Virus

DELPH -  
ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   -
Bonjour,

Depuis qques jours j ai un virus sur mon PC. J ai tout essayé pour l erradier mais rien n y fait (spybot, ad aware, avg anti spyware).
A chaque fois que je rallume mon PC j ai une fenetre AVG anti spyware qui s ouvre il me demande quelle action je veux faire je le nettoie mais ca revient a chaque fois.
J ai egalement une toolbar MIRAR qui apparait et que je ne peux pas supprimer. J ai visité tous les forums a ce sujet egalement mais je n arrive pas a la supprimer.

De plus spybot apparait maintenant en anglais et je ne peux pas changer le language, je n arrive pas a le desinstaller de mon PC je pense que tous ces pbs sont liés.

J espere vraiment que qqun pourra me depanner je ne sais plus quoi faire !!!

Merci d avance pour votre aide
Delph
Configuration: Windows XP
Firefox 2.0.0.16

20 réponses

  1. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec

    ------
    = Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
    Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

    Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
    -------

    = Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    = Appuie sur Y pour commencer le processus de nettoyage.
    = Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    = Appuie sur une touche pour redémarrer le PC.
    = Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    = Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    = Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    = Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    = Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse

    Si SDFix ne se lance pas
    Clique sur Démarrer > Exécuter
    Copie/colle ceci :
    %systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

    Clique sur Ok.
    Redémarre et essaie de relancer SDFix.
    @+
    1
  2. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    Connais tu ce programme
    C:\Program Files\TELUS_eCare_Lite
    1
  3. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Je te propose une chose,
    Télécharge Antivir, installe et lance le en mode sans échec pour faire un scan une fois fini tu le supprime et poste son rapport.

    Pour télécharger Antivir => http://www.swl1f.net/viewtopic.php?f=14&t=59
    Ensuite télécharge les mise à jours que tu installera manuellement aussi en mode sans échec ==> http://dl.antivir.de/down/vdf/ivdf_fusebundle_nt_en.zip
    pour instaler les mises à jours tu feras Update > Manual Update > tu iras chercher les mises à jours à l'emplacement de ton téléchargement et tu clique ensuite sur ouvrir, la mise à jour s'effectuera.
    Ensuite assure toi que la recherche de rootkit soit activé, dans ce cas fait :
    Configuration > Coche expert mode > Scan et coche la case "search for rootkit before scan"
    Une fois fait lance le scan en cliquant sur "scan systèm now"

    @+
    1
  4. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    ok donc si tu as toujours des soucis on pousse la recherche.

    Télécharge DiagHelp.zip sur ton bureau http://www.malekal.com/download/DiagHelp.zip
    ==> Ne double-clic pas dessus !! Fais un clic droit sur le fichier et extraire tout
    ==> Un nouveau dossier chercher va être créé DiagHelp
    ==> Ouvre le et double-clic sur go.cmd (le .cmd peut ne pas apparaître)
    ==> Une fenêtre va s'ouvrir, choisis l'option 1
    ==> L'analyse va commencer, ceci peut durer quelques minutes, laisse faire et appuie sur une touche quand on te le demande
    ==> Copie/colle le contenu du bloc-note qui s'ouvre, pour cela :
    ==> Dans le bloc-note, cliquez sur le menu Edition / Selectionner tout
    ==> A nouveau menu Edition / copier
    ==> Dans un nouveau message ici, faire un clic droit / coller
    @+
    1
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    Encore une trace
    Télécharge ToolBar-S&D ( Merci à Eric_71, Angeldark, Sham_Rock et XmichouX )
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    * Double-clique sur ToolBar-SD afin de lancer l'installation, un raccourci sera ajouté sur le Bureau.
    * Double-clique dessus pour démarrer l'outil; choisis la langue.
    * Sous Vista, faire un clic droit et "Exécuter en tant qu'administrateur" (Elévation des privilèges), puis -> Continuer.
    * Tape 2 puis sur la touche [Entrée] afin de lancer la suppression.
    * Patiente jusqu'à la fin de la recherche.
    * À la fin du scan, le rapport s'ouvrira dans le Bloc-notes.
    * Poste ce rapport, par copier/coller, dans ta prochaine réponse.
    * Le rapport se trouve également sous : C:\TB.txt

    ** Aide en images
    https://sites.google.com/site/toolbarsd/aideenimages
    1
  7. DELPH
     
    Le virus est le suivant
    NOT-A-VIRUS.MONITOR.WIN32.AKL.25

    Merci
    delph
    0
  8. DELPH
     
    Bonjour ep44

    voici mon rapport hijackthis

    merci d avance pour ton aide

    Lil KlashLogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:02:09, on 2008-09-04
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\TCtrlIOHook.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\TDispVol.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
    C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\Microsoft Encarta\Microsoft Encarta 2007 - Collection DVD\EDICT.EXE
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: UltimateEnhancer - {42F64121-5B8C-E553-E3E3-31CB9B3ABD9D} - C:\Program Files\UltimateEnhancer\UltimateEnhancer-2.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: Mirar - {FD14EE73-F67E-45C0-9F01-731B8011B7DC} - C:\WINDOWS\system32\winje75.dll
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Mirar - {FD14EE72-F67E-45C0-9F01-731B8011B7DC} - C:\WINDOWS\system32\winje75.dll
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [TELUS_eCare_Lite_McciTrayApp] C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [E07FXLRD_2844015] "C:\Program Files\Microsoft Encarta\Microsoft Encarta 2007 - Collection DVD\EDICT.EXE" -m
    O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?2ae13c51b367427787a90b3686334697
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?2ae13c51b367427787a90b3686334697
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O21 - SSODL: printers - {9789F2EF-1908-45D5-933B-510E8780A88E} - libwinets.dll (file missing)
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
    0
  9. DELPH
     
    voici le rapport sdfix

    [b]SDFix: Version 1.221 [/b]
    Run by Mon Laptop on 2008-09-05 at 00:30

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    [b]Checking Services [/b]:

    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    Trojan Files Found:

    C:\Program Files\FBrowsingAdvisor\unins000.exe - Deleted
    C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll - Deleted
    C:\Program Files\PlayMP3z\uninstall.exe - Deleted

    Folder C:\Program Files\FBrowsingAdvisor - Removed
    Folder C:\Program Files\PlayMP3z - Removed

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-05 00:37:35
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:cb,62,ea,39,85,01,03,0a,5e,a7,a8,33,64,02,53,8f,6c,6f,c5,91,f2,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,e1,e2,2e,52,0e,df,1a,58,41,db,86,6d,ff,d0,74,12,67,..
    "khjeh"=hex:b4,1c,c7,aa,86,9f,8b,e0,a5,bd,5f,16,c9,2a,d0,76,eb,2a,5a,e5,9d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:dc,f1,81,e4,09,33,04,82,94,5b,1d,aa,ab,36,59,36,65,19,12,51,21,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:cb,62,ea,39,85,01,03,0a,5e,a7,a8,33,64,02,53,8f,6c,6f,c5,91,f2,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,e1,e2,2e,52,0e,df,1a,58,41,db,86,6d,ff,d0,74,12,67,..
    "khjeh"=hex:b4,1c,c7,aa,86,9f,8b,e0,a5,bd,5f,16,c9,2a,d0,76,eb,2a,5a,e5,9d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:dc,f1,81,e4,09,33,04,82,94,5b,1d,aa,ab,36,59,36,65,19,12,51,21,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:cb,62,ea,39,85,01,03,0a,5e,a7,a8,33,64,02,53,8f,6c,6f,c5,91,f2,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,e1,e2,2e,52,0e,df,1a,58,41,db,86,6d,ff,d0,74,12,67,..
    "khjeh"=hex:b4,1c,c7,aa,86,9f,8b,e0,a5,bd,5f,16,c9,2a,d0,76,eb,2a,5a,e5,9d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:dc,f1,81,e4,09,33,04,82,94,5b,1d,aa,ab,36,59,36,65,19,12,51,21,..

    scanning hidden registry entries ...

    scanning hidden files ...

    C:\WINDOWS\system32\wbem\Performance\WmiApRpl_new.h 357 bytes

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 1

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
    "C:\\Program Files\\Universalis\\atlas3D 12\\bmmatlas\\Atlas_App.exe"="C:\\Program Files\\Universalis\\atlas3D 12\\bmmatlas\\Atlas_App.exe:*:Enabled:Atlas_App"
    "C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe:*:Enabled:Render Manager"
    "C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe:*:Enabled:Studio"
    "C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe:*:Enabled:umi"
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
    "C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe:*:Enabled:MediaManager Application"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [b]Remaining Files [/b]:

    File Backups: - C:\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes [/b]:

    Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Program Files\TeaTimer (Spybot - Search & Destroy)\TeaTimer.exe"
    Fri 20 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Thu 31 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT16.tmp"
    Thu 31 Jul 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bc066f3f60df1b38218903dd0d40ce98\BIT17.tmp"
    Fri 2 May 2008 3,493,888 A..H. --- "C:\Documents and Settings\Mon Laptop\Application Data\U3\temp\Launchpad Removal.exe"
    Thu 29 May 2003 65,088 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM"
    Thu 29 May 2003 12,732 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM"
    Thu 29 May 2003 26,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM"
    Thu 29 May 2003 28,062 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM"
    Thu 29 May 2003 10,710 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM"
    Thu 29 May 2003 10,083 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM"
    Thu 29 May 2003 10,257 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM"
    Thu 29 May 2003 29,499 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM"
    Thu 29 May 2003 12,660 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM"
    Thu 29 May 2003 11,031 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM"
    Thu 29 May 2003 17,952 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM"
    Thu 29 May 2003 9,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM"
    Thu 29 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM"
    Thu 29 May 2003 13,673 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM"
    Thu 29 May 2003 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM"
    Thu 29 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM"
    Thu 29 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM"
    Thu 29 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM"
    Thu 29 May 2003 7,243 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM"
    Thu 29 May 2003 24,767 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM"
    Thu 29 May 2003 7,463 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM"
    Thu 29 May 2003 7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM"
    Thu 29 May 2003 10,286 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM"
    Thu 29 May 2003 25,460 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM"
    Thu 29 May 2003 28,866 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM"
    Thu 29 May 2003 14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM"
    Thu 29 May 2003 8,544 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys"
    Thu 29 May 2003 33,149 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys"
    Thu 29 May 2003 51,150 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI1394.SYS"
    Thu 29 May 2003 35,340 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI2DOS.SYS"
    Thu 29 May 2003 14,378 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI4DOS.SYS"
    Thu 29 May 2003 37,984 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8DOS.SYS"
    Thu 29 May 2003 44,828 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8U2.SYS"
    Thu 29 May 2003 29,628 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPICD.SYS"
    Thu 29 May 2003 52,106 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIEHCI.SYS"
    Thu 29 May 2003 49,250 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIOHCI.SYS"
    Thu 29 May 2003 50,600 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIUHCI.SYS"
    Thu 29 May 2003 161,792 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BOOTSRV.SYS"
    Thu 29 May 2003 174,080 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\bootsrv16.sys"
    Thu 29 May 2003 21,971 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTCDROM.SYS"
    Thu 29 May 2003 30,955 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTDOSM.SYS"
    Thu 29 May 2003 202,517 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE"
    Thu 29 May 2003 374,038 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE"
    Thu 29 May 2003 22,158 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\COUNTRY.SYS"
    Thu 29 May 2003 1,608 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DEVICE.COM"
    Thu 29 May 2003 15,345 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DISPLAY.SYS"
    Thu 29 May 2003 7,840 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DLSHELP.SYS"
    Thu 29 May 2003 56,821 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE"
    Thu 29 May 2003 64,425 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\FLASHPT.SYS"
    Thu 29 May 2003 32,396 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE"
    Thu 29 May 2003 14,160 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\HIMEM.SYS"
    Thu 29 May 2003 10,898 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYB.COM"
    Thu 29 May 2003 53,556 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYBOARD.SYS"
    Thu 29 May 2003 15,777 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MODE.COM"
    Thu 29 May 2003 37,681 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MOUSE.COM"
    Thu 29 May 2003 354,304 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\msbootsrv16.sys"
    Thu 29 May 2003 21,180 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE"
    Thu 29 May 2003 354,263 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe"
    Thu 29 May 2003 8,513 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\NETBIND.COM"
    Thu 29 May 2003 41,302 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OAKCDROM.SYS"
    Thu 29 May 2003 129,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE"
    Thu 29 May 2003 28,439 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Paralink.com"
    Thu 29 May 2003 13,770 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE"
    Thu 29 May 2003 130,980 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE"
    Thu 29 May 2003 11,854 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM"
    Thu 29 May 2003 52,715 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM"
    Thu 29 May 2003 62,391 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM"
    Thu 29 May 2003 11,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com"
    Thu 29 May 2003 17,791 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com"
    Thu 29 May 2003 17,043 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com"
    Thu 29 May 2003 11,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com"
    Thu 29 May 2003 18,300 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com"
    Thu 29 May 2003 48,224 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com"
    Thu 29 May 2003 13,360 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com"
    Thu 29 May 2003 9,190 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com"
    Thu 29 May 2003 12,567 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com"
    Thu 29 May 2003 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM"
    Thu 29 May 2003 56,896 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com"
    Thu 29 May 2003 44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com"
    Thu 29 May 2003 9,692 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com"
    Thu 29 May 2003 9,537 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM"
    Thu 29 May 2003 32,484 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com"
    Thu 29 May 2003 52,225 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe"
    Thu 29 May 2003 48,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe"
    Thu 29 May 2003 50,405 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com"
    Thu 29 May 2003 33,860 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe"
    Thu 29 May 2003 50,175 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe"
    Thu 29 May 2003 50,795 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe"
    Thu 29 May 2003 48,223 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com"
    Thu 29 May 2003 48,641 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe"
    Thu 29 May 2003 49,015 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com"
    Thu 29 May 2003 53,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\command.com"
    Thu 29 May 2003 44,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM"
    Thu 29 May 2003 42,550 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM"

