Re bonsoir camarade,
Apparement y en avait besoin !
Voila voila :

1/ rapport SDFix

SDFix: Version 1.68

Run by GRAW YVES - 25/02/2007 @ 23:47:30,95

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:

Path:


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\DOCUME~1\GRAWYV~1\LOCALS~1\Temp\autorun.inf - Deleted
C:\WINDOWS\system\smss.exe - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.


Final Check:

Remaining Services:
------------------


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Shared­Access\Parameters\FirewallPolicy\StandardProfile\AuthorizedA­pplications\List]
"C:\\Documents and Settings\\GRAW YVES\\Local Settings\\Temp\\~os105.tmp\\ossproxy.exe"="C:\\Documents and Settings\\GRAW YVES\\Local Settings\\Temp\\~os105.tmp\\ossproxy.exe:*:Enabled:ossproxy.exe"
"C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDUOMP.exe"="C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDUOMP.exe:*:Disabled:CoDUOMP"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Disabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Disabled:AOL 9.0"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"="C:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe:*:Disabled:BF1942"
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Disabled:CoD2MP_s"
"C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"="C:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe:*:Disabled:CoDMP"
"C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"="C:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Palm\\Hotsync.exe"="C:\\Program Files\\Palm\\Hotsync.exe:*:Disabled:HotSync® Manager Application"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Disabled:LimeWire"
"C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe:*:Disabled:Medal of Honor Allied Assault(tm)"
"C:\\WINDOWS\\SYSTEM32\\mmc.exe"="C:\\WINDOWS\\SYSTEM32\\mmc.exe:*:Disabled:Microsoft Management Console"
"C:\\Program Files\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="C:\\Program Files\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Disabled:pandora"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"="C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe:*:Disabled:Sid Meier's Civilization 4"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\sandra.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\sandra.exe:*:Disabled:SiSoftware Sandra Lite"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\RpcSandraSrv.exe:*:Disabled:SiSoftware Sandra Lite"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\RpcDataSrv.exe:*:Disabled:SiSoftware Sandra Lite"
"C:\\Program Files\\Ratajik Software\\StationRipper\\StationRipperConsole.exe"="C:\\Program Files\\Ratajik Software\\StationRipper\\StationRipperConsole.exe:*:Disabled:StationRipperConsole"
"C:\\Valve\\Steam\\Steam.exe"="C:\\Valve\\Steam\\Steam.exe:*:Disabled:Steam"
"C:\\Program Files\\Xfire\\ua_lsp_inst.exe"="C:\\Program Files\\Xfire\\ua_lsp_inst.exe:*:Disabled:ua_lsp_inst"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Disabled:AOL"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Disabled:eMule"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\17exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\17exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\54exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\54exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\72exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\72exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\95exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\95exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\14exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\14exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\96exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\96exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\71exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\71exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\51exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\51exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\28exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\28exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\55exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\55exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\37exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\37exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\62exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\62exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\87exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\87exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\50exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\50exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\3exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\3exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\1exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\1exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\58exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\58exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\38exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\38exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWGU~1\\LOCALS~1\\Temp\\31exinjs.a2.exe"="C:\\DOCUME~1\\GRAWGU~1\\LOCALS~1\\Temp\\31exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\66exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\66exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\88exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\88exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\29exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\29exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\93exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\93exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\5exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\5exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\67exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\67exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\69exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\69exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\46exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\46exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\75exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\75exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\36exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\36exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\20exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\20exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\81exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\81exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\33exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\33exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\68exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\68exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\61exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\61exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\97exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\97exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\52exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\52exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\9exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\9exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\98exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\98exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\63exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\63exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\89exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\89exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\12exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\12exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\91exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\91exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\59exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\59exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\4exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\4exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\40exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\40exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWGU~1\\LOCALS~1\\Temp\\54exinjs.a2.exe"="C:\\DOCUME~1\\GRAWGU~1\\LOCALS~1\\Temp\\54exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\16exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\16exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWGU~1\\LOCALS~1\\Temp\\20exinjs.a2.exe"="C:\\DOCUME~1\\GRAWGU~1\\LOCALS~1\\Temp\\20exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\19exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\19exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\70exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\70exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\41exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\41exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\60exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\60exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\90exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\90exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\30exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\30exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\80exinjs.a2.exe"="C:\\DOCUME~1\\GRAWYV~1\\LOCALS~1\\Temp\\80exinjs.a2.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Fichiers communs\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Enabled:AOL 9.0"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\sandra.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\sandra.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2005.SR3\\RpcDataSrv.exe:*:Enabled:SiSoftware Sandra Lite"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\WINDOWS\SYSTEM32\PackethSvc.exe
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\Documents and Settings\GRAW GUILAINE\Application Data\Microsoft\Word\~WRL0131.tmp
C:\Documents and Settings\GRAW GUILAINE\Application Data\Microsoft\Word\~WRL0194.tmp
C:\Documents and Settings\GRAW GUILAINE\Application Data\Microsoft\Word\~WRL0610.tmp
C:\Documents and Settings\GRAW GUILAINE\Application Data\Microsoft\Word\~WRL1408.tmp
C:\Documents and Settings\GRAW GUILAINE\Application Data\Microsoft\Word\~WRL1745.tmp
C:\Documents and Settings\GRAW GUILAINE\Application Data\Microsoft\Word\~WRL2175.tmp
C:\Documents and Settings\GRAW GUILAINE\Mes documents\BOULOT\bilan 2006\~WRL0009.tmp
C:\Documents and Settings\GRAW GUILAINE\Mes documents\BOULOT\bilan 2006\~WRL0322.tmp
C:\Documents and Settings\GRAW GUILAINE\Mes documents\BOULOT\bilan 2006\~WRL2661.tmp
C:\Documents and Settings\GRAW YVES\Application Data\Microsoft\ModŠles\~WRL0005.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@R23.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@R3E.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@R40.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@R42.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@R43.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@R44.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@R46.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@R48.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@R52.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@R5D.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@R5F.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@R61.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@R63.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@R69.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@S24.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@S3F.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@S41.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@S43.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@S44.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@S45.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@S47.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@S49.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@S53.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@S5E.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@S60.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@S62.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@S64.tmp
C:\Documents and Settings\GRAW YVES\Local Settings\Temp\Z@S6A.tmp

