Trojan au démarrage de Windows et d'InternetRésolu/Fermé

Question

Bonjour,
Quand je démarre Internet,  un virus entre dans mon système. Toujours le même : Trojan : TR/Pandes.L.2 Localisé : C:/WINDOWS/system32/drivers/smtpdrv.sys .
Mon antivirus Antivir le détecte, le supprime. 
Je suis alors tranquille pour faire ce que bon me semble jusqu'à ce que je redémarre l'ordi puis Internet et là il réapparait...
Quelqu'un aurait-il une idée pour bloquer la porte à ce virus? 
Merci d'avance pour votre aide
Delphine

jlpjlp · Answer

slt,
maintenant que ca remarche
on va essayer:





Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :



Driver :

Kry53

File::

C:/WINDOWS/system32/drivers/smtpdrv.sys
C:\WINDOWS\Kry53.sys
C:\WINDOWS\system32\drivers\Kry53.sys

Registry::


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kry53.sys] 




Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Infodelph · Answer

Contente que tu sois de retour! Voici mes rapports : Rapport ComboFix 08-01-03.3 – Delphine GENTAIS 2008-01-13 18:55:29.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.2.1036.18.374 [GMT -5:00] Running from: C:\Documents and Settings\Delphine GENTAIS\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Delphine GENTAIS\Bureau\CFscript.txt * Created a new restore point FILE C:\WINDOWS\Kry53.sys C:\WINDOWS\system32\drivers\Kry53.sys . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\Kry53.sys C:\WINDOWS\system32\8_exception.nls C:\WINDOWS\system32\drivers\Kry53.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\smtpdrv ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))))))) . 2008-01-10 21:55 . 2008-01-10 21:55 364,887 --a------ C:\Silent Runners.vbs 2008-01-10 21:51 . 2008-01-10 22:25 4,088 --a------ C:\WINDOWS\system32 mp.reg 2008-01-09 13:13 . 2008-01-09 13:16 d-------- C:\Program Files\ZoneAlarm 2008-01-09 09:33 . 2008-01-13 19:04 24,832 --a------ C:\WINDOWS\system32\drivers\Gnu53.sys 2008-01-08 22:30 . 2006-01-16 10:37 d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-01-08 22:30 . 2006-01-16 10:37 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-01-08 22:30 . 2006-01-16 09:42 d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-01-08 22:30 . 2006-01-16 09:49 dr------- C:\Documents and Settings\Administrateur\Mes documents 2008-01-08 22:30 . 2006-01-16 10:37 dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-01-08 22:30 . 2006-01-16 09:49 dr------- C:\Documents and Settings\Administrateur\Favoris 2008-01-08 22:30 . 2006-01-16 10:37 d-------- C:\Documents and Settings\Administrateur\Bureau 2008-01-08 22:30 . 2006-01-17 08:41 d-------- C:\Documents and Settings\Administrateur\Application Data oshiba 2008-01-08 22:30 . 2006-08-18 04:55 d-------- C:\Documents and Settings\Administrateur\Application Data\Intel 2008-01-04 11:49 . 2008-01-04 11:49 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-01-03 22:43 . 2008-01-13 16:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-03 22:43 . 2008-01-03 22:43 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-03 22:42 . 2008-01-03 22:43 d-------- C:\Program Files\iTunes 2008-01-03 22:37 . 2008-01-03 22:37 d-------- C:\Program Files\QuickTime 2008-01-03 17:18 . 2008-01-03 21:53 d-------- C:\Program Files\Navilog1 2008-01-03 15:50 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-03 11:44 . 2008-01-03 11:44 d-------- C:\Program Files\Avira 2008-01-03 11:44 . 2008-01-03 11:44 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-12-30 16:03 . 2008-01-03 00:05 d-------- C:\WINDOWS\BDOSCAN8 2007-12-30 15:42 . 2007-12-30 15:42 d-------- C:\Documents and Settings\Delphine GENTAIS\Application Data\Grisoft 2007-12-30 15:41 . 2007-12-30 15:52 d-------- C:\Program Files\AVG Anti-Spyware 7.5 2007-12-30 15:41 . 2007-12-30 15:41 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-30 15:41 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-12-29 18:25 . 2007-12-29 18:25 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-12-29 18:23 . 2007-12-29 18:23 d-------- C:\Program Files\Yahoo! 2007-12-29 18:23 . 2007-12-29 18:24 d-------- C:\Program Files\CCleaner 2007-12-29 10:50 . 2007-12-29 10:51 d-------- C:\Program Files\Ad-Aware SE Personal 2007-12-29 10:50 . 2007-12-29 10:50 d-------- C:\Documents and Settings\Delphine GENTAIS\Application Data\Lavasoft 2007-12-25 16:42 . 2007-12-25 16:42 d-------- C:\WINDOWS\system32\Profiles 2007-12-25 16:42 . 2007-12-25 16:42 d-------- C:\Program Files\WMVConverter 2007-12-25 16:41 . 2007-12-25 16:41 249,856 --------- C:\WINDOWS\Setup1.exe 2007-12-25 16:41 . 2007-12-25 16:41 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-12-24 18:26 . 2007-12-24 18:26 d-------- C:\EPSONREG 2007-12-24 18:25 . 2007-12-24 18:25 d-------- C:\Program Files\Fichiers communs\ArcSoft 2007-12-24 18:25 . 2007-12-24 18:25 d-------- C:\Documents and Settings\Delphine GENTAIS\Application Data\ArcSoft 2007-12-24 18:25 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL 2007-12-24 18:25 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys 2007-12-24 18:24 . 2007-12-24 18:24 d-------- C:\WINDOWS\system32\PhotoImpression Slideshow 2007-12-24 18:24 . 2007-12-24 18:24 d-------- C:\Program Files\ArcSoft 2007-12-24 18:24 . 2006-10-26 09:34 126,976 --a------ C:\WINDOWS\system32\PhotoImpression Slideshow.scr 2007-12-24 18:23 . 2007-12-24 18:23 d-------- C:\Documents and Settings\All Users\Application Data\EPSON 2007-12-24 18:21 . 2007-12-24 18:25 d-------- C:\Program Files\epson 2007-12-24 18:21 . 2007-12-24 18:21 d-------- C:\Documents and Settings\Delphine GENTAIS\Application Data\InstallShield 2007-12-24 18:20 . 2007-12-24 18:26 79 --a------ C:\WINDOWS\EPSCX7400.ini 2007-12-21 12:40 . 2004-08-05 07:00 29,056 --a------ C:\WINDOWS\system32\drivers\ip6fw.sys 2007-12-14 11:56 . 2007-12-14 11:56 d-------- C:\Documents and Settings\Delphine GENTAIS\Application Data\Viewpoint . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-14 00:03 --------- d-----w C:\Documents and Settings\Delphine GENTAIS\Application Data\Skype 2008-01-12 15:31 --------- d-----w C:\Program Files\eMule48 2008-01-04 03:42 --------- d-----w C:\Program Files\iPod 2008-01-03 16:49 --------- d-----w C:\Program Files\Avast 2007-12-29 23:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-29 14:22 --------- d-----w C:\Program Files\Spybot 2007-12-24 23:24 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-09 22:41 --------- d-----w C:\Documents and Settings\Delphine GENTAIS\Application Data\acccore 2007-12-09 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP 2007-12-09 22:40 --------- d-----w C:\Program Files\AIM6 2007-12-09 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-12-09 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2007-12-09 22:39 --------- d-----w C:\Program Files\Fichiers communs\AOL 2007-12-09 05:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Rosetta Stone DEMO 2007-12-09 05:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2007-12-09 05:21 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared 2007-12-09 05:20 --------- d-----w C:\Program Files\Rosetta Stone 2006-10-11 17:21 447 -c--a-w C:\Program Files\INSTALL.LOG . ((((((((((((((((((((((((((((( snapshot@2008-01-03_16.08.00.00 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-04 03:43:17 102,400 ----a-r C:\WINDOWS\Installer\{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}\iTunesIco.exe - 2006-08-17 12:29:49 728,576 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll + 2007-11-07 09:28:31 728,576 -c----w C:\WINDOWS\system32\dllcache\lsasrv.dll - 2006-04-20 11:51:50 359,808 -c----w C:\WINDOWS\system32\dllcache cpip.sys + 2007-10-30 17:20:55 360,064 -c----w C:\WINDOWS\system32\dllcache cpip.sys - 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers cpip.sys + 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers cpip.sys + 2007-03-09 05:02:58 22,168 ----a-w C:\WINDOWS\system32\imsinstall_loc040c.dll + 2007-03-09 05:02:58 18,072 ----a-w C:\WINDOWS\system32\imslsp_install_loc040c.dll + 2005-05-17 00:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2006-03-20 18:17:24 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2006-03-20 18:17:20 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll + 2007-03-09 05:01:16 796,312 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll - 2006-08-17 12:29:49 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll + 2007-11-07 09:28:31 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll - 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe + 2007-03-09 05:01:24 83,696 ----a-w C:\WINDOWS\system32\vsdata.dll + 2007-03-09 05:02:10 394,192 ----a-w C:\WINDOWS\system32\vsdatant.sys + 2007-03-09 05:01:24 157,424 ----a-w C:\WINDOWS\system32\vsinit.dll + 2007-03-09 05:01:26 104,176 ----a-w C:\WINDOWS\system32\vsmonapi.dll + 2007-03-09 05:01:26 276,208 ----a-w C:\WINDOWS\system32\vspubapi.dll + 2007-03-09 05:01:26 71,408 ----a-w C:\WINDOWS\system32\vsregexp.dll + 2007-03-09 05:01:28 472,816 ----a-w C:\WINDOWS\system32\vsutil.dll + 2007-03-09 05:03:04 54,936 ----a-w C:\WINDOWS\system32\vsutil_loc040c.dll + 2007-03-09 05:01:30 46,832 ----a-w C:\WINDOWS\system32\vswmi.dll + 2007-03-09 05:01:30 100,080 ----a-w C:\WINDOWS\system32\vsxml.dll + 2007-03-09 05:01:30 83,696 ----a-w C:\WINDOWS\system32\zlcomm.dll + 2007-03-09 05:01:32 71,408 ----a-w C:\WINDOWS\system32\zlcommdb.dll - 2007-03-30 03:24:38 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat + 2008-01-09 18:15:54 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat + 2007-03-09 05:01:10 362,280 ----a-w C:\WINDOWS\system32\ZoneLabs\av.dll + 2007-03-09 05:02:56 26,264 ----a-w C:\WINDOWS\system32\ZoneLabs\av_loc040c.dll + 2006-06-30 19:47:36 20,544 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk.dll + 2006-06-30 19:47:36 21,568 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\avcmhk4.dll + 2006-06-30 19:47:38 62,604 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\ids0005c.sys + 2006-06-30 19:47:38 57,804 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\ids000ee.sys + 2006-12-19 23:13:54 77,456 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\ids0015d.sys + 2006-12-19 23:13:54 19,600 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\klcr.sys + 2006-12-19 23:13:54 51,344 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\klfw.sys + 2006-12-19 23:13:54 19,088 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\klstm.sys + 2006-12-19 23:13:50 61,565 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHComm.dll + 2006-12-19 23:13:50 114,813 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHrule.dll + 2006-12-19 23:13:50 307,323 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\CKAHUM.dll + 2006-11-30 03:02:26 36,923 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\FSSync.dll + 2006-09-20 04:12:14 208,960 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\inv.dll + 2007-01-11 22:31:04 274,514 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kave.dll + 2006-12-19 23:13:52 12,288 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\kl1.sys + 2006-11-30 03:02:26 174,864 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\klif.sys + 2006-12-19 23:13:52 1,093,632 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\libeay32.dll + 2006-12-19 23:13:52 69,785 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\Monitor.exe + 2006-11-30 03:02:26 184,445 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\prloader.dll + 2006-12-19 23:13:52 94,313 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe + 2006-12-19 23:13:52 200,704 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\ssleay32.dll + 2007-03-09 05:01:10 100,080 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll + 2007-03-09 05:02:56 18,072 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd_loc040c.dll + 2004-01-30 17:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll + 2007-03-09 05:01:14 128,744 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll + 2007-03-09 05:01:14 38,640 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll + 2007-03-09 05:01:14 321,280 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure.dll + 2007-03-09 05:02:58 26,264 ----a-w C:\WINDOWS\system32\ZoneLabs\imsecure_loc040c.dll + 2007-03-09 05:02:56 288,408 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\ConfigWizard_loc040c.zip.dll + 2007-03-09 05:03:00 153,240 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\LicenseUI_loc040c.zip.dll + 2007-03-09 05:02:14 26,264 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll + 2007-03-09 05:02:14 1,361,560 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll + 2007-03-09 05:02:14 71,320 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zui.zip.dll + 2007-03-09 05:04:42 30,448 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins pc_server pc_server.dll + 2007-03-09 05:04:44 30,480 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\vsmon_plugin.dll + 2007-01-18 10:39:16 714,472 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll + 2007-01-18 10:39:16 677,608 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll + 2007-03-09 05:01:20 173,808 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll + 2007-03-09 05:03:02 18,072 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler_loc040c.dll + 2007-01-11 16:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat + 2007-01-18 10:39:18 1,369,832 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll + 2007-01-18 10:39:20 50,416 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys + 2007-03-09 05:01:20 456,432 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll + 2007-03-09 05:04:44 210,696 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker\httpblocker.dll + 2007-03-09 05:04:46 3,229,440 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp.dll + 2007-03-09 05:03:00 26,264 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\imslsp\imslsp_loc040c.dll + 2006-09-05 01:59:14 503,875 ----a-w C:\WINDOWS\system32\ZoneLabs\upd_core.dll + 2008-01-09 18:46:11 833,248 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll + 2007-03-09 05:01:58 141,104 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe + 2007-03-09 05:03:02 75,416 ----a-w C:\WINDOWS\system32\ZoneLabs\updClient_loc040c.dll + 2007-01-11 22:31:06 286,787 ----a-w C:\WINDOWS\system32\ZoneLabs\updtrsdk.dll + 2007-03-09 05:01:24 108,272 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll + 2007-03-09 05:01:24 79,600 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll + 2007-03-09 05:03:02 18,072 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb_loc040c.dll + 2007-03-09 05:01:58 75,568 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe + 2007-03-09 05:03:04 46,744 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon_loc040c.dll + 2007-03-09 05:01:26 2,025,200 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll + 2007-03-09 05:01:28 1,345,264 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll + 2007-03-09 05:03:04 198,296 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb_loc040c.dll + 2007-03-09 05:01:28 243,440 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll + 2007-03-09 05:03:04 18,072 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault_loc040c.dll + 2007-01-11 16:12:08 2,432,259 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat + 2007-03-09 05:01:32 177,904 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll + 2007-03-09 05:01:32 79,608 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll + 2007-03-09 05:03:08 18,072 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine_loc040c.dll + 2007-03-09 05:01:34 378,608 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll + 2007-03-09 05:03:08 22,168 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre_loc040c.dll + 2007-03-09 05:01:34 120,560 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll + 2007-03-09 05:01:42 1,087,216 ----a-w C:\WINDOWS\system32\zpeng24.dll + 2007-03-09 05:02:00 75,512 ----a-w C:\WINDOWS\zllsputility.exe + 2007-03-09 05:03:06 42,648 ----a-w C:\WINDOWS\zllsputility_loc040c.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00 15360] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD oscdspd.exe" [2005-04-11 16:08 65536] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2006-10-31 14:06 204843] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 17:20 20058152] "NBJ"="C:\Program Files\Nero\Nero BackItUp\NBJ.exe" [2005-07-14 15:35 1961984] "WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [ ] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-14 04:22 68856] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20 50528] "EPSON Stylus CX7400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.exe" [2007-02-15 06:00 179200] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 02:49 15691264 C:\WINDOWS\RTHDCPL.exe] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-14 17:29 88203 C:\WINDOWS\agrsmmsg.exe] "NDSTray.exe"="NDSTray.exe" [] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20 122940] "SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 09:24 118784] "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 12:25 73728] "THotkey"="C:\Program Files\Toshiba\Toshiba Applet hotkey.exe" [2006-01-05 14:02 352256] "TFncKy"="TFncKy.exe" [] "TDispVol"="TDispVol.exe" [2005-09-15 14:19 73728 C:\WINDOWS\system32\TDispVol.exe] "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-17 14:37 184320] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41 602182] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 00:55 98304] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 00:52 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 00:55 118784] "TPSMain"="TPSMain.exe" [2005-08-03 15:09 266240 C:\WINDOWS\system32\TPSMain.exe] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2006-09-12 22:26 180269] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912] "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 14:54 241664] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 05:50 155648] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-03 11:46 249896] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048] "ZoneAlarm Client"="C:\Program Files\ZoneAlarm\zlclient.exe" [2007-03-09 00:02 919280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 07:00 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gnu53.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kry53.sys] @="Driver" R0 Gnu53;Gnu53;C:\WINDOWS\system32\Drivers\Gnu53.sys [2008-01-13 19:04] R0 Kry53;Kry53;C:\WINDOWS\system32\Drivers\Kry53.sys [] R3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys [2003-06-10 20:00] S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS osrfec.sys [2005-09-09 14:47] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b6c4f4c-03bb-11dc-93a9-0013025de766}] \Shell\AutoRun\command - E:\JDSecure\Windows\JDSecure31.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2dc619e5-48bc-11dc-9447-0013025de766}] \Shell\AutoRun\command - F:\RavMon.exe \Shell\explore\Command - F:\RavMon.exe -e \Shell\open\Command - F:\RavMon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2dc619e6-48bc-11dc-9447-0013025de766}] \Shell\AutoRun\command - RavMon.exe \Shell\explore\Command - RavMon.exe -e \Shell\open\Command - RavMon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33f512e5-afcf-11dc-953d-0013025de766}] \shell\Setup\command - E:\setup.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-01-11 23:10:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-01-11 20:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job" - C:\Program Files\Spybot\SpybotSD.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-13 19:06:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-13 19:14:32 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-14 00:14:27 ComboFix2.txt 2008-01-04 16:33:11 ComboFix3.txt 2008-01-03 21:08:19 . 2008-01-09 03:06:52 --- E O F --- Rapport HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:23:12, on 13/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\ProShowGold\ScsiAccess.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Program Files\Toshiba\Toshiba Applet hotkey.exe C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe C:\Program Files\ltmoh\Ltmoh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\TPSMain.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD oscdspd.exe C:\Program Files\Skype\Phone\Skype.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet hotkey.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD oscdspd.exe O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Nero\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE /FU "C:\WINDOWS\TEMP\E_S2BE.tmp" /EF "HKCU" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin pjpi150_04.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin pjpi150_04.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\ProShowGold\ScsiAccess.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

