Bonjour, Je viens vous demander de l'aide parce-que je ne sais pas comment procéder pour ce cheval de troie détecté il y'a 2 jours par Avast, qui ne peut pas même le mettre en quarantaine. J'ai fais un scan en ligne avec Bitdefender. Et pour la suppression, c'est toujours l'echec Pourriez-vous m'aider s'il vous plait? Merci bien.

Salut, Math, C'est un peu fort. Une personne demande de l'aide et tu l'envoies ailleurs ! C'est comme si tu voulais acheter une bagnole, et le vendeur te conseille une marque différente ! Moon, Edite un rapport Hijackthis. Si personne n'a pris le sujet, je t'aide ce soir. FillPCA

Win32:BHO-KD que faire?

Réponse 21 / 61

FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
17 févr. 2008 à 09:52

Bonjour,

OK. J'examine ceci.

Réponse 22 / 61

FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
17 févr. 2008 à 09:57

Re,

* Sélectionne le texte suivant :

killall::

Driver::
rimoqhbw

Registry::
[-HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46EB43FA-7E02-465C-80D6-02961A2E8B05}]
[-HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B24743B9-CD47-4BA9-958F-5E8C81293EB4}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rimoqhbw]
[HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dz1fzfc"=-
[HKEY_CURRENT_USER\Microsoft\Windows\CurrentVersion\Run]
"dz1fzfc"=-

File::
C:\WINDOWS\SYSTEM32\d3dimb.dll
C:\WINDOWS\system32\dmservera.dll
C:\WINDOWS\system32\dz1fzfc.exe
C:\WINDOWS\System32\kwnnfyxv.dat
C:\WINDOWS\System32\ihaqogka.dat
C:\WINDOWS\System32\fgdlidkm.dat
C:\WINDOWS\System32\abjzhikq.dat
C:\WINDOWS\System32\drivers\yognurqq.dat

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-note (programme>Accessoire>bloc-note).
* Colle le texte copié dans ce bloc-note (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Edite aussi un rapport Hijackthis.

FillPCA

Réponse 23 / 61

Moon
17 févr. 2008 à 10:14

Ok, voila le rapport.

ComboFix 08-02-17.2 - HP_Administrateur 2008-02-18 10:06:54.5 - NTFSx86

Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\WINDOWS\System32\abjzhikq.dat
C:\WINDOWS\SYSTEM32\d3dimb.dll
C:\WINDOWS\system32\dmservera.dll
C:\WINDOWS\System32\drivers\yognurqq.dat
C:\WINDOWS\system32\dz1fzfc.exe
C:\WINDOWS\System32\fgdlidkm.dat
C:\WINDOWS\System32\ihaqogka.dat
C:\WINDOWS\System32\kwnnfyxv.dat
.

Réponse 24 / 61

Moon
17 févr. 2008 à 10:16

Et un rapport Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 10:15, on 2008-02-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {46EB43FA-7E02-465C-80D6-02961A2E8B05} - C:\WINDOWS\system32\dmservera.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: (no name) - {B24743B9-CD47-4BA9-958F-5E8C81293EB4} - c:\windows\system32\d3dimb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\LAventure\MDToolbar\MdToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [dz1fzfc] C:\WINDOWS\system32\dz1fzfc.exe
O4 - HKLM\..\Run: [combofix] C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [dz1fzfc] C:\WINDOWS\system32\dz1fzfc.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cb4e065edfd34a24ba7083860ce8b47b
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cb4e065edfd34a24ba7083860ce8b47b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://celinebussi.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://celinebussi.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: rimoqhbw - C:\WINDOWS\SYSTEM32\d3dimb.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

Réponse 25 / 61

FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
17 févr. 2008 à 10:27

Re,

Peux-tu recommencer la manip précédente en mode sans échec ?
Edite ensuite le rapport CFscript et un nouveau rapport Hijackthis après avoir redémarré.

FillPCA

Réponse 26 / 61

Moon
17 févr. 2008 à 11:05

Voila en mode sans echec... Merci

ComboFix 08-02-17.2 - HP_Administrateur 2008-02-18 10:49:09.6 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.772 [GMT 1:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrateur\Bureau\CFScript.txt

FILE ::
C:\WINDOWS\System32\abjzhikq.dat
C:\WINDOWS\SYSTEM32\d3dimb.dll
C:\WINDOWS\system32\dmservera.dll
C:\WINDOWS\System32\drivers\yognurqq.dat
C:\WINDOWS\system32\dz1fzfc.exe
C:\WINDOWS\System32\fgdlidkm.dat
C:\WINDOWS\System32\ihaqogka.dat
C:\WINDOWS\System32\kwnnfyxv.dat
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\d3dimb.dll
C:\WINDOWS\system32\dmservera.dll
C:\WINDOWS\System32\drivers\yognurqq.dat
C:\WINDOWS\System32\abjzhikq.dat
C:\WINDOWS\system32\d3dimb.dll
C:\WINDOWS\system32\dmservera.dll
C:\WINDOWS\System32\drivers\yognurqq.dat
C:\WINDOWS\system32\dz1fzfc.exe
C:\WINDOWS\System32\fgdlidkm.dat
C:\WINDOWS\System32\ihaqogka.dat
C:\WINDOWS\System32\kwnnfyxv.dat
.
---- Previous Run -------
.
C:\WINDOWS\System32\abjzhikq.dat
C:\WINDOWS\system32\d3dimb.dll . . . . Echec de suppression
C:\WINDOWS\system32\dz1fzfc.exe
C:\WINDOWS\System32\fgdlidkm.dat
C:\WINDOWS\System32\ihaqogka.dat
C:\WINDOWS\System32\kwnnfyxv.dat
C:\WINDOWS\system32\d3dimb.dll . . . . Echec de suppression

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\poof

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))))))))
.

2008-02-18 09:31 . 2008-02-18 09:31 10,925,154 --a------ C:\upload_moi_NOM-FB9B15D2723.tar.gz
2008-02-16 21:20 . 2008-02-16 21:37 <REP> d-------- C:\SDFix
2008-02-12 11:12 . 2008-02-12 11:12 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2008-02-12 11:12 . 2008-02-12 11:12 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2008-02-11 08:27 . 2008-02-11 08:27 120,576 --a------ C:\WINDOWS\system32\ihiyjnst.dat
2008-02-11 08:21 . 2004-08-10 05:00 87,552 --a------ C:\WINDOWS\system32\d3dimb.dll.bak
2008-02-09 16:55 . 2008-02-09 16:55 <REP> d-------- C:\Program Files\MSBuild
2008-02-09 16:53 . 2008-02-09 16:53 <REP> d-------- C:\Program Files\Microsoft.NET
2008-02-09 16:50 . 2008-02-09 16:54 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-02-09 16:50 . 2008-02-13 22:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-06 20:44 . 2008-02-06 21:22 <REP> d-------- C:\Documents and Settings\yves\Application Data\U3
2008-02-05 18:17 . 2002-03-05 15:24 36,864 -ra------ C:\WINDOWS\system32\deluidrv.exe
2008-02-05 18:17 . 2002-03-05 15:24 32,768 -ra------ C:\WINDOWS\system32\usbmonit.exe
2008-02-05 18:17 . 2002-03-05 15:24 32,768 -ra------ C:\WINDOWS\system32\delentry.exe
2008-02-05 18:17 . 2002-03-05 15:24 21,064 -ra------ C:\WINDOWS\system32\drivers\geneuide.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 09:55 --------- d-----w C:\Program Files\The Cleaner
2008-02-17 21:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-16 20:06 --------- d-----w C:\Program Files\Navilog1
2008-02-16 19:29 968 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
2008-02-11 09:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-09 15:55 --------- d-----w C:\Program Files\Microsoft Works
2008-02-08 18:01 --------- d-----w C:\Program Files\eMule
2008-01-26 14:53 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\XnView
2008-01-23 19:21 --------- d-----w C:\Program Files\Canon
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-01 08:01 68856]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"dz1fzfc"="C:\WINDOWS\system32\dz1fzfc.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 19:34 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 13:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 04:05 16239616 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 01:15 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 23:50 7311360]
"nwiz"="nwiz.exe" [2006-05-09 23:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 08:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
"PCDrProfiler"="" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 05:11 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"tcactive"="C:\Program Files\The Cleaner\tca.exe" [2004-04-09 08:26 631808]
"tcmonitor"="C:\Program Files\The Cleaner\tcm.exe" [2004-03-13 12:48 388096]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-17 15:22 185632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 01:36 81920]
"dz1fzfc"="C:\WINDOWS\system32\dz1fzfc.exe" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 12:00]
S0 rzluwezz;rzluwezz;C:\WINDOWS\system32\drivers\yognurqq.dat []
S2 wbblpcae;PCI Bus vbf08 Monitor;C:\WINDOWS\System32\svchost.exe [2004-08-10 12:00]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wbblpcae

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-18 09:15:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"

Réponse 27 / 61

Moon
17 févr. 2008 à 11:06

Logfile of HijackThis v1.99.1
Scan saved at 11:05, on 2008-02-18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://fr.search.yahoo.com/?fr=cb-hp06
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\LAventure\MDToolbar\MdToolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [dz1fzfc] C:\WINDOWS\system32\dz1fzfc.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [dz1fzfc] C:\WINDOWS\system32\dz1fzfc.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cb4e065edfd34a24ba7083860ce8b47b
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cb4e065edfd34a24ba7083860ce8b47b
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://celinebussi.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://celinebussi.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

Réponse 28 / 61

FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
17 févr. 2008 à 11:12

Re,

C'est beaucoup mieux.
* Sélectionne le texte suivant :

Driver::
rzluwezz

Registry::
[-HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{46EB43FA-7E02-465C-80D6-02961A2E8B05}]
[-HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B24743B9-CD47-4BA9-958F-5E8C81293EB4}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rimoqhbw]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dz1fzfc"=-
[HKEY_CURRENT_USER\Microsoft\Windows\CurrentVersion\Run]
"dz1fzfc"=-

File::
C:\WINDOWS\SYSTEM32\d3dimb.dll
C:\WINDOWS\system32\dmservera.dll
C:\WINDOWS\system32\dz1fzfc.exe
C:\WINDOWS\System32\kwnnfyxv.dat
C:\WINDOWS\System32\ihaqogka.dat
C:\WINDOWS\System32\fgdlidkm.dat
C:\WINDOWS\System32\abjzhikq.dat
C:\WINDOWS\System32\drivers\yognurqq.dat

* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-note (programme>Accessoire>bloc-note).
* Colle le texte copié dans ce bloc-note (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe

* Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher: Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

2/ * Télécharge PCA (d'Evosla) : http://ww25.evosla.com/pca_cpt.php?agr=pca_securite
* Dézippe-le dans un répertoire dédié comme c:\PCA au moyen d'un clic droit (Extraire...),
* Clique sur l'onglet "diagnostic du PC" puis "analyser".
* Laisse l'analyse se dérouler. Cela ne prend que quelques secondes.
* Clique sur "enregistrer le rapport" en bas à droite et sauvegarde-le sur le bureau.
* Edite le contenu de ce rapport dans ta prochaine réponse. Il se nomme PCA_LOG.txt

3/ Edite les deux rapports précédents.

FillPCA

Réponse 29 / 61

Moon
17 févr. 2008 à 11:31

Pas plus...

ComboFix 08-02-17.2 - HP_Administrateur 2008-02-18 11:26:32.7 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.561 [GMT 1:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\WINDOWS\System32\abjzhikq.dat
C:\WINDOWS\SYSTEM32\d3dimb.dll
C:\WINDOWS\system32\dmservera.dll
C:\WINDOWS\System32\drivers\yognurqq.dat
C:\WINDOWS\system32\dz1fzfc.exe
C:\WINDOWS\System32\fgdlidkm.dat
C:\WINDOWS\System32\ihaqogka.dat
C:\WINDOWS\System32\kwnnfyxv.dat
.

