Mon ordi plante des que je suis sur internet

stephaura Messages postés 20 Statut Membre -  
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour, a tous merci de l'atention porter a mon probleme

mon ordi plante des que je change de page sur internet sur tout firefox. explorer et chrome qui fonctionne 2 seconde avant que tout plante et redemarrelordi au complet jai fait tout les scan mais cela continu ,voivi mon rapport hijach

Logfile of HijackThis v1.99.1
Scan saved at 21:28:17, on 2008-09-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\netdde.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\WINDOWS\eHome\ehRecvr.exe
D:\WINDOWS\eHome\ehSched.exe
D:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
D:\PROGRA~1\AVG\AVG8\avgemc.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\WINDOWS\system32\dllhost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
D:\Program Files\QuickTime\qttask.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\robert\prhyper.exe
D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\System32\svchost.exe
D:\Documents and Settings\stephane.MCE2005\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\Shareaza\Shareaza.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\stephane.MCE2005\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/?.intl=ca&.src=ym
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ATIPTA] c:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\robert\prhyper.exe
O4 - HKCU\..\Run: [RoboForm] "D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Shareaza] "D:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\stephane.MCE2005\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Barre RoboForm - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

merci davance

stephaura

p.s. avg me dit tout le temps que mon antiviris est outdate et ne veut pas updater m

merci encore
Configuration: Windows XP
Firefox 3.0.1

25 réponses

  • 1
  • 2
  1. phmonette
     
    télécharege AVAST 4 home edition. scrap avg! il est lourd
    0
  2. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Salut,

    Ne JAMAIS installer deux antivirus sur le même PC.
    0
  3. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    moi je conseillerais plutot antivir qu avast..

    Télécharger sur le bureau malwarebytes à cette adresse :

    https://www.androidworld.fr/

    Voici un tuto pour bien l installer et bien l utiliser :

    https://www.androidworld.fr/

    aide toi bien du tuto pour supprimer correctement ce qu il aura trouvé

    Après l analyse, redémarrer le pc et poste le rapport !!
    0
  4. stephaura Messages postés 20 Statut Membre
     
    merci

    jai enlever avg et avast je vais essayer antivir

    je vous revient plus tard

    stephaura merci
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok...fais une recherche dans ton pc en tapant les noms des antivirus que tu as désinstallé pour supprimer les fichiers restants avant d installer antivir...Et fais une analyse avec malwarebytes stp

    @+
    0
  7. stephaura Messages postés 20 Statut Membre
     
    bonjour a tous pas de changement firefox plante meme avec antivir pas de virus

    Logfile of HijackThis v1.99.1
    Scan saved at 09:02:09, on 2008-09-14
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\netdde.exe
    D:\WINDOWS\eHome\ehRecvr.exe
    D:\WINDOWS\eHome\ehSched.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\dllhost.exe
    D:\WINDOWS\system32\wscntfy.exe
    D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    D:\Program Files\QuickTime\qttask.exe
    C:\Program Files\robert\prhyper.exe
    D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Shareaza\Shareaza.exe
    D:\Documents and Settings\stephane.MCE2005\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Documents and Settings\stephane.MCE2005\Bureau\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/?.intl=ca&.src=ym
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [ATIPTA] c:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\robert\prhyper.exe
    O4 - HKCU\..\Run: [RoboForm] "D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Shareaza] "D:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\stephane.MCE2005\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Barre RoboForm - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Enregistrer le formulaire - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Personnaliser le menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Remplir le formulaire - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

    merci stephaura
    0
  8. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    fais une analyse complete avec malwarebytes comme je t avais demandé stp

    aide toi du tuto pour supprimer corrrectement ce qu il aura trouvé
    0
  9. stephaura Messages postés 20 Statut Membre
     
    bonjour je lai fait et il na rien trouver merci

    stephaura
    0
  10. stephaura Messages postés 20 Statut Membre
     
    salut voici le rapport

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1147
    Windows 5.1.2600 Service Pack 2

    2008-09-27 07:59:22
    mbam-log-2008-09-27 (07-59-22).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 88288
    Temps écoulé: 57 minute(s), 42 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    stephaura
    0
  11. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    télécharge combofix (par sUBs) à cette adresse :

    (c est le numéro 5 en bas de la page) : https://www.androidworld.fr/

    et enregistre le sur le Bureau.

    désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)

    Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    ensuite envois le rapport et refais un nouveau rapport hijackthis stp
    0
  12. stephaura Messages postés 20 Statut Membre
     
    merci voici le rapport de combo fix

    ComboFix 08-09-13.05 - stephane 2008-09-14 11:17:38.1 - NTFSx86
    Lancé depuis: D:\Documents and Settings\stephane.MCE2005\Bureau\ComboFix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .
    [i] ADS - svchost.exe: deleted 88 bytes in 2 streams. [/i]

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    D:\Documents and Settings\stephane.MCE2005\Application Data\inst.exe
    D:\Documents and Settings\stephane.MCE2005\Application Data\Install.dat
    D:\WINDOWS\system32\MSINET.oca

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_6TO4
    -------\Service_6to4

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-14 au 2008-09-14 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-27 08:09 . 2008-09-27 08:09 <REP> d-------- D:\Program Files\Avira
    2008-09-27 08:09 . 2008-09-27 08:09 <REP> d----c--- D:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
    2008-09-26 22:25 . 2008-09-26 22:25 <REP> d-------- D:\Program Files\Malwarebytes' Anti-Malware
    2008-09-26 22:25 . 2008-09-26 22:25 <REP> d----c--- D:\Documents and Settings\stephane.MCE2005\Application Data\Malwarebytes
    2008-09-26 22:25 . 2008-09-26 22:25 <REP> d----c--- D:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
    2008-09-26 22:25 . 2008-09-10 00:04 38,528 --a------ D:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-26 22:25 . 2008-09-10 00:03 17,200 --a------ D:\WINDOWS\system32\drivers\mbam.sys
    2008-09-26 21:46 . 2008-09-26 21:46 262,144 --a------ D:\Documents and Settings\IN972C~8
    2008-09-26 21:44 . 2008-09-26 21:44 262,144 --a------ D:\Documents and Settings\IN972C~7
    2008-09-10 11:32 . 2008-09-10 11:44 <REP> d----c--- D:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
    2008-09-10 10:15 . 2008-09-10 10:19 8,192 --a--c--- D:\Documents and Settings\IN972C~6
    2008-09-09 19:01 . 2008-09-09 19:01 99 --a------ D:\WINDOWS\system32\mhncache.dat
    2008-09-09 17:52 . 2008-09-09 17:52 262,144 --a------ D:\Documents and Settings\IN972C~5
    2008-09-09 17:29 . 2008-09-09 17:29 262,144 --a------ D:\Documents and Settings\IN972C~4
    2008-09-08 20:12 . 2008-09-08 20:15 8,192 --a--c--- D:\Documents and Settings\IN972C~3
    2008-09-08 19:58 . 2008-09-08 19:58 262,144 --a------ D:\Documents and Settings\IN972C~2
    2008-09-08 19:56 . 2008-09-08 19:57 8,192 --a--c--- D:\Documents and Settings\IN972C~1
    2008-08-24 17:06 . 2008-08-24 17:06 <REP> d--hs---- D:\found.000

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-27 02:09 102,400 ----a-w D:\WINDOWS\DUMP855c.tmp
    2008-09-11 03:48 --------- dc----w D:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2008-09-11 03:12 --------- d-----w D:\Program Files\Spybot - Search & Destroy
    2008-09-10 15:32 --------- d-----w D:\Program Files\Lavasoft
    2008-09-09 22:14 102,400 ----a-w D:\WINDOWS\DUMP8dc8.tmp
    2008-08-12 00:10 --------- d-----w D:\Program Files\Fichiers communs\xing shared
    2008-08-12 00:10 --------- d-----w D:\Program Files\Fichiers communs\Real
    2008-07-30 15:25 --------- d--h--w D:\Program Files\InstallShield Installation Information
    2008-07-22 22:09 --------- dc----w D:\Documents and Settings\stephane.MCE2005\Application Data\ATI
    2008-07-22 21:57 --------- d-----w D:\Program Files\ATI Technologies
    2008-06-17 16:01 47,360 -c--a-w D:\Documents and Settings\stephane.MCE2005\Application Data\pcouffin.sys
    2005-08-20 00:50 56 --sh--r D:\WINDOWS\system32\54D8FF8D27.sys
    2003-08-16 17:56 579,584 -csha-r D:\WINDOWS\system32\cd.exe
    .
    [code]<pre>
    -c--a-w 83,456 2006-11-13 23:25:14 D:\Documents and Settings\All Users.WINDOWS\Documents\Windows serial number.doc .exe
    </pre>[/code]

    ------- Sigcheck -------

    2004-11-25 17:20 506368 048cb871e6f98e41f072b85c67c30925 D:\WINDOWS\system32\winlogon.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Le Petit Robert Hyperappel"="C:\Program Files\robert\prhyper.exe" [2001-10-11 22560]
    "RoboForm"="D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-06-18 160592]
    "ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15360]
    "Shareaza"="D:\Program Files\Shareaza\Shareaza.exe" [2007-12-02 4677632]
    "Google Update"="D:\Documents and Settings\stephane.MCE2005\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-09 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2008-04-01 36352]
    "ATIPTA"="c:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-03 344064]
    "ATICCC"="D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
    "TkBellExe"="D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-08-11 185896]
    "QuickTime Task"="D:\Program Files\QuickTime\qttask.exe" [2005-10-16 155648]
    "avgnt"="D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= D:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= D:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoFavoritesMenu"= 0 (0x0)
    "NoSMMyPictures"= 1 (0x1)
    "NoStartMenuMyMusic"= 0 (0x0)
    "NoRecentDocsNetHood"= 0 (0x0)
    "NoInstrumentation"= 0 (0x0)
    "NoSimpleStartMenu"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoFavoritesMenu"= 0 (0x0)
    "NoSMMyPictures"= 1 (0x1)
    "NoStartMenuMyMusic"= 0 (0x0)
    "NoRecentDocsNetHood"= 0 (0x0)
    "NoUserNameInStartMenu"= 1 (0x1)
    "NoInstrumentation"= 0 (0x0)
    "NoStartMenuPinnedList"= 0 (0x0)
    "ForceStartMenuLogoff"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

