlook Express Q823353
Package du correctif Windows XP [voir Q329115 pour plus de détails]
Photo et imagerie HP 1.0 - PSC 2000 Series
Photo et imagerie HP 1.0 - PSC 2000 Series
Photo et imagerie HP 1.0 - PSC 2000 Series Pilote
PowerCinema NE for Everio
PowerDirector Express
PowerDVD
PowerProducer
Readiris 7.5
RealPlayer 7 Basic
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
Skype™ 3.6
SRS Audio Sandbox
SRS Audio Sandbox
VideoLAN VLC media player 0.8.6a
WebFldrs XP
Windows Installer 3.1 (KB893803)
Windows XP Application Compatibility Update[Q319580]
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB824105
Windows XP Hotfix (SP1) [See Q309521 for more information]
Windows XP Hotfix (SP1) [See Q311889 for more information]
Windows XP Hotfix (SP1) [See Q311967 for more information]
Windows XP Hotfix (SP1) [See Q315000 for more information]
Windows XP Hotfix (SP1) [See Q315403 for more information]
Windows XP Hotfix (SP1) [See Q317277 for more information]
Windows XP Hotfix (SP1) [See Q318138 for more information]
Windows XP Hotfix (SP1) [See Q323172 for more information]
Windows XP Hotfix (SP1) [See Q324096 for more information]
Windows XP Hotfix (SP1) [See Q324380 for more information]
Windows XP Hotfix (SP1) [See Q326830 for more information]
Windows XP Hotfix (SP1) [See Q328940 for more information]
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q810833
Windows XP Hotfix (SP1) Q811493
Windows XP Hotfix (SP1) Q815021
Yahoo! Anti-Spy
Yahoo! Toolbar
Yahoo! Toolbar

Le volume dans le lecteur C n'a pas de nom.
Le numéro de série du volume est 307D-18E0

Répertoire de C:\Program Files

12/06/2008 10:52 <REP> .
12/06/2008 10:52 <REP> ..
04/12/2007 02:46 <REP> Adobe
11/06/2008 23:12 <REP> a-squared Anti-Malware
04/12/2007 02:54 <REP> ASUS
04/12/2007 02:45 <REP> AVerMedia
04/12/2007 02:48 <REP> AVerTV 6.1
11/06/2008 22:00 <REP> Avira
11/06/2008 22:35 <REP> CCleaner
07/01/2008 10:34 <REP> Common Files
04/12/2007 02:08 <REP> ComPlus Applications
17/12/2007 22:43 <REP> CyberLink
11/12/2007 21:49 <REP> DAEMON Tools
17/12/2007 22:47 <REP> Digital Photo Navigator 1.5
20/04/2008 22:24 <REP> DivX
10/03/2008 00:49 <REP> Easy Audio Cutter
22/04/2008 21:39 <REP> eChanb

Réponse 26 / 26

ep44 Messages postés 7432 Statut Contributeur 3

Bonsoir

Redémarre l'ordinateur en mode sans échec
(tapoter F8 au boot pour obtenir le menu de démarrage ou http://service1.symantec.com/

* Double clique sur smitfraudfix.cmd

* Sélectionne 2 pour supprimer les fichiers responsables de l'infection.

A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

* Redémarre en mode normal et poste le rapport ici

N.B.: Cette étape élimine les fichiers infectieux détectés à l'étape #1
Attention que l'option 2 de l'outil supprime le fond d'écran !

Ensuite

Télécharge ATF Cleaner par Atribune.
http://www.atribune.org/ccount/click.php?id=1

Double-clique ATF-Cleaner.exe afin de lancer le programme.
Sous l'onglet Main, choisis : Select All
Clique sur le bouton Empty Selected

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All
Clique le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All
Clique le bouton Empty Selected
NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

ensuite refais un nouveau scan averc bitdefender

@+

Discussions similaires

Softonic,est-ce un virus ?

Google Chrome " Échec de l'analyse antivirus "

" Échec de l'analyse antivirus " la solution.

probleme curseur large qui supprime en tapant

Virus qui a efface mon antivirus?

26 réponses

Votre réponse

Discussions similaires

Newsletters