Réponse 30 / 61

Moon
17 févr. 2008 à 11:34

# PCA Sécurité V 1.0.2, (fichier LOG).
# Rapport du :2008-02-18 11:33:40
Microsoft Windows XP Service Pack 2

==>> Processus <==
\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\HP_Administrateur\Bureau\pca\pca.exe

//pages de démarrage et de recherche d'Internet Explorer
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Start Page = about:blank
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
RO - HKCU\Software\Microsoft\Internet Explorer\Main\Start Page = https://www.google.fr/?gws_rd=ssl
RO - HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Search Page = https://www.google.com/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search\SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
//applications lancées depuis system.ini,win.ini
//03 - Browser Helper Objects (BHOs)
02 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
02 - BHO: - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
02 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
02 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
02 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
02 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
02 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar : &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar : MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\LAventure\MDToolbar\MdToolbar.dll
O3 - Toolbar : Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar : Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
//04 - applications chargées automatiquement
04 - HKLM\..\RUN: [ehTray] - C:\WINDOWS\ehome\ehtray.exe
04 - HKLM\..\RUN: [ftutil2] - rundll32.exe ftutil2.dll,SetWriteCacheMode
04 - HKLM\..\RUN: [RTHDCPL] - RTHDCPL.EXE
04 - HKLM\..\RUN: [AlwaysReady Power Message APP] - ARPWRMSG.EXE
04 - HKLM\..\RUN: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKLM\..\RUN: [nwiz] - nwiz.exe /install
04 - HKLM\..\RUN: [DMAScheduler] - "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
04 - HKLM\..\RUN: [Recguard] - C:\WINDOWS\SMINST\RECGUARD.EXE
04 - HKLM\..\RUN: [PCDrProfiler] -
04 - HKLM\..\RUN: [HP Software Update] -
04 - HKLM\..\RUN: [avast!] - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
04 - HKLM\..\RUN: [SunJavaUpdateSched] - "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
04 - HKLM\..\RUN: [Easy-PrintToolBox] - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
04 - HKLM\..\RUN: [!AVG Anti-Spyware] - "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
04 - HKLM\..\RUN: [tcactive] - C:\Program Files\The Cleaner\tca.exe
04 - HKLM\..\RUN: [tcmonitor] - C:\Program Files\The Cleaner\tcm.exe
04 - HKLM\..\RUN: [TkBellExe] - "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
04 - HKLM\..\RUN: [QuickTime Task] - "C:\Program Files\QuickTime\qttask.exe" -atboottime
04 - HKLM\..\RUN: [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
04 - HKLM\..\RUN: [SsAAD.exe] - C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
04 - HKLM\..\RUN: [combofix] - C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
04 - HKLU\..\RUN: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
04 - HKLU\..\RUN: [msnmsgr] - "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
04 - HKLU\..\RUN: [dz1fzfc] - C:\WINDOWS\system32\dz1fzfc.exe
04 - HKUS\S-1-5-19\..\RUN: [CTFMON.EXE] - C:\WINDOWS\ehome\ehtray.exe
04 - HKUS\S-1-5-20\..\RUN: [CTFMON.EXE] - C:\WINDOWS\ehome\ehtray.exe
04 - HKUS\S-1-5-21-4221756352-3738589598-3236277451-1007\..\RUN: [swg] - C:\WINDOWS\ehome\ehtray.exe
04 - HKUS\S-1-5-21-4221756352-3738589598-3236277451-1007\..\RUN: [msnmsgr] - rundll32.exe ftutil2.dll,SetWriteCacheMode
04 - HKUS\S-1-5-21-4221756352-3738589598-3236277451-1007\..\RUN: [dz1fzfc] - RTHDCPL.EXE
04 - Global Startup: Outil de mise à jour Google.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
//05 - Accès au panneau de contrôle d'Internet Explorer (control.ini)
//06- interdiction à l' accès au options (Internet Explorer)
//07 - blocage de l'exécution de Regedit
//08 - lignes supplémentaires dans le menu contextuel d'Internet Explorer
08 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
08 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
08 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
08 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
08 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
08 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
08 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
08 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cb4e065edfd34a24ba7083860ce8b47b
08 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cb4e065edfd34a24ba7083860ce8b47b
//09 - boutons situés sur la barre d'outils principale d'Internet Explorer
09 - Extra button: - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
09 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
09 - Extra button: - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
09 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
09 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
09 - Extra 'Tools' menuitem: - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
09 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -
09 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -
09 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
09 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
//O10 - Pirates de Winsock
//O11 - Onglet supplémentaire dans les options avancées d'Internet Explorer)
//O12 - IE plugins
//013 : DefaultPrefix
//014 - Option : (Rétablir les paramètres Web)
//015 - Zone de confiance d'Internet Explorer
//O16 - Objets ActiveX
O16 - DPF : MSN Photo Upload Tool - {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
O16 - DPF : BDSCANONLINE Control - {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - C:\WINDOWS\BDOSCAN8\oscan82.ocx
O16 - DPF : Windows Live Photo Upload Control - {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll
O16 - DPF : a-squared Scanner - {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - C:\WINDOWS\DOWNLO~1\asquared.ocx
//O17 - piratage de domaine Lop.com
//O18 - protocoles additionnels
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} -
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
//O19 - feuille de style de l'utilisateur
//O20 - valeur de Registre AppInit_DLLs et les sous-clés Winlogon Notify
//O21 - ShellServiceObjectDelayLoad
//O22 - SharedTaskScheduler
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
//O23 - services de XP,NT, 2000, et 2003
O23 - Service: [Service de la passerelle de la couche Application] - %SystemRoot%\System32\alg.exe
O23 - Service: [ARSVC] - C:\WINDOWS\arservice.exe
O23 - Service: [Service d'état ASP.NET] - %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
O23 - Service: [avast! iAVS4 Control Service] - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
O23 - Service: [avast! Antivirus] - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
O23 - Service: [avast! Mail Scanner] - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
O23 - Service: [avast! Web Scanner] - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
O23 - Service: [AVG Anti-Spyware Guard] - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: [Gestionnaire de l'Album] - %SystemRoot%\system32\clipsrv.exe
O23 - Service: [Application système COM+] - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: [Media Center Receiver Service] - C:\WINDOWS\eHome\ehRecvr.exe
O23 - Service: [Service de planification Media Center] - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: [Fax] - %systemroot%\system32\fxssvc.exe
O23 - Service: [Google Updater Service] - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
O23 - Service: [InstallDriver Table Manager] - "C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
O23 - Service: [Service COM de gravage de CD IMAPI] -
O23 - Service: [Service de l'iPod] - "C:\Program Files\iPod\bin\iPodService.exe"
O23 - Service: [LightScribeService Direct Disc Labeling Service] - "C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"
O23 - Service: [Media Center Extender Service] - C:\WINDOWS\ehome\mcrdsvc.exe
O23 - Service: [Partage de Bureau à distance NetMeeting] - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: [MSCSPTISRV] - "C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe"
O23 - Service: [NVIDIA Display Driver Service] - %SystemRoot%\system32\nvsvc32.exe
O23 - Service: [Microsoft Office Diagnostics Service] - "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
O23 - Service: [Office Source Engine] - "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
O23 - Service: [PACSPTISVR] - "C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe"
O23 - Service: [Planificateur LiveUpdate automatique] -
O23 - Service: [Gestionnaire de session d'aide sur le Bureau à distance] - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: [Localisateur d'appels de procédure distante (RPC)] - %SystemRoot%\system32\locator.exe
O23 - Service: [QoS RSVP] - %SystemRoot%\system32\rsvp.exe
O23 - Service: [Spouleur d'impression] - %SystemRoot%\system32\spoolsv.exe
O23 - Service: [Sony SPTI Service] - "C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe"
O23 - Service: [SSDP Discovery Service] - %SystemRoot%\system32\svchost.exe -k LocalService
O23 - Service: [SonicStage SCSI Service] - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: [MS Software Shadow Copy Provider] - C:\WINDOWS\system32\dllhost.exe /Processid:{E240A44A-EE25-4AA3-A4EB-0106CD6D8248}
O23 - Service: [Symantec Core LC] -
O23 - Service: [Journaux et alertes de performance] - %SystemRoot%\system32\smlogsvc.exe
O23 - Service: [Telnet] - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: [Uninterruptible Power Supply] - %SystemRoot%\System32\ups.exe
O23 - Service: [Service Messenger Sharing Folders USN Journal Reader] - "C:\Program Files\MSN Messenger\usnsvc.exe"
O23 - Service: [Cliché instantané de volume] - %SystemRoot%\System32\vssvc.exe
O23 - Service: [Carte de performance WMI] - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: [Service Partage réseau du Lecteur Windows Media] - "C:\Program Files\Windows Media Player\WMPNetwk.exe"

Réponse 31 / 61

FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
17 févr. 2008 à 11:35

Re,

OK. Recommence cette manip, mais en mode sans échec, et publie les deux rapports demandés.

FillPCA

Réponse 32 / 61

Moon
17 févr. 2008 à 12:05

ComboFix 08-02-17.2 - HP_Administrateur 2008-02-18 11:53:51.8 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.770 [GMT 1:00]
Endroit: C:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Administrateur\Bureau\CFScript.txt

FILE ::
C:\WINDOWS\System32\abjzhikq.dat
C:\WINDOWS\SYSTEM32\d3dimb.dll
C:\WINDOWS\system32\dmservera.dll
C:\WINDOWS\System32\drivers\yognurqq.dat
C:\WINDOWS\system32\dz1fzfc.exe
C:\WINDOWS\System32\fgdlidkm.dat
C:\WINDOWS\System32\ihaqogka.dat
C:\WINDOWS\System32\kwnnfyxv.dat
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\SYSTEM32\d3dimb.dll
C:\WINDOWS\system32\dmservera.dll
C:\WINDOWS\System32\drivers\yognurqq.dat
C:\WINDOWS\System32\abjzhikq.dat
C:\WINDOWS\system32\d3dimb.dll
C:\WINDOWS\system32\d3dimb.dll . . . . Echec de suppression
C:\WINDOWS\system32\dmservera.dll
C:\WINDOWS\System32\drivers\yognurqq.dat
C:\WINDOWS\system32\dz1fzfc.exe
C:\WINDOWS\System32\fgdlidkm.dat
C:\WINDOWS\System32\ihaqogka.dat
C:\WINDOWS\System32\kwnnfyxv.dat
C:\WINDOWS\system32\d3dimb.dll . . . . Echec de suppression

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\poof

-------\LEGACY_RZLUWEZZ
-------\rzluwezz

((((((((((((((((((((((((((((( Fichiers créés 2008-01-18 to 2008-02-18 ))))))))))))))))))))))))))))))))))))
.

2008-02-18 09:31 . 2008-02-18 09:31 10,925,154 --a------ C:\upload_moi_NOM-FB9B15D2723.tar.gz
2008-02-16 21:20 . 2008-02-16 21:37 <REP> d-------- C:\SDFix
2008-02-12 11:12 . 2008-02-12 11:12 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2008-02-12 11:12 . 2008-02-12 11:12 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2008-02-11 08:27 . 2008-02-11 08:27 120,576 --a------ C:\WINDOWS\system32\ihiyjnst.dat
2008-02-11 08:21 . 2004-08-10 05:00 87,552 --a------ C:\WINDOWS\system32\d3dimb.dll.bak
2008-02-09 16:55 . 2008-02-09 16:55 <REP> d-------- C:\Program Files\MSBuild
2008-02-09 16:53 . 2008-02-09 16:53 <REP> d-------- C:\Program Files\Microsoft.NET
2008-02-09 16:50 . 2008-02-09 16:54 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-02-09 16:50 . 2008-02-13 22:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-06 20:44 . 2008-02-06 21:22 <REP> d-------- C:\Documents and Settings\yves\Application Data\U3
2008-02-05 18:17 . 2002-03-05 15:24 36,864 -ra------ C:\WINDOWS\system32\deluidrv.exe
2008-02-05 18:17 . 2002-03-05 15:24 32,768 -ra------ C:\WINDOWS\system32\usbmonit.exe
2008-02-05 18:17 . 2002-03-05 15:24 32,768 -ra------ C:\WINDOWS\system32\delentry.exe
2008-02-05 18:17 . 2002-03-05 15:24 21,064 -ra------ C:\WINDOWS\system32\drivers\geneuide.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 10:29 --------- d-----w C:\Program Files\The Cleaner
2008-02-18 10:24 1,152 ----a-w C:\Documents and Settings\HP_Administrateur\Application Data\wklnhst.dat
2008-02-17 21:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-16 20:06 --------- d-----w C:\Program Files\Navilog1
2008-02-11 09:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-09 15:55 --------- d-----w C:\Program Files\Microsoft Works
2008-02-08 18:01 --------- d-----w C:\Program Files\eMule
2008-01-26 14:53 --------- d-----w C:\Documents and Settings\HP_Administrateur\Application Data\XnView
2008-01-23 19:21 --------- d-----w C:\Program Files\Canon
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-06 10:05 18,432 ----a-w C:\WINDOWS\system32\dllcache\iedw.exe
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2006-02-19 08:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-01 08:01 68856]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"dz1fzfc"="C:\WINDOWS\system32\dz1fzfc.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 19:34 64512]
"ftutil2"="ftutil2.dll" [2004-06-07 13:05 106496 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 04:05 16239616 C:\WINDOWS\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 01:15 77312 C:\WINDOWS\arpwrmsg.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 23:50 7311360]
"nwiz"="nwiz.exe" [2006-05-09 23:50 1519616 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 08:05 90112]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 21:14 237568]
"PCDrProfiler"="" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 05:11 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"tcactive"="C:\Program Files\The Cleaner\tca.exe" [2004-04-09 08:26 631808]
"tcmonitor"="C:\Program Files\The Cleaner\tcm.exe" [2004-03-13 12:48 388096]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-17 15:22 185632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 01:36 81920]

C:\Documents and Settings\Invit‚\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-08-14 14:28:32 27136]
PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-08-14 14:28:32 27136]

C:\Documents and Settings\yves\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2006-08-14 14:28:32 27136]
PinMcLnk.lnk - C:\hp\bin\cloaker.exe [2006-08-14 14:28:32 27136]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-03-23 20:32:03 124912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-10 12:00]
S2 wbblpcae;PCI Bus vbf08 Monitor;C:\WINDOWS\System32\svchost.exe [2004-08-10 12:00]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wbblpcae

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-18 10:15:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2007-03-18 10:10:57 C:\WINDOWS\Tasks\Warranty Reminder 11 month.job"
- c:\windows\system32\pcintro\reminder\Warranty_Reminder_11_month\Warranty_Reminder_11_month.bat
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 11:56:53
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-02-18 11:57:27
ComboFix-quarantined-files.txt 2008-02-18 10:57:13
ComboFix2.txt 2007-08-15 17:28:24
.
2008-02-13 21:20:42 --- E O F ---

Réponse 33 / 61

FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
17 févr. 2008 à 12:09

Re,

OK. Il fait de la résistance, mais ne t'en fais pas, on va y parvenir. Ca prendra simplement un peu plus de temps.

# Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
# Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
# Ouvre le dossier SReng2 et double-clique sur SREngPS.exe.
# Clique sur "smart scan".
# Clique sur le bouton "scan".
# Quand l'analyse est terminée, clique sur le bouton "save reports".
# Sauvegarde alors le rapport sur ton bureau.
# Copie/colle le contenu du rapport SREnglLOG.log dans ta prochaine réponse.

Edite aussi un rapport PCA comme demandé au-dessus. Je te réponds un peu plus tard.

FillPCA

Réponse 34 / 61

Moon
17 févr. 2008 à 12:09

Voici le rapport PCA. Merci...

# PCA Sécurité V 1.0.2, (fichier LOG).
# Rapport du :2008-02-18 12:07:37
Microsoft Windows XP Service Pack 2

==>> Processus <==
\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\Répertoire temporaire 1 pour pca.zip\pca.exe

//pages de démarrage et de recherche d'Internet Explorer
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Start Page = about:blank
RO - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
RO - HKCU\Software\Microsoft\Internet Explorer\Main\Start Page = https://www.google.fr/?gws_rd=ssl
RO - HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName = Liens
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Search Page = https://www.google.com/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main\Default_Search_URL = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search\CustomizeSearch = https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Search\SearchAssistant = http://www.google.com/toolbar/ie8/sidebar.html
//applications lancées depuis system.ini,win.ini
//03 - Browser Helper Objects (BHOs)
02 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
02 - BHO: - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
02 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
02 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
02 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
02 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
02 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar : &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar : MEDIADICO Familial - {CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} - C:\Program Files\LAventure\MDToolbar\MdToolbar.dll
O3 - Toolbar : Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar : Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
//04 - applications chargées automatiquement
04 - HKLM\..\RUN: [ehTray] - C:\WINDOWS\ehome\ehtray.exe
04 - HKLM\..\RUN: [ftutil2] - rundll32.exe ftutil2.dll,SetWriteCacheMode
04 - HKLM\..\RUN: [RTHDCPL] - RTHDCPL.EXE
04 - HKLM\..\RUN: [AlwaysReady Power Message APP] - ARPWRMSG.EXE
04 - HKLM\..\RUN: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKLM\..\RUN: [nwiz] - nwiz.exe /install
04 - HKLM\..\RUN: [DMAScheduler] - "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
04 - HKLM\..\RUN: [Recguard] - C:\WINDOWS\SMINST\RECGUARD.EXE
04 - HKLM\..\RUN: [PCDrProfiler] -
04 - HKLM\..\RUN: [HP Software Update] -
04 - HKLM\..\RUN: [avast!] - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
04 - HKLM\..\RUN: [SunJavaUpdateSched] - "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
04 - HKLM\..\RUN: [Easy-PrintToolBox] - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
04 - HKLM\..\RUN: [!AVG Anti-Spyware] - "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
04 - HKLM\..\RUN: [tcactive] - C:\Program Files\The Cleaner\tca.exe
04 - HKLM\..\RUN: [tcmonitor] - C:\Program Files\The Cleaner\tcm.exe
04 - HKLM\..\RUN: [TkBellExe] - "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
04 - HKLM\..\RUN: [QuickTime Task] - "C:\Program Files\QuickTime\qttask.exe" -atboottime
04 - HKLM\..\RUN: [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
04 - HKLM\..\RUN: [SsAAD.exe] - C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
04 - HKLM\..\RUN: [combofix] - C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat
04 - HKLU\..\RUN: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
04 - HKLU\..\RUN: [msnmsgr] - "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
04 - HKLU\..\RUN: [dz1fzfc] - C:\WINDOWS\system32\dz1fzfc.exe
04 - HKLM\..\RunOnce: [Warranty Reminder 11 month] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
04 - HKUS\S-1-5-19\..\RUN: [CTFMON.EXE] - C:\WINDOWS\ehome\ehtray.exe
04 - HKUS\S-1-5-20\..\RUN: [CTFMON.EXE] - C:\WINDOWS\ehome\ehtray.exe
04 - HKUS\S-1-5-21-4221756352-3738589598-3236277451-1007\..\RUN: [swg] - C:\WINDOWS\ehome\ehtray.exe
04 - HKUS\S-1-5-21-4221756352-3738589598-3236277451-1007\..\RUN: [msnmsgr] - rundll32.exe ftutil2.dll,SetWriteCacheMode
04 - HKUS\S-1-5-21-4221756352-3738589598-3236277451-1007\..\RUN: [dz1fzfc] - RTHDCPL.EXE
04 - Global Startup: Outil de mise à jour Google.lnk= C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
//05 - Accès au panneau de contrôle d'Internet Explorer (control.ini)
//06- interdiction à l' accès au options (Internet Explorer)
//07 - blocage de l'exécution de Regedit
//08 - lignes supplémentaires dans le menu contextuel d'Internet Explorer
08 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
08 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
08 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
08 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
08 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
08 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
08 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
08 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cb4e065edfd34a24ba7083860ce8b47b
08 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cb4e065edfd34a24ba7083860ce8b47b
//09 - boutons situés sur la barre d'outils principale d'Internet Explorer
09 - Extra button: - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
09 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
09 - Extra button: - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
09 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
09 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
09 - Extra 'Tools' menuitem: - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
09 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -
09 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} -
09 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
09 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
//O10 - Pirates de Winsock
//O11 - Onglet supplémentaire dans les options avancées d'Internet Explorer)
//O12 - IE plugins
//013 : DefaultPrefix
//014 - Option : (Rétablir les paramètres Web)
//015 - Zone de confiance d'Internet Explorer
//O16 - Objets ActiveX
O16 - DPF : MSN Photo Upload Tool - {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
O16 - DPF : BDSCANONLINE Control - {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - C:\WINDOWS\BDOSCAN8\oscan82.ocx
O16 - DPF : Windows Live Photo Upload Control - {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll
O16 - DPF : a-squared Scanner - {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - C:\WINDOWS\DOWNLO~1\asquared.ocx
//O17 - piratage de domaine Lop.com
//O18 - protocoles additionnels
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} -
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
//O19 - feuille de style de l'utilisateur
//O20 - valeur de Registre AppInit_DLLs et les sous-clés Winlogon Notify
//O21 - ShellServiceObjectDelayLoad
//O22 - SharedTaskScheduler
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - %SystemRoot%\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - %SystemRoot%\system32\browseui.dll
//O23 - services de XP,NT, 2000, et 2003
O23 - Service: [Service de la passerelle de la couche Application] - %SystemRoot%\System32\alg.exe
O23 - Service: [ARSVC] - C:\WINDOWS\arservice.exe
O23 - Service: [Service d'état ASP.NET] - %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
O23 - Service: [avast! iAVS4 Control Service] - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
O23 - Service: [avast! Antivirus] - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
O23 - Service: [avast! Mail Scanner] - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
O23 - Service: [avast! Web Scanner] - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
O23 - Service: [AVG Anti-Spyware Guard] - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: [Gestionnaire de l'Album] - %SystemRoot%\system32\clipsrv.exe
O23 - Service: [Application système COM+] - C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
O23 - Service: [Media Center Receiver Service] - C:\WINDOWS\eHome\ehRecvr.exe
O23 - Service: [Service de planification Media Center] - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: [Fax] - %systemroot%\system32\fxssvc.exe
O23 - Service: [Google Updater Service] - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
O23 - Service: [InstallDriver Table Manager] - "C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
O23 - Service: [Service COM de gravage de CD IMAPI] -
O23 - Service: [Service de l'iPod] - "C:\Program Files\iPod\bin\iPodService.exe"
O23 - Service: [LightScribeService Direct Disc Labeling Service] - "C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"
O23 - Service: [Media Center Extender Service] - C:\WINDOWS\ehome\mcrdsvc.exe
O23 - Service: [Partage de Bureau à distance NetMeeting] - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: [MSCSPTISRV] - "C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe"
O23 - Service: [NVIDIA Display Driver Service] - %SystemRoot%\system32\nvsvc32.exe
O23 - Service: [Microsoft Office Diagnostics Service] - "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
O23 - Service: [Office Source Engine] - "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
O23 - Service: [PACSPTISVR] - "C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe"
O23 - Service: [Planificateur LiveUpdate automatique] -
O23 - Service: [PsExec] - %SystemRoot%\PSEXESVC.EXE
O23 - Service: [Gestionnaire de session d'aide sur le Bureau à distance] - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: [Localisateur d'appels de procédure distante (RPC)] - %SystemRoot%\system32\locator.exe
O23 - Service: [QoS RSVP] - %SystemRoot%\system32\rsvp.exe
O23 - Service: [Spouleur d'impression] - %SystemRoot%\system32\spoolsv.exe
O23 - Service: [Sony SPTI Service] - "C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe"
O23 - Service: [SSDP Discovery Service] - %SystemRoot%\system32\svchost.exe -k LocalService
O23 - Service: [SonicStage SCSI Service] - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: [MS Software Shadow Copy Provider] - C:\WINDOWS\system32\dllhost.exe /Processid:{E240A44A-EE25-4AA3-A4EB-0106CD6D8248}
O23 - Service: [Symantec Core LC] -
O23 - Service: [Journaux et alertes de performance] - %SystemRoot%\system32\smlogsvc.exe
O23 - Service: [Telnet] - C:\WINDOWS\system32\tlntsvr.exe
O23 - Service: [Uninterruptible Power Supply] - %SystemRoot%\System32\ups.exe
O23 - Service: [Service Messenger Sharing Folders USN Journal Reader] - "C:\Program Files\MSN Messenger\usnsvc.exe"
O23 - Service: [Cliché instantané de volume] - %SystemRoot%\System32\vssvc.exe
O23 - Service: [Carte de performance WMI] - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: [Service Partage réseau du Lecteur Windows Media] - "C:\Program Files\Windows Media Player\WMPNetwk.exe"

Réponse 35 / 61

FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
17 févr. 2008 à 12:12

Re,

Nos réponses se sont croisées.

Edite simplement le rapport SREng.

FillPCA

Réponse 36 / 61

FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
17 févr. 2008 à 12:15

Re,

Peux-tu aussi éditer un nouveau rapport Diaghelp ?

FillPCA

Réponse 37 / 61

Moon
17 févr. 2008 à 13:04

Je dois partir, mais je serais là ce soir, si toi tu es disponible.
Merci pour tout, c'est vraiment chouette, sinon je serais un brin désespéré!
A+

Réponse 38 / 61

FillPCA Messages postés 2242 Date d'inscription samedi 21 avril 2007 Statut Non membre Dernière intervention 18 février 2023 123
17 févr. 2008 à 13:49

Re,

Je serai là ce soir. Quand tu reviens, édite un rapport SREng et un rapport Diaghelp.