    [HKLM\~\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
    path=D:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Démarrage rapide de HP Photosmart Premier.lnk
    backup=D:\WINDOWS\pss\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup

    [HKLM\~\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
    path=D:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
    backup=D:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
    D:\Program Files\D-Tools\daemon.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    --a--c--- 2005-09-24 01:08 49152 D:\Program Files\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    D:\Program Files\MSN Messenger\msnmsgr.exe [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a--c--- 2005-10-16 02:14 155648 D:\Program Files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shareaza]
    --a------ 2007-12-02 05:30 4677632 D:\Program Files\Shareaza\Shareaza.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SO5 Integrator Pass Two]
    D:\WINDOWS\SOINTGR.EXE [N/A]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    --a--c--- 2004-10-14 15:42 1404928 D:\Program Files\Analog Devices\Core\smax4pnp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2008-08-11 20:09 185896 D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    --a------ 2008-04-01 14:49 36352 D:\Program Files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [N/A]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "D:\\Program Files\\MSN\\MSNCoreFiles\\Install\\msnsusii.exe"=
    "D:\\Program Files\\Messenger\\msmsgs.exe"=
    "D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "D:\\Program Files\\Shareaza\\Shareaza.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "26977:TCP"= 26977:TCP:BitComet 26977 TCP
    "26977:UDP"= 26977:UDP:BitComet 26977 UDP

    R2 Dnscache;Client DNS;D:\WINDOWS\system32\svchost.exe [2005-11-13 14336]
    R2 NwSapAgent;Agent SAP;D:\WINDOWS\system32\svchost.exe [2005-11-13 14336]
    S3 GPU-Z;GPU-Z;D:\DOCUME~1\STEPHA~1.MCE\LOCALS~1\Temp\GPU-Z.sys [ ]
    S3 o1394bul;o1394bul;D:\DOCUME~1\STEPHA~1.MCE\LOCALS~1\Temp\o1394bul.sys [ ]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\Auto.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1cb2508-d764-11dc-a412-0008a116784e}]
    \Shell\AutoRun\command - EXPLORER.EXE
    \Shell\explore\Command - EXPLORER.EXE
    \Shell\open\Command - EXPLORER.EXE
    .
    Contenu du dossier 'Tƒches planifi‚es'
    .
    .
    ------- Examen suppl‚mentaire -------
    .
    FireFox -: Profile - D:\Documents and Settings\stephane.MCE2005\Application Data\Mozilla\Firefox\Profiles\jcmi47fh.default\
    FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
    FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
    FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
    FF -: plugin - D:\Documents and Settings\stephane.MCE2005\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
    FF -: plugin - D:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
    FF -: plugin - D:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll
    FF -: plugin - D:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll
    FF -: plugin - D:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll
    FF -: plugin - D:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll
    FF -: plugin - D:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll
    FF -: plugin - D:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-14 13:30:46
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cach‚s ...

    Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

    Recherche de fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    D:\WINDOWS\system32\ati2evxx.exe
    D:\WINDOWS\system32\ati2evxx.exe
    D:\WINDOWS\system32\netdde.exe
    D:\WINDOWS\ehome\ehRecvr.exe
    D:\WINDOWS\ehome\ehSched.exe
    D:\WINDOWS\system32\dllhost.exe
    D:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-09-14 13:38:57 - La machine a red‚marr‚
    ComboFix-quarantined-files.txt 2008-09-14 17:38:54

    Avant-CF: 1,905,156,096 octets libres
    AprŠs-CF: 1,861,300,224 octets libres

    196

    merci stephaura
    0
  13. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok maintenant :

    désinstalle ta version hijackthis car elle n est pas à jour...Et retélécharge le d ici stp :

    Fais un rapport hijackthis pour que je puisses vérifier les infections de ton pc stp

    Télécharge hijackthis à cette adresse, tout est expliqué pour bien l installer et pour savoir s'en servir :

    https://www.androidworld.fr/

    Comment copier/coller le rapport :

    Quand tu as le rapport à l écran, tu fais ctrl A pour "sélectionner tout" puis ctrl C pour "copier".

    ensuite tu viens sur le forum pour me répondre et tu fais ctrl V pour "coller" le rapport.

    Une explication des raccourcis clavier sont illustrés sur mon site web à cette adresse :

    https://www.androidworld.fr/
    0
  14. stephaura Messages postés 20 Statut Membre
     
    salut voila le rapport hijacks

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:23:46, on 2008-09-14
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\netdde.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    D:\WINDOWS\eHome\ehRecvr.exe
    D:\WINDOWS\eHome\ehSched.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\dllhost.exe
    D:\WINDOWS\system32\wscntfy.exe
    D:\Program Files\Winamp\winampa.exe
    D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    D:\Program Files\QuickTime\qttask.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\robert\prhyper.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Shareaza\Shareaza.exe
    D:\Documents and Settings\stephane.MCE2005\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    d:\program files\mozilla firefox\firefox.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/?.intl=ca&.src=ym
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [ATIPTA] c:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\robert\prhyper.exe
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Shareaza] "D:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\stephane.MCE2005\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [RoboForm] "D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Barre RoboForm - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Enregistrer le formulaire - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Personnaliser le menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Remplir le formulaire - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    0
  15. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    télécharge ad-aware sur mon site web à cette adresse stp :

    https://www.androidworld.fr/

    fais la mise à jour et une analyse approfondie.
    0
  16. stephaura
     
    salut desole pour le temps tres occupe voila mon rapport d ad aware

    Scan Results
    Ad-Aware 2008 Free Edition
    Log File Created on:2008-09-1820:40:20
    Using Definitions File:D:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\core.aawdef
    Computer name:MCE2005
    Name of user performing scan:SYSTEM
    Name of user ordering scan:stephane
    Scan completed successfully

    System Information
    File Version Information
    Ad-Aware 2008 Settings
    Extended Ad-Aware 2008 Settings
    Database Information
    Scan Statistics
    Scan Detailed Statistics
    Infections Found
    Listing of running processes
    System Information
    Number of processors:1
    Processor type:Intel(R) Pentium(R) 4 CPU 2.26GHz
    Memory Available:24%
    Total Physical Memory:804044800 Bytes
    Available Physical Memory:191152128 Bytes
    Total Page File Size:2770960384 Bytes
    Available On Page File:1992478720 Bytes
    Total Virtual Memory:2147352576 Bytes
    Available Virtual Memory:175648768 Bytes
    OS:Microsoft Windows XP 5.1 (Build 2600)
    [to top]
    File Verion Information
    File Version
    CEAPI.dll 7,1,0,7
    aawservice.exe 7,1,0,3
    Ad-Aware.exe 7.1.0.8
    [to top]
    Ad-Aware 2008 Settings
    Skipping files larger than:1048576 Bytes
    Ignoring infections with lower TAI than:3
    Safe Mode:False
    [to top]
    Extended Ad-Aware 2008 Settings
    Unload malicious processes and modules
    Unload Modules
    Let Windows remove files at Start-Up
    Deactivate Ad-Watch
    Re-analyze Scan Result
    Delete Restored Items
    Write Protect System Files
    Create Log file
    Include basic settings
    Include advanced settings
    Include user and computer name
    Environment information
    Running processes
    Running processes and modules
    Include info about ignored objects in log file
    [to top]
    Database Info
    Version number:0
    Build Number:0
    Build Date and Time:1969/12/3119:00:00
    [to top]
    Scan Statistics
    Method:Smart

    Items Scanned:65575
    Infections Detected:2
    Infections Removed:0
    Infections Quarantined:0
    Infections Ignored:0
    [to top]
    Scan Detailed Statistics
    Type Critical Total
    Process Scan 0 0
    Registry Scan 0 0
    Registry PE Scan 0 0
    Hosts Scan 0 0
    File Scan 0 0
    Folder Scan 0 0
    LSP Scan 0 0
    ADS Scan 0 0
    Cookie Scan 0 0
    File Hash Scan 0 0
    [to top]
    Infections Found
    Family Id Name Category TAI
    9999 MRU Object MRU Object 0
    [1] MRU Path: D:\Documents and Settings\stephane.MCE2005\Recent Count: 1
    [2] MRU Registry Key: S-1-5-21-1060284298-362288127-682003330-1003\Software\Microsoft\Search Assistant\ACMru\5603 Count: 20

    Quarantined Objects
    Family Id Name Category TAI

    Removed Objects
    Family Id Name Category TAI
    9999 MRU Object MRU Object 0
    [1] MRU Path: D:\Documents and Settings\stephane.MCE2005\Recent Count: 1
    [2] MRU Registry Key: S-1-5-21-1060284298-362288127-682003330-1003\Software\Microsoft\Search Assistant\ACMru\5603 Count: 20