Add/Remove Programs List:

Commande ECHO d‚sactiv‚e.
Ad-Aware SE Personal
AIM
avast! Antivirus
AVG 7.5
CartoExploreur
Catching Features (remove only)
CCleaner (remove only)
SafeCast Shared Components
Club Internet Agent Wi-Fi V2
Configurateur Modem
DiamondCS Port Explorer v2.150
eMule
ewido anti-spyware 4.0
FoneSync
Free Mp3 Wma Converter V 1.5.0
Free Spider
G-Force
GCompris (supprimer uniquement)
GUILD WARS
R‚cr‚s1
R‚cr‚s2
R‚cr‚s3
HijackThis 1.99.1
HP Image Zone 4.7
HP PSC 2350 series
Microsoft Internationalized Domain Names Mitigation APIs
Windows Internet Explorer 7
Correctif Windows XP - KB834707
Correctif Windows XP - KB867282
Microsoft Data Access Components KB870669
Correctif Windows XP - KB873333
Correctif Windows XP - KB873339
Correctif Windows XP - KB885250
Correctif Windows XP - KB885295
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
Correctif Windows XP - KB887742
Correctif Windows XP - KB888113
Correctif Windows XP - KB888302
Correctif Windows XP - KB890047
Correctif Windows XP - KB890175
Correctif Windows XP - KB890859
Correctif Windows XP - KB890923
Correctif Windows XP - KB891781
Correctif Windows XP - KB893066
Correctif Windows XP - KB893086
Le pique nique
Macromedia Shockwave Player
Mozilla Firefox (1.5.0.10)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft National Language Support Downlevel APIs
NVIDIA Windows 2000/XP Display Drivers
POB11 range ses jouets
POB 7
Quick Zip 4.60.017b
QuickTime
RealPlayer
TribalWeb.net
Shockwave
Macromedia Flash Player 8
SiSoftware Sandra Lite 2005.SR3 (Win64/32/CE)
Skype 2.5
Spybot - Search & Destroy 1.4
Viewpoint Media Player
Lecteur Windows Mediaÿ11
Windows XP Service Pack 2
WJChess 0.72
Installation de Microsoft Works Suite 2001
Microsoft User-Mode Driver Framework Feature Pack 1.0
ZoneAlarm
Microsoft Office 2000 Small Business
Microsoft Word 2000 SR-1
2350
2350_Help
Macro compl‚mentaire Microsoft Word pour Works Suite
Python 2.5
Scan
Modem Test
ScannerCopy
OS Pack Works Suite
HP Product Assistant
AutoUpdate
TrayApp
Unload
J2SE Runtime Environment 5.0 Update 11
HP PSC & OfficeJet 4.7
Synchronisation de Works
ProductContext
Google Earth
Sid Meier's Civilization 4
Readme
HP Software Update
AiO_Scan
Adaptateur IEEE 802.11g Sans-Fil USB
Destinations
BufferChm
DellTouch
Microsoft Works 6.0
HPSystemDiagnostics
DivX Codec
HP Image Zone Express
AiOSoftware
QFolder
DivX Player
Microsoft Office PowerPoint Viewer 2003
Help and Support Customization
Hercules Webcam
Adobe Reader 7.0.9 - Fran‡ais
Palm
JourneySoftwarePromo
Director
2350Trb
WebReg
Sid Meier's Civilization 4
Microsoft Money 2001
Hercules WebCam Station
SpeedTouch USB Software
Documents To Go
Nero 7 Premium

Finished

2/ Highjack

Logfile of HijackThis v1.99.1
Scan saved at 00:04:55, on 26/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\DELLMMKB.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\QuickZip4\QuickZip.exe
C:\DOCUME~1\GRAWYV~1\LOCALS~1\Temp\QZTEMP\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-internet.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Club-Internet_McciTrayApp] C:\Program Files\Club-Internet\Agent Wi-Fi V2\McciTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: TribalWeb.net.lnk = C:\Program Files\TribalWeb.net\tribalweb.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Fichiers communs\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\AIM.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Interface Chat Wanadoo - http://chat4.x-echo.com/version3/Applet/wchatsign.cab
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06ff2864692633a8ff19/netzip/RdxIE601_fr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://fnac.metaboli.fr/components/Metaboli.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - http://www.clickteam.com/vitalize3/vitalize.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

J'ai constaté que les 2 n'ont pas la même bibliothèque virale et ne détectent pas les mêmes virus. Est-ce vraiment incompatible ?
En tous cas merci pour le coup de main !
@++

Ok
En tous cas encore merci,
Le calme semble être revenu...
Bonne nuit
@+
Country Man

Récap de la situation :
Aprés un oubli de réactivation du pare feu et une nuit solo, mon FAI m'a averti de l'ouverture d'un OPEN PROXY sur mon adresse IP.
Un scan AVAST a permis de détecter divers vers et trojans qui se sont démultipliés >100.
Un scan avec AVG d'autres encores qui ont étés mis en quarantaine.
Ensuite une couche EWIDO et CC cleaner pour finir.

Malgré tout des alertes subsistaient encore sur deux trojans.
Un dernier nettoyage en mode sans echec avec SDFIx me semble avoir résolu le problème.
Merci a Garybrax et Philae83