FillPCA

Réponse 39 / 61

Moon
17 févr. 2008 à 19:24

Voilà je suis de retour. C'est pas trop désesperant ce cheval de Troie? Merci

[CODE]

2008-02-18,19:21:49

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Process Privileges Scan

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<swg><C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe> [(Verified)Google Inc]
<msnmsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation]
<dz1fzfc><C:\WINDOWS\system32\dz1fzfc.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ehTray><C:\WINDOWS\ehome\ehtray.exe> [(Verified)Microsoft Windows Publisher]
<ftutil2><rundll32.exe ftutil2.dll,SetWriteCacheMode> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<RTHDCPL><RTHDCPL.EXE> [(Verified)Microsoft Windows Publisher]
<AlwaysReady Power Message APP><ARPWRMSG.EXE> [(Verified)Microsoft Windows Publisher]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Publisher]
<nwiz><nwiz.exe /install> []
<DMAScheduler><"c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"> [Sonic Solutions]
<Recguard><C:\WINDOWS\SMINST\RECGUARD.EXE> []
<PCDrProfiler><> [N/A]
<HP Software Update><C:\Program Files\HP\HP Software Update\HPwuSchd2.exe> [Hewlett-Packard Co.]
<avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"> [(Verified)"Sun Microsystems, Inc."]
<Easy-PrintToolBox><C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon> [CANON INC.]
<!AVG Anti-Spyware><"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [(Verified)GRISOFT LTD]
<tcactive><C:\Program Files\The Cleaner\tca.exe> [MooSoft Development]
<tcmonitor><C:\Program Files\The Cleaner\tcm.exe> [MooSoft Development]
<TkBellExe><"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Inc.]
<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"]
<SsAAD.exe><C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe> []
<combofix><C:\WINDOWS\system32\kmd.exe /c C:\ComboFix\Combobatch.bat> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [(Verified)GRISOFT LTD]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\KB910393]
<KB910393><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{407408d4-94ed-4d86-ab69-a7f649d112ee}]
<Media Center><%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
<Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser> [(Verified)Microsoft Windows Publisher]

==================================
Startup Folders
[Outil de mise à jour Google]
<C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk --> C:\PROGRA~1\Google\GOOGLE~3\GOOGLE~1.EXE [Google]><N>

==================================
Services
[Service d'état ASP.NET / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
[avast! Antivirus / avast! Antivirus][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
[avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
<C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><GRISOFT s.r.o.>
[Google Updater Service / gusvc][Running/Auto Start]
<"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Service de l'iPod / iPod Service][Stopped/Manual Start]
<"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[LightScribeService Direct Disc Labeling Service / LightScribeService][Running/Auto Start]
<"C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"><Hewlett-Packard Company>
[MSCSPTISRV / MSCSPTISRV][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe"><Sony Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[PACSPTISVR / PACSPTISVR][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe"><Sony Corporation>
[Planificateur LiveUpdate automatique / Planificateur LiveUpdate automatique][Stopped/Auto Start]
<><N/A>
[PsExec / PSEXESVC][Stopped/Manual Start]
<C:\WINDOWS\PSEXESVC.EXE><N/A>
[Sony SPTI Service / SPTISRV][Stopped/Manual Start]
<"C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe"><Sony Corporation>
[SonicStage SCSI Service / SSScsiSV][Stopped/Manual Start]
<C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe><Sony Corporation>
[Symantec Core LC / Symantec Core LC][Stopped/Auto Start]
<><N/A>
[PCI Bus vbf08 Monitor / wbblpcae][Stopped/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\d3dimb.dll><N/A>

==================================
Drivers
[Pilote de processeur AMD / AmdK8][Running/System Start]
<system32\DRIVERS\AmdK8.sys><Advanced Micro Devices>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
<\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[Promise driver accelerator / bb-run][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
[catchme / catchme][Stopped/Manual Start]
<\??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys><N/A>
[ftsata2 / ftsata2][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ftsata2.sys><Promise Technology, Inc.>
[GEARAspiWDM / GEARAspiWDM][Running/Manual Start]
<System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[Pilote de bus Microsoft UAA pour High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
<system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
<system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[Ps2 / Ps2][Running/Manual Start]
<system32\DRIVERS\PS2.sys><Hewlett-Packard Company>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) / rtl8139][Stopped/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[symlcbrd / symlcbrd][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\symlcbrd.sys><Symantec Corporation>
[tmcomm / tmcomm][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\tmcomm.sys><Trend Micro Inc.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>

==================================
Browser Add-ons
[Aide pour le lien d'Adobe PDF Reader]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\Program Files\Spybot - Search & Destroy\SDHelper.dll, Safer Networking Limited>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll, Google Inc.>
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Java Plug-in 1.6.0_03]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[]
{85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A>
[&Rechercher]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL, Microsoft Corporation>
[Aide à la connexion]
{E2D4D26B-0180-43a4-B05F-462D6D54C789} <, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[MEDIADICO Familial]
{CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} <C:\Program Files\LAventure\MDToolbar\MdToolbar.dll, >
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Easy-WebPrint]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} <C:\Program Files\Canon\Easy-WebPrint\Toolband.dll, >
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft® Corporation>
[BDSCANONLINE Control]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\BDOSCAN8\oscan82.ocx, SOFTWIN>
[Windows Live Photo Upload Control]
{7FC1B346-83E6-4774-8D20-1A6B09B0E737} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll, Microsoft® Corporation>
[Java Plug-in 1.6.0_03]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[a-squared Scanner]
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} <C:\WINDOWS\DOWNLO~1\asquared.ocx, Emsi Software GmbH>
[Java Plug-in 1.5.0_06]
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_11]
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_01]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_02]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_03]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll, Sun Microsystems, Inc.>
[Google Script Object]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Inc.>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Aide pour le lien d'Adobe PDF Reader]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Microsoft HTML Document 6.0]
{25336921-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[RealPlayer RAM Download Handler]
{2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[HtmlDlgSafeHelper Class]
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation>
[Easy-WebPrint]
{327C2873-E90D-4C37-AA9D-10AC9BABA46C} <C:\Program Files\Canon\Easy-WebPrint\Toolband.dll, >
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[QuickTime Object]
{4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, Apple Inc.>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[MSN Photo Upload Tool]
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft® Corporation>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\Program Files\Spybot - Search & Destroy\SDHelper.dll, Safer Networking Limited>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[BDSCANONLINE Control]
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\BDOSCAN8\oscan82.ocx, SOFTWIN>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Windows Media Services DRM Storage object]
{760C4B83-E211-11D2-BF3E-00805FBE84A6} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Photo Upload Control]
{7FC1B346-83E6-4774-8D20-1A6B09B0E737} <C:\WINDOWS\Downloaded Program Files\CONFLICT.1\MsnPUpld.dll, Microsoft® Corporation>
[Navigateur Web Microsoft]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Java Plug-in 1.6.0_03]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll, Sun Microsystems, Inc.>
[Windows Live Sign-in Helper]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Google Toolbar Notifier BHO]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll, Google Inc.>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[a-squared Scanner]
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} <C:\WINDOWS\DOWNLO~1\asquared.ocx, Emsi Software GmbH>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Fichiers communs\System\msadc\msadco.dll, Microsoft Corporation>
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, Microsoft Corporation>
[Helper Class]
{BF0118D4-63FF-4138-9327-F3028FB1A578} <C:\WINDOWS\web\wallpaper\welcome\AWhelper.dll, >
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MEDIADICO Familial]
{CEDDA62B-5FBE-4AB2-AE2E-5E069F444444} <C:\Program Files\LAventure\MDToolbar\MdToolbar.dll, >
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Windows Live Sign-in Control]
{D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[]
{D4A8680F-4272-4161-80FF-851A62AEA027} <C:\PROGRA~1\EZFace\ActiveX\EZFace208.ocx, EZFace Ltd.>
[Google Updater Class]
{D6A5A215-FBF3-45E5-ABF8-22FF50916184} <C:\Program Files\Google\Google Updater\2.2.940.34809\ci.dll, Google>
[EZFaceWL.EZFaceControlXWL]
{E55194C4-4B04-4285-85DA-CA0AE64D3B39} <C:\PROGRA~1\EZFace\ActiveX\EZFaceWL208.ocx, EZFace>
[]
{F06608C7-1874-4EEA-B3B2-DF99EBB144B8} <C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL, Microsoft Corporation>
[Runclose Control]
{F31D1897-7EFD-4647-8687-E05894E382AB} <C:\WINDOWS\System32\RUNCLOSE.OCX, Hewlett-Packard Company>
[&Windows Live Search]
<res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm, N/A>
[Add to Windows &Live Favorites]
<https://onedrive.live.com/?id=favorites N/A>
[E&xporter vers Microsoft Excel]
<res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000, N/A>
[Easy-WebPrint Ajouter à la liste d'impressions]
<res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html, N/A>
[Easy-WebPrint Impression rapide]
<res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html, N/A>
[Easy-WebPrint Imprimer]
<res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html, N/A>
[Easy-WebPrint Prévisualiser]
<res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html, N/A>
[Ouvrir dans un nouvel onglet d'arrière-plan]
<res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?cb4e065edfd34a24ba7083860ce8b47b, N/A>
[Ouvrir dans un nouvel onglet de premier plan]
<res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?cb4e065edfd34a24ba7083860ce8b47b, N/A>