    [to top]
    Listing of Running Processes
    D:\WINDOWS\SYSTEM32\SMSS.EXE
    d:\windows\system32\smss.exe
    d:\windows\system32\ntdll.dll
    D:\WINDOWS\SYSTEM32\CSRSS.EXE
    d:\windows\system32\csrss.exe
    d:\windows\system32\ntdll.dll
    d:\windows\system32\csrsrv.dll
    d:\windows\system32\basesrv.dll
    d:\windows\system32\winsrv.dll
    d:\windows\system32\gdi32.dll
    d:\windows\system32\kernel32.dll
    d:\windows\system32\user32.dll
    d:\windows\system32\sxs.dll
    d:\windows\system32\advapi32.dll
    d:\windows\system32\rpcrt4.dll
    d:\windows\system32\secur32.dll
    D:\WINDOWS\SYSTEM32\WINLOGON.EXE
    d:\windows\system32\winlogon.exe
    d:\windows\system32\ntdll.dll
    d:\windows\system32\kernel32.dll
    d:\windows\system32\advapi32.dll
    d:\windows\system32\rpcrt4.dll
    d:\windows\system32\secur32.dll
    d:\windows\system32\authz.dll
    d:\windows\system32\msvcrt.dll
    d:\windows\system32\crypt32.dll
    d:\windows\system32\user32.dll
    d:\windows\system32\gdi32.dll
    d:\windows\system32\msasn1.dll
    d:\windows\system32\nddeapi.dll
    d:\windows\system32\profmap.dll
    d:\windows\system32\netapi32.dll
    d:\windows\system32\userenv.dll
    d:\windows\system32\psapi.dll
    d:\windows\system32\regapi.dll
    d:\windows\system32\setupapi.dll
    d:\windows\system32\version.dll
    d:\windows\system32\winsta.dll
    d:\windows\system32\wintrust.dll
    d:\windows\system32\imagehlp.dll
    d:\windows\system32\ws2_32.dll
    d:\windows\system32\ws2help.dll
    d:\windows\system32\imm32.dll
    d:\windows\system32\msgina.dll
    d:\windows\system32\shell32.dll
    d:\windows\system32\shlwapi.dll
    d:\windows\system32\comctl32.dll
    d:\windows\system32\odbc32.dll
    d:\windows\system32\comdlg32.dll
    d:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    d:\windows\system32\odbcint.dll
    d:\windows\system32\shsvcs.dll
    d:\windows\system32\sfc.dll
    d:\windows\system32\sfc_os.dll
    d:\windows\system32\ole32.dll
    d:\windows\system32\apphelp.dll
    d:\windows\system32\msctfime.ime
    d:\windows\system32\winscard.dll
    d:\windows\system32\wtsapi32.dll
    d:\windows\system32\uxtheme.dll
    d:\windows\system32\winmm.dll
    d:\windows\system32\serwvdrv.dll
    d:\windows\system32\umdmxfrm.dll
    d:\windows\system32\ati2evxx.dll
    d:\windows\system32\rsaenh.dll
    d:\windows\system32\cscdll.dll
    d:\windows\system32\wlnotify.dll
    d:\windows\system32\winspool.drv
    d:\windows\system32\mpr.dll
    d:\windows\system32\sxs.dll
    d:\windows\system32\msv1_0.dll
    d:\windows\system32\iphlpapi.dll
    d:\windows\system32\wldap32.dll
    d:\windows\system32\samlib.dll
    d:\windows\system32\cscui.dll
    d:\windows\system32\ntmarta.dll
    d:\windows\system32\wdmaud.drv
    d:\windows\system32\msacm32.drv
    d:\windows\system32\msacm32.dll
    d:\windows\system32\midimap.dll
    d:\windows\system32\comres.dll
    d:\windows\system32\oleaut32.dll
    d:\windows\system32\clbcatq.dll
    d:\windows\system32\xpsp2res.dll
    d:\windows\system32\wbem\wbemprox.dll
    d:\windows\system32\wbem\wbemcomn.dll
    d:\windows\system32\wbem\wbemsvc.dll
    d:\windows\system32\wbem\fastprox.dll
    d:\windows\system32\msvcp60.dll
    d:\windows\system32\ntdsapi.dll
    d:\windows\system32\dnsapi.dll
    D:\WINDOWS\SYSTEM32\SERVICES.EXE
    d:\windows\system32\services.exe
    d:\windows\system32\ntdll.dll
    d:\windows\system32\kernel32.dll
    d:\windows\system32\msvcrt.dll
    d:\windows\system32\advapi32.dll
    d:\windows\system32\rpcrt4.dll
    d:\windows\system32\secur32.dll
    d:\windows\system32\user32.dll
    d:\windows\system32\gdi32.dll
    d:\windows\system32\userenv.dll
    d:\windows\system32\scesrv.dll
    d:\windows\system32\authz.dll
    d:\windows\system32\umpnpmgr.dll
    d:\windows\system32\winsta.dll
    d:\windows\system32\netapi32.dll
    d:\windows\system32\ncobjapi.dll
    d:\windows\system32\msvcp60.dll
    d:\windows\system32\shimeng.dll
    d:\windows\apppatch\acgenral.dll
    d:\windows\system32\winmm.dll
    d:\windows\system32\ole32.dll
    d:\windows\system32\oleaut32.dll
    d:\windows\system32\msacm32.dll
    d:\windows\system32\version.dll
    d:\windows\system32\shell32.dll
    d:\windows\system32\shlwapi.dll
    d:\windows\system32\uxtheme.dll
    d:\windows\system32\imm32.dll
    d:\windows\system32\serwvdrv.dll
    d:\windows\system32\umdmxfrm.dll
    d:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    d:\windows\system32\comctl32.dll
    d:\windows\system32\apphelp.dll
    d:\windows\system32\eventlog.dll
    d:\windows\system32\ws2_32.dll
    d:\windows\system32\ws2help.dll
    d:\windows\system32\psapi.dll
    d:\windows\system32\wtsapi32.dll
    D:\WINDOWS\SYSTEM32\LSASS.EXE
    d:\windows\system32\lsass.exe
    d:\windows\system32\ntdll.dll
    d:\windows\system32\kernel32.dll
    d:\windows\system32\advapi32.dll
    d:\windows\system32\rpcrt4.dll
    d:\windows\system32\secur32.dll
    d:\windows\system32\lsasrv.dll
    d:\windows\system32\mpr.dll
    d:\windows\system32\user32.dll
    d:\windows\system32\gdi32.dll
    d:\windows\system32\msasn1.dll
    d:\windows\system32\msvcrt.dll
    d:\windows\system32\netapi32.dll
    d:\windows\system32\ntdsapi.dll
    d:\windows\system32\dnsapi.dll
    d:\windows\system32\ws2_32.dll
    d:\windows\system32\ws2help.dll
    d:\windows\system32\wldap32.dll
    d:\windows\system32\samlib.dll
    d:\windows\system32\samsrv.dll
    d:\windows\system32\cryptdll.dll
    d:\windows\system32\shimeng.dll
    d:\windows\apppatch\acgenral.dll
    d:\windows\system32\winmm.dll
    d:\windows\system32\ole32.dll
    d:\windows\system32\oleaut32.dll
    d:\windows\system32\msacm32.dll
    d:\windows\system32\version.dll
    d:\windows\system32\shell32.dll
    d:\windows\system32\shlwapi.dll
    d:\windows\system32\userenv.dll
    d:\windows\system32\uxtheme.dll
    d:\windows\system32\imm32.dll
    d:\windows\system32\serwvdrv.dll
    d:\windows\system32\umdmxfrm.dll
    d:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    d:\windows\system32\comctl32.dll
    d:\windows\system32\msprivs.dll
    d:\windows\system32\kerberos.dll
    d:\windows\system32\msv1_0.dll
    d:\windows\system32\iphlpapi.dll
    d:\windows\system32\netlogon.dll
    d:\windows\system32\w32time.dll
    d:\windows\system32\msvcp60.dll
    d:\windows\system32\schannel.dll
    d:\windows\system32\crypt32.dll
    d:\windows\system32\wdigest.dll
    d:\windows\system32\rsaenh.dll
    d:\windows\system32\nwprovau.dll
    d:\windows\system32\setupapi.dll
    d:\windows\system32\scecli.dll
    d:\windows\system32\ipsecsvc.dll
    d:\windows\system32\authz.dll
    d:\windows\system32\oakley.dll
    d:\windows\system32\winipsec.dll
    d:\windows\system32\mswsock.dll
    d:\windows\system32\hnetcfg.dll
    d:\windows\system32\wshtcpip.dll
    d:\windows\system32\pstorsvc.dll
    d:\windows\system32\psbase.dll
    d:\windows\system32\dssenh.dll
    D:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
    d:\windows\system32\ati2evxx.exe
    d:\windows\system32\ntdll.dll
    d:\windows\system32\kernel32.dll
    d:\windows\system32\user32.dll
    d:\windows\system32\gdi32.dll
    d:\windows\system32\ole32.dll
    d:\windows\system32\advapi32.dll
    d:\windows\system32\rpcrt4.dll
    d:\windows\system32\secur32.dll
    d:\windows\system32\msvcrt.dll
    d:\windows\system32\oleaut32.dll
    d:\windows\system32\imm32.dll
    d:\windows\system32\msctfime.ime
    d:\windows\system32\ati2edxx.dll
    d:\windows\system32\uxtheme.dll
    D:\WINDOWS\SYSTEM32\SVCHOST.EXE
    d:\windows\system32\svchost.exe
    d:\windows\system32\ntdll.dll
    d:\windows\system32\kernel32.dll
    d:\windows\system32\advapi32.dll
    d:\windows\system32\rpcrt4.dll
    d:\windows\system32\secur32.dll
    d:\windows\system32\shimeng.dll
    d:\windows\apppatch\acgenral.dll
    d:\windows\system32\user32.dll
    d:\windows\system32\gdi32.dll
    d:\windows\system32\winmm.dll
    d:\windows\system32\ole32.dll
    d:\windows\system32\msvcrt.dll
    d:\windows\system32\oleaut32.dll
    d:\windows\system32\msacm32.dll
    d:\windows\system32\version.dll
    d:\windows\system32\shell32.dll
    d:\windows\system32\shlwapi.dll
    d:\windows\system32\userenv.dll
    d:\windows\system32\uxtheme.dll
    d:\windows\system32\imm32.dll
    d:\windows\system32\serwvdrv.dll
    d:\windows\system32\umdmxfrm.dll
    d:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    d:\windows\system32\comctl32.dll
    d:\windows\system32\ntmarta.dll
    d:\windows\system32\wldap32.dll
    d:\windows\system32\samlib.dll
    d:\windows\system32\rpcss.dll
    d:\windows\system32\ws2_32.dll
    d:\windows\system32\ws2help.dll
    d:\windows\system32\xpsp2res.dll
    d:\windows\system32\clbcatq.dll
    d:\windows\system32\comres.dll
    d:\windows\system32\termsrv.dll
    d:\windows\system32\icaapi.dll
    d:\windows\system32\setupapi.dll
    d:\windows\system32\wintrust.dll
    d:\windows\system32\crypt32.dll
    d:\windows\system32\msasn1.dll
    d:\windows\system32\imagehlp.dll
    d:\windows\system32\authz.dll
    d:\windows\system32\mstlsapi.dll
    d:\windows\system32\activeds.dll
    d:\windows\system32\adsldpc.dll
    d:\windows\system32\netapi32.dll
    d:\windows\system32\atl.dll
    d:\windows\system32\regapi.dll
    d:\windows\system32\rsaenh.dll
    d:\windows\system32\apphelp.dll
    d:\windows\system32\wtsapi32.dll
    d:\windows\system32\winsta.dll
    d:\windows\system32\msv1_0.dll
    d:\windows\system32\iphlpapi.dll
    d:\windows\system32\svchost.exe
    d:\windows\system32\ntdll.dll
    d:\windows\system32\kernel32.dll
    d:\windows\system32\advapi32.dll
    d:\windows\system32\rpcrt4.dll
    d:\windows\system32\secur32.dll
    d:\windows\system32\shimeng.dll
    d:\windows\apppatch\acgenral.dll
    d:\windows\system32\user32.dll
    d:\windows\system32\gdi32.dll
    d:\windows\system32\winmm.dll
    d:\windows\system32\ole32.dll
    d:\windows\system32\msvcrt.dll
    d:\windows\system32\oleaut32.dll
    d:\windows\system32\msacm32.dll
    d:\windows\system32\version.dll
    d:\windows\system32\shell32.dll
    d:\windows\system32\shlwapi.dll
    d:\windows\system32\userenv.dll
    d:\windows\system32\uxtheme.dll
    d:\windows\system32\imm32.dll
    d:\windows\system32\serwvdrv.dll
    d:\windows\system32\umdmxfrm.dll
    d:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    d:\windows\system32\comctl32.dll
    d:\windows\system32\rpcss.dll
    d:\windows\system32\ws2_32.dll
    d:\windows\system32\ws2help.dll
    d:\windows\system32\xpsp2res.dll
    d:\windows\system32\rsaenh.dll
    d:\windows\system32\mswsock.dll
    d:\windows\system32\hnetcfg.dll