    [b]Finished![/b]
    0
  10. delph
     
    salut
    concernant malwarebytes, le site est indisponible depuis 2 jours, j espere que je pourrai y acceder bientot...
    0
  11. DELPH
     
    j ai trouvé le lien ci dessous rapport malwarebytes

    Malwarebytes' Anti-Malware 1.27
    Version de la base de données: 1128
    Windows 5.1.2600 Service Pack 3

    2008-09-08 23:43:56
    mbam-log-2008-09-08 (23-43-56).txt

    Type de recherche: Examen complet (C:\|E:\|)
    Eléments examinés: 150547
    Temps écoulé: 8 hour(s), 47 minute(s), 41 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 3
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 1
    Fichier(s) infecté(s): 5

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd14ee73-f67e-45c0-9f01-731b8011b7dc} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{fd14ee73-f67e-45c0-9f01-731b8011b7dc} (Adware.BHO) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{26EEDAD2-04D7-4C6E-8284-D9C71FFCDC9E}\RP159\A0038202.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{26EEDAD2-04D7-4C6E-8284-D9C71FFCDC9E}\RP165\A0043470.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{26EEDAD2-04D7-4C6E-8284-D9C71FFCDC9E}\RP165\A0043480.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winje75.dll (Adware.BHO) -> Quarantined and deleted successfully.
    0
  12. DELPH
     
    rapport hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:14:12, on 2008-09-09
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\TCtrlIOHook.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\WINDOWS\system32\TDispVol.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
    C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\Microsoft Encarta\Microsoft Encarta 2007 - Collection DVD\EDICT.EXE
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: UltimateEnhancer - {42F64121-5B8C-E553-E3E3-31CB9B3ABD9D} - C:\Program Files\UltimateEnhancer\UltimateEnhancer-2.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: BHO pour Compagnon Web Encarta - {955BE0B8-BC85-4CAF-856E-8E0D8B610560} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {FD14EE73-F67E-45C0-9F01-731B8011B7DC} - (no file)
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O3 - Toolbar: Compagnon Web Encarta - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: (no name) - {FD14EE72-F67E-45C0-9F01-731B8011B7DC} - (no file)
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
    O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
    O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [TELUS_eCare_Lite_McciTrayApp] C:\Program Files\TELUS_eCare_Lite\eCareTrayApp.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe"
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [E07FXLRD_2844015] "C:\Program Files\Microsoft Encarta\Microsoft Encarta 2007 - Collection DVD\EDICT.EXE" -m
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: Chercher avec Copernic Agent - C:\Program Files\Copernic Agent\Web\SearchExt.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/229?2ae13c51b367427787a90b3686334697
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-ca\msntabres.dll.mui/230?2ae13c51b367427787a90b3686334697
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
    0
  13. delph
     
    oui, Telus etait mon fournisseur d acces internet quand je suis partie au canada l annee
    par contre avg anti spyware me detecte toujours not-a-virus.monitor.win32.akl.25 emplacement C windows system 32 tdispvol.dll
    0
  14. delph
     
    Avira AntiVir Personal
    Report file date: 11 septembre 2008 10:59

    Scanning for 1608241 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 3) [5.1.2600]
    Boot mode: Save mode
    Username: Mon Laptop
    Computer name: MON-5FBFE707E9F

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 12:36:36
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:53:28
    ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 15:53:44
    ANTIVIR3.VDF : 7.0.6.143 314880 Bytes 10/09/2008 21:51:42
    Engineversion : 8.1.1.28
    AEVDF.DLL : 8.1.0.5 102772 Bytes 02/04/2008 12:36:34
    AESCRIPT.DLL : 8.1.0.70 319866 Bytes 03/09/2008 14:22:34
    AESCN.DLL : 8.1.0.23 119156 Bytes 15/07/2008 13:58:46
    AERDL.DLL : 8.1.1.1 397683 Bytes 03/09/2008 14:22:34
    AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 13:58:46
    AEOFFICE.DLL : 8.1.0.23 196987 Bytes 03/09/2008 14:22:34
    AEHEUR.DLL : 8.1.0.51 1397111 Bytes 03/09/2008 14:22:34
    AEHELP.DLL : 8.1.0.15 115063 Bytes 29/05/2008 12:08:42
    AEGEN.DLL : 8.1.0.36 315764 Bytes 18/08/2008 16:05:36
    AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 12:02:16
    AECORE.DLL : 8.1.1.11 172406 Bytes 03/09/2008 14:22:32
    AEBB.DLL : 8.1.0.1 53617 Bytes 18/07/2008 09:20:50
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
    AVREP.DLL : 8.0.0.2 98344 Bytes 10/09/2008 23:22:19
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, E:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: on
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: 11 septembre 2008 10:59

    Starting search for hidden objects.
    The driver could not be initialized.

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    14 processes with 14 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'E:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '73' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'E:\' <pas touche !!>

    End of the scan: 11 septembre 2008 14:14
    Used time: 3:14:45 Hour(s)

    The scan has been done completely.

    7353 Scanning directories
    263129 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    263127 Files not concerned
    1240 Archives were scanned
    2 Warnings
    0 Notes

    J ai malheureusement tjrs le même pb...
    0
  15. DELPH
     
    ci dessous mon rapport

    DiagHelp version v1.4 - http://www.malekal.com
    excute le 2008-09-15 à 14:52:33,89

    Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
    C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->2008-09-15 14:52:32
    C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->2008-09-15 14:52:26
    C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->2008-09-15 14:52:07
    C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->2008-09-15 14:51:53
    C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->2008-09-15 14:39:38
    C:\WINDOWS\prefetch\WMIADAP.EXE-2DF425B2.pf -->2008-09-15 14:39:37
    C:\WINDOWS\prefetch\MSNTBUP.EXE-0D913FB9.pf -->2008-09-15 14:39:00
    C:\WINDOWS\prefetch\ACRORD32.EXE-13285B88.pf -->2008-09-15 14:38:22
    C:\WINDOWS\prefetch\AVGW.EXE-2A7BF89D.pf -->2008-09-15 14:36:29
    C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->2008-09-15 14:36:24

    C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->2008-09-08 00:11:08
    C:\WINDOWS\System32\drivers\mbam.sys -->2008-09-08 00:11:02
    C:\WINDOWS\System32\drivers\avgclean.sys -->2008-07-28 14:54:58
    C:\WINDOWS\System32\drivers\avgmfx86.sys -->2008-07-28 14:54:53
    C:\WINDOWS\System32\drivers\tcpip.sys -->2008-06-20 13:51:12
    C:\WINDOWS\System32\drivers\afd.sys -->2008-06-20 13:40:08
    C:\WINDOWS\System32\drivers\tcpip6.sys -->2008-06-20 13:08:27

    C:\WINDOWS\System32\PerfStringBackup.INI -->2008-09-15 14:39:49
    C:\WINDOWS\System32\perfh00C.dat -->2008-09-15 14:39:49
    C:\WINDOWS\System32\perfh009.dat -->2008-09-15 14:39:49
    C:\WINDOWS\System32\perfc00C.dat -->2008-09-15 14:39:49
    C:\WINDOWS\System32\perfc009.dat -->2008-09-15 14:39:49
    C:\WINDOWS\System32\wpa.dbl -->2008-09-15 14:36:13
    C:\WINDOWS\System32\FNTCACHE.DAT -->2008-09-09 09:59:25
    C:\WINDOWS\System32\spupdwxp.log -->2008-09-04 14:05:53
    C:\WINDOWS\System32\qtplugin.log -->2008-09-01 14:37:29
    C:\WINDOWS\System32\TZLog.log -->2008-08-30 03:05:35
    C:\WINDOWS\System32\MRT.exe -->2008-08-26 22:28:12
    C:\WINDOWS\System32\blue.SITENAME -->2008-08-19 19:52:48
    C:\WINDOWS\System32\MSDELog.log -->2008-08-19 17:44:28
    C:\WINDOWS\System32\d3d9caps.dat -->2008-08-05 16:03:59
    C:\WINDOWS\System32\ciadvss.exe -->2008-07-28 15:24:33
    C:\WINDOWS\System32\ciadvs.exe -->2008-07-28 15:24:33
    C:\WINDOWS\System32\es.dll -->2008-07-07 22:28:20
    C:\WINDOWS\System32\mscms.dll -->2008-06-24 18:44:02
    C:\WINDOWS\System32\wmpeffects.dll -->2008-06-24 18:12:58
    C:\WINDOWS\System32\mshtml.dll -->2008-06-24 10:28:24
    C:\WINDOWS\System32\wininet.dll -->2008-06-23 18:28:23
    C:\WINDOWS\System32\webcheck.dll -->2008-06-23 18:28:23
    C:\WINDOWS\System32\urlmon.dll -->2008-06-23 18:28:23
    C:\WINDOWS\System32\url.dll -->2008-06-23 18:28:22
    C:\WINDOWS\System32\pngfilt.dll -->2008-06-23 18:28:22

    C:\WINDOWS\WindowsUpdate.log -->2008-09-15 14:39:26
    C:\WINDOWS\0.log -->2008-09-15 14:35:44
    C:\WINDOWS\wiadebug.log -->2008-09-15 14:35:27
    C:\WINDOWS\wiaservc.log -->2008-09-15 14:35:25
    C:\WINDOWS\bootstat.dat -->2008-09-15 14:35:00
    C:\WINDOWS\SchedLgU.Txt -->2008-09-14 01:23:53
    C:\WINDOWS\wmsetup.log -->2008-09-13 20:53:11
    C:\WINDOWS\phedit.ini -->2008-09-12 18:35:10
    C:\WINDOWS\ntbtlog.txt -->2008-09-11 10:48:43
    C:\WINDOWS\tsoc.log -->2008-09-10 10:08:20
    C:\WINDOWS\tabletoc.log -->2008-09-10 10:08:20
    C:\WINDOWS\ocmsn.log -->2008-09-10 10:08:20
    C:\WINDOWS\ocgen.log -->2008-09-10 10:08:20
    C:\WINDOWS\ntdtcsetup.log -->2008-09-10 10:08:20
    C:\WINDOWS\netfxocm.log -->2008-09-10 10:08:20

    winlogon.exe
    Verified: Signed
    svchost.exe
    Verified: Signed
    ws2_32.dll
    Verified: Signed
    user32.dll
    Verified: Signed
    tcpip.sys
    Verified: Signed
    ndis.sys
    Verified: Signed
    null.sys
    Verified: Signed