==================================
Running Processes
[PID: 656 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 720 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 744 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 788 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 800 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 956 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1016 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1116 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1148 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\windows\system32\wudfsvc.dll] [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)]
[c:\windows\system32\WUDFPlatform.dll] [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)]
[PID: 1268 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1364 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1508 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 1556 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswRes.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 1740 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\CNMLM5y.DLL] [CANON INC., 1.80.2.50]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD5y.DLL] [CANON INC., 1.80.2.50]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMUI5y.DLL] [CANON INC., 1.80.2.50]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMDR5y.DLL] [CANON INC., 1.80.2.50]
[PID: 1904 / SYSTEM][C:\WINDOWS\arservice.exe] [Microsoft, 6.0.0160.0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1964 / SYSTEM][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe] [GRISOFT s.r.o., 7, 5, 1, 22]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [GRISOFT s.r.o., 4, 2, 0, 19]
[PID: 1996 / SYSTEM][C:\WINDOWS\eHome\ehRecvr.exe] [Microsoft Corporation, 5.1.2715.3011 (xpsp(wmbla).061009-1511)]
[C:\WINDOWS\eHome\ehTrace.dll] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)]
[C:\WINDOWS\system32\sbe.dll] [, ]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[PID: 2020 / SYSTEM][C:\WINDOWS\eHome\ehSched.exe] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)]
[PID: 168 / SYSTEM][C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe] [Google, 2.2.824.5515.beta]
[PID: 236 / SYSTEM][C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe] [Hewlett-Packard Company, 1.4.105.1]
[C:\Program Files\Fichiers communs\LightScribe\LSSProxy.dll] [Hewlett-Packard Company, 1.4.105.1]
[C:\Program Files\Fichiers communs\LightScribe\LSLog.dll] [Hewlett-Packard Company, 1.4.105.1]
[PID: 284 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.8208]
[PID: 840 / yves][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36]
[C:\PROGRA~1\WINDOW~1\wmpband.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1096 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1480 / SERVICE LOCAL][C:\WINDOWS\ehome\mcrdsvc.exe] [Microsoft Corporation, 4.1.2710.2732 (xpsp(wmbla).050805-1245)]
[C:\WINDOWS\eHome\ehTrace.dll] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)]
[PID: 1884 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 2088 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 2156 / SYSTEM][C:\WINDOWS\system32\dllhost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2464 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2940 / yves][C:\WINDOWS\ehome\ehtray.exe] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2968 / yves][C:\WINDOWS\RTHDCPL.EXE] [Realtek Semiconductor Corp., 2.0.7.0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2976 / yves][C:\WINDOWS\ARPWRMSG.EXE] [Microsoft, 6.0.0160.0]
[PID: 3040 / yves][C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe] [Sonic Solutions, 1.0.0.1]
[C:\Program Files\HP DigitalMedia Archive\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\Engine\PxWrap.dll] [Sonic Solutions, 2.06.30a]
[C:\WINDOWS\system32\PX.dll] [Sonic Solutions, 3.2.46.500]
[c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\Engine\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFPlat.DLL] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PXDRV.DLL] [Sonic Solutions, 1.01.95a]
[C:\WINDOWS\system32\PXMAS.DLL] [Sonic Solutions, 3.2.46.500]
[C:\WINDOWS\system32\PXSFS.DLL] [Sonic Solutions, 3.0.65.500]
[C:\WINDOWS\system32\PXWAVE.DLL] [Sonic Solutions, 3.2.46.500]
[C:\WINDOWS\system32\VXBLOCK.DLL] [Sonic Solutions, 1.00.72a]
[c:\Program Files\HP DigitalMedia Archive\EAFunctions.dll] [Sonic Solutions, 1.1.0.0]
[PID: 3092 / yves][C:\Program Files\HP\HP Software Update\HPwuSchd2.exe] [Hewlett-Packard Co., 50.0.146.000]
[PID: 3100 / yves][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
[c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]
[c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 3116 / yves][C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.30.5]
[PID: 3124 / yves][C:\WINDOWS\eHome\ehmsas.exe] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)]
[C:\WINDOWS\armcex.dll] [, 6.0.0160.0]
[c:\windows\system32\fpalsu.dll] [Hewlett-Packard Company, 1, 0, 2, 3]
[PID: 3148 / yves][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe] [GRISOFT s.r.o., 7, 5, 1, 43]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [GRISOFT s.r.o., 4, 2, 0, 19]
[PID: 3172 / yves][C:\Program Files\The Cleaner\tca.exe] [MooSoft Development, 3.1.0.3073]
[PID: 3180 / yves][C:\Program Files\The Cleaner\tcm.exe] [MooSoft Development, 2.1.0.2043]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3200 / yves][C:\Program Files\QuickTime\qttask.exe] [Apple Inc., 7.1.6]
[PID: 3236 / yves][C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe] [, 3.4.01.13062]
[C:\PROGRA~1\Sony\SONICS~1\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRA~1\Sony\SONICS~1\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\Sony\SONICS~1\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[PID: 3348 / yves][C:\Program Files\MSN Messenger\MsnMsgr.Exe] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\MSNCore.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\MSN Messenger\ContactsUX.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\msgsres.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\Program Files\MSN Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)]
[C:\Program Files\MSN Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corp., 8.1.0178.00]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL] [Microsoft Corporation, 8.1.0178.00]
[PID: 3488 / yves][C:\Program Files\Google\Google Updater\GoogleUpdater.exe] [Google, 2.2.940.34809.beta]
[C:\Program Files\Google\Google Updater\2.2.940.34809\ci.dll] [Google, 2.2.940.34809.beta]
[C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll] [Google Inc., 2, 1, 615, 5858]
[PID: 4068 / yves][C:\Program Files\internet explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1601, 4978]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\Program Files\Canon\Easy-WebPrint\Toolband.dll] [, 2, 5, 1, 6]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Canon\Easy-WebPrint\Resource.dll] [, 2, 5, 0, 19]
[C:\Program Files\Windows Live Toolbar\msntb.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\fr-fr\mtbres.dll.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\mtbres.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\Tem.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\fr-fr\searchboxRes.dll.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\searchboxRes.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\Components\fr-fr\wlscres.dll.mui] [Microsoft Corporation, 1.0.0001.1]
[C:\Program Files\Windows Live Toolbar\fr-fr\CMRes.dll.mui] [Microsoft Corporation, 03.00.0001.2032]
[C:\Program Files\Windows Live Toolbar\CMRes.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\fr-fr\obarres.dll.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\obarres.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Favorites\wlfext.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\Components\fr-fr\RssFinderRes.dll.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\Components\RssFinderRes.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\fr-fr\msn_slrs.DLL.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\msn_slrs.DLL] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\Components\msntabres.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\Components\fr-fr\pgres.dll.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\Components\pgres.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\Components\fr-fr\MSNExtensionRes.dll.mui] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\Components\MSNExtensionRes.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\Components\fr-fr\SmaMenRes.dll.mui] [Microsoft Corporation., 03.00.0001.2012]
[C:\Program Files\Windows Live Toolbar\Components\SmaMenRes.dll] [Microsoft Corporation., 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\fr-fr\CBRes.dll.mui] [Microsoft Corporation, 03.01.0000.0032]
[C:\Program Files\Windows Live Toolbar\CBRes.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\Components\rssFinder.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200]
[C:\Program Files\Spybot - Search & Destroy\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0]
[C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll] [Sun Microsystems, Inc., 6.0.30.5]
[C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll] [Google Inc., 2, 1, 615, 5858]
[C:\Program Files\Windows Live Toolbar\searchbox.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\stmain.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\msn_slps.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\Components\wlsctb.dll] [Microsoft Corporation, 03.01.0000.0072]
[C:\Program Files\Windows Live Toolbar\cm.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\Components\msntab.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\Components\WLExtension.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\Components\smamen.dll] [Microsoft Corporation., 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\CB.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\Program Files\Windows Live Toolbar\Components\msntbfltr.dll] [Microsoft Corporation, 4.0.6620.0]
[C:\Program Files\Windows Live Favorites\WLFExtRes.dll] [Microsoft Corporation, 03.00.0001.2012]
[C:\Program Files\Windows Live Favorites\TBIDCRL.dll] [Microsoft Corporation, 03.01.0000.0146]
[C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL] [Microsoft Corporation, 12.0.4518.1014]
[C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll] [Microsoft Corporation, 1.1.4322.2407]
[C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll] [Microsoft Corporation, 1.1.4322.2407]
[C:\Program Files\Windows Live Toolbar\Components\COMCRF\COMCRF.dll] [Microsoft Corporation., 03.01.0000.0146]
[C:\PROGRA~1\MSNMES~1\MSGSC8~1.DLL] [Microsoft Corporation, 8.1.0178.00]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroPDF.dll] [Adobe Systems, Inc., 8.1.0.0]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroPDF.FRA] [Adobe Systems, Inc., 8.0.0.0]
[PID: 628 / yves][C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe] [Microsoft Corporation, 4.100.313.1]
[C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1]
[PID: 1836 / yves][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1464 / yves][C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.dll] [Adobe Systems Incorporated, 8.1.1.2007101000]
[C:\Program Files\Adobe\Reader 8.0\Reader\AGM.dll] [Adobe Systems Incorporated, 4.16.80]
[C:\Program Files\Adobe\Reader 8.0\Reader\CoolType.dll] [Adobe Systems Incorporated, 5.03.74]
[C:\Program Files\Adobe\Reader 8.0\Reader\BIB.dll] [Adobe Systems Incorporated, 1.2.01]
[C:\Program Files\Adobe\Reader 8.0\Reader\ACE.dll] [Adobe Systems Incorporated, 2.10.68]
[c:\program files\adobe\reader 8.0\reader\rdlang32.fra] [, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Accessibility.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\AcroForm.api] [Adobe Systems Incorporated, 8.1.1.2007101000]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Annots.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Checkers.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\DigSig.api] [Adobe Systems Incorporated, 8.1.1.2007101000]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\DVA.api] [Adobe Systems Incorporated, 8.0.0.2006102300]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\eBook.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EScript.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EWH32.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\HLS.api] [Adobe Systems Incorporated, 8.0.0.2006102300]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\IA32.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\ImageViewer.API] [Adobe Systems Inc., 8.0.0.2006102300]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\MakeAccessible.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\PDDom.api] [Adobe Systems Incorporated, 8.0.0.2006102300]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\PPKLite.api] [Adobe Systems Incorporated, 8.1.0.0]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\reflow.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search5.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SendMail.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Spelling.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Updater.api] [Adobe Systems Incorporated, 8.1.0.2007051100]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\weblink.api] [Adobe Systems Incorporated, 8.1.1.2007101000]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Spelling.FRA] [, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\PPKLite.FRA] [, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Accessibility.FRA] [, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\AcroForm.FRA] [, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Annots.FRA] [, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Checkers.FRA] [, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\DigSig.FRA] [, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\eBook.FRA] [, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EScript.FRA] [, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\EWH32.FRA] [, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\HLS.FRA] [, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\MakeAccessible.FRA] [, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.FRA] [, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\PDDom.FRA] [, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.FRA] [, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\reflow.FRA] [, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.FRA] [, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search.FRA] [, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Search5.FRA] [, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\SendMail.FRA] [, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\Updater.FRA] [, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\plug_ins\weblink.FRA] [, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\cryptocme2.dll] [N/A, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\ccme_base.dll] [N/A, ]
[C:\Program Files\Adobe\Reader 8.0\Reader\AdobeLinguistic.dll] [Adobe Systems Incorporated, 3.0RC5]
[C:\Program Files\Adobe\Reader 8.0\Reader\AdobeUpdater.dll] [Adobe Systems Incorporated, 5, 1, 0, 1082]
[PID: 1332 / yves][C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe] [Adobe Systems Incorporated, 5, 1, 0, 1082]
[C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.fr_FR] [Adobe Systems Incorporated, 5, 1, 0, 1082]
[PID: 636 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3576 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2496 / HP_Administrateur][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\PROGRA~1\WINDOW~1\wmpband.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[C:\Program Files\iTunes\iTunesMiniPlayer.dll] [Apple Inc., 7.2.0.35]
[C:\Program Files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll] [Apple Inc., 7.2.0.28]
[C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll] [Apple Inc., 7.2.0.35]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [GRISOFT s.r.o., 7, 5, 1, 36]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll] [GRISOFT s.r.o., 7, 5, 1, 36]
[C:\PROGRA~1\TROJAN~1\Trshlex.dll] [Simply Super Software, 1.0.8.46]
[C:\Program Files\The Cleaner\tcshellex.dll] [MooSoft Development, 2.0.0.0]
[C:\WINDOWS\system32\ShellExt\Cryptext.dll] [, 3.4]
[C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0]
[C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 8.0.0.2006102200]
[C:\Program Files\Spybot - Search & Destroy\SDHelper.dll] [Safer Networking Limited, 1, 4, 0, 0]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[PID: 1932 / HP_Administrateur][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[C:\WINDOWS\system32\mucltui.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 3208 / HP_Administrateur][C:\WINDOWS\ehome\ehtray.exe] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 532 / HP_Administrateur][C:\WINDOWS\eHome\ehmsas.exe] [Microsoft Corporation, 5.1.2710.2732 (xpsp(wmbla).050805-1245)]
[C:\WINDOWS\armcex.dll] [, 6.0.0160.0]
[c:\windows\system32\fpalsu.dll] [Hewlett-Packard Company, 1, 0, 2, 3]
[PID: 2868 / HP_Administrateur][C:\WINDOWS\RTHDCPL.EXE] [Realtek Semiconductor Corp., 2.0.7.0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3604 / HP_Administrateur][C:\WINDOWS\ARPWRMSG.EXE] [Microsoft, 6.0.0160.0]
[PID: 1112 / HP_Administrateur][C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe] [Sonic Solutions, 1.0.0.1]
[C:\Program Files\HP DigitalMedia Archive\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\Engine\PxWrap.dll] [Sonic Solutions, 2.06.30a]
[C:\WINDOWS\system32\PX.dll] [Sonic Solutions, 3.2.46.500]
[c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\Engine\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFPlat.DLL] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PXDRV.DLL] [Sonic Solutions, 1.01.95a]
[C:\WINDOWS\system32\PXMAS.DLL] [Sonic Solutions, 3.2.46.500]
[C:\WINDOWS\system32\PXSFS.DLL] [Sonic Solutions, 3.0.65.500]
[C:\WINDOWS\system32\PXWAVE.DLL] [Sonic Solutions, 3.2.46.500]
[C:\WINDOWS\system32\VXBLOCK.DLL] [Sonic Solutions, 1.00.72a]
[c:\Program Files\HP DigitalMedia Archive\EAFunctions.dll] [Sonic Solutions, 1.1.0.0]
[PID: 1568 / HP_Administrateur][C:\Program Files\HP\HP Software Update\HPwuSchd2.exe] [Hewlett-Packard Co., 50.0.146.000]
[PID: 3424 / HP_Administrateur][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
[c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1098, 0]
[C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)]
[c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1098, 0]
[c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1098, 0]
[PID: 3728 / HP_Administrateur][C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.30.5]
[PID: 1680 / HP_Administrateur][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe] [GRISOFT s.r.o., 7, 5,

Réponse 40 / 61

Moon
17 févr. 2008 à 19:35

DiagHelp version v1.4 - http://www.malekal.com
excute le 2008-02-18 à 19:30:35.34

Liste des derniers fichies modifies/crees dans windir\system32 et prefetch
C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->2008-02-18 19:30:32
C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->2008-02-18 19:28:53
C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf -->2008-02-18 19:28:43
C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf -->2008-02-18 19:28:16
C:\WINDOWS\prefetch\MSN_SL.EXE-18A18BC5.pf -->2008-02-18 19:28:08
C:\WINDOWS\prefetch\WLLOGINPROXY.EXE-2D4B6027.pf -->2008-02-18 19:28:07
C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf -->2008-02-18 19:27:57
C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->2008-02-18 19:26:21
C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->2008-02-18 19:22:47
C:\WINDOWS\prefetch\SRENGPS.EXE-2C9235B0.pf -->2008-02-18 19:20:36

C:\WINDOWS\System32\drivers\mrxdav.sys -->2007-12-18 10:51:35
C:\WINDOWS\System32\drivers\aswmon.sys -->2007-12-04 15:56:02
C:\WINDOWS\System32\drivers\aswmon2.sys -->2007-12-04 15:55:46
C:\WINDOWS\System32\drivers\aswRdr.sys -->2007-12-04 15:53:39
C:\WINDOWS\System32\drivers\aswTdi.sys -->2007-12-04 15:51:52
C:\WINDOWS\System32\drivers\aavmker4.sys -->2007-12-04 15:49:02
C:\WINDOWS\System32\drivers\secdrv.sys -->2007-11-13 11:25:54