    d:\windows\system32\wshtcpip.dll
    d:\windows\system32\wship6.dll
    d:\windows\system32\wshisn.dll
    d:\windows\system32\wsock32.dll
    d:\windows\system32\dnsapi.dll
    d:\windows\system32\iphlpapi.dll
    d:\windows\system32\winrnr.dll
    d:\windows\system32\wldap32.dll
    d:\windows\system32\rasadhlp.dll
    d:\windows\system32\clbcatq.dll
    d:\windows\system32\comres.dll
    d:\windows\system32\svchost.exe
    d:\windows\system32\ntdll.dll
    d:\windows\system32\kernel32.dll
    d:\windows\system32\advapi32.dll
    d:\windows\system32\rpcrt4.dll
    d:\windows\system32\secur32.dll
    d:\windows\system32\shimeng.dll
    d:\windows\apppatch\acgenral.dll
    d:\windows\system32\user32.dll
    d:\windows\system32\gdi32.dll
    d:\windows\system32\winmm.dll
    d:\windows\system32\ole32.dll
    d:\windows\system32\msvcrt.dll
    d:\windows\system32\oleaut32.dll
    d:\windows\system32\msacm32.dll
    d:\windows\system32\version.dll
    d:\windows\system32\shell32.dll
    d:\windows\system32\shlwapi.dll
    d:\windows\system32\userenv.dll
    d:\windows\system32\uxtheme.dll
    d:\windows\system32\imm32.dll
    d:\windows\system32\serwvdrv.dll
    d:\windows\system32\umdmxfrm.dll
    d:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    d:\windows\system32\comctl32.dll
    d:\windows\system32\ntmarta.dll
    d:\windows\system32\wldap32.dll
    d:\windows\system32\samlib.dll
    d:\windows\system32\xpsp2res.dll
    d:\windows\system32\shsvcs.dll
    d:\windows\system32\winsta.dll
    d:\windows\system32\netapi32.dll
    d:\windows\system32\dhcpcsvc.dll
    d:\windows\system32\dnsapi.dll
    d:\windows\system32\ws2_32.dll
    d:\windows\system32\ws2help.dll
    d:\windows\system32\iphlpapi.dll
    d:\windows\system32\rsaenh.dll
    d:\windows\system32\mswsock.dll
    d:\windows\system32\hnetcfg.dll
    d:\windows\system32\wshtcpip.dll
    d:\windows\system32\wzcsvc.dll
    d:\windows\system32\rtutils.dll
    d:\windows\system32\wmi.dll
    d:\windows\system32\crypt32.dll
    d:\windows\system32\msasn1.dll
    d:\windows\system32\wtsapi32.dll
    d:\windows\system32\esent.dll
    d:\windows\system32\atl.dll
    d:\windows\system32\rastls.dll
    d:\windows\system32\cryptui.dll
    d:\windows\system32\wintrust.dll
    d:\windows\system32\imagehlp.dll
    d:\windows\system32\wininet.dll
    d:\windows\system32\normaliz.dll
    d:\windows\system32\iertutil.dll
    d:\windows\system32\mprapi.dll
    d:\windows\system32\activeds.dll
    d:\windows\system32\adsldpc.dll
    d:\windows\system32\setupapi.dll
    d:\windows\system32\rasapi32.dll
    d:\windows\system32\rasman.dll
    d:\windows\system32\tapi32.dll
    d:\windows\system32\schannel.dll
    d:\windows\system32\winscard.dll
    d:\windows\system32\raschap.dll
    d:\windows\system32\msv1_0.dll
    d:\windows\system32\clbcatq.dll
    d:\windows\system32\comres.dll
    d:\windows\system32\schedsvc.dll
    d:\windows\system32\ntdsapi.dll
    d:\windows\system32\msidle.dll
    d:\windows\system32\audiosrv.dll
    d:\windows\system32\wkssvc.dll
    d:\windows\system32\nwwks.dll
    d:\windows\system32\nwprovau.dll
    d:\windows\system32\mpr.dll
    d:\windows\system32\nwapi32.dll
    d:\windows\system32\qmgr.dll
    d:\windows\system32\shfolder.dll
    d:\windows\system32\winhttp.dll
    d:\windows\system32\cryptsvc.dll
    d:\windows\system32\certcli.dll
    d:\windows\system32\dmserver.dll
    d:\windows\system32\ersvc.dll
    d:\windows\system32\es.dll
    d:\windows\pchealth\helpctr\binaries\pchsvc.dll
    d:\windows\system32\srvsvc.dll
    d:\windows\system32\netman.dll
    d:\windows\system32\netshell.dll
    d:\windows\system32\credui.dll
    d:\windows\system32\wzcsapi.dll
    d:\windows\system32\ipxsap.dll
    d:\windows\system32\rtm.dll
    d:\windows\system32\wsock32.dll
    d:\windows\system32\adptif.dll
    d:\windows\system32\seclogon.dll
    d:\windows\system32\sens.dll
    d:\windows\system32\srsvc.dll
    d:\windows\system32\powrprof.dll
    d:\windows\system32\sxs.dll
    d:\windows\system32\trkwks.dll
    d:\windows\system32\w32time.dll
    d:\windows\system32\msvcp60.dll
    d:\windows\system32\wbem\wmisvc.dll
    d:\windows\system32\vssapi.dll
    d:\windows\system32\wuauserv.dll
    d:\windows\system32\browser.dll
    d:\windows\system32\wuaueng.dll
    d:\windows\system32\winspool.drv
    d:\windows\system32\cabinet.dll
    d:\windows\system32\mspatcha.dll
    d:\windows\system32\wscsvc.dll
    d:\windows\system32\msi.dll
    d:\windows\system32\wbem\wbemcomn.dll
    d:\windows\system32\wbem\wbemcore.dll
    d:\windows\system32\wbem\esscli.dll
    d:\windows\system32\wbem\fastprox.dll
    d:\windows\system32\wbem\wbemsvc.dll
    d:\windows\system32\ipnathlp.dll
    d:\windows\system32\authz.dll
    d:\windows\system32\wbem\wmiutils.dll
    d:\windows\system32\comsvcs.dll
    d:\windows\system32\colbact.dll
    d:\windows\system32\mtxclu.dll
    d:\windows\system32\clusapi.dll
    d:\windows\system32\resutils.dll
    d:\windows\system32\wbem\repdrvfs.dll
    d:\windows\system32\sfc.dll
    d:\windows\system32\sfc_os.dll
    d:\windows\system32\wship6.dll
    d:\windows\system32\wbem\wmiprvsd.dll
    d:\windows\system32\ncobjapi.dll
    d:\windows\system32\wbem\wbemess.dll
    d:\windows\system32\wbem\ncprov.dll
    d:\windows\system32\rasadhlp.dll
    d:\windows\system32\netcfgx.dll
    d:\windows\system32\rasmans.dll
    d:\windows\system32\winipsec.dll
    d:\windows\system32\tapisrv.dll
    d:\windows\system32\psapi.dll
    d:\windows\system32\rastapi.dll
    d:\windows\system32\unimdm.tsp
    d:\windows\system32\uniplat.dll
    d:\windows\system32\kmddsp.tsp
    d:\windows\system32\ndptsp.tsp
    d:\windows\system32\ipconf.tsp
    d:\windows\system32\h323.tsp
    d:\windows\system32\hidphone.tsp
    d:\windows\system32\hid.dll
    d:\windows\system32\rasppp.dll
    d:\windows\system32\ntlsapi.dll
    d:\windows\system32\kerberos.dll
    d:\windows\system32\cryptdll.dll
    d:\windows\system32\ipxwan.dll
    d:\windows\system32\upnp.dll
    d:\windows\system32\ssdpapi.dll
    d:\windows\system32\urlmon.dll
    d:\windows\system32\rasdlg.dll
    d:\windows\system32\apphelp.dll
    d:\windows\system32\winrnr.dll
    d:\windows\system32\catsrvut.dll
    d:\windows\system32\catsrv.dll
    d:\windows\system32\mfcsubs.dll
    d:\windows\system32\wbem\wbemcons.dll
    d:\windows\system32\svchost.exe
    d:\windows\system32\ntdll.dll
    d:\windows\system32\kernel32.dll
    d:\windows\system32\advapi32.dll
    d:\windows\system32\rpcrt4.dll
    d:\windows\system32\secur32.dll
    d:\windows\system32\shimeng.dll
    d:\windows\apppatch\acgenral.dll
    d:\windows\system32\user32.dll
    d:\windows\system32\gdi32.dll
    d:\windows\system32\winmm.dll
    d:\windows\system32\ole32.dll
    d:\windows\system32\msvcrt.dll
    d:\windows\system32\oleaut32.dll
    d:\windows\system32\msacm32.dll
    d:\windows\system32\version.dll
    d:\windows\system32\shell32.dll
    d:\windows\system32\shlwapi.dll
    d:\windows\system32\userenv.dll
    d:\windows\system32\uxtheme.dll
    d:\windows\system32\imm32.dll
    d:\windows\system32\serwvdrv.dll
    d:\windows\system32\umdmxfrm.dll
    d:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    d:\windows\system32\comctl32.dll
    d:\windows\system32\dnsrslvr.dll
    d:\windows\system32\dnsapi.dll
    d:\windows\system32\ws2_32.dll
    d:\windows\system32\ws2help.dll
    d:\windows\system32\iphlpapi.dll
    d:\windows\system32\rsaenh.dll
    d:\windows\system32\mswsock.dll
    d:\windows\system32\hnetcfg.dll
    d:\windows\system32\wshtcpip.dll
    d:\windows\system32\svchost.exe
    d:\windows\system32\ntdll.dll
    d:\windows\system32\kernel32.dll
    d:\windows\system32\advapi32.dll
    d:\windows\system32\rpcrt4.dll
    d:\windows\system32\secur32.dll
    d:\windows\system32\shimeng.dll
    d:\windows\apppatch\acgenral.dll
    d:\windows\system32\user32.dll
    d:\windows\system32\gdi32.dll
    d:\windows\system32\winmm.dll
    d:\windows\system32\ole32.dll
    d:\windows\system32\msvcrt.dll
    d:\windows\system32\oleaut32.dll
    d:\windows\system32\msacm32.dll
    d:\windows\system32\version.dll
    d:\windows\system32\shell32.dll
    d:\windows\system32\shlwapi.dll
    d:\windows\system32\userenv.dll
    d:\windows\system32\uxtheme.dll
    d:\windows\system32\imm32.dll
    d:\windows\system32\serwvdrv.dll
    d:\windows\system32\umdmxfrm.dll
    d:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    d:\windows\system32\comctl32.dll
    d:\windows\system32\ntmarta.dll
    d:\windows\system32\wldap32.dll
    d:\windows\system32\samlib.dll
    d:\windows\system32\xpsp2res.dll
    d:\windows\system32\lmhsvc.dll
    d:\windows\system32\iphlpapi.dll
    d:\windows\system32\ws2_32.dll
    d:\windows\system32\ws2help.dll
    d:\windows\system32\regsvc.dll
    d:\windows\system32\ssdpsrv.dll
    d:\windows\system32\hnetcfg.dll
    d:\windows\system32\clbcatq.dll
    d:\windows\system32\comres.dll
    d:\windows\system32\mswsock.dll
    d:\windows\system32\wshtcpip.dll
    d:\windows\system32\upnphost.dll
    d:\windows\system32\winhttp.dll
    d:\windows\system32\ssdpapi.dll
    d:\windows\system32\netapi32.dll
    d:\windows\system32\rsaenh.dll
    d:\windows\system32\httpapi.dll
    d:\windows\system32\wship6.dll
    D:\WINDOWS\SYSTEM32\SPOOLSV.EXE
    d:\windows\system32\spoolsv.exe
    d:\windows\system32\ntdll.dll
    d:\windows\system32\kernel32.dll
    d:\windows\system32\msvcrt.dll
    d:\windows\system32\advapi32.dll
    d:\windows\system32\rpcrt4.dll
    d:\windows\system32\secur32.dll
    d:\windows\system32\gdi32.dll
    d:\windows\system32\user32.dll
    d:\windows\system32\shimeng.dll
    d:\windows\apppatch\acgenral.dll
    d:\windows\system32\winmm.dll
    d:\windows\system32\ole32.dll
    d:\windows\system32\oleaut32.dll
    d:\windows\system32\msacm32.dll
    d:\windows\system32\version.dll
    d:\windows\system32\shell32.dll
    d:\windows\system32\shlwapi.dll
    d:\windows\system32\userenv.dll
    d:\windows\system32\uxtheme.dll
    d:\windows\system32\imm32.dll
    d:\windows\system32\serwvdrv.dll
    d:\windows\system32\umdmxfrm.dll
    d:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    d:\windows\system32\comctl32.dll
    d:\windows\system32\spoolss.dll
    d:\windows\system32\ws2_32.dll
    d:\windows\system32\ws2help.dll
    d:\windows\system32\dnsapi.dll
    d:\windows\system32\rasadhlp.dll
    d:\windows\system32\localspl.dll
    d:\windows\system32\sfc_os.dll
    d:\windows\system32\wintrust.dll
    d:\windows\system32\crypt32.dll
    d:\windows\system32\msasn1.dll
    d:\windows\system32\imagehlp.dll
    d:\windows\system32\winspool.drv
    d:\windows\system32\netapi32.dll