jlpjlp · Answer

lance hijackthis et fix ces lignes: (fix cheked)

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

______________________

mets a jour java: DEMARRER puis PANNEAU de CONFIG puis  JAVA puis MISE A JOUR

______________________

encore des problemes?

Infodelph · Answer

Le virus est toujours présent au démarrage...

poiseman · Answer

https://www.sosordi.net/questions/162536/wrm-win-32-agent-lnk ici ils sont eu le meme probleme et il l'on résolue :) , demande de l'aide la ba ;)

oups jé posté sur lancien topic enfin la c bon :)

Infodelph · Answer

C'est effectivement le même problème! Je ne suis donc pas la seule c'est rassurant...
Malheureusement je ne suis pas capable d'adapter les réponses pour moi... Est ce que je dois suivre exactement toutes les étapes ? je ne veux pas faire de bêtise... J'imagine que les réponses fournies à l'autre personne sont spécifiques à son ordi... non?

poiseman · Answer

en effet sa reste semblable dan l'ensemble mais il y a des modif précise a faire , il faut donc que tu lui demande de l'aide a lui ^^ ( perso j'avai le meme souci sur le pc d'un ami, jé essayer de bidouiller sa fonctionne a moitié ..:s , donc demande son aide )

jlpjlp · Answer

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau. 
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe 
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici : 
• Redémarre ton ordinateur 
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde). 
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître. 
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée". 
• Choisis ton compte. 
Déroule la liste des instructions ci-dessous : 
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script. 
• Appuie sur Y pour commencer le processus de nettoyage. 
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer. 
• Appuie sur une touche pour redémarrer le PC. 
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers. 
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished. 
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau. 
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt. 
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

_____________________


Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :



Driver :

Kry53
Gnu53

File::

C:\WINDOWS\system32\Drivers\Gnu53.sys
C:/WINDOWS/system32/drivers/smtpdrv.sys
C:\WINDOWS\Kry53.sys
C:\WINDOWS\system32\drivers\Kry53.sys

Registry::

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gnu53.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kry53.sys]




Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


__________________________


Colle le rapport :
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

&#61623;  Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean 
&#61623;  Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec 
&#61623;  Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
Manuel de clean :
http://kerio.probb.fr/tuto-Clean-h37.html
https://kerio.probb.fr/

Infodelph · Answer

Premier élément de réponse : 
Rapport SDFix

SDFix: Version 1.126

Run by Delphine GENTAIS on 14/01/2008 at 15:17

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\DELPHI~1\Bureau\SDFix

Safe Mode:
Checking Services: 

Name:
smtpdrv

Path:
System32\DRIVERS\smtpdrv.sys 

smtpdrv - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

Trojan Files Found:



Could Not Remove C:\autorun.inf 


Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 15:29:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000009d
"TracesSuccessful"=dword:00000008

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 30


Remaining Services:
------------------

smtpdrv


Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------
C:\autorun.inf  Found

File Backups: - C:\DOCUME~1\DELPHI~1\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 11 Mar 2007         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 25 Dec 2006             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sun  5 Mar 2006        34,816 A..H. --- "C:\Documents and Settings\Delphine GENTAIS\Mes documents\Candidature\~WRL3672.tmp"

Finished!