C:\WINDOWS\System32\nvapps.xml -->2008-02-18 19:14:24
C:\WINDOWS\System32\wpa.dbl -->2008-02-18 19:14:14
C:\WINDOWS\System32\libssl32.dll -->2008-02-12 11:12:43
C:\WINDOWS\System32\libeay32.dll -->2008-02-12 11:12:43
C:\WINDOWS\System32\CONFIG.NT -->2008-02-11 08:57:53
C:\WINDOWS\System32\ihiyjnst.dat -->2008-02-11 08:27:37
C:\WINDOWS\System32\PerfStringBackup.INI -->2008-02-10 09:53:35
C:\WINDOWS\System32\perfh00C.dat -->2008-02-10 09:53:35
C:\WINDOWS\System32\perfh009.dat -->2008-02-10 09:53:35
C:\WINDOWS\System32\perfc00C.dat -->2008-02-10 09:53:35
C:\WINDOWS\System32\perfc009.dat -->2008-02-10 09:53:35
C:\WINDOWS\System32\FNTCACHE.DAT -->2008-02-10 07:19:55
C:\WINDOWS\System32\MRT.exe -->2008-02-05 00:09:46
C:\WINDOWS\System32\TZLog.log -->2007-12-11 23:12:33
C:\WINDOWS\System32\wininet.dll -->2007-12-07 01:47:21
C:\WINDOWS\System32\urlmon.dll -->2007-12-07 01:47:21
C:\WINDOWS\System32\shlwapi.dll -->2007-12-07 01:47:20
C:\WINDOWS\System32\shdocvw.dll -->2007-12-07 01:47:20
C:\WINDOWS\System32\pngfilt.dll -->2007-12-07 01:47:19
C:\WINDOWS\System32\mstime.dll -->2007-12-07 01:47:19
C:\WINDOWS\System32\msrating.dll -->2007-12-07 01:47:18
C:\WINDOWS\System32\mshtmled.dll -->2007-12-07 01:47:18
C:\WINDOWS\System32\mshtml.dll -->2007-12-07 01:47:18
C:\WINDOWS\System32\jsproxy.dll -->2007-12-07 01:47:15
C:\WINDOWS\System32\inseng.dll -->2007-12-07 01:47:15

C:\WINDOWS\WindowsUpdate.log -->2008-02-18 19:29:15
C:\WINDOWS\0.log -->2008-02-18 15:22:09
C:\WINDOWS\bootstat.dat -->2008-02-18 15:21:49
C:\WINDOWS\SchedLgU.Txt -->2008-02-18 13:05:33
C:\WINDOWS\ntbtlog.txt -->2008-02-18 11:57:41
C:\WINDOWS\system.ini -->2008-02-18 11:56:51
C:\WINDOWS\QTFont.qfn -->2008-02-14 08:51:15
C:\WINDOWS\tsoc.log -->2008-02-12 20:24:07
C:\WINDOWS\tabletoc.log -->2008-02-12 20:24:07
C:\WINDOWS\plusoc.log -->2008-02-12 20:24:07
C:\WINDOWS\ocmsn.log -->2008-02-12 20:24:07
C:\WINDOWS\ocgen.log -->2008-02-12 20:24:07
C:\WINDOWS\ntdtcsetup.log -->2008-02-12 20:24:07
C:\WINDOWS\netfxocm.log -->2008-02-12 20:24:07
C:\WINDOWS\msgsocm.log -->2008-02-12 20:24:07

winlogon.exe
Verified: Signed
svchost.exe
Verified: Signed
ws2_32.dll
Verified: Signed
user32.dll
Verified: Signed
tcpip.sys
Verified: Signed
ndis.sys
Verified: Signed
null.sys
Verified: Signed

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
explorer.exe pid: 840
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x10000000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x13420000 0x1a000 11.00.5721.5145 C:\PROGRA~1\WINDOW~1\wmpband.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
------------------------------------------------------------------------------
explorer.exe pid: 2496
Command line: C:\WINDOWS\Explorer.EXE

Base Size Version Path
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\comctl32.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x13420000 0x1a000 11.00.5721.5145 C:\PROGRA~1\WINDOW~1\wmpband.dll
0x10000000 0x21000 7.02.0000.0035 C:\Program Files\iTunes\iTunesMiniPlayer.dll
0x01210000 0xe000 7.02.0000.0028 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\fr.lproj\iTunesMiniPlayerLocalized.dll
0x01240000 0x23000 7.02.0000.0035 C:\Program Files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
0x76ac0000 0x11000 3.05.2284.0000 C:\WINDOWS\system32\ATL.DLL
0x01770000 0x13000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll
0x7d200000 0x2be000 3.01.4000.4039 C:\WINDOWS\system32\msi.dll
0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll
0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll
0x00c60000 0x2a000 7.05.0001.0036 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll
0x00dd0000 0x76000 1.00.0008.0046 C:\PROGRA~1\TROJAN~1\Trshlex.dll
0x02740000 0x5d000 2.00.0000.0000 C:\Program Files\The Cleaner\tcshellex.dll
0x028a0000 0x47000 3.04.0000.0000 C:\WINDOWS\system32\ShellExt\Cryptext.dll
0x64f00000 0x12000 4.07.1098.0000 C:\Program Files\Alwil Software\Avast4\ashShell.dll
0x78130000 0x9b000 8.00.50727.0163 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll
0x02e50000 0x5b000 8.01.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
0x02eb0000 0x4c000 8.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
0x506a0000 0x88000 7.00.6000.0381 C:\WINDOWS\system32\wuapi.dll
0x01100000 0x10000 8.00.0000.0456 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
0x031c0000 0xd5000 1.04.0000.0000 C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll

ListDLLs v2.25 - DLL lister for Win9x/NT
Copyright (C) 1997-2004 Mark Russinovich
Sysinternals - www.sysinternals.com

------------------------------------------------------------------------------
winlogon.exe pid: 744
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x01220000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x012b0000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll
0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll
0x748f0000 0x113000 8.90.1101.0000 C:\WINDOWS\system32\msxml3.dll
------------------------------------------------------------------------------
winlogon.exe pid: 3576
Command line: winlogon.exe

Base Size Version Path
0x01000000 0x81000 \??\C:\WINDOWS\system32\winlogon.exe
0x58b50000 0x9a000 5.82.2900.2982 C:\WINDOWS\system32\COMCTL32.dll
0x74730000 0x3d000 3.525.1117.0000 C:\WINDOWS\system32\ODBC32.dll
0x20000000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll
0x00ce0000 0x3b000 1.07.0018.0005 C:\WINDOWS\system32\WgaLogon.dll
0x76f80000 0x7f000 2001.12.4414.0308 C:\WINDOWS\system32\CLBCATQ.DLL
0x77000000 0xd4000 2001.12.4414.0258 C:\WINDOWS\system32\COMRes.dll

Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 881E-2B7E

Répertoire de C:\WINDOWS\system

1998-05-07 17:04 52,736 hpsysdrv.exe
1 fichier(s) 52,736 octets
0 Rép(s) 109,064,654,848 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 881E-2B7E

Répertoire de C:\WINDOWS\system32

2004-08-10 12:00 6,144 csrss.exe
1 fichier(s) 6,144 octets
0 Rép(s) 109,064,654,848 octets libres

Contenu de Downloaded Program Files
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 881E-2B7E

Répertoire de C:\WINDOWS\Downloaded Program Files

2007-08-16 15:12 <REP> .
2007-08-16 15:12 <REP> ..
2007-07-02 14:44 941,688 asquared.ocx
2004-12-07 16:07 32 bdcore.dll
2006-05-25 00:21 118,784 bdupd.dll
2007-09-17 17:50 <REP> CONFLICT.1
2005-10-10 12:32 65 desktop.ini
2002-07-26 00:13 24,576 dwusplay.dll
2002-07-26 00:13 196,608 dwusplay.exe
2006-05-25 00:21 53,248 ipsupd.dll
2004-07-27 22:48 323,584 isusweb.dll
2005-03-16 11:34 7,407 lang.ini
2004-12-07 16:07 32 libfn.dll
2005-03-14 13:38 126 live.ini
2006-06-20 14:44 379,704 MsnPUpld.dll
2006-06-19 13:40 393 MsnPUpld.inf
2006-06-01 01:57 1,331 oscan8.inf
2006-06-01 01:54 471,040 oscan8.ocx
2006-05-31 03:15 10 oscan81.ocx_x
2006-06-20 14:44 117,560 PURen-us.dll
2007-01-09 07:30 110,592 PURfr-fr.dll
2004-10-15 06:59 110,592 PURfr-xx.dll
2005-03-14 13:58 7,073 scanoptions.tsi
20 fichier(s) 2,864,445 octets

Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1

2007-09-17 17:50 <REP> .
2007-09-17 17:50 <REP> ..
2007-08-02 10:31 360,320 MsnPUpld.dll
2007-08-02 14:47 569 MSNPUpld.inf
2007-08-02 10:31 67,456 PURen-us.dll
2007-08-06 11:10 68,992 PURfr-fr.dll
4 fichier(s) 497,337 octets

Total des fichiers listés :
24 fichier(s) 3,361,782 octets
5 Rép(s) 109,064,654,848 octets libres

Recherche de rootkit! (Merci S!Ri)

Recherche d'infections connues

Export des clefs sensibles..

Liste des fichiers en exception sur le pare-feu XP SP2

Export de la clef SharedTaskScheduler

[SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant"

exports des policies
REGEDIT4

[system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

Export des clefs sensibles..
Rechercher adresses sensibles dans le fichier HOSTS...
catchme 0.3.1319 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 19:31:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden services & system hive ...

IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden services: 0
hidden files: 0

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Process list by traversal of KiWaitListHead

4 - System
168 - GoogleUpdaterSe
284 - nvsvc32.exe
324 - tca.exe
636 - csrss.exe
720 - csrss.exe
744 - winlogon.exe
788 - services.exe
800 - lsass.exe
840 - explorer.exe
956 - svchost.exe
1016 - svchost.exe
1096 - svchost.exe
1116 - svchost.exe
1148 - svchost.exe
1188 - wuauclt.exe
1268 - svchost.exe
1332 - AdobeUpdater.ex
1464 - AcroRd32.exe
1480 - mcrdsvc.exe
1556 - ashServ.exe
1680 - avgas.exe
1740 - spoolsv.exe
1884 - ashMaiSv.exe
1904 - arservice.exe
1928 - googletalk.exe
2088 - ashWebSv.exe
2156 - dllhost.exe
2464 - alg.exe
2496 - explorer.exe
3004 - msnmsgr.exe
3076 - tcm.exe
3100 - ashDisp.exe
3148 - avgas.exe
3172 - tca.exe
3180 - tcm.exe
3208 - ehtray.exe
3348 - msnmsgr.exe
3424 - ashDisp.exe
3576 - winlogon.exe
3604 - arpwrmsg.exe
4068 - IEXPLORE.EXE
4292 - cmd.exe

Total number of processes = 43
NOTE: Under WinXP, this will not show all processes.

KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg)