    d:\windows\system32\cnbjmon.dll
    d:\windows\system32\pjlmon.dll
    d:\windows\system32\tcpmon.dll
    d:\windows\system32\usbmon.dll
    d:\windows\system32\mswsock.dll
    d:\windows\system32\winrnr.dll
    d:\windows\system32\wldap32.dll
    d:\windows\system32\nwprovau.dll
    d:\windows\system32\mpr.dll
    d:\windows\system32\win32spl.dll
    d:\windows\system32\netrap.dll
    d:\windows\system32\ntdsapi.dll
    d:\windows\system32\clbcatq.dll
    d:\windows\system32\comres.dll
    d:\windows\system32\inetpp.dll
    d:\windows\system32\xpsp2res.dll
    D:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
    d:\program files\avira\antivir personaledition classic\sched.exe
    d:\windows\system32\ntdll.dll
    d:\windows\system32\kernel32.dll
    d:\windows\system32\version.dll
    d:\windows\system32\user32.dll
    d:\windows\system32\gdi32.dll
    d:\windows\system32\advapi32.dll
    d:\windows\system32\rpcrt4.dll
    d:\windows\system32\secur32.dll
    d:\program files\avira\antivir personaledition classic\msvcr71.dll
    d:\program files\avira\antivir personaledition classic\msvcp71.dll
    d:\windows\system32\imm32.dll
    d:\program files\avira\antivir personaledition classic\schedr.dll
    d:\windows\system32\wtsapi32.dll
    d:\windows\system32\msvcrt.dll
    d:\windows\system32\winsta.dll
    d:\windows\system32\netapi32.dll
    d:\windows\system32\rasapi32.dll
    d:\windows\system32\rasman.dll
    d:\windows\system32\ws2_32.dll
    d:\windows\system32\ws2help.dll
    d:\windows\system32\tapi32.dll
    d:\windows\system32\shlwapi.dll
    d:\windows\system32\rtutils.dll
    d:\windows\system32\winmm.dll
    d:\windows\system32\serwvdrv.dll
    d:\windows\system32\umdmxfrm.dll
    d:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    d:\program files\avira\antivir personaledition classic\avevtlog.dll
    d:\program files\avira\antivir personaledition classic\sqlite3.dll
    D:\WINDOWS\SYSTEM32\NETDDE.EXE
    d:\windows\system32\netdde.exe
    d:\windows\system32\ntdll.dll
    d:\windows\system32\kernel32.dll
    d:\windows\system32\msvcrt.dll
    d:\windows\system32\advapi32.dll
    d:\windows\system32\rpcrt4.dll
    d:\windows\system32\secur32.dll
    d:\windows\system32\gdi32.dll
    d:\windows\system32\user32.dll
    d:\windows\system32\nddeapi.dll
    d:\windows\system32\shimeng.dll
    d:\windows\apppatch\acgenral.dll
    d:\windows\system32\winmm.dll
    d:\windows\system32\ole32.dll
    d:\windows\system32\oleaut32.dll
    d:\windows\system32\msacm32.dll
    d:\windows\system32\version.dll
    d:\windows\system32\shell32.dll
    d:\windows\system32\shlwapi.dll
    d:\windows\system32\userenv.dll
    d:\windows\system32\uxtheme.dll
    d:\windows\system32\imm32.dll
    d:\windows\system32\serwvdrv.dll
    d:\windows\system32\umdmxfrm.dll
    d:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    d:\windows\system32\comctl32.dll
    d:\windows\system32\nddenb32.dll
    d:\windows\system32\netapi32.dll
    d:\windows\system32\msctfime.ime
    D:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
    d:\windows\system32\ati2evxx.exe
    d:\windows\system32\ntdll.dll
    d:\windows\system32\kernel32.dll
    d:\windows\system32\user32.dll
    d:\windows\system32\gdi32.dll
    d:\windows\system32\ole32.dll
    d:\windows\system32\advapi32.dll
    d:\windows\system32\rpcrt4.dll
    d:\windows\system32\secur32.dll
    d:\windows\system32\msvcrt.dll
    d:\windows\system32\oleaut32.dll
    d:\windows\system32\imm32.dll
    d:\windows\system32\uxtheme.dll
    d:\windows\system32\msctfime.ime
    d:\windows\system32\ati2edxx.dll
    d:\windows\system32\xpsp2res.dll
    d:\windows\system32\clbcatq.dll
    d:\windows\system32\comres.dll
    d:\windows\system32\version.dll
    d:\windows\system32\msctf.dll
    D:\WINDOWS\EXPLORER.EXE
    d:\windows\explorer.exe
    d:\windows\system32\ntdll.dll
    d:\windows\system32\kernel32.dll
    d:\windows\system32\advapi32.dll
    d:\windows\system32\rpcrt4.dll
    d:\windows\system32\secur32.dll
    d:\windows\system32\browseui.dll
    d:\windows\system32\gdi32.dll
    d:\windows\system32\user32.dll
    d:\windows\system32\msvcrt.dll
    d:\windows\system32\ole32.dll
    d:\windows\system32\shlwapi.dll
    d:\windows\system32\oleaut32.dll
    d:\windows\system32\shdocvw.dll
    d:\windows\system32\crypt32.dll
    d:\windows\system32\msasn1.dll
    d:\windows\system32\cryptui.dll
    d:\windows\system32\wintrust.dll
    d:\windows\system32\imagehlp.dll
    d:\windows\system32\netapi32.dll
    d:\windows\system32\wininet.dll
    d:\windows\system32\normaliz.dll
    d:\windows\system32\iertutil.dll
    d:\windows\system32\wldap32.dll
    d:\windows\system32\version.dll
    d:\windows\system32\shell32.dll
    d:\windows\system32\uxtheme.dll
    d:\windows\system32\shimeng.dll
    d:\windows\apppatch\acgenral.dll
    d:\windows\system32\winmm.dll
    d:\windows\system32\msacm32.dll
    d:\windows\system32\userenv.dll
    d:\windows\system32\imm32.dll
    d:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    d:\windows\system32\comctl32.dll
    d:\windows\system32\serwvdrv.dll
    d:\windows\system32\umdmxfrm.dll
    d:\windows\system32\msctfime.ime
    d:\windows\system32\apphelp.dll
    d:\windows\system32\clbcatq.dll
    d:\windows\system32\comres.dll
    d:\windows\system32\cscui.dll
    d:\windows\system32\cscdll.dll
    d:\windows\system32\themeui.dll
    d:\windows\system32\msimg32.dll
    d:\windows\system32\xpsp2res.dll
    d:\windows\system32\msutb.dll
    d:\windows\system32\msctf.dll
    d:\windows\system32\linkinfo.dll
    d:\windows\system32\ntshrui.dll
    d:\windows\system32\atl.dll
    d:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
    d:\windows\system32\setupapi.dll
    d:\windows\system32\ieframe.dll
    d:\windows\system32\psapi.dll
    d:\windows\system32\urlmon.dll
    d:\windows\system32\msi.dll
    d:\windows\system32\mlang.dll
    d:\windows\system32\rsaenh.dll
    d:\windows\system32\wdmaud.drv
    d:\windows\system32\msacm32.drv
    d:\windows\system32\midimap.dll
    d:\windows\system32\winsta.dll
    d:\windows\system32\webcheck.dll
    d:\windows\system32\stobject.dll
    d:\windows\system32\batmeter.dll
    d:\windows\system32\powrprof.dll
    d:\windows\system32\wtsapi32.dll
    d:\windows\system32\upnpui.dll
    d:\windows\system32\upnp.dll
    d:\windows\system32\winhttp.dll
    d:\windows\system32\ssdpapi.dll
    d:\windows\system32\ws2_32.dll
    d:\windows\system32\ws2help.dll
    d:\windows\system32\iphlpapi.dll
    d:\windows\system32\hnetcfg.dll
    d:\windows\system32\mswsock.dll
    d:\windows\system32\wshtcpip.dll
    d:\windows\system32\wship6.dll
    d:\windows\system32\netshell.dll
    d:\windows\system32\rtutils.dll
    d:\windows\system32\credui.dll
    d:\windows\system32\mpr.dll
    d:\windows\system32\nwprovau.dll
    d:\windows\system32\drprov.dll
    d:\windows\system32\ntlanman.dll
    d:\windows\system32\netui0.dll
    d:\windows\system32\netui1.dll
    d:\windows\system32\netrap.dll
    d:\windows\system32\samlib.dll
    d:\windows\system32\davclnt.dll
    d:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
    d:\windows\system32\browselc.dll
    d:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
    d:\windows\system32\msvcr71.dll
    d:\progra~1\spybot~1\sdhelper.dll
    d:\windows\system32\comdlg32.dll
    d:\windows\system32\wsock32.dll
    d:\windows\system32\faultrep.dll
    d:\windows\system32\olepro32.dll
    d:\windows\system32\jsproxy.dll
    d:\program files\siber systems\ai roboform\roboform.dll
    d:\windows\system32\winspool.drv
    d:\windows\system32\oledlg.dll
    d:\windows\system32\shdoclc.dll
    d:\windows\system32\sxs.dll
    d:\windows\system32\duser.dll
    d:\windows\system32\shmedia.dll
    d:\windows\system32\msvfw32.dll
    d:\windows\system32\avifil32.dll
    d:\windows\system32\l3codeca.acm
    d:\windows\system32\wmvcore.dll
    d:\windows\system32\wmasf.dll
    d:\program files\malwarebytes' anti-malware\mbamext.dll
    d:\program files\winrar\rarext.dll
    d:\program files\avira\antivir personaledition classic\shlext.dll
    d:\program files\avira\antivir personaledition classic\mfc71u.dll
    d:\windows\system32\mfc71fra.dll
    d:\windows\system32\quartz.dll
    d:\windows\system32\msdmo.dll
    d:\windows\system32\xvid.ax
    d:\program files\fichiers communs\ahead\dsfilter\nevideo.ax
    d:\windows\system32\msvcp60.dll
    d:\program files\fichiers communs\ahead\dsfilter\nevdec.ax
    d:\windows\system32\qdvd.dll
    d:\windows\system32\rasapi32.dll
    d:\windows\system32\rasman.dll
    d:\windows\system32\tapi32.dll
    d:\windows\system32\msv1_0.dll
    d:\windows\system32\sensapi.dll
    d:\windows\system32\mcdvd_32.dll
    d:\windows\system32\cryptnet.dll
    d:\windows\system32\actxprxy.dll
    d:\windows\system32\msgina.dll
    d:\windows\system32\odbc32.dll
    d:\windows\system32\odbcint.dll
    d:\windows\system32\wiashext.dll
    d:\windows\system32\sti.dll
    d:\windows\system32\cfgmgr32.dll
    d:\windows\system32\wmpshell.dll
    d:\windows\system32\qedit.dll
    d:\windows\system32\devenum.dll
    d:\windows\system32\asfsipc.dll
    d:\windows\system32\msisip.dll
    d:\windows\system32\wshext.dll
    d:\windows\system32\mfc42.dll
    d:\windows\system32\mfc42loc.dll
    d:\windows\system32\wshfr.dll
    D:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
    d:\program files\avira\antivir personaledition classic\avguard.exe
    d:\windows\system32\ntdll.dll
    d:\windows\system32\kernel32.dll
    d:\windows\system32\version.dll
    d:\windows\system32\user32.dll
    d:\windows\system32\gdi32.dll
    d:\windows\system32\advapi32.dll
    d:\windows\system32\rpcrt4.dll
    d:\windows\system32\secur32.dll
    d:\program files\avira\antivir personaledition classic\msvcr71.dll
    d:\windows\system32\imm32.dll
    d:\windows\system32\wtsapi32.dll
    d:\windows\system32\msvcrt.dll
    d:\windows\system32\winsta.dll
    d:\windows\system32\netapi32.dll
    d:\program files\avira\antivir personaledition classic\avevtlog.dll
    d:\program files\avira\antivir personaledition classic\guardmsg.dll
    d:\program files\avira\antivir personaledition classic\sqlite3.dll
    d:\program files\avira\antivir personaledition classic\avpref.dll
    d:\program files\avira\antivir personaledition classic\smtplib.dll
    d:\windows\system32\ws2_32.dll
    d:\windows\system32\ws2help.dll
    d:\windows\system32\wintrust.dll
    d:\windows\system32\crypt32.dll
    d:\windows\system32\msasn1.dll
    d:\windows\system32\imagehlp.dll
    d:\program files\avira\antivir personaledition classic\avgio.dll
    d:\windows\system32\fltlib.dll