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    explorer.exe pid: 684
    Command line: C:\WINDOWS\Explorer.EXE

    Base Size Version Path
    0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
    0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
    0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll

    0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll
    0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
    0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll
    0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
    0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
    0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
    0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL
    0x44160000 0x127000 7.00.6000.16705 C:\WINDOWS\system32\urlmon.dll
    0x44360000 0x5cd000 7.00.6000.16705 C:\WINDOWS\system32\ieframe.dll
    0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
    0x7d200000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll
    0x442b0000 0x3c000 7.00.6000.16705 C:\WINDOWS\system32\webcheck.dll
    0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
    0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
    0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
    0x10000000 0xd000 1.00.0008.0000 C:\WINDOWS\system32\TPwrCfg.DLL
    0x02750000 0x15000 1.00.0004.0000 C:\WINDOWS\system32\TPwrReg.dll
    0x02770000 0xe000 1.00.0003.0000 C:\WINDOWS\system32\TPSTrace.DLL
    0x02810000 0xc000 C:\WINDOWS\system32\TDispVol.dll
    0x01720000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
    0x00f10000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
    0x00f70000 0x14000 2.02.0006.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
    0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL
    0x02b30000 0x56000 7.10.3052.0004 C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll
    0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCP71.dll
    0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
    0x01570000 0x2e000 C:\Program Files\WinRAR\rarext.dll
    0x016a0000 0x35000 1.00.0000.0000 C:\Program Files\Web Photo Album\webalbumcontext.dll
    0x01770000 0x18000 1.00.0001.0000 C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll
    0x621a0000 0x10000 7.05.0000.0409 C:\Program Files\Grisoft\AVG7\avgse.dll
    0x02b90000 0x2a000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
    0x01ec0000 0xe000 7.00.0005.0172 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    0x03780000 0xfd000 1.00.0000.0001 C:\Program Files\UltimateEnhancer\UltimateEnhancer-2.dll
    0x61b40000 0x28000 7.00.2632.17573 C:\Program Files\UltimateEnhancer\pcre3.dll
    0x4eb80000 0x1a6000 5.01.3102.5581 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll
    0x03b90000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
    0x6d7c0000 0x79000 6.00.0020.0006 C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    winlogon.exe pid: 1104
    Command line: winlogon.exe

    Base Size Version Path
    0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
    0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
    0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
    0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
    0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll
    0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
    0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
    0x01270000 0x3b000 1.07.0018.0007 C:\WINDOWS\system32\WgaLogon.dll
    0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll

    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est E8F2-C1B0

    Répertoire de C:\WINDOWS\system

    2003-05-29 00:53 4 672 WOWPOST.EXE
    1 fichier(s) 4 672 octets
    0 Rép(s) 6 974 566 400 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est E8F2-C1B0

    Répertoire de C:\WINDOWS\system32

    2008-04-14 04:33 6 144 csrss.exe
    1 fichier(s) 6 144 octets
    0 Rép(s) 6 974 566 400 octets libres

    Contenu de Downloaded Program Files
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est E8F2-C1B0

    Répertoire de C:\WINDOWS\Downloaded Program Files

    2008-08-19 16:58 <REP> .
    2008-08-19 16:58 <REP> ..
    2007-07-20 17:54 65 desktop.ini
    2007-08-06 18:10 68 992 PURfr-fr.dll
    2 fichier(s) 69 057 octets

    Total des fichiers listés :
    2 fichier(s) 69 057 octets
    2 Rép(s) 6 974 566 400 octets libres

    Recherche de rootkit! (Merci S!Ri)

    Recherche d'infections connues

    Export des clefs sensibles..

    Liste des fichiers en exception sur le pare-feu XP SP2

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
    "C:\\Program Files\\Universalis\\atlas3D 12\\bmmatlas\\Atlas_App.exe"="C:\\Program Files\\Universalis\\atlas3D 12\\bmmatlas\\Atlas_App.exe:*:Enabled:Atlas_App"
    "C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe:*:Enabled:Render Manager"
    "C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe:*:Enabled:Studio"
    "C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe:*:Enabled:umi"
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
    "C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe:*:Enabled:MediaManager Application"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"="C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Export de la clef SharedTaskScheduler

    [SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

    exports des policies
    REGEDIT4

    [system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    Export des clefs sensibles..
    Rechercher adresses sensibles dans le fichier HOSTS...
    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-15 14:54:47
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:cb,62,ea,39,85,01,03,0a,5e,a7,a8,33,64,02,53,8f,6c,6f,c5,91,f2,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,e1,e2,2e,52,0e,df,1a,58,41,db,86,6d,ff,d0,74,12,67,..
    "khjeh"=hex:b4,1c,c7,aa,86,9f,8b,e0,a5,bd,5f,16,c9,2a,d0,76,eb,2a,5a,e5,9d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:dc,f1,81,e4,09,33,04,82,94,5b,1d,aa,ab,36,59,36,65,19,12,51,21,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:cb,62,ea,39,85,01,03,0a,5e,a7,a8,33,64,02,53,8f,6c,6f,c5,91,f2,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,e1,e2,2e,52,0e,df,1a,58,41,db,86,6d,ff,d0,74,12,67,..
    "khjeh"=hex:b4,1c,c7,aa,86,9f,8b,e0,a5,bd,5f,16,c9,2a,d0,76,eb,2a,5a,e5,9d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:dc,f1,81,e4,09,33,04,82,94,5b,1d,aa,ab,36,59,36,65,19,12,51,21,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:cb,62,ea,39,85,01,03,0a,5e,a7,a8,33,64,02,53,8f,6c,6f,c5,91,f2,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,e1,e2,2e,52,0e,df,1a,58,41,db,86,6d,ff,d0,74,12,67,..
    "khjeh"=hex:b4,1c,c7,aa,86,9f,8b,e0,a5,bd,5f,16,c9,2a,d0,76,eb,2a,5a,e5,9d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:dc,f1,81,e4,09,33,04,82,94,5b,1d,aa,ab,36,59,36,65,19,12,51,21,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden services: 0
    hidden files: 0

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Process list by traversal of KiWaitListHead

    4 - System
    228 - CEC_MAIN.exe
    520 - alg.exe
    684 - explorer.exe
    784 - guard.exe
    800 - avgamsvr.exe
    824 - avgemc.exe
    832 - cmd.exe
    860 - hkcmd.exe
    880 - traybar.exe
    888 - igfxtray.exe
    924 - igfxpers.exe
    1040 - RTHDCPL.exe
    1052 - TCtrlIOHook.exe
    1076 - TFncKy.exe
    1080 - csrss.exe
    1084 - TDispVol.exe
    1104 - winlogon.exe
    1148 - services.exe
    1160 - lsass.exe
    1164 - TPSMain.exe
    1228 - CeEKey.exe
    1328 - svchost.exe
    1348 - PDVDServ.exe
    1356 - avgcc.exe
    1396 - svchost.exe
    1436 - svchost.exe
    1476 - svchost.exe
    1528 - svchost.exe
    1544 - GhostStartTrayA
    1552 - eCareTrayApp.ex
    1588 - qttask.exe
    1604 - ctfmon.exe
    1612 - ltmoh.exe
    1624 - svchost.exe
    1660 - daemon.exe
    1668 - msnmsgr.exe
    1688 - CTSyncU.exe
    1740 - EDICT.EXE
    1768 - TPSBattM.exe
    1936 - spoolsv.exe
    2020 - GoogleUpdater.e
    2132 - GoogleUpdaterSe
    2356 - MDM.EXE
    2380 - sqlservr.exe
    2580 - svchost.exe
    2928 - CALMAIN.exe
    3240 - PMSHost.exe
    3264 - firefox.exe

    Total number of processes = 49
    NOTE: Under WinXP, this will not show all processes.

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Driver/Module list by traversal of PsLoadedModuleList