jlpjlp · Answer

ok

Infodelph · Answer

Suite des rapports. Je fais maintenant Clean. Rapport Combo Fix ComboFix 08-01-15.1 - Delphine GENTAIS 2008-01-14 15:59:40.4 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.2.1036.18.464 [GMT -5:00] Running from: C:\Documents and Settings\Delphine GENTAIS\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Delphine GENTAIS\Bureau\CFscript.txt * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE C:\WINDOWS\Kry53.sys C:\WINDOWS\system32\Drivers\Gnu53.sys C:\WINDOWS\system32\drivers\Kry53.sys . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\Drivers\Gnu53.sys . . . . Echec de suppression . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\smtpdrv ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))))))) . 2008-01-14 15:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-14 15:14 . 2008-01-14 15:15 d-------- C:\WINDOWS\ERUNT 2008-01-14 10:45 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-01-10 21:55 . 2008-01-10 21:55 364,887 --a------ C:\Silent Runners.vbs 2008-01-10 21:51 . 2008-01-10 22:25 4,088 --a------ C:\WINDOWS\system32 mp.reg 2008-01-09 13:13 . 2008-01-09 13:16 d-------- C:\Program Files\ZoneAlarm 2008-01-09 09:33 . 2008-01-15 16:08 24,832 --a------ C:\WINDOWS\system32\drivers\Gnu53.sys 2008-01-08 22:30 . 2006-01-16 10:37 d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-01-08 22:30 . 2006-01-16 10:37 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-01-08 22:30 . 2006-01-16 09:42 d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-01-08 22:30 . 2006-01-16 09:49 dr------- C:\Documents and Settings\Administrateur\Mes documents 2008-01-08 22:30 . 2006-01-16 10:37 dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-01-08 22:30 . 2006-01-16 09:49 dr------- C:\Documents and Settings\Administrateur\Favoris 2008-01-08 22:30 . 2006-01-16 10:37 d-------- C:\Documents and Settings\Administrateur\Bureau 2008-01-08 22:30 . 2006-01-17 08:41 d-------- C:\Documents and Settings\Administrateur\Application Data oshiba 2008-01-08 22:30 . 2006-08-18 04:55 d-------- C:\Documents and Settings\Administrateur\Application Data\Intel 2008-01-04 11:49 . 2008-01-04 11:49 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-01-03 22:42 . 2008-01-03 22:43 d-------- C:\Program Files\iTunes 2008-01-03 22:37 . 2008-01-03 22:37 d-------- C:\Program Files\QuickTime 2008-01-03 17:18 . 2008-01-03 21:53 d-------- C:\Program Files\Navilog1 2008-01-03 11:44 . 2008-01-03 11:44 d-------- C:\Program Files\Avira 2008-01-03 11:44 . 2008-01-03 11:44 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-12-30 16:03 . 2008-01-03 00:05 d-------- C:\WINDOWS\BDOSCAN8 2007-12-30 15:42 . 2007-12-30 15:42 d-------- C:\Documents and Settings\Delphine GENTAIS\Application Data\Grisoft 2007-12-30 15:41 . 2007-12-30 15:52 d-------- C:\Program Files\AVG Anti-Spyware 7.5 2007-12-30 15:41 . 2007-12-30 15:41 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-30 15:41 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-12-29 18:25 . 2007-12-29 18:25 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-12-29 18:23 . 2007-12-29 18:23 d-------- C:\Program Files\Yahoo! 2007-12-29 18:23 . 2007-12-29 18:24 d-------- C:\Program Files\CCleaner 2007-12-29 10:50 . 2007-12-29 10:51 d-------- C:\Program Files\Ad-Aware SE Personal 2007-12-29 10:50 . 2007-12-29 10:50 d-------- C:\Documents and Settings\Delphine GENTAIS\Application Data\Lavasoft 2007-12-25 16:42 . 2007-12-25 16:42 d-------- C:\WINDOWS\system32\Profiles 2007-12-25 16:42 . 2007-12-25 16:42 d-------- C:\Program Files\WMVConverter 2007-12-25 16:41 . 2007-12-25 16:41 249,856 --------- C:\WINDOWS\Setup1.exe 2007-12-25 16:41 . 2007-12-25 16:41 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-12-24 18:26 . 2007-12-24 18:26 d-------- C:\EPSONREG 2007-12-24 18:25 . 2007-12-24 18:25 d-------- C:\Program Files\Fichiers communs\ArcSoft 2007-12-24 18:25 . 2007-12-24 18:25 d-------- C:\Documents and Settings\Delphine GENTAIS\Application Data\ArcSoft 2007-12-24 18:25 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL 2007-12-24 18:25 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys 2007-12-24 18:24 . 2007-12-24 18:24 d-------- C:\WINDOWS\system32\PhotoImpression Slideshow 2007-12-24 18:24 . 2007-12-24 18:24 d-------- C:\Program Files\ArcSoft 2007-12-24 18:24 . 2006-10-26 09:34 126,976 --a------ C:\WINDOWS\system32\PhotoImpression Slideshow.scr 2007-12-24 18:23 . 2007-12-24 18:23 d-------- C:\Documents and Settings\All Users\Application Data\EPSON 2007-12-24 18:21 . 2007-12-24 18:25 d-------- C:\Program Files\epson 2007-12-24 18:21 . 2007-12-24 18:21 d-------- C:\Documents and Settings\Delphine GENTAIS\Application Data\InstallShield 2007-12-24 18:20 . 2007-12-24 18:26 79 --a------ C:\WINDOWS\EPSCX7400.ini 2007-12-21 12:40 . 2004-08-05 07:00 29,056 --a------ C:\WINDOWS\system32\drivers\ip6fw.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-14 20:51 --------- d-----w C:\Documents and Settings\Delphine GENTAIS\Application Data\Skype 2008-01-14 17:31 --------- d-----w C:\Program Files\eMule48 2008-01-14 15:45 --------- d-----w C:\Program Files\Java 2008-01-04 03:42 --------- d-----w C:\Program Files\iPod 2008-01-03 16:49 --------- d-----w C:\Program Files\Avast 2007-12-29 23:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2007-12-29 14:22 --------- d-----w C:\Program Files\Spybot 2007-12-24 23:24 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-14 16:56 --------- d-----w C:\Documents and Settings\Delphine GENTAIS\Application Data\Viewpoint 2007-12-09 22:41 --------- d-----w C:\Documents and Settings\Delphine GENTAIS\Application Data\acccore 2007-12-09 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP 2007-12-09 22:40 --------- d-----w C:\Program Files\AIM6 2007-12-09 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-12-09 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2007-12-09 22:39 --------- d-----w C:\Program Files\Fichiers communs\AOL 2007-12-09 05:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Rosetta Stone DEMO 2007-12-09 05:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2007-12-09 05:21 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared 2007-12-09 05:20 --------- d-----w C:\Program Files\Rosetta Stone 2006-10-11 17:21 447 -c--a-w C:\Program Files\INSTALL.LOG . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00 15360] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD oscdspd.exe" [2005-04-11 16:08 65536] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2006-10-31 14:06 204843] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 17:20 20058152] "NBJ"="C:\Program Files\Nero\Nero BackItUp\NBJ.exe" [2005-07-14 15:35 1961984] "WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [ ] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-14 04:22 68856] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-10-04 10:20 50528] "EPSON Stylus CX7400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.exe" [2007-02-15 06:00 179200] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2005-12-09 02:49 15691264 C:\WINDOWS\RTHDCPL.exe] "AGRSMMSG"="AGRSMMSG.exe" [2005-10-14 17:29 88203 C:\WINDOWS\agrsmmsg.exe] "NDSTray.exe"="NDSTray.exe" [] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20 122940] "SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 09:24 118784] "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 12:25 73728] "THotkey"="C:\Program Files\Toshiba\Toshiba Applet hotkey.exe" [2006-01-05 14:02 352256] "TFncKy"="TFncKy.exe" [] "TDispVol"="TDispVol.exe" [2005-09-15 14:19 73728 C:\WINDOWS\system32\TDispVol.exe] "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-17 14:37 184320] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41 602182] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 00:55 98304] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 00:52 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 00:55 118784] "TPSMain"="TPSMain.exe" [2005-08-03 15:09 266240 C:\WINDOWS\system32\TPSMain.exe] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2006-09-12 22:26 180269] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 05:50 155648] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-03 11:46 249896] "ZoneAlarm Client"="C:\Program Files\ZoneAlarm\zlclient.exe" [2007-03-09 00:02 919280] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 07:00 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gnu53.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kry53.sys] @="Driver" R0 Gnu53;Gnu53;C:\WINDOWS\system32\Drivers\Gnu53.sys [2008-01-15 16:08] S0 Kry53;Kry53;C:\WINDOWS\system32\Drivers\Kry53.sys [] S2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [] S3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys [2003-06-10 20:00] S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS osrfec.sys [2005-09-09 14:47] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b6c4f4c-03bb-11dc-93a9-0013025de766}] \Shell\AutoRun\command - E:\JDSecure\Windows\JDSecure31.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2dc619e5-48bc-11dc-9447-0013025de766}] \Shell\AutoRun\command - F:\RavMon.exe \Shell\explore\Command - F:\RavMon.exe -e \Shell\open\Command - F:\RavMon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2dc619e6-48bc-11dc-9447-0013025de766}] \Shell\AutoRun\command - RavMon.exe \Shell\explore\Command - RavMon.exe -e \Shell\open\Command - RavMon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33f512e5-afcf-11dc-953d-0013025de766}] \shell\Setup\command - E:\setup.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-01-11 23:10:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-01-11 20:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job" - C:\Program Files\Spybot\SpybotSD.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-15 16:10:27 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-01-15 16:18:15 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-15 21:18:10 ComboFix2.txt 2008-01-14 00:14:32 . 2008-01-09 03:06:52 --- E O F --- HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:20:21, on 15/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\ProShowGold\ScsiAccess.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\AGRSMMSG.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Program Files\Toshiba\Toshiba Applet hotkey.exe C:\Program Files\TOSHIBA\Commandes TOSHIBA\TFncKy.exe C:\Program Files\ltmoh\Ltmoh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD oscdspd.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\AIM6\aim6.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet hotkey.exe O4 - HKLM\..\Run: [TFncKy] TFncKy.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD oscdspd.exe O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Nero\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE /FU "C:\WINDOWS\TEMP\E_S2BE.tmp" /EF "HKCU" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\ProShowGold\ScsiAccess.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

jlpjlp · Answer

Colle le rapport :
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

&#61623; Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
&#61623; Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
&#61623; Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
Manuel de clean :
http://kerio.probb.fr/tuto-Clean-h37.html
https://kerio.probb.fr/

_____________________

encore des problemes???

Infodelph · Answer

Oui le virus est encore là... :-((

jlpjlp · Answer

vire ce qui est en quarantaine dans antivir , spybot, avg antispyware

_____________

refais sdfix
_____________

telechagre sur ton ordi , a squared free, avg antispyware et bitdefender free , mets les a jour puis redemarre en mode sans echec et scan avec chacun


a squared free: (a faire en mode sans echec)

https://www.01net.com/telecharger/

________________

refais avg antispyware en mode sans echec aussi
_________________
telecharge bitdefender free, mets le a jour puis redemarre et scan avec en mode sans echec aussi

https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/29063.html


________________

ensuite redemarre en mode normal

et dis si encore present

Infodelph · Answer

C'est déprimant.. Après 5h à faire toutes les analyses, le virus est toujours présent...
Je n'ai pas pu faire Bitdefender en mode sans échec. Le l'ai donc fait en mode normal.
A+...

jlpjlp · Answer

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :



Driver : 

smtpdrv 
Kry53
Gnu53

File::

C:/WINDOWS/Temp/1475000.exe
C:/WINDOWS/system32/drivers/smtpdrv.sys 
C:\WINDOWS\system32\Drivers\Gnu53.sys
C:\WINDOWS\Kry53.sys
C:\WINDOWS\system32\drivers\Kry53.sys

Registry::

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gnu53.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kry53.sys]




Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


______________________

tu avais fais elibaga?