    d:\windows\system32\shlwapi.dll
    d:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    d:\windows\system32\comctl32.dll
    d:\program files\avira\antivir personaledition classic\avipc.dll
    d:\program files\avira\antivir personaledition classic\aecore.dll
    d:\program files\avira\antivir personaledition classic\aevdf.dll
    d:\program files\avira\antivir personaledition classic\aescript.dll
    d:\program files\avira\antivir personaledition classic\aescn.dll
    d:\program files\avira\antivir personaledition classic\aerdl.dll
    d:\program files\avira\antivir personaledition classic\aepack.dll
    d:\program files\avira\antivir personaledition classic\unacev2.dll
    d:\windows\system32\shell32.dll
    d:\program files\avira\antivir personaledition classic\aeoffice.dll
    d:\program files\avira\antivir personaledition classic\aeheur.dll
    d:\program files\avira\antivir personaledition classic\aehelp.dll
    d:\program files\avira\antivir personaledition classic\aegen.dll
    d:\program files\avira\antivir personaledition classic\aeemu.dll
    d:\program files\avira\antivir personaledition classic\aebb.dll
    D:\WINDOWS\EHOME\EHRECVR.EXE
    d:\windows\ehome\ehrecvr.exe
    d:\windows\system32\ntdll.dll
    d:\windows\system32\kernel32.dll
    d:\windows\system32\msvcrt.dll
    d:\windows\system32\atl.dll
    d:\windows\system32\user32.dll
    d:\windows\system32\gdi32.dll
    d:\windows\system32\advapi32.dll
    d:\windows\system32\rpcrt4.dll
    d:\windows\system32\secur32.dll
    d:\windows\system32\ole32.dll
    d:\windows\system32\oleaut32.dll
    d:\windows\system32\imm32.dll
    d:\windows\system32\uxtheme.dll
    d:\windows\system32\xpsp2res.dll
    d:\windows\system32\ntmarta.dll
    d:\windows\system32\wldap32.dll
    d:\windows\system32\samlib.dll
    d:\windows\system32\clbcatq.dll
    d:\windows\system32\comres.dll
    d:\windows\system32\version.dll
    d:\windows\system32\sbe.dll
    d:\windows\system32\winmm.dll
    d:\windows\system32\serwvdrv.dll
    d:\windows\system32\umdmxfrm.dll
    d:\windows\system32\msvidctl.dll
    d:\windows\system32\quartz.dll
    d:\windows\system32\shell32.dll
    d:\windows\system32\shlwapi.dll
    d:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    d:\windows\system32\comctl32.dll
    d:\windows\system32\devenum.dll
    d:\windows\system32\setupapi.dll
    d:\windows\system32\wintrust.dll
    d:\windows\system32\crypt32.dll
    d:\windows\system32\msasn1.dll
    d:\windows\system32\imagehlp.dll
    d:\windows\system32\msdmo.dll
    D:\WINDOWS\EHOME\EHSCHED.EXE
    d:\windows\ehome\ehsched.exe
    d:\windows\system32\ntdll.dll
    d:\windows\system32\kernel32.dll
    d:\windows\system32\msvcrt.dll
    d:\windows\system32\atl.dll
    d:\windows\system32\user32.dll
    d:\windows\system32\gdi32.dll
    d:\windows\system32\advapi32.dll
    d:\windows\system32\rpcrt4.dll
    d:\windows\system32\secur32.dll
    d:\windows\system32\ole32.dll
    d:\windows\system32\oleaut32.dll
    d:\windows\system32\imm32.dll
    d:\windows\system32\uxtheme.dll
    d:\windows\system32\xpsp2res.dll
    d:\windows\system32\clbcatq.dll
    d:\windows\system32\comres.dll
    d:\windows\system32\version.dll
    d:\windows\system32\msi.dll
    d:\windows\ehome\ehproxy.dll
    d:\windows\system32\tapi3.dll
    d:\windows\system32\wininet.dll
    d:\windows\system32\shlwapi.dll
    d:\windows\system32\normaliz.dll
    d:\windows\system32\iertutil.dll
    d:\windows\system32\winmm.dll
    d:\windows\system32\rtutils.dll
    d:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    d:\windows\system32\serwvdrv.dll
    d:\windows\system32\umdmxfrm.dll
    d:\windows\system32\confmsp.dll
    d:\windows\system32\ws2_32.dll
    d:\windows\system32\ws2help.dll
    d:\windows\system32\mswsock.dll
    d:\windows\system32\hnetcfg.dll
    d:\windows\system32\wshtcpip.dll
    d:\windows\system32\termmgr.dll
    d:\windows\system32\h323msp.dll
    d:\windows\system32\iphlpapi.dll
    d:\windows\system32\msasn1.dll
    D:\WINDOWS\SYSTEM32\SVCHOST.EXE
    d:\windows\system32\svchost.exe
    d:\windows\system32\ntdll.dll
    d:\windows\system32\kernel32.dll
    d:\windows\system32\advapi32.dll
    d:\windows\system32\rpcrt4.dll
    d:\windows\system32\secur32.dll
    d:\windows\system32\shimeng.dll
    d:\windows\apppatch\acgenral.dll
    d:\windows\system32\user32.dll
    d:\windows\system32\gdi32.dll
    d:\windows\system32\winmm.dll
    d:\windows\system32\ole32.dll
    d:\windows\system32\msvcrt.dll
    d:\windows\system32\oleaut32.dll
    d:\windows\system32\msacm32.dll
    d:\windows\system32\version.dll
    d:\windows\system32\shell32.dll
    d:\windows\system32\shlwapi.dll
    d:\windows\system32\userenv.dll
    d:\windows\system32\uxtheme.dll
    d:\windows\system32\imm32.dll
    d:\windows\system32\serwvdrv.dll
    d:\windows\system32\umdmxfrm.dll
    d:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    d:\windows\system32\comctl32.dll
    d:\windows\system32\wiaservc.dll
    d:\windows\system32\cfgmgr32.dll
    d:\windows\system32\setupapi.dll
    d:\windows\system32\mscms.dll
    d:\windows\system32\winspool.drv
    d:\windows\system32\winsta.dll
    d:\windows\system32\netapi32.dll
    d:\windows\system32\xpsp2res.dll
    d:\windows\system32\clbcatq.dll
    d:\windows\system32\comres.dll
    d:\windows\system32\wintrust.dll
    d:\windows\system32\crypt32.dll
    d:\windows\system32\msasn1.dll
    d:\windows\system32\imagehlp.dll
    d:\windows\system32\wiavusd.dll
    d:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
    d:\windows\system32\shfolder.dll
    d:\windows\system32\actxprxy.dll
    d:\windows\system32\sti.dll
    D:\WINDOWS\SYSTEM32\DLLHOST.EXE
    d:\windows\system32\dllhost.exe
    d:\windows\system32\ntdll.dll
    d:\windows\system32\kernel32.dll
    d:\windows\system32\msvcrt.dll
    d:\windows\system32\ole32.dll
    d:\windows\system32\advapi32.dll
    d:\windows\system32\rpcrt4.dll
    d:\windows\system32\secur32.dll
    d:\windows\system32\gdi32.dll
    d:\windows\system32\user32.dll
    d:\windows\system32\shimeng.dll
    d:\windows\apppatch\acgenral.dll
    d:\windows\system32\winmm.dll
    d:\windows\system32\oleaut32.dll
    d:\windows\system32\msacm32.dll
    d:\windows\system32\version.dll
    d:\windows\system32\shell32.dll
    d:\windows\system32\shlwapi.dll
    d:\windows\system32\userenv.dll
    d:\windows\system32\uxtheme.dll
    d:\windows\system32\imm32.dll
    d:\windows\system32\serwvdrv.dll
    d:\windows\system32\umdmxfrm.dll
    d:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    d:\windows\system32\comctl32.dll
    d:\windows\system32\clbcatq.dll
    d:\windows\system32\comres.dll
    d:\windows\system32\xpsp2res.dll
    d:\windows\system32\comsvcs.dll
    d:\windows\system32\colbact.dll
    d:\windows\system32\mtxclu.dll
    d:\windows\system32\wsock32.dll
    d:\windows\system32\ws2_32.dll
    d:\windows\system32\ws2help.dll
    d:\windows\system32\netapi32.dll
    d:\windows\system32\clusapi.dll
    d:\windows\system32\resutils.dll
    d:\windows\system32\rsaenh.dll
    d:\windows\system32\txflog.dll
    d:\windows\system32\es.dll
    d:\windows\system32\wtsapi32.dll
    d:\windows\system32\winsta.dll
    d:\windows\system32\sxs.dll
    D:\WINDOWS\SYSTEM32\ALG.EXE
    d:\windows\system32\alg.exe
    d:\windows\system32\ntdll.dll
    d:\windows\system32\kernel32.dll
    d:\windows\system32\msvcrt.dll
    d:\windows\system32\atl.dll
    d:\windows\system32\user32.dll
    d:\windows\system32\gdi32.dll
    d:\windows\system32\advapi32.dll
    d:\windows\system32\rpcrt4.dll
    d:\windows\system32\secur32.dll
    d:\windows\system32\ole32.dll
    d:\windows\system32\oleaut32.dll
    d:\windows\system32\wsock32.dll
    d:\windows\system32\ws2_32.dll
    d:\windows\system32\ws2help.dll
    d:\windows\system32\mswsock.dll
    d:\windows\system32\shimeng.dll
    d:\windows\apppatch\acgenral.dll
    d:\windows\system32\winmm.dll
    d:\windows\system32\msacm32.dll
    d:\windows\system32\version.dll
    d:\windows\system32\shell32.dll
    d:\windows\system32\shlwapi.dll
    d:\windows\system32\userenv.dll
    d:\windows\system32\uxtheme.dll
    d:\windows\system32\imm32.dll
    d:\windows\system32\serwvdrv.dll
    d:\windows\system32\umdmxfrm.dll
    d:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    d:\windows\system32\comctl32.dll
    d:\windows\system32\clbcatq.dll
    d:\windows\system32\comres.dll
    d:\windows\system32\xpsp2res.dll
    d:\windows\system32\hnetcfg.dll
    d:\windows\system32\wshtcpip.dll
    D:\WINDOWS\SYSTEM32\WSCNTFY.EXE
    d:\windows\system32\wscntfy.exe
    d:\windows\system32\ntdll.dll
    d:\windows\system32\kernel32.dll
    d:\windows\system32\msvcrt.dll
    d:\windows\system32\user32.dll
    d:\windows\system32\gdi32.dll
    d:\windows\system32\shell32.dll
    d:\windows\system32\advapi32.dll
    d:\windows\system32\rpcrt4.dll
    d:\windows\system32\secur32.dll
    d:\windows\system32\shlwapi.dll
    d:\windows\system32\imm32.dll
    d:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    d:\windows\system32\xpsp2res.dll
    d:\windows\system32\uxtheme.dll
    d:\windows\system32\msctfime.ime
    d:\windows\system32\ole32.dll
    d:\windows\system32\msctf.dll
    D:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CLI.EXE
    d:\program files\ati technologies\ati.ace\cli.exe
    d:\windows\system32\ntdll.dll
    d:\windows\system32\mscoree.dll
    d:\windows\system32\kernel32.dll
    d:\windows\system32\advapi32.dll
    d:\windows\system32\rpcrt4.dll
    d:\windows\system32\secur32.dll
    d:\windows\system32\shlwapi.dll
    d:\windows\system32\gdi32.dll
    d:\windows\system32\user32.dll
    d:\windows\system32\msvcrt.dll
    d:\windows\system32\imm32.dll
    d:\windows\microsoft.net\framework\v1.1.4322\mscorwks.dll
    d:\windows\microsoft.net\framework\v1.1.4322\msvcr71.dll
    d:\windows\microsoft.net\framework\v1.1.4322\fusion.dll
    d:\windows\system32\ole32.dll
    d:\windows\system32\shell32.dll
    d:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    d:\windows\system32\comctl32.dll
    d:\windows\microsoft.net\framework\v1.1.4322\mscorlib.dll
    d:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_dbf950a0\mscorlib.dll
    d:\windows\microsoft.net\framework\v1.1.4322\mscorsn.dll
    d:\windows\system32\rsaenh.dll
    d:\windows\system32\uxtheme.dll
    d:\windows\system32\msctf.dll
    d:\windows\microsoft.net\framework\v1.1.4322\mscorjit.dll
    d:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
    d:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_5c147402\system.windows.forms.dll
    d:\windows\system32\xpsp2res.dll