    804D7000 - \WINDOWS\system32\ntoskrnl.exe
    806FF000 - \WINDOWS\system32\hal.dll
    F7A4C000 - \WINDOWS\system32\KDCOM.DLL
    F795C000 - \WINDOWS\system32\BOOTVID.dll
    F7443000 - sptd.sys
    F7A4E000 - \WINDOWS\System32\Drivers\WMILIB.SYS
    F742B000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
    F73FC000 - ACPI.sys
    F73EB000 - pci.sys
    F754C000 - ohci1394.sys
    F755C000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS
    F756C000 - isapnp.sys
    F7960000 - compbatt.sys
    F7964000 - \WINDOWS\system32\DRIVERS\BATTC.SYS
    F7B14000 - pciide.sys
    F77CC000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    F73CD000 - pcmcia.sys
    F757C000 - MountMgr.sys
    F73AE000 - ftdisk.sys
    F7A50000 - dmload.sys
    F7388000 - dmio.sys
    F7968000 - ACPIEC.sys
    F7B15000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    F77D4000 - PartMgr.sys
    F758C000 - VolSnap.sys
    F7370000 - atapi.sys
    F759C000 - disk.sys
    F75AC000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    F7350000 - fltmgr.sys
    F733E000 - sr.sys
    F7327000 - KSecDD.sys
    F7314000 - WudfPf.sys
    F75BC000 - Defrag32b.sys
    F7287000 - Ntfs.sys
    F725A000 - NDIS.sys
    F7240000 - Mup.sys
    F778C000 - \SystemRoot\system32\DRIVERS\intelppm.sys
    F6F23000 - \SystemRoot\system32\DRIVERS\ialmnt5.sys
    F6F0F000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    F6EE7000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys
    F6CCD000 - \SystemRoot\system32\DRIVERS\NETw4x32.sys
    F6CB6000 - \SystemRoot\system32\DRIVERS\Rtenicxp.sys
    F78EC000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
    F6C92000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
    F78F4000 - \SystemRoot\system32\DRIVERS\usbehci.sys
    F77AC000 - \SystemRoot\system32\DRIVERS\nic1394.sys
    F6C46000 - \SystemRoot\system32\drivers\tifm21.sys
    F6C32000 - \SystemRoot\system32\DRIVERS\sdbus.sys
    F71E8000 - \SystemRoot\system32\DRIVERS\CmBatt.sys
    F77BC000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
    F78FC000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
    F7904000 - \SystemRoot\system32\DRIVERS\mouclass.sys
    F75CC000 - \SystemRoot\system32\DRIVERS\imapi.sys
    F790C000 - \SystemRoot\system32\drivers\ASAPIW2k.sys
    F75DC000 - \SystemRoot\system32\DRIVERS\cdrom.sys
    F75EC000 - \SystemRoot\system32\DRIVERS\redbook.sys
    F6C0F000 - \SystemRoot\system32\DRIVERS\ks.sys
    F6BA9000 - \SystemRoot\System32\Drivers\alsoqfgk.SYS
    F7B73000 - \SystemRoot\system32\DRIVERS\audstub.sys
    F75FC000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
    F7081000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
    F6B92000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
    F760C000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
    F761C000 - \SystemRoot\system32\DRIVERS\raspptp.sys
    F780C000 - \SystemRoot\system32\DRIVERS\TDI.SYS
    F6B81000 - \SystemRoot\system32\DRIVERS\psched.sys
    F762C000 - \SystemRoot\system32\DRIVERS\msgpc.sys
    F781C000 - \SystemRoot\system32\DRIVERS\ptilink.sys
    F7824000 - \SystemRoot\system32\DRIVERS\raspti.sys
    F6B51000 - \SystemRoot\system32\DRIVERS\rdpdr.sys
    F763C000 - \SystemRoot\system32\DRIVERS\termdd.sys
    F7AA0000 - \SystemRoot\system32\DRIVERS\swenum.sys
    F6AF3000 - \SystemRoot\system32\DRIVERS\update.sys
    F7A34000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
    F6AC5000 - \SystemRoot\system32\DRIVERS\MarvinBus.sys
    F764C000 - \SystemRoot\System32\Drivers\NDProxy.SYS
    AAAC1000 - \SystemRoot\system32\drivers\RtkHDAud.sys
    AAA9D000 - \SystemRoot\system32\drivers\portcls.sys
    F766C000 - \SystemRoot\system32\drivers\drmk.sys
    AA981000 - \SystemRoot\system32\DRIVERS\AGRSM.sys
    F7AA8000 - \SystemRoot\system32\DRIVERS\USBD.SYS
    F7834000 - \SystemRoot\System32\Drivers\Modem.SYS
    F769C000 - \SystemRoot\system32\DRIVERS\usbhub.sys
    F7AB8000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
    F7C0A000 - \SystemRoot\System32\Drivers\Null.SYS
    F7ABA000 - \SystemRoot\System32\Drivers\Beep.SYS
    F7C0B000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys
    F7C0C000 - \SystemRoot\System32\Drivers\avgclean.sys
    F7854000 - \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
    F785C000 - \SystemRoot\System32\drivers\vga.sys
    F7ABC000 - \SystemRoot\System32\Drivers\mnmdd.SYS
    F7ABE000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
    F7864000 - \SystemRoot\System32\Drivers\Msfs.SYS
    F786C000 - \SystemRoot\System32\Drivers\Npfs.SYS
    F6A32000 - \SystemRoot\system32\DRIVERS\rasacd.sys
    A9C91000 - \SystemRoot\system32\DRIVERS\ipsec.sys
    A9C38000 - \SystemRoot\system32\DRIVERS\tcpip.sys
    A9BE8000 - \SystemRoot\system32\DRIVERS\netbt.sys
    A9BC2000 - \SystemRoot\system32\DRIVERS\ipnat.sys
    A9BA0000 - \SystemRoot\System32\drivers\afd.sys
    F76CC000 - \SystemRoot\system32\DRIVERS\netbios.sys
    F76DC000 - \SystemRoot\system32\DRIVERS\wanarp.sys
    AA96D000 - \??\C:\WINDOWS\system32\drivers\TPwSav.sys
    A9B75000 - \SystemRoot\system32\DRIVERS\rdbss.sys
    AA95D000 - \??\C:\WINDOWS\system32\drivers\pclepci.sys
    A99BE000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
    F76EC000 - \SystemRoot\system32\DRIVERS\arp1394.sys
    F76FC000 - \SystemRoot\System32\Drivers\Fips.SYS
    A9855000 - \SystemRoot\System32\Drivers\avg7core.sys
    F787C000 - \SystemRoot\system32\DRIVERS\usbccgp.sys
    F772C000 - \SystemRoot\System32\Drivers\UVCFTR_S.SYS
    A9370000 - \SystemRoot\System32\Drivers\usbvideo.sys
    F7AD2000 - \SystemRoot\System32\Drivers\avg7rsw.sys
    F788C000 - \SystemRoot\System32\Drivers\avg7rsxp.sys
    F775C000 - \SystemRoot\System32\Drivers\Cdfs.SYS
    F7C39000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
    A8528000 - \SystemRoot\System32\Drivers\dump_atapi.sys
    F7A9E000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    BF800000 - \SystemRoot\System32\win32k.sys
    A9C2C000 - \SystemRoot\System32\drivers\Dxapi.sys
    A8558000 - \SystemRoot\System32\watchdog.sys
    BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
    F7C5A000 - \SystemRoot\System32\drivers\dxgthk.sys
    BF9E4000 - \SystemRoot\System32\ialmdnt5.dll
    BF9D5000 - \SystemRoot\System32\ialmrnt5.dll
    BFA06000 - \SystemRoot\System32\ialmdev5.DLL
    BFA3F000 - \SystemRoot\System32\ialmdd5.DLL
    BFFA0000 - \SystemRoot\System32\ATMFD.DLL
    A84AC000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
    A821B000 - \SystemRoot\system32\drivers\wdmaud.sys
    A8388000 - \SystemRoot\system32\drivers\sysaudio.sys
    A7BFE000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
    A7D03000 - \SystemRoot\System32\Drivers\Aspi32.SYS
    F7A58000 - \SystemRoot\System32\Drivers\avgtdi.sys
    A7D7B000 - \SystemRoot\System32\Drivers\Defrag32.SYS
    A7A05000 - \SystemRoot\System32\Drivers\HTTP.sys
    A7963000 - \SystemRoot\system32\DRIVERS\srv.sys
    A6093000 - \SystemRoot\system32\drivers\kmixer.sys
    F7C34000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

    Total number of drivers = 139

    Liste des programmes installes

    Adobe Reader 7.0.5 - Français
    ALPS Touch Pad Driver
    AnyDVD
    Archiveur WinRAR
    AutoUpdate
    AVG 7.5
    AVG Anti-Spyware 7.5
    Barre d'outils Outlook de Windows Live (Windows Live Toolbar)
    Bloqueur de fenêtres pop-up (Windows Live Toolbar)
    Camera Assistant Software for Toshiba
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    CCleaner (remove only)
    CD/DVD Drive Acoustic Silencer
    Compatibility Pack for the 2007 Office system
    Copernic Agent Professional
    Correctif pour Lecteur Windows Media 11 (KB939683)
    Correctif pour Windows XP (KB952287)
    Creative MediaSource 5
    Creative System Information
    Creative ZEN V Series (R2)
    CSI
    CutePDF Writer 2.7
    DiscAPI (Studio 10)
    DVD de bonus Studio 10
    DVD Shrink 3.2
    Extension de Windows Live Toolbar (Windows Live Toolbar)
    Gestionnaire de disques amovible Creative
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    Haali Media Splitter
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hotfix 2050 for SQL Server 2000 ENU (KB948110)
    Hotfix for Microsoft .NET Framework 3.0 (KB932471)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Intel(R) Graphics Media Accelerator Driver
    Java 2 Runtime Environment, SE v1.4.2_05
    Java(TM) 6 Update 2
    Lecteur Windows Media 11
    LiveReg (Symantec Corporation)
    LiveUpdate 1.80 (Symantec Corporation)
    Malwarebytes' Anti-Malware
    Menus intelligents (Windows Live Toolbar)
    Messenger Plus! Live
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 French Language Pack
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0
    Microsoft .NET Framework 2.0
    Microsoft .NET Framework 2.0 Language Pack - FRA
    Microsoft .NET Framework 3.0
    Microsoft .NET Framework 3.0
    Microsoft .NET Framework 3.0 French Language Pack
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Encarta 2007 - Collection
    Microsoft English TTS Engine
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft SQL Server Desktop Engine (PINNACLESYS)
    Microsoft Streets & Trips 2007
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Mirar
    Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)
    Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
    Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
    Mise à jour de sécurité pour Windows XP (KB923689)
    Mise à jour de sécurité pour Windows XP (KB938464)
    Mise à jour de sécurité pour Windows XP (KB941569)
    Mise à jour de sécurité pour Windows XP (KB946648)
    Mise à jour de sécurité pour Windows XP (KB950760)
    Mise à jour de sécurité pour Windows XP (KB950762)
    Mise à jour de sécurité pour Windows XP (KB950974)
    Mise à jour de sécurité pour Windows XP (KB951066)
    Mise à jour de sécurité pour Windows XP (KB951376-v2)
    Mise à jour de sécurité pour Windows XP (KB951698)
    Mise à jour de sécurité pour Windows XP (KB951748)
    Mise à jour de sécurité pour Windows XP (KB952954)
    Mise à jour de sécurité pour Windows XP (KB953839)
    Mise à jour pour Windows XP (KB942763)
    Mise à jour pour Windows XP (KB951072-v2)
    Mise à jour pour Windows XP (KB951978)
    Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
    Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
    Mozilla Firefox (3.0.1)
    MSXML 4.0 SP2 (KB936181)
    MSXML 6.0 Parser (KB933579)
    Navigation par onglets (Windows Live Toolbar)
    Nero 7 Premium
    Norton Ghost
    OneCare Advisor (Windows Live Toolbar)
    Outil de mise à jour Google
    Package de base Microsoft de service de chiffrement pour cartes à puce
    PerfectDisk
    Pinnacle Instant DVD Recorder
    Pinnacle MediaServer
    PowerDVD
    proDAD Heroglyph 2.5
    QuickTime
    RAPID (Studio 10)
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    Réussir ses CV et Lettres de Motivation
    Security Update pour Microsoft .NET Framework 2.0 (KB928365)
    SmartSound Quicktracks Plugin
    SmartSound Quicktracks Plugin
    Studio 10
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    TOSHIBA Accessibility
    TOSHIBA Accessibility
    TOSHIBA Controls
    TOSHIBA Controls
    TOSHIBA Fn-esse
    TOSHIBA Hardware Setup
    TOSHIBA Hardware Setup
    TOSHIBA Hotkey Utility
    TOSHIBA Power Saver
    TOSHIBA Power Saver
    TOSHIBA SD Memory Utilities
    TOSHIBA Software Modem
    TTS Wrapper
    UltimateEnhancer
    USB Storage Driver
    Utilitaire Hotkey TOSHIBA
    Utility Common Driver
    VCW VicMan's Photo Editor 8.1
    VideoLAN VLC media player 0.8.6d
    Web Photo Album 1.1
    WebFldrs XP
    Win2PDF 1.50
    Windows Communication Foundation
    Windows Communication Foundation Language Pack - FRA
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Live Favorites pour Windows Live Toolbar
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Toolbar
    Windows Live Toolbar
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 11
    Windows Presentation Foundation
    Windows Presentation Foundation Language Pack (FRA)
    Windows Workflow Foundation
    Windows Workflow Foundation FR Language Pack
    Windows XP Service Pack 3
    XML Paper Specification Shared Components Language Pack 1.0
    XML Paper Specification Shared Components Pack 1.0
    Yahoo! Install Manager
    Yahoo! Toolbar
    Yahoo! Toolbar avec bloqueur de fenêtres pop-up
    ZENcast Organizer