Infodelph · Answer

Bonjour...
C'est desepérant... J'ai fait toutes les analyses, passé 5h dessus... Le virus n'appaît plus avec AntiVir mais  grande nouveauté : une fenêtre "arrêt du sytème" Apparaît et veut redémarrer mon système dans la minute... J'ai changé la date de l'ordi donc je gagne du temps... Mais comment me débarasser de ce nouveau problème?... 
De plus au démarrage une fenêtre d'erreur apparaît :" Generic Host Process for Win32 Services a rencontré un problème et doit fermer "...
Je n’ai pas pu faire BitDefender en mode sans echec, je l’ai donc excecuté en mode normal.
C'est déprimant... Mais au moins je me sens soutenue par votre aide...

Infodelph · Answer

ComboFix 08-01-15.1 - Delphine GENTAIS 2008-01-14 23:15:07.5 - NTFSx86 Running from: C:\Documents and Settings\Delphine GENTAIS\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Delphine GENTAIS\Bureau\CFscript.txt [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] FILE C:\WINDOWS\Kry53.sys C:\WINDOWS\system32\Drivers\Gnu53.sys C:\WINDOWS\system32\drivers\Kry53.sys . [color=purple]The following files were disabled during the run:[/color] C:\WINDOWS\system32\sockspy.dll (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\Drivers\Gnu53.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\smtpdrv ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-15 to 2008-01-15 )))))))))))))))))))))))))))))))))))) . 2008-01-16 10:52 . 2008-01-16 10:52 d-------- C:\Documents and Settings\Delphine GENTAIS\Application Data\Bitdefender 2008-01-16 10:51 . 2008-01-15 16:20 81,984 --a------ C:\WINDOWS\system32\bdod.bin 2008-01-16 10:46 . 2008-01-16 10:46 d-------- C:\Documents and Settings\All Users\Application Data\BitDefender 2008-01-16 10:42 . 2008-01-16 13:17 d-------- C:\Program Files\a-squared Free 2008-01-15 17:57 . 2008-01-15 17:57 16,162,414 --a------ C:\upload_moi_NOM-38AB163A8B7.tar.gz 2008-01-14 15:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-14 15:14 . 2008-01-14 15:15 d-------- C:\WINDOWS\ERUNT 2008-01-14 10:45 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-01-10 21:55 . 2008-01-10 21:55 364,887 --a------ C:\Silent Runners.vbs 2008-01-10 21:51 . 2008-01-10 22:25 4,088 --a------ C:\WINDOWS\system32\tmp.reg 2008-01-09 13:13 . 2008-01-09 13:16 d-------- C:\Program Files\ZoneAlarm 2008-01-08 22:30 . 2006-01-16 10:37 d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-01-08 22:30 . 2006-01-16 10:37 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-01-08 22:30 . 2006-01-16 09:42 d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-01-08 22:30 . 2006-01-16 09:49 dr------- C:\Documents and Settings\Administrateur\Mes documents 2008-01-08 22:30 . 2006-01-16 10:37 dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-01-08 22:30 . 2006-01-16 09:49 dr------- C:\Documents and Settings\Administrateur\Favoris 2008-01-08 22:30 . 2006-01-16 10:37 d-------- C:\Documents and Settings\Administrateur\Bureau 2008-01-08 22:30 . 2006-01-17 08:41 d-------- C:\Documents and Settings\Administrateur\Application Data\toshiba 2008-01-08 22:30 . 2006-08-18 04:55 d-------- C:\Documents and Settings\Administrateur\Application Data\Intel 2008-01-04 11:49 . 2008-01-04 11:49 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-01-03 22:42 . 2008-01-03 22:43 d-------- C:\Program Files\iTunes 2008-01-03 22:37 . 2008-01-03 22:37 d-------- C:\Program Files\QuickTime 2008-01-03 17:18 . 2008-01-03 21:53 d-------- C:\Program Files\Navilog1 2008-01-03 11:44 . 2008-01-03 11:44 d-------- C:\Program Files\Avira 2008-01-03 11:44 . 2008-01-03 11:44 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2007-12-30 16:03 . 2008-01-03 00:05 d-------- C:\WINDOWS\BDOSCAN8 2007-12-30 15:42 . 2007-12-30 15:42 d-------- C:\Documents and Settings\Delphine GENTAIS\Application Data\Grisoft 2007-12-30 15:41 . 2008-01-16 13:24 d-------- C:\Program Files\AVG Anti-Spyware 7.5 2007-12-30 15:41 . 2007-12-30 15:41 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2007-12-30 15:41 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-12-29 18:25 . 2007-12-29 18:25 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-12-29 18:23 . 2007-12-29 18:23 d-------- C:\Program Files\Yahoo! 2007-12-29 18:23 . 2007-12-29 18:24 d-------- C:\Program Files\CCleaner 2007-12-29 10:50 . 2008-01-16 10:44 d-------- C:\Documents and Settings\Delphine GENTAIS\Application Data\Lavasoft 2007-12-25 16:42 . 2007-12-25 16:42 d-------- C:\WINDOWS\system32\Profiles 2007-12-25 16:42 . 2007-12-25 16:42 d-------- C:\Program Files\WMVConverter 2007-12-25 16:41 . 2007-12-25 16:41 249,856 --------- C:\WINDOWS\Setup1.exe 2007-12-25 16:41 . 2007-12-25 16:41 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2007-12-24 18:26 . 2007-12-24 18:26 d-------- C:\EPSONREG 2007-12-24 18:25 . 2007-12-24 18:25 d-------- C:\Program Files\Fichiers communs\ArcSoft 2007-12-24 18:25 . 2007-12-24 18:25 d-------- C:\Documents and Settings\Delphine GENTAIS\Application Data\ArcSoft 2007-12-24 18:25 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL 2007-12-24 18:25 . 2005-02-23 14:58 11,776 --a------ C:\WINDOWS\system32\drivers\afc.sys 2007-12-24 18:24 . 2007-12-24 18:24 d-------- C:\WINDOWS\system32\PhotoImpression Slideshow 2007-12-24 18:24 . 2007-12-24 18:24 d-------- C:\Program Files\ArcSoft 2007-12-24 18:24 . 2006-10-26 09:34 126,976 --a------ C:\WINDOWS\system32\PhotoImpression Slideshow.scr 2007-12-24 18:23 . 2007-12-24 18:23 d-------- C:\Documents and Settings\All Users\Application Data\EPSON 2007-12-24 18:21 . 2007-12-24 18:25 d-------- C:\Program Files\epson 2007-12-24 18:21 . 2007-12-24 18:21 d-------- C:\Documents and Settings\Delphine GENTAIS\Application Data\InstallShield 2007-12-24 18:20 . 2007-12-24 18:26 79 --a------ C:\WINDOWS\EPSCX7400.ini 2007-12-21 12:40 . 2004-08-05 07:00 29,056 --a------ C:\WINDOWS\system32\drivers\ip6fw.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-16 15:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-15 04:22 --------- d-----w C:\Documents and Settings\Delphine GENTAIS\Application Data\Skype 2008-01-14 17:31 --------- d-----w C:\Program Files\eMule48 2008-01-14 15:45 --------- d-----w C:\Program Files\Java 2008-01-04 03:42 --------- d-----w C:\Program Files\iPod 2008-01-03 16:49 --------- d-----w C:\Program Files\Avast 2007-12-29 14:22 --------- d-----w C:\Program Files\Spybot 2007-12-24 23:24 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-14 16:56 --------- d-----w C:\Documents and Settings\Delphine GENTAIS\Application Data\Viewpoint 2007-12-09 22:41 --------- d-----w C:\Documents and Settings\Delphine GENTAIS\Application Data\acccore 2007-12-09 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP 2007-12-09 22:40 --------- d-----w C:\Program Files\AIM6 2007-12-09 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint 2007-12-09 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2007-12-09 22:39 --------- d-----w C:\Program Files\Fichiers communs\AOL 2007-12-09 05:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Rosetta Stone DEMO 2007-12-09 05:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2007-12-09 05:21 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared 2007-12-09 05:20 --------- d-----w C:\Program Files\Rosetta Stone 2006-10-11 17:21 447 -c--a-w C:\Program Files\INSTALL.LOG . ((((((((((((((((((((((((((((( snapshot@2008-01-15_16.17.50.89 ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-14 20:59:04 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-01-15 04:14:20 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT - 2008-01-14 20:59:04 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat + 2008-01-15 04:14:20 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat - 2008-01-14 20:59:04 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT + 2008-01-15 04:14:20 1,417,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT - 2008-01-14 20:59:04 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat + 2008-01-15 04:14:20 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat - 2008-01-14 20:59:04 10,866,688 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT + 2008-01-15 04:14:20 10,866,688 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT - 2008-01-14 20:59:05 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat + 2008-01-15 04:14:21 147,456 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat - 2008-01-14 20:15:45 10,866,688 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-01-16 16:17:54 10,866,688 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT - 2008-01-14 20:15:45 147,456 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2008-01-16 16:17:54 147,456 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat + 2008-01-16 15:46:53 61,440 ----a-r C:\WINDOWS\Installer\{BDF62CC9-FE60-4F9D-8194-8EB7E6E1412D}\helpicon.exe + 2008-01-16 15:46:53 32,768 ----a-r C:\WINDOWS\Installer\{BDF62CC9-FE60-4F9D-8194-8EB7E6E1412D}\maintenance_icon.exe + 2008-01-16 15:46:53 22,486 ----a-r C:\WINDOWS\Installer\{BDF62CC9-FE60-4F9D-8194-8EB7E6E1412D}\register_icon.exe + 2008-01-16 15:46:53 57,344 ----a-r C:\WINDOWS\Installer\{BDF62CC9-FE60-4F9D-8194-8EB7E6E1412D}\texticon.exe - 2004-08-05 12:00:00 112,128 ----a-w C:\WINDOWS\system32\mapi32.dll + 2004-03-31 18:28:00 131,072 ----a-w C:\WINDOWS\system32\mapi32.dll - 2002-01-05 09:48:16 974,848 -c--a-w C:\WINDOWS\system32\mfc70.dll + 2002-01-05 08:48:16 974,848 ----a-w C:\WINDOWS\system32\mfc70.dll - 2002-01-05 09:36:38 964,608 -c--a-w C:\WINDOWS\system32\mfc70u.dll + 2002-01-05 08:36:38 964,608 ----a-w C:\WINDOWS\system32\mfc70u.dll - 2003-03-18 08:00:00 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll + 2003-03-19 02:20:00 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll - 2003-03-18 08:00:00 1,047,552 -c--a-w C:\WINDOWS\system32\mfc71u.dll + 2003-03-19 02:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll + 2002-01-05 08:38:38 54,784 ----a-w C:\WINDOWS\system32\msvci70.dll - 2003-03-19 03:14:52 499,712 ----a-r C:\WINDOWS\system32\msvcp71.dll + 2003-03-19 01:14:52 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll - 2002-01-05 08:37:28 344,064 -c--a-w C:\WINDOWS\system32\msvcr70.dll + 2002-01-05 07:37:28 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll + 2006-08-22 21:08:52 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll + 2007-01-31 19:50:32 913,408 ----a-w C:\WINDOWS\system32\xreglib.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00 15360] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 16:08 65536] "IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2006-10-31 14:06 204843] "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 17:20 20058152] "NBJ"="C:\Program Files\Nero\Nero BackItUp\NBJ.exe" [2005-07-14 15:35 1961984] "WOOKIT"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [ ] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-14 04:22 68856] "Aim6"="" [] "EPSON Stylus CX7400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.exe" [2007-02-15 06:00 179200] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-10-06 05:20 122940] "SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 09:24 118784] "Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [2005-11-30 12:25 73728] "THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2006-01-05 14:02 352256] "TDispVol"="TDispVol.exe" [2005-09-15 14:19 73728 C:\WINDOWS\system32\TDispVol.exe] "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2004-08-17 14:37 184320] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 11:37 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 10:41 602182] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 00:55 98304] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 00:52 77824] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 00:55 118784] "TPSMain"="TPSMain.exe" [2005-08-03 15:09 266240 C:\WINDOWS\system32\TPSMain.exe] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-09-12 22:26 180269] "BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 05:50 155648] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-03 11:46 249896] "ZoneAlarm Client"="C:\Program Files\ZoneAlarm\zlclient.exe" [2007-03-09 00:02 919280] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720] "BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48 290816] "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632] "!AVG Anti-Spyware"="C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 07:00 15360] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gnu53.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Kry53.sys] @="Driver" R0 Gnu53;Gnu53;C:\WINDOWS\system32\Drivers\Gnu53.sys [] S0 Kry53;Kry53;C:\WINDOWS\system32\Drivers\Kry53.sys [] S2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [] S3 P1130VID;Creative WebCam NX Pro;C:\WINDOWS\system32\DRIVERS\P1130Vid.sys [2003-06-10 20:00] S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys [2005-09-09 14:47] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b6c4f4c-03bb-11dc-93a9-0013025de766}] \Shell\AutoRun\command - E:\JDSecure\Windows\JDSecure31.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2dc619e5-48bc-11dc-9447-0013025de766}] \Shell\AutoRun\command - F:\RavMon.exe \Shell\explore\Command - F:\RavMon.exe -e \Shell\open\Command - F:\RavMon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2dc619e6-48bc-11dc-9447-0013025de766}] \Shell\AutoRun\command - RavMon.exe \Shell\explore\Command - RavMon.exe -e \Shell\open\Command - RavMon.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33f512e5-afcf-11dc-953d-0013025de766}] \shell\Setup\command - E:\setup.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-01-11 23:10:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-01-11 20:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job" - C:\Program Files\Spybot\SpybotSD.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-14 23:25:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32\sockspy.dll PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180] -> C:\WINDOWS\system32\sockspy.dll PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156] -> C:\WINDOWS\system32\sockspy.dll . Completion time: 2008-01-14 23:32:55 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-15 04:32:48 ComboFix2.txt 2008-01-15 21:18:15 ComboFix3.txt 2008-01-14 00:14:32 . 2008-01-09 03:06:52 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:33:49, on 14/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\ProShowGold\ScsiAccess.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe C:\Program Files\TOSHIBA\Tvs\TvsTray.exe C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe C:\Program Files\ltmoh\Ltmoh.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\TPSMain.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\BroadJump\Client Foundation\CFD.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\ZoneAlarm\zlclient.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\Softwin\BitDefender10\bdmcon.exe C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe O4 - HKLM\..\Run: [TDispVol] TDispVol.exe O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Nero\Nero BackItUp\NBJ.exe" O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe GestionnaireInternet.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [EPSON Stylus CX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE /FU "C:\WINDOWS\TEMP\E_S2BE.tmp" /EF "HKCU" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\ProShowGold\ScsiAccess.exe O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