    d:\program files\ati technologies\ati.ace\cli.implementation.dll
    d:\program files\ati technologies\ati.ace\log.foundation.dll
    d:\program files\ati technologies\ati.ace\cli.foundation.dll
    d:\program files\ati technologies\ati.ace\log.foundation.service.dll
    d:\program files\ati technologies\ati.ace\log.foundation.shared.dll
    d:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
    d:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_93f6b43b\system.dll
    d:\windows\system32\shfolder.dll
    d:\program files\ati technologies\ati.ace\cli.foundation.xmanifestation.dll
    d:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
    d:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_da753e34\system.xml.dll
    d:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
    d:\windows\system32\ws2_32.dll
    d:\windows\system32\ws2help.dll
    d:\windows\system32\mswsock.dll
    d:\windows\system32\hnetcfg.dll
    d:\windows\system32\wshtcpip.dll
    d:\program files\ati technologies\ati.ace\cli.component.runtime.dll
    d:\program files\ati technologies\ati.ace\aticccom.dll
    d:\program files\ati technologies\ati.ace\aem.foundation.dll
    d:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
    d:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_e4644227\system.drawing.dll
    d:\windows\assembly\gac\system.windows.forms.resources\1.0.5000.0_fr_b77a5c561934e089\system.windows.forms.resources.dll
    d:\windows\system32\msctfime.ime
    d:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.2600.2180_x-ww_522f9f82\gdiplus.dll
    d:\program files\ati technologies\ati.ace\cli.caste.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.caste.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.component.runtime.shared.dll
    d:\program files\ati technologies\ati.ace\dem.foundation.dll
    d:\program files\ati technologies\ati.ace\dem.graphics.i0601.dll
    d:\program files\ati technologies\ati.ace\ace.graphics.displaysmanager.shared.dll
    d:\windows\system32\dnsapi.dll
    d:\windows\system32\winrnr.dll
    d:\windows\system32\wldap32.dll
    d:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_fr_b77a5c561934e089\mscorlib.resources.dll
    d:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
    d:\windows\system32\atidemgr.dll
    d:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
    d:\windows\system32\clbcatq.dll
    d:\windows\system32\comres.dll
    d:\windows\system32\oleaut32.dll
    d:\windows\system32\version.dll
    d:\windows\microsoft.net\framework\v1.1.4322\wminet_utils.dll
    d:\windows\system32\wbem\wmiutils.dll
    d:\windows\system32\wbem\wbemprox.dll
    d:\windows\system32\wbem\wbemcomn.dll
    d:\windows\system32\wbem\wbemsvc.dll
    d:\windows\system32\wbem\fastprox.dll
    d:\windows\system32\msvcp60.dll
    d:\windows\system32\ntdsapi.dll
    d:\windows\system32\netapi32.dll
    d:\windows\microsoft.net\framework\v1.1.4322\perfcounter.dll
    d:\windows\system32\ntmarta.dll
    d:\windows\system32\samlib.dll
    d:\windows\system32\psapi.dll
    d:\windows\microsoft.net\framework\v1.1.4322\aspnet_isapi.dll
    d:\windows\system32\userenv.dll
    d:\windows\system32\atl.dll
    d:\windows\system32\iphlpapi.dll
    d:\windows\system32\perfproc.dll
    d:\windows\system32\rasman.dll
    d:\windows\system32\msv1_0.dll
    d:\windows\system32\tapi32.dll
    d:\windows\system32\rtutils.dll
    d:\windows\system32\winmm.dll
    d:\windows\system32\serwvdrv.dll
    d:\windows\system32\umdmxfrm.dll
    d:\windows\system32\mprapi.dll
    d:\windows\system32\activeds.dll
    d:\windows\system32\adsldpc.dll
    d:\windows\system32\setupapi.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.multivpu2.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.multivpu2.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.multivpu.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.multivpu.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.verylargedesktop.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.displayscolour2.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.displayscolour.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.mmvideo.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.videooverlay.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\ace.graphics.videooverlay.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.smartgart.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.vpurecover.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.workstationconfig.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.devicecrt.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.devicecrt2.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.devicecrt2.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.devicelcd.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.devicelcd2.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.devicecv.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.devicecv.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.customformats.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.devicecv2.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.devicetv.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.devicedfp.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.devicedfp2.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.overdrive3.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.overdrive2.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.powerplay3.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.integratedumaframebuffer.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.infocentre.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.infocentre.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.hotkeyshandling.graphics.runtime.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.hotkeyshandling.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.radeon3d.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.radeon3dlegacy.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\dem.graphics.i0600.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.smartgart.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.workstationconfig.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.deviceproperty.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\dem.graphics.i0602.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.deviceproperty2.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.devicetv2.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.devicetv.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.overdrive2.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.displaysoptions.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\cli.aspect.integratedumaframebuffer.graphics.shared.dll
    d:\program files\ati technologies\ati.ace\apm.foundation.dll
    d:\windows\system32\apphelp.dll
    d:\windows\system32\ieframe.dll
    d:\windows\system32\iertutil.dll
    d:\windows\system32\urlmon.dll
    D:\WINDOWS\SYSTEM32\CTFMON.EXE
    d:\windows\system32\ctfmon.exe
    d:\windows\system32\ntdll.dll
    d:\windows\system32\kernel32.dll
    d:\windows\system32\msvcrt.dll
    d:\windows\system32\advapi32.dll
    d:\windows\system32\rpcrt4.dll
    d:\windows\system32\secur32.dll
    d:\windows\system32\user32.dll
    d:\windows\system32\gdi32.dll
    d:\windows\system32\msctf.dll
    d:\windows\system32\msutb.dll
    d:\windows\system32\shimeng.dll
    d:\windows\apppatch\acgenral.dll
    d:\windows\system32\winmm.dll
    d:\windows\system32\ole32.dll
    d:\windows\system32\oleaut32.dll
    d:\windows\system32\msacm32.dll
    d:\windows\system32\version.dll
    d:\windows\system32\shell32.dll
    d:\windows\system32\shlwapi.dll
    d:\windows\system32\userenv.dll
    d:\windows\system32\uxtheme.dll
    d:\windows\system32\imm32.dll
    d:\windows\system32\serwvdrv.dll
    d:\windows\system32\umdmxfrm.dll
    d:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    d:\windows\system32\msctfime.ime
    D:\DOCUMENTS AND SETTINGS\STEPHANE.MCE2005\LOCAL SETTINGS\APPLICATION DATA\GOOGLE\UPDATE\GOOGLEUPDATE.EXE
    d:\documents and settings\stephane.mce2005\local settings\application data\google\update\googleupdate.exe
    d:\windows\system32\ntdll.dll
    d:\windows\system32\kernel32.dll
    d:\windows\system32\ole32.dll
    d:\windows\system32\advapi32.dll
    d:\windows\system32\rpcrt4.dll
    d:\windows\system32\secur32.dll
    d:\windows\system32\gdi32.dll
    d:\windows\system32\user32.dll
    d:\windows\system32\msvcrt.dll
    d:\windows\system32\imm32.dll
    d:\windows\system32\shlwapi.dll
    d:\windows\system32\shell32.dll
    d:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    d:\documents and settings\stephane.mce2005\local settings\application data\google\update\1.2.131.11\goopdate.dll
    d:\windows\system32\netapi32.dll
    d:\windows\system32\ws2_32.dll
    d:\windows\system32\ws2help.dll
    d:\windows\system32\dbghelp.dll
    d:\windows\system32\version.dll
    d:\windows\system32\uxtheme.dll
    d:\windows\system32\msctf.dll
    d:\windows\system32\msctfime.ime
    D:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\ROBOTASKBARICON.EXE
    d:\program files\siber systems\ai roboform\robotaskbaricon.exe
    d:\windows\system32\ntdll.dll
    d:\windows\system32\kernel32.dll
    d:\program files\siber systems\ai roboform\roboform.dll
    d:\windows\system32\user32.dll
    d:\windows\system32\gdi32.dll
    d:\windows\system32\winspool.drv
    d:\windows\system32\msvcrt.dll
    d:\windows\system32\rpcrt4.dll
    d:\windows\system32\advapi32.dll
    d:\windows\system32\secur32.dll
    d:\windows\system32\shell32.dll
    d:\windows\system32\shlwapi.dll
    d:\windows\system32\wininet.dll
    d:\windows\system32\normaliz.dll
    d:\windows\system32\iertutil.dll
    d:\windows\system32\oledlg.dll
    d:\windows\system32\ole32.dll
    d:\windows\system32\olepro32.dll
    d:\windows\system32\oleaut32.dll
    d:\windows\system32\urlmon.dll
    d:\windows\system32\version.dll
    d:\windows\system32\imm32.dll
    d:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    d:\windows\system32\comctl32.dll
    d:\windows\system32\uxtheme.dll
    d:\windows\system32\msctf.dll
    d:\windows\system32\wtsapi32.dll
    d:\windows\system32\winsta.dll
    d:\windows\system32\netapi32.dll
    d:\windows\system32\msctfime.ime
    d:\windows\system32\oleacc.dll
    d:\windows\system32\msvcp60.dll
    D:\WINDOWS\SYSTEM32\SVCHOST.EXE
    d:\windows\system32\svchost.exe
    d:\windows\system32\ntdll.dll
    d:\windows\system32\kernel32.dll
    d:\windows\system32\advapi32.dll
    d:\windows\system32\
    0
  17. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut stephaura !!