    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est E8F2-C1B0

    Répertoire de C:\Program Files

    2008-09-12 18:11 <REP> .
    2008-09-12 18:11 <REP> ..
    2007-08-15 00:35 <REP> Acro Software
    2007-07-20 20:47 <REP> Adobe
    2008-08-19 19:22 <REP> AdorageI-GfxDatas
    2008-08-19 19:21 <REP> AdorageI-SAL
    2007-07-20 20:52 <REP> Apoint2K
    2007-07-21 04:07 <REP> Attack on Pearl Harbor
    2008-09-02 09:53 <REP> BitComet
    2008-08-19 16:38 <REP> Boris FX, Inc
    2007-07-20 18:23 <REP> Camera Assistant Software for Toshiba
    2007-10-06 15:50 <REP> Canon
    2008-09-08 23:53 <REP> CCleaner
    2007-11-16 19:34 <REP> Common Files
    2007-07-20 17:52 <REP> ComPlus Applications
    2007-07-20 20:43 <REP> Copernic Agent
    2007-09-29 14:43 <REP> Creative
    2007-07-20 20:37 <REP> CyberLink
    2008-09-04 10:32 <REP> DAEMON Tools
    2008-09-09 22:59 <REP> directx
    2007-07-20 20:41 <REP> DVD Shrink
    2008-09-04 00:37 <REP> Fichiers communs
    2008-09-01 15:13 29 017 528 FileFormatConverters.exe
    2007-10-30 06:55 5 836 864 Firefox Setup 2.0.0.8.exe
    2007-08-30 05:43 <REP> Google
    2007-08-15 00:36 <REP> GPLGS
    2008-09-10 10:02 <REP> Grisoft
    2007-10-30 08:42 <REP> Haali
    2007-07-20 18:25 <REP> Intel
    2008-08-30 03:05 <REP> Internet Explorer
    2007-07-29 16:19 <REP> Java
    2007-07-20 18:26 <REP> ltmoh
    2008-09-08 11:48 <REP> Malwarebytes' Anti-Malware
    2007-11-10 01:30 <REP> Matroska Pack
    2008-09-04 12:54 <REP> Messenger
    2008-09-10 09:48 <REP> Messenger Plus! Live
    2007-07-20 20:33 <REP> MétéoMédia
    2008-09-09 22:53 <REP> Micro Application
    2007-07-20 20:55 <REP> Microsoft Encarta
    2007-07-20 17:56 <REP> microsoft frontpage
    2007-07-20 21:48 <REP> Microsoft Location Finder
    2008-09-01 15:14 <REP> Microsoft Office
    2008-08-19 17:43 <REP> Microsoft SQL Server
    2007-07-20 21:48 <REP> Microsoft Streets & Trips
    2007-07-20 20:06 <REP> Microsoft Visual Studio
    2007-08-09 04:00 <REP> Microsoft Works
    2007-07-20 20:04 <REP> Microsoft.NET
    2008-09-04 12:50 <REP> Movie Maker
    2008-09-15 14:45 <REP> Mozilla Firefox
    2007-07-20 19:57 <REP> MSBuild
    2008-09-01 15:13 <REP> MSECache
    2007-07-20 17:51 <REP> MSN
    2007-07-20 17:51 <REP> MSN Gaming Zone
    2008-09-10 09:48 <REP> MSN Messenger
    2008-08-05 16:25 <REP> MSXML 4.0
    2007-07-20 20:22 <REP> MSXML 6.0
    2007-07-20 21:39 <REP> Nero
    2008-09-04 12:44 <REP> NetMeeting
    2007-07-20 17:52 <REP> Online Services
    2008-09-04 12:44 <REP> Outlook Express
    2008-08-19 17:46 <REP> Pinnacle
    2008-08-19 20:21 <REP> proDAD
    2008-08-19 17:55 <REP> QuickTime
    2007-07-20 20:47 <REP> Raxco
    2007-07-20 18:30 <REP> Realtek
    2007-07-20 19:53 <REP> Reference Assemblies
    2007-07-20 17:54 <REP> Services en ligne
    2007-07-20 20:38 <REP> SlySoft
    2008-08-19 17:36 <REP> SmartSound Software
    2008-09-08 23:55 <REP> Spybot - Search & Destroy
    2007-07-20 20:39 <REP> Stardock
    2007-07-20 20:46 <REP> Symantec
    2008-09-04 00:54 <REP> TeaTimer (Spybot - Search & Destroy)
    2008-09-02 01:03 <REP> TELUS
    2007-11-16 19:35 <REP> TELUS_eCare_Lite
    2007-07-20 21:32 <REP> TOSHIBA
    2008-09-04 16:55 <REP> Trend Micro
    2007-07-21 03:42 <REP> Ubi Soft
    2008-09-15 14:50 <REP> UltimateEnhancer
    2007-10-30 07:48 <REP> Universalis
    2008-09-12 18:35 <REP> VCW VicMan's Photo Editor
    2008-01-15 18:04 <REP> VideoLAN
    2008-09-12 18:11 <REP> Web Photo Album
    2007-08-09 02:24 <REP> Windows Live
    2007-11-29 21:14 <REP> Windows Live Favorites
    2007-11-29 21:14 <REP> Windows Live Toolbar
    2007-07-20 19:52 <REP> Windows Media Connect 2
    2008-09-04 12:44 <REP> Windows Media Player
    2008-09-04 12:44 <REP> Windows NT
    2008-07-31 21:05 <REP> WinRAR
    2007-07-20 17:56 <REP> xerox
    2008-09-08 23:53 <REP> Yahoo!
    2 fichier(s) 34 854 392 octets
    90 Rép(s) 6 962 397 184 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est E8F2-C1B0

    Répertoire de C:\Program Files\fichiers communs

    2008-09-04 00:37 <REP> .
    2008-09-04 00:37 <REP> ..
    2007-07-20 20:49 <REP> Adobe
    2007-07-20 21:41 <REP> Ahead
    2007-10-06 15:46 <REP> Canon
    2007-07-20 20:43 <REP> Copernic
    2007-09-29 14:40 <REP> Creative
    2007-07-20 20:06 <REP> DESIGNER
    2007-07-20 18:32 <REP> InstallShield
    2007-07-21 03:58 <REP> Java
    2008-09-01 15:14 <REP> Microsoft Shared
    2007-07-20 17:53 <REP> MSSoap
    2007-07-21 01:45 <REP> ODBC
    2007-07-20 20:47 <REP> Raxco
    2007-07-20 17:53 <REP> Services
    2007-07-21 01:45 <REP> SpeechEngines
    2007-07-21 05:17 <REP> Symantec Shared
    2008-09-04 12:44 <REP> System
    0 fichier(s) 0 octets
    18 Rép(s) 6 962 397 184 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est E8F2-C1B0

    Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

    2008-07-31 21:13 <REP> .
    2008-07-31 21:13 <REP> ..
    2007-07-20 20:06 <REP> 1033
    2008-07-31 21:13 <REP> 1036
    2005-09-20 12:33 1 293 008 MSONSEXT.DLL
    2007-03-22 19:29 39 256 MSOSV.DLL
    1999-06-03 18:09 122 937 MSOWS409.DLL
    2001-03-07 13:00 127 033 MSOWS40c.DLL
    2003-07-11 08:25 80 448 PKMWS.DLL
    5 fichier(s) 1 662 682 octets
    4 Rép(s) 6 962 393 088 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est E8F2-C1B0

    Répertoire de C:\Program Files\common files

    2007-11-16 19:34 <REP> .
    2007-11-16 19:34 <REP> ..
    2007-11-16 19:34 <REP> Motive
    0 fichier(s) 0 octets
    3 Rép(s) 6 962 393 088 octets libres

    c:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\aspiinst.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe
    c:\Documents and Settings\Mon Laptop\Application Data\Microsoft\Installer\{EEECE229-49F6-4851-A73A-99B058221F8C}\ARPPRODUCTICON.exe
    c:\Documents and Settings\Mon Laptop\Application Data\U3\temp\cleanup.exe
    c:\Documents and Settings\Mon Laptop\Application Data\U3\temp\Launchpad Removal.exe
    c:\Documents and Settings\Mon Laptop\Bureau\photoshop_photoshop_cs3_evaluation_francais_9635.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\catchme.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\diff.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\dumphive.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\FilesInfoCmd.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\find2.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\Fport.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\grep.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\gzip.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\KProcCheck.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\LFiles.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\LISTDLLS.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\md5sums.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\pslist.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\sigcheck.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\streams.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\swreg.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\tar.exe
    c:\Documents and Settings\Mon Laptop\Local Settings\Temp\ycomp_setup.exe
    c:\Documents and Settings\Mon Laptop\Mes documents\Ma musique\Integrale Renaud\Cd n°1\autorun.exe
    c:\Documents and Settings\Mon Laptop\Mes documents\Ma musique\Integrale Renaud\Cd n°2\autorun.exe
    c:\Documents and Settings\All Users\Application Data\EBLib.dll
    c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
    c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
    c:\Documents and Settings\All Users\Application Data\Vista64\EBLib.dll
    c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
    c:\Documents and Settings\Mon Laptop\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll

    ****** Fin du rapport DiagHelp
    Veuillez svp envoyer le fichier C:\upload_moi_MON-5FBFE707E9F.tar.gz a l'adresse http://upload.malekal.com

    Merci
    delph
    0
  16. DELPH
     
    CI DESSOUS MON RAPPORT MERCI

    DiagHelp version v1.4 - http://www.malekal.com
    excute le 2008-09-15 à 14:52:33,89

    Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
    C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->2008-09-15 14:52:32
    C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->2008-09-15 14:52:26
    C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->2008-09-15 14:52:07
    C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->2008-09-15 14:51:53
    C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->2008-09-15 14:39:38
    C:\WINDOWS\prefetch\WMIADAP.EXE-2DF425B2.pf -->2008-09-15 14:39:37
    C:\WINDOWS\prefetch\MSNTBUP.EXE-0D913FB9.pf -->2008-09-15 14:39:00
    C:\WINDOWS\prefetch\ACRORD32.EXE-13285B88.pf -->2008-09-15 14:38:22
    C:\WINDOWS\prefetch\AVGW.EXE-2A7BF89D.pf -->2008-09-15 14:36:29
    C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->2008-09-15 14:36:24

    C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->2008-09-08 00:11:08
    C:\WINDOWS\System32\drivers\mbam.sys -->2008-09-08 00:11:02
    C:\WINDOWS\System32\drivers\avgclean.sys -->2008-07-28 14:54:58
    C:\WINDOWS\System32\drivers\avgmfx86.sys -->2008-07-28 14:54:53
    C:\WINDOWS\System32\drivers\tcpip.sys -->2008-06-20 13:51:12
    C:\WINDOWS\System32\drivers\afd.sys -->2008-06-20 13:40:08
    C:\WINDOWS\System32\drivers\tcpip6.sys -->2008-06-20 13:08:27

    C:\WINDOWS\System32\PerfStringBackup.INI -->2008-09-15 14:39:49
    C:\WINDOWS\System32\perfh00C.dat -->2008-09-15 14:39:49
    C:\WINDOWS\System32\perfh009.dat -->2008-09-15 14:39:49
    C:\WINDOWS\System32\perfc00C.dat -->2008-09-15 14:39:49
    C:\WINDOWS\System32\perfc009.dat -->2008-09-15 14:39:49
    C:\WINDOWS\System32\wpa.dbl -->2008-09-15 14:36:13
    C:\WINDOWS\System32\FNTCACHE.DAT -->2008-09-09 09:59:25
    C:\WINDOWS\System32\spupdwxp.log -->2008-09-04 14:05:53
    C:\WINDOWS\System32\qtplugin.log -->2008-09-01 14:37:29
    C:\WINDOWS\System32\TZLog.log -->2008-08-30 03:05:35
    C:\WINDOWS\System32\MRT.exe -->2008-08-26 22:28:12
    C:\WINDOWS\System32\blue.SITENAME -->2008-08-19 19:52:48
    C:\WINDOWS\System32\MSDELog.log -->2008-08-19 17:44:28
    C:\WINDOWS\System32\d3d9caps.dat -->2008-08-05 16:03:59
    C:\WINDOWS\System32\ciadvss.exe -->2008-07-28 15:24:33
    C:\WINDOWS\System32\ciadvs.exe -->2008-07-28 15:24:33
    C:\WINDOWS\System32\es.dll -->2008-07-07 22:28:20
    C:\WINDOWS\System32\mscms.dll -->2008-06-24 18:44:02
    C:\WINDOWS\System32\wmpeffects.dll -->2008-06-24 18:12:58
    C:\WINDOWS\System32\mshtml.dll -->2008-06-24 10:28:24
    C:\WINDOWS\System32\wininet.dll -->2008-06-23 18:28:23
    C:\WINDOWS\System32\webcheck.dll -->2008-06-23 18:28:23
    C:\WINDOWS\System32\urlmon.dll -->2008-06-23 18:28:23
    C:\WINDOWS\System32\url.dll -->2008-06-23 18:28:22
    C:\WINDOWS\System32\pngfilt.dll -->2008-06-23 18:28:22

    C:\WINDOWS\WindowsUpdate.log -->2008-09-15 14:39:26
    C:\WINDOWS\0.log -->2008-09-15 14:35:44
    C:\WINDOWS\wiadebug.log -->2008-09-15 14:35:27
    C:\WINDOWS\wiaservc.log -->2008-09-15 14:35:25
    C:\WINDOWS\bootstat.dat -->2008-09-15 14:35:00
    C:\WINDOWS\SchedLgU.Txt -->2008-09-14 01:23:53
    C:\WINDOWS\wmsetup.log -->2008-09-13 20:53:11
    C:\WINDOWS\phedit.ini -->2008-09-12 18:35:10
    C:\WINDOWS\ntbtlog.txt -->2008-09-11 10:48:43
    C:\WINDOWS\tsoc.log -->2008-09-10 10:08:20
    C:\WINDOWS\tabletoc.log -->2008-09-10 10:08:20
    C:\WINDOWS\ocmsn.log -->2008-09-10 10:08:20
    C:\WINDOWS\ocgen.log -->2008-09-10 10:08:20
    C:\WINDOWS\ntdtcsetup.log -->2008-09-10 10:08:20
    C:\WINDOWS\netfxocm.log -->2008-09-10 10:08:20

    winlogon.exe
    Verified: Signed
    svchost.exe
    Verified: Signed
    ws2_32.dll
    Verified: Signed
    user32.dll
    Verified: Signed
    tcpip.sys
    Verified: Signed
    ndis.sys
    Verified: Signed
    null.sys
    Verified: Signed