jlpjlp · Answer

ah enfin!
ce fichier n'vait pas été supprimé! maintenant c'est fait 
C:\WINDOWS\system32\Drivers\Gnu53.sys

_____________

desactive le tea timer de spybot

____________





pour protéger gratos ton ordi

https://www.commentcamarche.net/telecharger/ 4 securite

mettre un antivirus

AVAST en français ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
AD AWARE + SPYBOT + si tea timer non active de spybot: WINDOWS DEFENDER 

+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

Rq : spybot et ad-aware on sorti de nouvelles versions cette année vérifiez que vous avez la dernière version
--------
un pare feu :
celui de Windows ou mieux KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
https://www.commentcamarche.net/telecharger/ 157 zonealarm

-----------

CCLEANER pour effacer les traces de surf

Infodelph · Answer

Merci merci merciiiiiiiiiiiiiii  
Merci beaucoup pour ton aide et surtout ta patience! 
Je vais faire en sorte de mieux protéger mon PC...
Merci encore...
Delphine

jlpjlp · Answer

de rien

 bonne continuation et bon surf

Infodelph · Answer

jlpjlp Au secourrrrrrrrrrrrrrrrr!!
Le PC réagit bizarrement... J'ai un message d'erreur au démarrage de windows à propos d'AD AWARE le voici : 
An unhandled exception occured at 0x1005ED60 in aawservice.exe

Exception Code    : 0xc0000005
Client version    : 0.734
Attached Debugger : 0

Windows Information :
---------------------
Windows Version   : Windows XP (5.1)
Build Number      : 2600
Service Pack      : 2.0

CPU Information:
----------------
CPU Name          : Genuine Intel(R) CPU           T2050  @ 1.60GHz
Type              : 0
Vendor            : GenuineIntel
Family            : 6
Extended Family   : 0
Model             : 14
Extended Model    : 0
Stepping          : 8

Registry Content:
-----------------
EAX : 0x058a70b8
ECX : 0x03d7f324
EDX : 0x058a70ba
EBX : 0x03d7f308
ESP : 0x03d7f1a4
EBP : 0x00000000
ESI : 0x03d7f2e0
EDI : 0x05825580
EIP : 0x1005ed60