Driver/Module list by traversal of PsLoadedModuleList

804D7000 - \WINDOWS\system32\ntkrnlpa.exe
806CE000 - \WINDOWS\system32\hal.dll
F7A70000 - \WINDOWS\system32\KDCOM.DLL
F7980000 - \WINDOWS\system32\BOOTVID.dll
F7440000 - ACPI.sys
F7A72000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS
F742F000 - pci.sys
F7570000 - isapnp.sys
F7580000 - ohci1394.sys
F7590000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS
F7B38000 - pciide.sys
F77F0000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
F7A74000 - viaide.sys
F7A76000 - intelide.sys
F75A0000 - MountMgr.sys
F7410000 - ftdisk.sys
F7A78000 - dmload.sys
F73EA000 - dmio.sys
F77F8000 - PartMgr.sys
F75B0000 - VolSnap.sys
F73D2000 - atapi.sys
F738F000 - ftsata2.sys
F7377000 - \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
F75C0000 - disk.sys
F75D0000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
F7357000 - fltMgr.sys
F7345000 - sr.sys
F75E0000 - bb-run.sys
F75F0000 - PxHelp20.sys
F732E000 - KSecDD.sys
F731B000 - WudfPf.sys
F728E000 - Ntfs.sys
F7261000 - NDIS.sys
F7246000 - Mup.sys
F7680000 - \SystemRoot\system32\DRIVERS\AmdK8.sys
F7900000 - \SystemRoot\system32\DRIVERS\aracpi.sys
F6E9E000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys
F6E8A000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
F7908000 - \SystemRoot\system32\DRIVERS\usbohci.sys
F6E67000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS
F7910000 - \SystemRoot\system32\DRIVERS\usbehci.sys
F7690000 - \SystemRoot\system32\DRIVERS\imapi.sys
F76A0000 - \SystemRoot\system32\DRIVERS\cdrom.sys
F76B0000 - \SystemRoot\system32\DRIVERS\redbook.sys
F6E44000 - \SystemRoot\system32\DRIVERS\ks.sys
F7918000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys
F76C0000 - \SystemRoot\system32\DRIVERS\nic1394.sys
F6E1F000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys
F7A6C000 - \SystemRoot\system32\DRIVERS\nvnetbus.sys
F6DD4000 - \SystemRoot\system32\DRIVERS\NVNRM.SYS
F6D9D000 - \SystemRoot\system32\DRIVERS\NVSNPU.SYS
F76D0000 - \SystemRoot\system32\DRIVERS\i8042prt.sys
F7920000 - \SystemRoot\system32\DRIVERS\mouclass.sys
F7AB0000 - \SystemRoot\system32\DRIVERS\armoucfltr.sys
F7928000 - \SystemRoot\system32\DRIVERS\PS2.sys
F7930000 - \SystemRoot\system32\DRIVERS\kbdclass.sys
F7AB2000 - \SystemRoot\system32\DRIVERS\arkbcfltr.sys
F7222000 - \SystemRoot\system32\DRIVERS\arpolicy.sys
F7C3A000 - \SystemRoot\system32\DRIVERS\audstub.sys
F76E0000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys
F721E000 - \SystemRoot\system32\DRIVERS\ndistapi.sys
F6D86000 - \SystemRoot\system32\DRIVERS\ndiswan.sys
F76F0000 - \SystemRoot\system32\DRIVERS\raspppoe.sys
F7700000 - \SystemRoot\system32\DRIVERS\raspptp.sys
F7938000 - \SystemRoot\system32\DRIVERS\TDI.SYS
F6D75000 - \SystemRoot\system32\DRIVERS\psched.sys
F7710000 - \SystemRoot\system32\DRIVERS\msgpc.sys
F7940000 - \SystemRoot\system32\DRIVERS\ptilink.sys
F7948000 - \SystemRoot\system32\DRIVERS\raspti.sys
F6C2E000 - \SystemRoot\system32\DRIVERS\rdpdr.sys
F7720000 - \SystemRoot\system32\DRIVERS\termdd.sys
F7AB4000 - \SystemRoot\system32\DRIVERS\swenum.sys
F6BFA000 - \SystemRoot\system32\DRIVERS\update.sys
F7202000 - \SystemRoot\system32\DRIVERS\mssmbios.sys
F7730000 - \SystemRoot\System32\Drivers\NDProxy.SYS
F7750000 - \SystemRoot\system32\DRIVERS\usbhub.sys
F7AB6000 - \SystemRoot\system32\DRIVERS\USBD.SYS
F7760000 - \SystemRoot\system32\DRIVERS\NVENETFD.sys
F4211000 - \SystemRoot\system32\drivers\RtkHDAud.sys
F41EF000 - \SystemRoot\system32\drivers\portcls.sys
F7770000 - \SystemRoot\system32\drivers\drmk.sys
F7ABA000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS
F7C1C000 - \SystemRoot\System32\Drivers\Null.SYS
F7ABC000 - \SystemRoot\System32\Drivers\Beep.SYS
F7C1D000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys
F7978000 - \SystemRoot\System32\drivers\vga.sys
F7ABE000 - \SystemRoot\System32\Drivers\mnmdd.SYS
F7AC0000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys
F7838000 - \SystemRoot\System32\Drivers\Msfs.SYS
F7840000 - \SystemRoot\System32\Drivers\Npfs.SYS
F6CD1000 - \SystemRoot\system32\DRIVERS\rasacd.sys
F4194000 - \SystemRoot\system32\DRIVERS\ipsec.sys
F413C000 - \SystemRoot\system32\DRIVERS\tcpip.sys
F7780000 - \SystemRoot\System32\Drivers\aswTdi.SYS
F4114000 - \SystemRoot\system32\DRIVERS\netbt.sys
F40F2000 - \SystemRoot\System32\drivers\afd.sys
F7790000 - \SystemRoot\system32\DRIVERS\netbios.sys
F40C7000 - \SystemRoot\system32\DRIVERS\rdbss.sys
F4030000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys
F77B0000 - \SystemRoot\System32\Drivers\Fips.SYS
F400F000 - \SystemRoot\system32\DRIVERS\ipnat.sys
F77C0000 - \SystemRoot\system32\DRIVERS\wanarp.sys
F77D0000 - \SystemRoot\system32\DRIVERS\arp1394.sys
F7C7C000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
F7848000 - \SystemRoot\System32\Drivers\Aavmker4.SYS
F7850000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS
F3F4C000 - \SystemRoot\System32\Drivers\Fastfat.SYS
F3F34000 - \SystemRoot\System32\Drivers\dump_atapi.sys
F7AD2000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS
BF800000 - \SystemRoot\System32\win32k.sys
F40C3000 - \SystemRoot\System32\drivers\Dxapi.sys
F7888000 - \SystemRoot\System32\watchdog.sys
BF9C3000 - \SystemRoot\System32\drivers\dxg.sys
F7C5C000 - \SystemRoot\System32\drivers\dxgthk.sys
BADE0000 - \SystemRoot\system32\DRIVERS\ndisuio.sys
BA36A000 - \SystemRoot\System32\Drivers\aswMon2.SYS
BA1AE000 - \SystemRoot\system32\DRIVERS\mrxdav.sys
BA199000 - \SystemRoot\system32\drivers\wdmaud.sys
F3FEF000 - \SystemRoot\system32\drivers\sysaudio.sys
B9FA2000 - \SystemRoot\System32\Drivers\HTTP.sys
B9F28000 - \SystemRoot\system32\DRIVERS\srv.sys
F78A8000 - \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
B950E000 - \??\C:\WINDOWS\system32\drivers\tmcomm.sys
B941A000 * --[Hidden]--
B914E000 - \SystemRoot\System32\Drivers\Cdfs.SYS
B7044000 - \SystemRoot\system32\drivers\kmixer.sys
BFF50000 - \SystemRoot\System32\TSDDD.dll
BF9D5000 - \SystemRoot\System32\nv4_disp.dll
F7C8D000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys

Total number of drivers = 129

Liste des programmes installes

Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.1 - Français
Amélioration de nos services
Amélioration de nos services
AutoUpdate
avast! Antivirus
AVG Anti-Spyware 7.5
Barre d'outils Outlook de Windows Live (Windows Live Toolbar)
Bloqueur de fenêtres pop-up (Windows Live Toolbar)
BufferChm
Canon PhotoRecord
Canon PIXMA iP1500
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
Connexion Facile à Internet
Connexion Facile à Internet
Correctif n° 2 pour Windows XP Édition Media Center 2005
Correctif pour Lecteur Windows Media 10 (KB910393)
Correctif pour Lecteur Windows Media 11 (KB939683)
Correctif pour Windows XP (KB888795)
Correctif pour Windows XP (KB891593)
Correctif pour Windows XP (KB893357)
Correctif pour Windows XP (KB899337)
Correctif pour Windows XP (KB899510)
Correctif pour Windows XP (KB902841)
Correctif pour Windows XP (KB906569)
Correctif pour Windows XP (KB912024)
Correctif pour Windows XP (KB935448)
Correctif Windows XP - KB873339
Correctif Windows XP - KB883667
Correctif Windows XP - KB885250
Correctif Windows XP - KB885835
Correctif Windows XP - KB885836
Correctif Windows XP - KB886185
Correctif Windows XP - KB887472
Correctif Windows XP - KB887742
Correctif Windows XP - KB888113
Correctif Windows XP - KB888302
Correctif Windows XP - KB890175
Correctif Windows XP - KB890859
Correctif Windows XP - KB891781
Correctif Windows XP - KB892050
Correctif Windows XP - KB893066
Correctif Windows XP - KB895961
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Cryptext (Remove Only)
CueTour
Destinations
DeviceManagementQFolder
DivX
Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)
Easy-WebPrint
eMule
Enhanced Multimedia Keyboard Solution
Extension de Windows Live Toolbar (Windows Live Toolbar)
EZface ActiveX 208
FullDPAppQFolder
GemMaster Mystic
Google Earth
Google Talk (remove only)
Google Toolbar for Internet Explorer
High Definition Audio - KB888111
HijackThis 1.99.1
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB926239)
HP Boot Optimizer
HP DigitalMedia Archive
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP Software Update
HPPhotoSmartExpress
HpSdpAppCoreApp
InstantShareDevices
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6 Update 1
La Toolbar MEDIADICO
Lecteur Windows Media 11
LightScribe 1.4.105.1
Menus intelligents (Windows Live Toolbar)
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 French Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Away Mode
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (French) 2007
Microsoft Office Excel MUI (French) 2007
Microsoft Office InfoPath MUI (French) 2007
Microsoft Office Outlook MUI (French) 2007
Microsoft Office PowerPoint MUI (French) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (French) 2007
Microsoft Office Publisher MUI (French) 2007
Microsoft Office Shared MUI (French) 2007
Microsoft Office Word MUI (French) 2007
Microsoft Office Word Viewer 2003
Microsoft Software Update for Web Folders (French) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)
Mise à jour de sécurité pour Windows XP (KB893756)
Mise à jour de sécurité pour Windows XP (KB896358)
Mise à jour de sécurité pour Windows XP (KB896422)
Mise à jour de sécurité pour Windows XP (KB896423)
Mise à jour de sécurité pour Windows XP (KB896424)
Mise à jour de sécurité pour Windows XP (KB896428)
Mise à jour de sécurité pour Windows XP (KB899587)
Mise à jour de sécurité pour Windows XP (KB899591)
Mise à jour de sécurité pour Windows XP (KB900725)
Mise à jour de sécurité pour Windows XP (KB901017)
Mise à jour de sécurité pour Windows XP (KB901214)
Mise à jour de sécurité pour Windows XP (KB902400)
Mise à jour de sécurité pour Windows XP (KB904706)
Mise à jour de sécurité pour Windows XP (KB905414)
Mise à jour de sécurité pour Windows XP (KB905749)
Mise à jour de sécurité pour Windows XP (KB908519)
Mise à jour de sécurité pour Windows XP (KB908531)
Mise à jour de sécurité pour Windows XP (KB911562)
Mise à jour de sécurité pour Windows XP (KB911927)
Mise à jour de sécurité pour Windows XP (KB912812)
Mise à jour de sécurité pour Windows XP (KB912919)
Mise à jour de sécurité pour Windows XP (KB913580)
Mise à jour de sécurité pour Windows XP (KB914388)
Mise à jour de sécurité pour Windows XP (KB914389)
Mise à jour de sécurité pour Windows XP (KB917344)
Mise à jour de sécurité pour Windows XP (KB917422)
Mise à jour de sécurité pour Windows XP (KB917953)
Mise à jour de sécurité pour Windows XP (KB918118)
Mise à jour de sécurité pour Windows XP (KB918439)
Mise à jour de sécurité pour Windows XP (KB919007)
Mise à jour de sécurité pour Windows XP (KB920213)
Mise à jour de sécurité pour Windows XP (KB920670)
Mise à jour de sécurité pour Windows XP (KB920683)
Mise à jour de sécurité pour Windows XP (KB920685)
Mise à jour de sécurité pour Windows XP (KB921503)
Mise à jour de sécurité pour Windows XP (KB922819)
Mise à jour de sécurité pour Windows XP (KB923191)
Mise à jour de sécurité pour Windows XP (KB923414)
Mise à jour de sécurité pour Windows XP (KB923689)
Mise à jour de sécurité pour Windows XP (KB923694)
Mise à jour de sécurité pour Windows XP (KB923980)
Mise à jour de sécurité pour Windows XP (KB924191)
Mise à jour de sécurité pour Windows XP (KB924270)
Mise à jour de sécurité pour Windows XP (KB924496)
Mise à jour de sécurité pour Windows XP (KB924667)
Mise à jour de sécurité pour Windows XP (KB925902)
Mise à jour de sécurité pour Windows XP (KB926255)
Mise à jour de sécurité pour Windows XP (KB926436)
Mise à jour de sécurité pour Windows XP (KB927779)
Mise à jour de sécurité pour Windows XP (KB927802)
Mise à jour de sécurité pour Windows XP (KB928090)
Mise à jour de sécurité pour Windows XP (KB928255)
Mise à jour de sécurité pour Windows XP (KB928843)
Mise à jour de sécurité pour Windows XP (KB929123)
Mise à jour de sécurité pour Windows XP (KB929969)
Mise à jour de sécurité pour Windows XP (KB930178)
Mise à jour de sécurité pour Windows XP (KB931261)
Mise à jour de sécurité pour Windows XP (KB931768)
Mise à jour de sécurité pour Windows XP (KB931784)
Mise à jour de sécurité pour Windows XP (KB932168)
Mise à jour de sécurité pour Windows XP (KB933566)
Mise à jour de sécurité pour Windows XP (KB933729)
Mise à jour de sécurité pour Windows XP (KB935839)
Mise à jour de sécurité pour Windows XP (KB935840)
Mise à jour de sécurité pour Windows XP (KB936021)
Mise à jour de sécurité pour Windows XP (KB937143)
Mise à jour de sécurité pour Windows XP (KB937894)
Mise à jour de sécurité pour Windows XP (KB938127)
Mise à jour de sécurité pour Windows XP (KB938829)
Mise à jour de sécurité pour Windows XP (KB939653)
Mise à jour de sécurité pour Windows XP (KB941202)
Mise à jour de sécurité pour Windows XP (KB941568)
Mise à jour de sécurité pour Windows XP (KB941569)
Mise à jour de sécurité pour Windows XP (KB941644)
Mise à jour de sécurité pour Windows XP (KB942615)
Mise à jour de sécurité pour Windows XP (KB943055)
Mise à jour de sécurité pour Windows XP (KB943460)
Mise à jour de sécurité pour Windows XP (KB943485)
Mise à jour de sécurité pour Windows XP (KB944533)
Mise à jour de sécurité pour Windows XP (KB944653)
Mise à jour de sécurité pour Windows XP (KB946026)
Mise à jour pour Lecteur Windows Media 10 (KB913800)
Mise à jour pour Lecteur Windows Media 10 (KB926251)
Mise à jour pour Windows XP (KB898461)
Mise à jour pour Windows XP (KB900485)
Mise à jour pour Windows XP (KB910437)
Mise à jour pour Windows XP (KB911280)
Mise à jour pour Windows XP (KB912945)
Mise à jour pour Windows XP (KB916595)
Mise à jour pour Windows XP (KB920872)
Mise à jour pour Windows XP (KB922582)
Mise à jour pour Windows XP (KB927891)
Mise à jour pour Windows XP (KB929338)
Mise à jour pour Windows XP (KB930916)
Mise à jour pour Windows XP (KB931836)
Mise à jour pour Windows XP (KB933360)
Mise à jour pour Windows XP (KB938828)
Mise à jour pour Windows XP (KB942763)
Mise à jour pour Windows XP (KB942840)
Mise à jour pour Windows XP (KB946627)
Mozilla Firefox (2.0.0.12)
MSN
MSXML 4.0 SP2 (KB936181)
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
Navigation par onglets (Windows Live Toolbar)
Navilog1 3.4.5
Navilog1 Version 2.0.7
NVIDIA Drivers
OneCare Advisor (Windows Live Toolbar)
OpenMG Limited Patch 4.4-06-13-19-01
OpenMG Secure Module 4.4.00
OpenMG Secure Module 4.4.00
OptionalContentQFolder
Otto
Outil de mise à jour Google
PC-Doctor 5 pour Windows
PhotoGallery
Picasa 2
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
QuickTime
RandMap
RealPlayer
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Services Internet
Services Internet
SkinsHP1
SlideShow
SlideShowMusic
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
SonicStage 3.4
Spybot - Search & Destroy 1.4
The Cleaner
Trojan Remover 6.6.1
Unload
Update for Outlook 2007 Junk Email Filter (kb944965)
USB Storage Driver
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Live Favorites pour Windows Live Toolbar
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Toolbar
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB925766
XnView 1.91.1

Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 881E-2B7E

Répertoire de C:\Program Files

2008-02-09 16:55 <REP> .
2008-02-09 16:55 <REP> ..
2007-09-19 17:26 <REP> Adobe
2007-03-18 17:00 <REP> Alwil Software
2008-01-23 20:21 <REP> Canon
2005-11-12 01:09 <REP> ComPlus Applications
2006-08-14 15:08 <REP> DivX
2006-08-14 15:23 <REP> EasyBits
2008-02-08 19:01 <REP> eMule
2007-08-06 10:24 <REP> EZFace
2008-02-09 16:55 <REP> Fichiers communs
2006-08-14 14:33 <REP> FrenchOtto
2006-08-14 14:33 <REP> GemMasterFrench
2007-08-27 19:01 <REP> Google
2007-08-16 10:08 <REP> Grisoft
2006-08-14 15:22 <REP> Hewlett-Packard
2006-08-14 15:05 <REP> HP
2006-08-14 15:02 <REP> HP DigitalMedia Archive
2008-02-12 20:23 <REP> Internet Explorer
2007-06-11 21:32 <REP> iPod
2007-06-11 21:32 <REP> iTunes
2007-10-08 09:41 <REP> Java
2007-03-20 13:42 <REP> LAventure
2006-08-14 14:43 <REP> Messenger
2007-05-09 11:49 <REP> Microsoft CAPICOM 2.1.0.2
2005-11-15 03:24 <REP> microsoft frontpage
2008-02-09 16:55 <REP> Microsoft Office
2008-02-09 16:55 <REP> Microsoft Visual Studio
2008-02-09 16:55 <REP> Microsoft Works
2008-02-09 16:53 <REP> Microsoft.NET
2007-07-08 09:00 <REP> Miniapic
2005-11-15 03:24 <REP> Movie Maker
2008-02-17 23:26 <REP> Mozilla Firefox
2008-02-09 16:55 <REP> MSBuild
2007-03-18 12:12 <REP> MSN
2005-11-15 03:25 <REP> MSN Gaming Zone
2007-10-29 20:03 <REP> MSN Messenger
2007-03-19 08:16 <REP> MSXML 4.0
2006-08-14 15:08 <REP> muvee Technologies
2008-02-16 21:06 <REP> Navilog1
2005-11-15 03:25 <REP> NetMeeting
2005-11-15 03:25 <REP> Online Services
2007-06-12 21:02 <REP> Outlook Express
2006-08-14 15:19 <REP> PC-Doctor 5 for Windows
2007-10-25 20:22 <REP> Picasa2
2007-06-11 21:31 <REP> QuickTime
2006-08-14 15:02 <REP> Real
2006-08-14 15:24 <REP> Services en ligne
2006-08-14 15:03 <REP> Sonic
2007-10-22 17:50 <REP> Sony
2007-10-22 17:50 <REP> Sony Corporation
2007-08-19 16:34 <REP> Spybot - Search & Destroy
2008-02-18 19:14 <REP> The Cleaner
2007-08-16 12:12 <REP> Trojan Remover
2007-12-02 22:29 <REP> Windows Live Favorites
2007-12-03 07:19 <REP> Windows Live Toolbar
2007-03-31 10:23 <REP> Windows Media Connect 2
2007-03-31 10:26 <REP> Windows Media Player
2005-11-15 03:25 <REP> Windows NT
2005-11-15 03:25 <REP> Windows Plus
2005-11-15 03:26 <REP> xerox
2007-07-19 19:34 <REP> XnView
0 fichier(s) 0 octets
62 Rép(s) 109,061,017,600 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 881E-2B7E

Répertoire de C:\Program Files\fichiers communs

2008-02-09 16:55 <REP> .
2008-02-09 16:55 <REP> ..
2007-09-19 17:27 <REP> Adobe
2008-02-09 16:55 <REP> DESIGNER
2006-08-14 14:58 <REP> HP
2006-08-14 15:21 <REP> InstallShield
2006-08-14 14:39 <REP> Java
2006-08-14 15:04 <REP> LightScribe
2006-08-14 15:04 <REP> LS Getting Started
2008-02-09 16:55 <REP> Microsoft Shared
2005-11-15 03:24 <REP> MSSoap
2006-08-14 15:07 <REP> muvee Technologies
2005-11-15 03:24 <REP> ODBC
2007-09-17 15:22 <REP> Real
2005-11-15 03:24 <REP> Services
2006-08-14 15:03 <REP> Sonic Shared
2007-10-22 17:50 <REP> Sony Shared
2005-11-15 03:24 <REP> SpeechEngines
2006-08-14 15:03 <REP> SureThing Shared
2007-08-16 21:44 <REP> Symantec Shared
2008-02-09 16:50 <REP> System
2006-08-14 15:03 <REP> TiVo Shared
2007-09-17 15:22 <REP> xing shared
0 fichier(s) 0 octets
23 Rép(s) 109,061,017,600 octets libres
Le volume dans le lecteur C s'appelle HP_PAVILION
Le numéro de série du volume est 881E-2B7E

Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders

2008-02-09 16:54 <REP> .
2008-02-09 16:54 <REP> ..
2008-02-09 16:51 <REP> 1036
2006-10-26 19:49 970,528 MSONSEXT.DLL
2006-10-26 20:12 40,256 MSOSV.DLL
1999-06-03 10:09 122,937 MSOWS409.DLL
2001-03-07 05:00 127,033 MSOWS40c.DLL
4 fichier(s) 1,260,754 octets
3 Rép(s) 109,061,017,600 octets libres

c:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.2.0.35\iTunesSetupAdmin.exe
c:\Documents and Settings\All Users\Application Data\Hewlett-Packard\HP Boot Optimizer\InstMsiA.Exe
c:\Documents and Settings\All Users\Application Data\Hewlett-Packard\HP Boot Optimizer\InstMsiW.Exe
c:\Documents and Settings\All Users\Application Data\Hewlett-Packard\HP Boot Optimizer\Setup.Exe
c:\Documents and Settings\HP_Administrateur\.housecall6.6\getMac.exe
c:\Documents and Settings\HP_Administrateur\.housecall6.6\patch.exe
c:\Documents and Settings\HP_Administrateur\.housecall6.6\tsc.exe
c:\Documents and Settings\HP_Administrateur\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_fr_FR.exe
c:\Documents and Settings\HP_Administrateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
c:\Documents and Settings\HP_Administrateur\Application Data\Simply Super Software\Trojan Remover\muc60.exe
c:\Documents and Settings\HP_Administrateur\Application Data\Simply Super Software\Trojan Remover\ybl61.exe
c:\Documents and Settings\HP_Administrateur\Application Data\Simply Super Software\Trojan Remover\yul8.exe
c:\Documents and Settings\HP_Administrateur\Bureau\ComboFix.exe
c:\Documents and Settings\HP_Administrateur\Bureau\eMule0.48a-Installer.exe
c:\Documents and Settings\HP_Administrateur\Bureau\ewido-setup.exe
c:\Documents and Settings\HP_Administrateur\Bureau\Navilog1.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix.exe
c:\Documents and Settings\HP_Administrateur\Bureau\clean\clean\pskill.exe
c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\catchme.exe
c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\diff.exe
c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\dumphive.exe
c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe
c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\find2.exe
c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\Fport.exe
c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\grep.exe
c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\gzip.exe
c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\KProcCheck.exe
c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\LFiles.exe
c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe
c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\md5sums.exe
c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\pslist.exe
c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\sigcheck.exe
c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\streams.exe
c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\swreg.exe
c:\Documents and Settings\HP_Administrateur\Bureau\DiagHelp\DiagHelp\tar.exe
c:\Documents and Settings\HP_Administrateur\Bureau\Navilog1\Navilog1.exe
c:\Documents and Settings\HP_Administrateur\Bureau\pca\pca.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\catchme.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\dummy.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\cliptext.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\download.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\dummy.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\ERUNT.EXE
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\FixPath.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\grep.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\isadmin.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\LS.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\MD5File.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\moveex.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\Process.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\procs.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\psservice.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\RegDACL.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\regedit.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\RestartIt!.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\sc.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\sed.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\SF.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\shutdown.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\swreg.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\swsc.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\unzip.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\vfind.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\WINMSG.EXE
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\zip.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\Replace\W2K.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\apps\Replace\XP.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\backups\attrib.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\backups\find.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\backups\findstr.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SDFix\backups\regedit.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\dumphive.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\GenericRenosFix.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\HostsChk.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\Process.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\Reboot.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\restart.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\SmiUpdate.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\SrchSTS.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\swreg.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\swsc.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\swxcacls.exe
c:\Documents and Settings\HP_Administrateur\Bureau\SmitfraudFix\unzip.exe
c:\Documents and Settings\HP_Administrateur\Bureau\sreng2\SREngPS.EXE
c:\Documents and Settings\HP_Administrateur\Local Settings\Application Data\Google\Picasa2\update\LifescapeUpdater\setup.exe
c:\Documents and Settings\HP_Administrateur\Local Settings\Temp\Répertoire temporaire 1 pour pca.zip\pca.exe
c:\Documents and Settings\HP_Administrateur\Mes documents\iTunesSetup.exe
c:\Documents and Settings\HP_Administrateur\Mes documents\Norton_Removal_Tool_9x.exe
c:\Documents and Settings\HP_Administrateur\Mes documents\setupfre avast.exe
c:\Documents and Settings\HP_Administrateur\Mes documents\anpe\hijack\HijackThis.exe
c:\Documents and Settings\HP_Administrateur\Mes documents\iview\iview385.exe
c:\Documents and Settings\yves\Application Data\U3\temp\cleanup.exe
c:\Documents and Settings\yves\Application Data\U3\temp\Launchpad Removal.exe
c:\Documents and Settings\yves\Bureau\Install3373.exe
c:\Documents and Settings\yves\Mes documents\eMule0.47c-Installer.exe
c:\Documents and Settings\yves\Mes documents\Install_Messenger.exe
c:\Documents and Settings\yves\Mes documents\Scrabble\SCRABBLE_2005_demo_fr.exe
c:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads\help.dll
c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll
c:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
c:\Documents and Settings\HP_Administrateur\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll
c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

****** Fin du rapport DiagHelp
Veuillez svp envoyer le fichier C:\upload_moi_NOM-FB9B15D2723.tar.gz a l'adresse http://upload.malekal.com

Win32:BHO-KD que faire?

61 réponses

Discussions similaires

Newsletters