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    explorer.exe pid: 684
    Command line: C:\WINDOWS\Explorer.EXE

    Base Size Version Path
    0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
    0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
    0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll
    0x44080000 0xd0000 7.00.6000.16705 C:\WINDOWS\system32\WININET.dll
    0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll
    0x43e00000 0x45000 7.00.6000.16705 C:\WINDOWS\system32\iertutil.dll
    0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
    0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll
    0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll
    0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL
    0x44160000 0x127000 7.00.6000.16705 C:\WINDOWS\system32\urlmon.dll
    0x44360000 0x5cd000 7.00.6000.16705 C:\WINDOWS\system32\ieframe.dll
    0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
    0x7d200000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll
    0x442b0000 0x3c000 7.00.6000.16705 C:\WINDOWS\system32\webcheck.dll
    0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
    0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
    0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
    0x10000000 0xd000 1.00.0008.0000 C:\WINDOWS\system32\TPwrCfg.DLL
    0x02750000 0x15000 1.00.0004.0000 C:\WINDOWS\system32\TPwrReg.dll
    0x02770000 0xe000 1.00.0003.0000 C:\WINDOWS\system32\TPSTrace.DLL
    0x02810000 0xc000 C:\WINDOWS\system32\TDispVol.dll
    0x01720000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
    0x00f10000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
    0x00f70000 0x14000 2.02.0006.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll
    0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL
    0x02b30000 0x56000 7.10.3052.0004 C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll
    0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCP71.dll
    0x5d360000 0xf000 7.10.3077.0000 C:\WINDOWS\system32\MFC71FRA.DLL
    0x01570000 0x2e000 C:\Program Files\WinRAR\rarext.dll
    0x016a0000 0x35000 1.00.0000.0000 C:\Program Files\Web Photo Album\webalbumcontext.dll
    0x01770000 0x18000 1.00.0001.0000 C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll
    0x621a0000 0x10000 7.05.0000.0409 C:\Program Files\Grisoft\AVG7\avgse.dll
    0x02b90000 0x2a000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
    0x01ec0000 0xe000 7.00.0005.0172 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    0x03780000 0xfd000 1.00.0000.0001 C:\Program Files\UltimateEnhancer\UltimateEnhancer-2.dll
    0x61b40000 0x28000 7.00.2632.17573 C:\Program Files\UltimateEnhancer\pcre3.dll
    0x4eb80000 0x1a6000 5.01.3102.5581 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll
    0x03b90000 0x1c000 7.00.0000.0000 C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
    0x6d7c0000 0x79000 6.00.0020.0006 C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll

    ListDLLs v2.25 - DLL lister for Win9x/NT
    Copyright (C) 1997-2004 Mark Russinovich
    Sysinternals - www.sysinternals.com

    ------------------------------------------------------------------------------
    winlogon.exe pid: 1104
    Command line: winlogon.exe

    Base Size Version Path
    0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe
    0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll
    0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll
    0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll
    0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll
    0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll
    0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
    0x01270000 0x3b000 1.07.0018.0007 C:\WINDOWS\system32\WgaLogon.dll
    0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL
    0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll

    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est E8F2-C1B0

    Répertoire de C:\WINDOWS\system

    2003-05-29 00:53 4 672 WOWPOST.EXE
    1 fichier(s) 4 672 octets
    0 Rép(s) 6 974 566 400 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est E8F2-C1B0

    Répertoire de C:\WINDOWS\system32

    2008-04-14 04:33 6 144 csrss.exe
    1 fichier(s) 6 144 octets
    0 Rép(s) 6 974 566 400 octets libres

    Contenu de Downloaded Program Files
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est E8F2-C1B0

    Répertoire de C:\WINDOWS\Downloaded Program Files

    2008-08-19 16:58 <REP> .
    2008-08-19 16:58 <REP> ..
    2007-07-20 17:54 65 desktop.ini
    2007-08-06 18:10 68 992 PURfr-fr.dll
    2 fichier(s) 69 057 octets

    Total des fichiers listés :
    2 fichier(s) 69 057 octets
    2 Rép(s) 6 974 566 400 octets libres

    Recherche de rootkit! (Merci S!Ri)

    Recherche d'infections connues

    Export des clefs sensibles..

    Liste des fichiers en exception sur le pare-feu XP SP2

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
    "C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
    "C:\\Program Files\\Universalis\\atlas3D 12\\bmmatlas\\Atlas_App.exe"="C:\\Program Files\\Universalis\\atlas3D 12\\bmmatlas\\Atlas_App.exe:*:Enabled:Atlas_App"
    "C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe:*:Enabled:Render Manager"
    "C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe:*:Enabled:Studio"
    "C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe:*:Enabled:umi"
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe:*:Enabled:Render Manager"
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe:*:Enabled:Studio"
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
    "C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe:*:Enabled:umi"
    "C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"="C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe:*:Enabled:MediaManager Application"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
    "C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"="C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"

    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    Export de la clef SharedTaskScheduler

    [SharedTaskScheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

    exports des policies
    REGEDIT4

    [system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    Export des clefs sensibles..
    Rechercher adresses sensibles dans le fichier HOSTS...
    catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-15 14:54:47
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:cb,62,ea,39,85,01,03,0a,5e,a7,a8,33,64,02,53,8f,6c,6f,c5,91,f2,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,e1,e2,2e,52,0e,df,1a,58,41,db,86,6d,ff,d0,74,12,67,..
    "khjeh"=hex:b4,1c,c7,aa,86,9f,8b,e0,a5,bd,5f,16,c9,2a,d0,76,eb,2a,5a,e5,9d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:dc,f1,81,e4,09,33,04,82,94,5b,1d,aa,ab,36,59,36,65,19,12,51,21,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:cb,62,ea,39,85,01,03,0a,5e,a7,a8,33,64,02,53,8f,6c,6f,c5,91,f2,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,e1,e2,2e,52,0e,df,1a,58,41,db,86,6d,ff,d0,74,12,67,..
    "khjeh"=hex:b4,1c,c7,aa,86,9f,8b,e0,a5,bd,5f,16,c9,2a,d0,76,eb,2a,5a,e5,9d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:dc,f1,81,e4,09,33,04,82,94,5b,1d,aa,ab,36,59,36,65,19,12,51,21,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "p0"="C:\Program Files\DAEMON Tools\"
    "h0"=dword:00000000
    "khjeh"=hex:cb,62,ea,39,85,01,03,0a,5e,a7,a8,33,64,02,53,8f,6c,6f,c5,91,f2,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,e1,e2,2e,52,0e,df,1a,58,41,db,86,6d,ff,d0,74,12,67,..
    "khjeh"=hex:b4,1c,c7,aa,86,9f,8b,e0,a5,bd,5f,16,c9,2a,d0,76,eb,2a,5a,e5,9d,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:dc,f1,81,e4,09,33,04,82,94,5b,1d,aa,ab,36,59,36,65,19,12,51,21,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden services: 0
    hidden files: 0

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Process list by traversal of KiWaitListHead

    4 - System
    228 - CEC_MAIN.exe
    520 - alg.exe
    684 - explorer.exe
    784 - guard.exe
    800 - avgamsvr.exe
    824 - avgemc.exe
    832 - cmd.exe
    860 - hkcmd.exe
    880 - traybar.exe
    888 - igfxtray.exe
    924 - igfxpers.exe
    1040 - RTHDCPL.exe
    1052 - TCtrlIOHook.exe
    1076 - TFncKy.exe
    1080 - csrss.exe
    1084 - TDispVol.exe
    1104 - winlogon.exe
    1148 - services.exe
    1160 - lsass.exe
    1164 - TPSMain.exe
    1228 - CeEKey.exe
    1328 - svchost.exe
    1348 - PDVDServ.exe
    1356 - avgcc.exe
    1396 - svchost.exe
    1436 - svchost.exe
    1476 - svchost.exe
    1528 - svchost.exe
    1544 - GhostStartTrayA
    1552 - eCareTrayApp.ex
    1588 - qttask.exe
    1604 - ctfmon.exe
    1612 - ltmoh.exe
    1624 - svchost.exe
    1660 - daemon.exe
    1668 - msnmsgr.exe
    1688 - CTSyncU.exe
    1740 - EDICT.EXE
    1768 - TPSBattM.exe
    1936 - spoolsv.exe
    2020 - GoogleUpdater.e
    2132 - GoogleUpdaterSe
    2356 - MDM.EXE
    2380 - sqlservr.exe
    2580 - svchost.exe
    2928 - CALMAIN.exe
    3240 - PMSHost.exe
    3264 - firefox.exe

    Total number of processes = 49
    NOTE: Under WinXP, this will not show all processes.

    KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

    Driver/Module list by traversal of PsLoadedModuleList

    804D7000 - \WINDOWS\system32\ntoskrnl.exe
    806FF000 - \WINDOWS\system32\hal.dll
    F7A4C000 - \WINDOWS\system32\KDCOM.DLL
    F795C000 - \WINDOWS\system32\BOOTVID.dll
    F7443000 - sptd.sys
    F7A4E000 - \WINDOWS\System32\Drivers\WMILIB.SYS
    F742B000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS
    F73FC000 - ACPI.sys
    F73EB000 - pci.sys
    F754C000 - ohci1394.sys
    F755C000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS
    F756C000 - isapnp.sys
    F7960000 - compbatt.sys
    F7964000 - \WINDOWS\system32\DRIVERS\BATTC.SYS
    F7B14000 - pciide.sys
    F77CC000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    F73CD000 - pcmcia.sys
    F757C000 - MountMgr.sys
    F73AE000 - ftdisk.sys
    F7A50000 - dmload.sys
    F7388000 - dmio.sys
    F7968000 - ACPIEC.sys
    F7B15000 - \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    F77D4000 - PartMgr.sys
    F758C000 - VolSnap.sys
    F7370000 - atapi.sys
    F759C000 - disk.sys
    F75AC000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    F7350000 - fltmgr.sys
    F733E000 - sr.sys
    F7327000 - KSecDD.sys
    F7314000 - WudfPf.sys
    F75BC000 - Defrag32b.sys
    F7287000 - Ntfs.sys
    F725A000 - NDIS.sys
    F7240000 - Mup.sys
    F778C000 - \SystemRoot\system32\DRIVERS\intelppm.sys
    F6F23000 - \SystemRoot\system32\DRIVERS\ialmnt5.sys
    F6F0F000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    F6EE7000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys
    F6CCD000 - \SystemRoot\system32\DRIVERS\NETw4x32.sys
    F6CB6000 - \SystemRoot\system32\DRIVERS\Rtenicxp.sys
    F78EC000 - \SystemRoot\system32\DRIVERS\usbuhci.sys
    F6C92000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
    F78F4000 - \SystemRoot\system32\DRIVERS\usbehci.sys
    F77AC000 - \SystemRoot\system32\DRIVERS\nic1394.sys
    F6C46000 - \SystemRoot\system32\drivers\tifm21.sys
    F6C32000 - \SystemRoot\system32\DRIVERS\sdbus.sys
    F71E8000 - \SystemRoot\system32\DRIVERS\CmBatt.sys
    F77BC000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
    F78FC000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
    F7904000 - \SystemRoot\system32\DRIVERS\mouclass.sys
    F75CC000 - \SystemRoot\system32\DRIVERS\imapi.sys
    F790C000 - \SystemRoot\system32\drivers\ASAPIW2k.sys
    F75DC000 - \SystemRoot\system32\DRIVERS\cdrom.sys
    F75EC000 - \SystemRoot\system32\DRIVERS\redbook.sys
    F6C0F000 - \SystemRoot\system32\DRIVERS\ks.sys
    F6BA9000 - \SystemRoot\System32\Drivers\alsoqfgk.SYS
    F7B73000 - \SystemRoot\system32\DRIVERS\audstub.sys
    F75FC000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
    F7081000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
    F6B92000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
    F760C000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
    F761C000 - \SystemRoot\system32\DRIVERS\raspptp.sys
    F780C000 - \SystemRoot\system32\DRIVERS\TDI.SYS
    F6B81000 - \SystemRoot\system32\DRIVERS\psched.sys
    F762C000 - \SystemRoot\system32\DRIVERS\msgpc.sys
    F781C000 - \SystemRoot\system32\DRIVERS\ptilink.sys
    F7824000 - \SystemRoot\system32\DRIVERS\raspti.sys
    F6B51000 - \SystemRoot\system32\DRIVERS\rdpdr.sys
    F763C000 - \SystemRoot\system32\DRIVERS\termdd.sys
    F7AA0000 - \SystemRoot\system32\DRIVERS\swenum.sys
    F6AF3000 - \SystemRoot\system32\DRIVERS\update.sys
    F7A34000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
    F6AC5000 - \SystemRoot\system32\DRIVERS\MarvinBus.sys
    F764C000 - \SystemRoot\System32\Drivers\NDProxy.SYS
    AAAC1000 - \SystemRoot\system32\drivers\RtkHDAud.sys
    AAA9D000 - \SystemRoot\system32\drivers\portcls.sys
    F766C000 - \SystemRoot\system32\drivers\drmk.sys
    AA981000 - \SystemRoot\system32\DRIVERS\AGRSM.sys
    F7AA8000 - \SystemRoot\system32\DRIVERS\USBD.SYS
    F7834000 - \SystemRoot\System32\Drivers\Modem.SYS
    F769C000 - \SystemRoot\system32\DRIVERS\usbhub.sys
    F7AB8000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
    F7C0A000 - \SystemRoot\System32\Drivers\Null.SYS
    F7ABA000 - \SystemRoot\System32\Drivers\Beep.SYS
    F7C0B000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys
    F7C0C000 - \SystemRoot\System32\Drivers\avgclean.sys
    F7854000 - \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
    F785C000 - \SystemRoot\System32\drivers\vga.sys
    F7ABC000 - \SystemRoot\System32\Drivers\mnmdd.SYS
    F7ABE000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
    F7864000 - \SystemRoot\System32\Drivers\Msfs.SYS
    F786C000 - \SystemRoot\System32\Drivers\Npfs.SYS
    F6A32000 - \SystemRoot\system32\DRIVERS\rasacd.sys
    A9C91000 - \SystemRoot\system32\DRIVERS\ipsec.sys
    A9C38000 - \SystemRoot\system32\DRIVERS\tcpip.sys
    A9BE8000 - \SystemRoot\system32\DRIVERS\netbt.sys
    A9BC2000 - \SystemRoot\system32\DRIVERS\ipnat.sys
    A9BA0000 - \SystemRoot\System32\drivers\afd.sys
    F76CC000 - \SystemRoot\system32\DRIVERS\netbios.sys
    F76DC000 - \SystemRoot\system32\DRIVERS\wanarp.sys
    AA96D000 - \??\C:\WINDOWS\system32\drivers\TPwSav.sys
    A9B75000 - \SystemRoot\system32\DRIVERS\rdbss.sys
    AA95D000 - \??\C:\WINDOWS\system32\drivers\pclepci.sys
    A99BE000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
    F76EC000 - \SystemRoot\system32\DRIVERS\arp1394.sys
    F76FC000 - \SystemRoot\System32\Drivers\Fips.SYS
    A9855000 - \SystemRoot\System32\Drivers\avg7core.sys
    F787C000 - \SystemRoot\system32\DRIVERS\usbccgp.sys
    F772C000 - \SystemRoot\System32\Drivers\UVCFTR_S.SYS
    A9370000 - \SystemRoot\System32\Drivers\usbvideo.sys
    F7AD2000 - \SystemRoot\System32\Drivers\avg7rsw.sys
    F788C000 - \SystemRoot\System32\Drivers\avg7rsxp.sys
    F775C000 - \SystemRoot\System32\Drivers\Cdfs.SYS
    F7C39000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
    A8528000 - \SystemRoot\System32\Drivers\dump_atapi.sys
    F7A9E000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    BF800000 - \SystemRoot\System32\win32k.sys
    A9C2C000 - \SystemRoot\System32\drivers\Dxapi.sys
    A8558000 - \SystemRoot\System32\watchdog.sys
    BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
    F7C5A000 - \SystemRoot\System32\drivers\dxgthk.sys
    BF9E4000 - \SystemRoot\System32\ialmdnt5.dll
    BF9D5000 - \SystemRoot\System32\ialmrnt5.dll
    BFA06000 - \SystemRoot\System32\ialmdev5.DLL
    BFA3F000 - \SystemRoot\System32\ialmdd5.DLL
    BFFA0000 - \SystemRoot\System32\ATMFD.DLL
    A84AC000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
    A821B000 - \SystemRoot\system32\drivers\wdmaud.sys
    A8388000 - \SystemRoot\system32\drivers\sysaudio.sys
    A7BFE000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
    A7D03000 - \SystemRoot\System32\Drivers\Aspi32.SYS
    F7A58000 - \SystemRoot\System32\Drivers\avgtdi.sys
    A7D7B000 - \SystemRoot\System32\Drivers\Defrag32.SYS
    A7A05000 - \SystemRoot\System32\Drivers\HTTP.sys
    A7963000 - \SystemRoot\system32\DRIVERS\srv.sys
    A6093000 - \SystemRoot\system32\drivers\kmixer.sys
    F7C34000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

    Total number of drivers = 139

    Liste des programmes installes

    Adobe Reader 7.0.5 - Français
    ALPS Touch Pad Driver
    AnyDVD
    Archiveur WinRAR
    AutoUpdate
    AVG 7.5
    AVG Anti-Spyware 7.5
    Barre d'outils Outlook de Windows Live (Windows Live Toolbar)
    Bloqueur de fenêtres pop-up (Windows Live Toolbar)
    Camera Assistant Software for Toshiba
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities EOS Utility
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    CCleaner (remove only)
    CD/DVD Drive Acoustic Silencer
    Compatibility Pack for the 2007 Office system
    Copernic Agent Professional
    Correctif pour Lecteur Windows Media 11 (KB939683)
    Correctif pour Windows XP (KB952287)
    Creative MediaSource 5
    Creative System Information
    Creative ZEN V Series (R2)
    CSI
    CutePDF Writer 2.7
    DiscAPI (Studio 10)
    DVD de bonus Studio 10
    DVD Shrink 3.2
    Extension de Windows Live Toolbar (Windows Live Toolbar)
    Gestionnaire de disques amovible Creative
    Google Toolbar for Internet Explorer
    Google Toolbar for Internet Explorer
    Haali Media Splitter
    High Definition Audio Driver Package - KB888111
    HijackThis 2.0.2
    Hotfix 2050 for SQL Server 2000 ENU (KB948110)
    Hotfix for Microsoft .NET Framework 3.0 (KB932471)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Intel(R) Graphics Media Accelerator Driver
    Java 2 Runtime Environment, SE v1.4.2_05
    Java(TM) 6 Update 2
    Lecteur Windows Media 11
    LiveReg (Symantec Corporation)
    LiveUpdate 1.80 (Symantec Corporation)
    Malwarebytes' Anti-Malware
    Menus intelligents (Windows Live Toolbar)
    Messenger Plus! Live
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 French Language Pack
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0
    Microsoft .NET Framework 2.0
    Microsoft .NET Framework 2.0 Language Pack - FRA
    Microsoft .NET Framework 3.0
    Microsoft .NET Framework 3.0
    Microsoft .NET Framework 3.0 French Language Pack
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Encarta 2007 - Collection
    Microsoft English TTS Engine
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Edition 2003
    Microsoft SQL Server Desktop Engine (PINNACLESYS)
    Microsoft Streets & Trips 2007
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Mirar
    Mise à jour de sécurité pour Lecteur Windows Media (KB911564)
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
    Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)
    Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
    Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)
    Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)
    Mise à jour de sécurité pour Windows XP (KB923689)
    Mise à jour de sécurité pour Windows XP (KB938464)
    Mise à jour de sécurité pour Windows XP (KB941569)
    Mise à jour de sécurité pour Windows XP (KB946648)
    Mise à jour de sécurité pour Windows XP (KB950760)
    Mise à jour de sécurité pour Windows XP (KB950762)
    Mise à jour de sécurité pour Windows XP (KB950974)
    Mise à jour de sécurité pour Windows XP (KB951066)
    Mise à jour de sécurité pour Windows XP (KB951376-v2)
    Mise à jour de sécurité pour Windows XP (KB951698)
    Mise à jour de sécurité pour Windows XP (KB951748)
    Mise à jour de sécurité pour Windows XP (KB952954)
    Mise à jour de sécurité pour Windows XP (KB953839)
    Mise à jour pour Windows XP (KB942763)
    Mise à jour pour Windows XP (KB951072-v2)
    Mise à jour pour Windows XP (KB951978)
    Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
    Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
    Mozilla Firefox (3.0.1)
    MSXML 4.0 SP2 (KB936181)
    MSXML 6.0 Parser (KB933579)
    Navigation par onglets (Windows Live Toolbar)
    Nero 7 Premium
    Norton Ghost
    OneCare Advisor (Windows Live Toolbar)
    Outil de mise à jour Google
    Package de base Microsoft de service de chiffrement pour cartes à puce
    PerfectDisk
    Pinnacle Instant DVD Recorder
    Pinnacle MediaServer
    PowerDVD
    proDAD Heroglyph 2.5
    QuickTime
    RAPID (Studio 10)
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    Réussir ses CV et Lettres de Motivation
    Security Update pour Microsoft .NET Framework 2.0 (KB928365)
    SmartSound Quicktracks Plugin
    SmartSound Quicktracks Plugin
    Studio 10
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    TOSHIBA Accessibility
    TOSHIBA Accessibility
    TOSHIBA Controls
    TOSHIBA Controls
    TOSHIBA Fn-esse
    TOSHIBA Hardware Setup
    TOSHIBA Hardware Setup
    TOSHIBA Hotkey Utility
    TOSHIBA Power Saver
    TOSHIBA Power Saver
    TOSHIBA SD Memory Utilities
    TOSHIBA Software Modem
    TTS Wrapper
    UltimateEnhancer
    USB Storage Driver
    Utilitaire Hotkey TOSHIBA
    Utility Common Driver
    VCW VicMan's Photo Editor 8.1
    VideoLAN VLC media player 0.8.6d
    Web Photo Album 1.1
    WebFldrs XP
    Win2PDF 1.50
    Windows Communication Foundation
    Windows Communication Foundation Language Pack - FRA
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Live Favorites pour Windows Live Toolbar
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Toolbar
    Windows Live Toolbar
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 11
    Windows Presentation Foundation
    Windows Presentation Foundation Language Pack (FRA)
    Windows Workflow Foundation
    Windows Workflow Foundation FR Language Pack
    Windows XP Service Pack 3
    XML Paper Specification Shared Components Language Pack 1.0
    XML Paper Specification Shared Components Pack 1.0
    Yahoo! Install Manager
    Yahoo! Toolbar
    Yahoo! Toolbar avec bloqueur de fenêtres pop-up
    ZENcast Organizer