Memory Usage:
-------------
Physical Memory in use : 30%
Total Physical Memory  : 1038316 kb
Free Physical Memory   : 716976 kb
Total Virtual Memory   : 2097024 kb
Free Virtual Memory    : 1989588 kb
Max Page file size     : 2500812 kb
Current Page file size : 2313720 kb
Free Extended memory   : 0kb

Stack Information:
------------------
Total stack size : 3640

Stack Content:
--------------
0c69fe7f 00d74240 058abc10 00d74170 0000000f 058a70ba 
00000001 03d7f2e0 03d7f364 1008ccc9 00000000 10064562 
03d7f2e0 0c69fe0b 00000013 00d74128 058def20 0000000f 
00d74240 058abc10 00d74240 03e2b018 00d74b48 00000000 
00d901e8 00000001 00d90178 00d903f8 03e2b228 00000000 
03dcfbc0 03dcfbc8 00d90178 00d90378 0000000a 00002000 
00000001 00000770 00d99970 00000000 00000001 00000700 
00000000 00000000 00000004 000001bc 03df9950 00d90000 
00d90178 00000b28 00d903f8 00d90178 00d90178 0101fbd0 
00d90388 03d7f1dc 7c9206f0 03d7f2c8 7c91ee18 7c920570 
ffffffff 03e2b018 00450d09 00000042 00000000 00000000 
0c4988bb 03df9950 03dd0aa0 000001da 03e2b010 00d90168 
00000000 00000000 03e2b010 00000210 03e2b018 00450d28 
00d90178 00000002 00000001 00000000 00000063 0002d000 
c3fcdff0 c34a2a50 e86e539c 99622010 5dd32f22 004522dc 
00d90000 00000000 00000208 031877a0 00000000 00000007 
03d7f33c 00440000 00000208 00d9d090 00000000 00000000 
00000007 00d74a70 013ba6f0 02f07001 00d74128 0000000e 
03e2ae08 00d74a64 063d8070 00000001 03d7f66c 1008d311 
ffffffff 100113d9 00000000 0c69fcab 00d9d090 7c9ff052 
10e9d996 00000000 0000000a 00000013 03d7f73c 058def20 
00000000 00080000 00000000 00000800 00000001 00000000 
00000080 00004000 10000000 03d7f6b0 00008000 00800000 
00010000 013c8f58 7c91ee18 7c920570 0000f123 03d7f414 
00d90000 7c920732 00000003 00d90718 00d90000 00d9b978 
03d7f3ec 03d7f438 03d7f630 7c91ee18 00400000 00200000 
7c920732 7c9206ab 7c9206eb 00000010 00000000 7c9205d4 
7ca01e1b 7c9d839c 00d9b990 00000022 7c9d7e30 00000026 
7c9ff515 00000000 001608d0 00000001 03d7f484 00d9b2b8 
478f743b 00000000 03d7f4c0 478f743b 00000000 0fd6586b 
fffffffe 03d7f484 00d9b7a0 00d9b2b8 0045922d 00d9b7a0 
00000000 00d9b480 0000005f 004504eb 0048a390 004504bf 
0c498eb3 000107d8 00110004 001c000a 0271003b 00000000 
00000000 0046beab ffffffff 0fd65b03 03d7f514 00407b48 
00d952e0 0047374c 0c498e83 00d95b20 00d95b20 00000001 
00000001 00000002 00000002 03d7f6d8 004573f0 0fd65bab 
03d7f6d8 7c920945 7c92094e 00d9bda8 00020024 03d7f620 
00000002 7c924190 7ffda000 7c911005 03d7f510 00000000 
03d7f5e0 7c91ee18 7c920970 7c98e4c0 7c923e6f 7c923e62 
00d9bba0 7c9243a1 00000000 0000001e 00000025 0000001c 
0000000b 00000011 00000000 0000006c 0000000f 00000002 
0020001e 7ffd9c00 00000000 7c920945 7ffd9c00 00000000 
0208001e 7ffda000 43000010 0000001e 00000000 00000003 
00d9bbbe 00000000 01000002 00d9bba0 439246c3 00000000 
00000000 7ffd9c1e 00d9d090 7c9243a1 0000913d 03d7f54c 
00000003 03d7f664 7c91ee18 7c811419 00000000 03d7f674 
ffffffff 7c811408 7c80df3b 7c80df3f 03d7f664 7c80dea4 
00000000 00d9b978 03d7f674 00d9bba0 00000018 00000000 
00d90000 03d7f420 7c811401 03d7f6d4 7c91ee18 7c9206f0 
ffffffff 7c9206eb 004522dc 00d90000 00000000 00000010 
03d7f6c8 00d95a2c 00000000 03d7f678 0044f024 0c69fc5b 
03d7f6d4 10085f00 ffffffff 004245f0 03d7f6b0 00000003 
00100000 10e9d996 00000003 03d7f73c 00000000 0c498cff 
00d9d090 03d7f720 00d9d090 00000007 00000000 00d9a600 
00d9b990 00d9bba0 03d7f720 00000007 00d9ae40 00d9b978 
00000007 03d7fc20 03d7fc20 0046a361 00000000 00422cd5 
00d9d090 03d7f73c 0c498c93 00d9d090 7c911005 03d7ffb0 
7c9110ed 00000008 03d7f6e0 00d99d00 00000000 00d90178 
00000000 00d9b7a0 0048d39c 002d0044 00d9ae40 007e0041 
002e0031 004f004c 00000013 00000017 00000001 00000000 
00200065 00d9b468 00000005 00310000 00d9b7a0 00d9b870 
002d0030 00380032 0035002d 002e0039 006f006c 7c910067 
00000000 000001a3 03d7f790 00150640 00000000 00251f18 
7c92393d 00d95b20 6365446c 00000000 00150178 03007265 
03d7f7b8 00000000 00d95b20 00251f18 7c92393d 00d9b7a0 
00000000 03d7f7d0 00000000 7c9205c8 00166a90 03d7f89c 
7c920551 00150778 7c92056d 00166ab8 00166a98 001608e4 
00d9b798 00000030 00150178 00d90178 00167350 00000030 
00000178 03d7f818 00000000 7c9205c8 00d9b798 03d7f8e4 
7c920551 00d907a8 7c92056d 00d9b7a0 00d9b7a0 03d7f9cc 
00150000 03d7f848 00000000 7c9205c8 001608c8 03d7f914 
03d7f85c 00000000 7c9205c8 00d9b2b0 03d7f928 7c920551 
00d907a8 7c92056d 03d7f9cc 00d9b2b8 00d9b7a0 00167350 
0001af4d 00000005 00000030 00150178 03d7f8c8 7c91ee18 
7c920570 ffffffff 7c92056d 7c921962 7c921993 7c98c080 
00d90000 00166ab8 00000038 001608e4 7ffd9000 03d7f8b0 
00010000 00000030 03d7f828 7c921978 03d7f914 7c91ee18 
7c920570 ffffffff 7c92056d 00450d09 00d90000 00d90000 
00450d28 0c498347 00d9b7a0 00d9b2b8 03d7f9cc 0001ee18 
00000006 03d7f86c 03d7fa04 03d7f958 7c91ee18 7c920570 
ffffffff 7c92056d 00450d09 00d90000 00000000 00450d28 
0c49830b 03d7f9cc 03d7f9cc 00d9b7a0 00d9b7a0 03d7f93c 
03d7fa04 03d7fa04 004573f0 0fd6584b fffffffe 00450d28 
00407484 00d9b2b8 0c49831b 00d9d090 00000000 00d952e0 
01450c99 00000000 00d9b060 00000000 001608d0 00000001 
03d7f9cc 00d9b7a0 478f743b 00000000 03d7fa08 478f743b 
00000000 0fd6586b fffffffe 03d7f9cc 00d9b2b8 00d9b7a0 
0045922d 00d9b2b8 00000000 00d9b480 0000005f 004504eb 
0048a390 004504bf 0c49807b 000107d8 00110004 001c000a 
0271003b 03d7f9ec 03d7fa4c 0046beab ffffffff 0fd65b03 
03d7fa5c 00407b48 00d952e0 0047374c 0c49804b 00d9d090 
00000011 00000001 00000001 03d7fa24 0000000b 03d7fc20 
004573f0 0fd65bab 03d7fc20 0046cc60 ffffffff 0048a390 
0000000b 0041e6ad 0c49800b 7c911005 03d7ffb0 0041e6cd 
00000025 478f8235 00000000 0000001c 03d7fdb8 00d94eb0 
00d90000 03d7fb00 00d9a810 0000001f 00000000 00000007 
00000025 0000001c 0000000b 00000011 00000000 0000006c 
00000004 00000010 00000000 00000025 0000001c 0000000b 
00000011 00000000 0000006c 00000004 00000010 00000000 
00000025 0000001c 0000000b 00000011 00000000 0000006c 
00000004 03d7fb18 00000000 7c9205c8 00d9a400 03d7fbe4 
7c920551 00d90778 7c92056d 00d9d090 00d9a408 7c9110ed 
00000025 0000001c 0000000b 00000011 00000000 0000006c 
00000004 00000010 00000000 00000025 0000001c 0000000b 
00000011 00000000 0000006c 00000004 00000010 00000000 
004522dc 00d9aab8 00000028 00000020 03d7fdb8 00000062 
7c911005 00421a75 00380030 00310030 00370031 00310020 
00d90000 00380032 0033002d 00200037 0020003a 00000000 
00010000 00000005 03d7fb28 0c498197 03d7fc14 7c91ee18 
7c920570 ffffffff 7c92056d 00450d09 00d90000 00000000 
00450d28 0c498647 00d9d090 03d7fdb8 7c9110ed 00478234 
03d7fbf8 00478236 03d7ffa4 0c498d63 7c80a027 03d7ffa4 
0046f65c 00000000 00424c83 00d9d090 0c49865b 010ffb10 
00d9f1d8 00d9d090 0048d498 00d9d090 0048d49c 00d9d120 
00d9d09c 00000001 00000000 00153118 00000000 00000000 
00d9df70 00000005 00000000 00000000 00000000 7ffda000 
763212c0 000000fc 000000f8 00000000 03d7fd0c 7c91ee18 
7c928ed0 ffffffff 7c928e74 7c91e8c4 7c928dfa 03d7fd30 
00d9f1d8 00d9d090 00000000 00000000 00000000 00000000 
00000000 00000000 00000000 00000000 00000000 00000000 
00000000 00000000 7ffd9000 00000000 00000000 00000000 
00000000 00000000 03d7fcb0 00000000 00000000 7c91ee00 
7c928e00 ffffffff 7c928dfa 7c91d625 7c91eacf 03d7fd30 
00000001 00010017 00000000 00000000 00000000 00000000 
00000000 00000000 81e2d438 00000000 c050369c 86c58f98 
0000042e a8144a74 804f1006 804e9643 f7b0e540 c0002940 
804eac59 02144ae0 a8144a80 804ea9f9 00000002 a8144ae0 
00000001 00000000 a8144aa4 00000000 c0300008 a8144b38 
804f114a a8144aa0 00000000 00000000 00a4ffff 86c58da0 
00d90000 00000038 00000023 00000023 00000000 00000007 
00d9d090 00000000 7c9205c8 00445ba0 010ffad0 7c810659 
0000001b 00000200 03d7fffc 00000023 a8144b70 a8144af8 
00000000 80682970 a8144b7c 85e12313 806826f7 85e12313 
00000000 80548df2 00000216 00045a16 00000000 00000013 
00000000 85fe2aa4 85fe28b8 30203a73 85e122d0 85fe28b8 
00000043 00000013 00000000 867a30dc 00000013 00000002 
85e4a000 a8144bcc 00000002 00000017 00000000 a8144bcc 
85e12000 85e12313 a8144b04 62313130 a8144dcc 804e2ed8 
80548df8 ffffffff 80548df2 80548e2c 00ff0002 ffffffff 
0000002b f6462b40 0000000a a8144bb8 a8144d14 f6390496 
00ff0002 ffffffff 0000002b f6462b40 0000000a a8144bd8 
00000004 a8144bdc 00000013 00000000 c0000001 0000001f 
ffdff540 804dca34 ffffffff 00000246 804dc84d a8144c28 
8600e5f0 f7b0e120 8600e78c 804e1be8 8600e660 8600e5f0 
804e1c1e 8600e75c 8600e5f0 8600e624 00000000 805856c2 
85fe4da0 8600e5f0 7ffd9000 a8144c88 804faee4 00000000 
00000005 00000000 00000000 00000000 804f3bcc a8144c60 
8600e624 804dce74 806ff427 8600e5f0 a8144d50 00000000 
8600e6d8 a8144c01 00000000 85fe4da0 804faec4 00000000 
0c498627 00000000 03d7ffdc 0046f89a 00000001 03d7ffec 
00445bb4 7c80b683 00d9d090 010ffb10 00d9f1d8 00d9d090 
7ffd9000 c0000005 03d7ffc0 03d7edc8 