    refais un nouveau rapport hijackthis stp
    0
  18. stephaura
     
    salut
    voila ta demande

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:22:47, on 2008-09-19
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\netdde.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    D:\WINDOWS\eHome\ehRecvr.exe
    D:\WINDOWS\eHome\ehSched.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\dllhost.exe
    D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Shareaza\Shareaza.exe
    D:\Documents and Settings\stephane.MCE2005\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\WINDOWS\system32\msiexec.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    0
  19. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Il est incomplet ce rapport.
    0
  20. stephaura
     
    desoler

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:52:06, on 2008-09-19
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\netdde.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    D:\WINDOWS\eHome\ehRecvr.exe
    D:\WINDOWS\eHome\ehSched.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\dllhost.exe
    D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\robert\prhyper.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Shareaza\Shareaza.exe
    D:\Documents and Settings\stephane.MCE2005\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\WINDOWS\system32\msiexec.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/?.intl=ca&.src=ym
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [ATIPTA] c:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\robert\prhyper.exe
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Shareaza] "D:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\stephane.MCE2005\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [RoboForm] "D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [HijackThis startup scan] D:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Barre RoboForm - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Enregistrer le formulaire - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Personnaliser le menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Remplir le formulaire - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    0
  21. stephaura
     
    allo

    et le voila apres un redemarage difficile

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:42:35, on 2008-09-19
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    D:\WINDOWS\system32\Ati2evxx.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\system32\netdde.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    D:\WINDOWS\eHome\ehRecvr.exe
    D:\WINDOWS\eHome\ehSched.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\system32\dllhost.exe
    D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\robert\prhyper.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Shareaza\Shareaza.exe
    D:\Documents and Settings\stephane.MCE2005\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\wbem\wmiapsrv.exe
    D:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\Program Files\ATI Technologies\ATI.ACE\cli.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/?.intl=ca&.src=ym
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O4 - HKLM\..\Run: [ATIPTA] c:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\robert\prhyper.exe
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Shareaza] "D:\Program Files\Shareaza\Shareaza.exe" -tray
    O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\stephane.MCE2005\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [RoboForm] "D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [HijackThis startup scan] D:\Program Files\Trend Micro\HijackThis\HijackThis.exe /startupscan
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Barre RoboForm - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Enregistrer le formulaire - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O8 - Extra context menu item: Personnaliser le menu - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Remplir le formulaire - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    0
  • 1
  • 2