    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est E8F2-C1B0

    Répertoire de C:\Program Files

    2008-09-12 18:11 <REP> .
    2008-09-12 18:11 <REP> ..
    2007-08-15 00:35 <REP> Acro Software
    2007-07-20 20:47 <REP> Adobe
    2008-08-19 19:22 <REP> AdorageI-GfxDatas
    2008-08-19 19:21 <REP> AdorageI-SAL
    2007-07-20 20:52 <REP> Apoint2K
    2007-07-21 04:07 <REP> Attack on Pearl Harbor
    2008-09-02 09:53 <REP> BitComet
    2008-08-19 16:38 <REP> Boris FX, Inc
    2007-07-20 18:23 <REP> Camera Assistant Software for Toshiba
    2007-10-06 15:50 <REP> Canon
    2008-09-08 23:53 <REP> CCleaner
    2007-11-16 19:34 <REP> Common Files
    2007-07-20 17:52 <REP> ComPlus Applications
    2007-07-20 20:43 <REP> Copernic Agent
    2007-09-29 14:43 <REP> Creative
    2007-07-20 20:37 <REP> CyberLink
    2008-09-04 10:32 <REP> DAEMON Tools
    2008-09-09 22:59 <REP> directx
    2007-07-20 20:41 <REP> DVD Shrink
    2008-09-04 00:37 <REP> Fichiers communs
    2008-09-01 15:13 29 017 528 FileFormatConverters.exe
    2007-10-30 06:55 5 836 864 Firefox Setup 2.0.0.8.exe
    2007-08-30 05:43 <REP> Google
    2007-08-15 00:36 <REP> GPLGS
    2008-09-10 10:02 <REP> Grisoft
    2007-10-30 08:42 <REP> Haali
    2007-07-20 18:25 <REP> Intel
    2008-08-30 03:05 <REP> Internet Explorer
    2007-07-29 16:19 <REP> Java
    2007-07-20 18:26 <REP> ltmoh
    2008-09-08 11:48 <REP> Malwarebytes' Anti-Malware
    2007-11-10 01:30 <REP> Matroska Pack
    2008-09-04 12:54 <REP> Messenger
    2008-09-10 09:48 <REP> Messenger Plus! Live
    2007-07-20 20:33 <REP> MétéoMédia
    2008-09-09 22:53 <REP> Micro Application
    2007-07-20 20:55 <REP> Microsoft Encarta
    2007-07-20 17:56 <REP> microsoft frontpage
    2007-07-20 21:48 <REP> Microsoft Location Finder
    2008-09-01 15:14 <REP> Microsoft Office
    2008-08-19 17:43 <REP> Microsoft SQL Server
    2007-07-20 21:48 <REP> Microsoft Streets & Trips
    2007-07-20 20:06 <REP> Microsoft Visual Studio
    2007-08-09 04:00 <REP> Microsoft Works
    2007-07-20 20:04 <REP> Microsoft.NET
    2008-09-04 12:50 <REP> Movie Maker
    2008-09-15 14:45 <REP> Mozilla Firefox
    2007-07-20 19:57 <REP> MSBuild
    2008-09-01 15:13 <REP> MSECache
    2007-07-20 17:51 <REP> MSN
    2007-07-20 17:51 <REP> MSN Gaming Zone
    2008-09-10 09:48 <REP> MSN Messenger
    2008-08-05 16:25 <REP> MSXML 4.0
    2007-07-20 20:22 <REP> MSXML 6.0
    2007-07-20 21:39 <REP> Nero
    2008-09-04 12:44 <REP> NetMeeting
    2007-07-20 17:52 <REP> Online Services
    2008-09-04 12:44 <REP> Outlook Express
    2008-08-19 17:46 <REP> Pinnacle
    2008-08-19 20:21 <REP> proDAD
    2008-08-19 17:55 <REP> QuickTime
    2007-07-20 20:47 <REP> Raxco
    2007-07-20 18:30 <REP> Realtek
    2007-07-20 19:53 <REP> Reference Assemblies
    2007-07-20 17:54 <REP> Services en ligne
    2007-07-20 20:38 <REP> SlySoft
    2008-08-19 17:36 <REP> SmartSound Software
    2008-09-08 23:55 <REP> Spybot - Search & Destroy
    2007-07-20 20:39 <REP> Stardock
    2007-07-20 20:46 <REP> Symantec
    2008-09-04 00:54 <REP> TeaTimer (Spybot - Search & Destroy)
    2008-09-02 01:03 <REP> TELUS
    2007-11-16 19:35 <REP> TELUS_eCare_Lite
    2007-07-20 21:32 <REP> TOSHIBA
    2008-09-04 16:55 <REP> Trend Micro
    2007-07-21 03:42 <REP> Ubi Soft
    2008-09-15 14:50 <REP> UltimateEnhancer
    2007-10-30 07:48 <REP> Universalis
    2008-09-12 18:35 <REP> VCW VicMan's Photo Editor
    2008-01-15 18:04 <REP> VideoLAN
    2008-09-12 18:11 <REP> Web Photo Album
    2007-08-09 02:24 <REP> Windows Live
    2007-11-29 21:14 <REP> Windows Live Favorites
    2007-11-29 21:14 <REP> Windows Live Toolbar
    2007-07-20 19:52 <REP> Windows Media Connect 2
    2008-09-04 12:44 <REP> Windows Media Player
    2008-09-04 12:44 <REP> Windows NT
    2008-07-31 21:05 <REP> WinRAR
    2007-07-20 17:56 <REP> xerox
    2008-09-08 23:53 <REP> Yahoo!
    2 fichier(s) 34 854 392 octets
    90 Rép(s) 6 962 397 184 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est E8F2-C1B0

    Répertoire de C:\Program Files\fichiers communs

    2008-09-04 00:37 <REP> .
    2008-09-04 00:37 <REP> ..
    2007-07-20 20:49 <REP> Adobe
    2007-07-20 21:41 <REP> Ahead
    2007-10-06 15:46 <REP> Canon
    2007-07-20 20:43 <REP> Copernic
    2007-09-29 14:40 <REP> Creative
    2007-07-20 20:06 <REP> DESIGNER
    2007-07-20 18:32 <REP> InstallShield
    2007-07-21 03:58 <REP> Java
    2008-09-01 15:14 <REP> Microsoft Shared
    2007-07-20 17:53 <REP> MSSoap
    2007-07-21 01:45 <REP> ODBC
    2007-07-20 20:47 <REP> Raxco
    2007-07-20 17:53 <REP> Services
    2007-07-21 01:45 <REP> SpeechEngines
    2007-07-21 05:17 <REP> Symantec Shared
    2008-09-04 12:44 <REP> System
    0 fichier(s) 0 octets
    18 Rép(s) 6 962 397 184 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est E8F2-C1B0

    Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

    2008-07-31 21:13 <REP> .
    2008-07-31 21:13 <REP> ..
    2007-07-20 20:06 <REP> 1033
    2008-07-31 21:13 <REP> 1036
    2005-09-20 12:33 1 293 008 MSONSEXT.DLL
    2007-03-22 19:29 39 256 MSOSV.DLL
    1999-06-03 18:09 122 937 MSOWS409.DLL
    2001-03-07 13:00 127 033 MSOWS40c.DLL
    2003-07-11 08:25 80 448 PKMWS.DLL
    5 fichier(s) 1 662 682 octets
    4 Rép(s) 6 962 393 088 octets libres
    Le volume dans le lecteur C n'a pas de nom.
    Le numéro de série du volume est E8F2-C1B0

    Répertoire de C:\Program Files\common files

    2007-11-16 19:34 <REP> .
    2007-11-16 19:34 <REP> ..
    2007-11-16 19:34 <REP> Motive
    0 fichier(s) 0 octets
    3 Rép(s) 6 962 393 088 octets libres

    c:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\aspiinst.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe
    c:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe
    c:\Documents and Settings\Mon Laptop\Application Data\Microsoft\Installer\{EEECE229-49F6-4851-A73A-99B058221F8C}\ARPPRODUCTICON.exe
    c:\Documents and Settings\Mon Laptop\Application Data\U3\temp\cleanup.exe
    c:\Documents and Settings\Mon Laptop\Application Data\U3\temp\Launchpad Removal.exe
    c:\Documents and Settings\Mon Laptop\Bureau\photoshop_photoshop_cs3_evaluation_francais_9635.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\catchme.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\diff.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\dumphive.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\FilesInfoCmd.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\find2.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\Fport.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\grep.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\gzip.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\KProcCheck.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\LFiles.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\LISTDLLS.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\md5sums.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\pslist.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\sigcheck.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\streams.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\swreg.exe
    c:\Documents and Settings\Mon Laptop\Bureau\DiagHelp\tar.exe
    c:\Documents and Settings\Mon Laptop\Local Settings\Temp\ycomp_setup.exe
    c:\Documents and Settings\Mon Laptop\Mes documents\Ma musique\Integrale Renaud\Cd n°1\autorun.exe
    c:\Documents and Settings\Mon Laptop\Mes documents\Ma musique\Integrale Renaud\Cd n°2\autorun.exe
    c:\Documents and Settings\All Users\Application Data\EBLib.dll
    c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
    c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
    c:\Documents and Settings\All Users\Application Data\Vista64\EBLib.dll
    c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
    c:\Documents and Settings\Mon Laptop\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll

    ****** Fin du rapport DiagHelp
    Veuillez svp envoyer le fichier C:\upload_moi_MON-5FBFE707E9F.tar.gz a l'adresse http://upload.malekal.com
    0
  17. DELPH
     
    le voici

    -----------\\ ToolBar S&D 1.2.0 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU T5300 @ 1.73GHz )
    BIOS : Ver 1.00PARTTBL0
    USER : Mon Laptop ( Administrator )
    BOOT : Normal boot
    Antivirus : AVG 7.5.524 7.5.524 (Activated)
    C:\ (Local Disk) - NTFS - Total : 107 Go Free : 6 Go
    D:\ (CD or DVD)
    E:\ (Local Disk) - NTFS - Total : 41 Go Free : 19 Go
    F:\ (CD or DVD)

    "C:\ToolBar SD" ( MAJ : 14-09-2008|23:30 )
    Option : [1] ( 2008-09-16|10:35 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    C:\DOCUME~1\MONLAP~1\MENUDM~1\PROGRA~1\PlayMP3z

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Start Page"="https://www.google.fr/?gws_rd=ssl"
    "Search Page"="https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fhome.microsoft.com%2fintl%2fbr%2faccess%2fallinone.asp%3f"
    "Search Bar"="https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F"
    "SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    1 - "C:\ToolBar SD\TB_1.txt" - 2008-09-16|10:36 - Option : [1]

    -----------\\ Fin du rapport a 10:36:25,30
    0
  18. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour

    Ne t'inquiète pas je vais te guider et t'aider à désinfecter ton PC.

    Télécharge sur le Bureau HijackThis

    http://download.hijackthis.eu/HJTInstall.exe

    = Double-clique sur dessus pour l'installer
    = Clique sur Do a system scan and save the log
    = Colle le rapport
    si problème voir l'aide
    http://www.swl1f.net/viewtopic.php?f=14&t=153&p=1100#p1100
    http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    @+
    -1
  19. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    très bien ;)

    Télécharge malwarebytes
    http://www.malwarebytes.org/mbam/program/mbam-setup.exe
    Une aide pour l'installation
    http://www.swl1f.net/viewtopic.php?f=14&t=68

    => Installe le
    => Ensuite va en mode sans echec

    Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel

    => Lance malwarebytes
    => Coche "Executer un examen complet"
    => Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
    => Clique sur Supprimer la sélection
    => Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
    => Fait copier coller et poste le rapport

    --------------------------

    ensuite

    * Télécharge CCleaner
    https://filehippo.com/download_ccleaner/
    => Aide toi de ce tuto pour l'utiliser
    http://www.swl1f.net/viewtopic.php?f=14&t=69

    --------------------------

    Ensuite refais un nouveau HijackThis

    @+
    -1
  20. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    lee lien marche pour moi ?
    -1
  21. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonsoir

    pour verif
    Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
    - Enregistre le sur ton bureau

    Double clique sur le OAD pour le lancer

    - nom de fichier à rechercher tape ou fais un copier coller de : Mirar
    - Type de recherche : sélectionne l'option 6 puis valide [entree]

    OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ai terminé.
    Le rapport de recherche s'affichera automatiquement à dès qu'il en aura terminé.

    - Fais un copier / coller de ce rapport dans ton prochain post.
    -1