System Activity:
----------------
Process 00000000: [System Process]
	Module at 0x00400000: aawservice.exe
	Module at 0x7c910000: ntdll.dll
	Module at 0x7c800000: kernel32.dll
	Module at 0x10000000: CEAPI.dll
	Module at 0x77da0000: ADVAPI32.dll
	Module at 0x77e50000: RPCRT4.dll
	Module at 0x77f40000: SHLWAPI.dll
	Module at 0x77ef0000: GDI32.dll
	Module at 0x7e390000: USER32.dll
	Module at 0x77be0000: msvcrt.dll
	Module at 0x719f0000: WS2_32.dll
	Module at 0x719e0000: WS2HELP.dll
	Module at 0x004a0000: PKArchive85u.dll
	Module at 0x7c9d0000: SHELL32.dll
	Module at 0x774a0000: ole32.dll
	Module at 0x779e0000: CRYPT32.dll
	Module at 0x77a80000: MSASN1.dll
	Module at 0x76f10000: WLDAP32.dll
	Module at 0x76ba0000: PSAPI.DLL
	Module at 0x77bd0000: VERSION.dll
	Module at 0x44080000: WININET.dll
	Module at 0x00350000: Normaliz.dll
	Module at 0x43e00000: iertutil.dll
	Module at 0x00360000: Update.dll
	Module at 0x71a10000: WSOCK32.dll
	Module at 0x76960000: USERENV.dll
	Module at 0x76320000: IMM32.DLL
	Module at 0x62dc0000: LPK.DLL
	Module at 0x753c0000: USP10.dll
	Module at 0x77390000: comctl32.dll
	Module at 0x58b50000: comctl32.dll
	Module at 0x0ffd0000: rsaenh.dll

Process 00000004: System
	Current Memory usage         : 216 kb
	Memory usage peak            : 4340 kb
	Current Paged Pool usage     : 0 kb
	Paged Pool usage peak        : 0 kb
	Current Non-Paged Pool usage : 0 kb
	Non-Paged Pool usage peak    : 0 kb
	Current Page file usage      : 0 kb
	Page file usage peak         : 0 kb
	Page Faults                  : 8260

	Module list
	Module at 0x00000000: 

Process 00000328: smss.exe
	Current Memory usage         : 372 kb
	Memory usage peak            : 652 kb
	Current Paged Pool usage     : 5 kb
	Paged Pool usage peak        : 13 kb
	Current Non-Paged Pool usage : 0 kb
	Non-Paged Pool usage peak    : 1 kb
	Current Page file usage      : 164 kb
	Page file usage peak         : 1640 kb
	Page Faults                  : 286

	Module list
	Module at 0x48580000: smss.exe
	Module at 0x7c910000: ntdll.dll

Process 00000368: csrss.exe
	Current Memory usage         : 4056 kb
	Memory usage peak            : 4068 kb
	Current Paged Pool usage     : 75 kb
	Paged Pool usage peak        : 81 kb
	Current Non-Paged Pool usage : 4 kb
	Non-Paged Pool usage peak    : 5 kb
	Current Page file usage      : 1616 kb
	Page file usage peak         : 1620 kb
	Page Faults                  : 1967

	Module list
	Module at 0x4a680000: csrss.exe
	Module at 0x7c910000: ntdll.dll
	Module at 0x75ad0000: CSRSRV.dll
	Module at 0x75ae0000: basesrv.dll
	Module at 0x75af0000: winsrv.dll
	Module at 0x77ef0000: GDI32.dll
	Module at 0x7c800000: KERNEL32.dll
	Module at 0x7e390000: USER32.dll
	Module at 0x62dc0000: LPK.DLL
	Module at 0x753c0000: USP10.dll
	Module at 0x77be0000: msvcrt.dll
	Module at 0x77da0000: ADVAPI32.dll
	Module at 0x77e50000: RPCRT4.dll
	Module at 0x77210000: sxs.dll

Process 00000380: winlogon.exe
	Current Memory usage         : 10476 kb
	Memory usage peak            : 68868 kb
	Current Paged Pool usage     : 50 kb
	Paged Pool usage peak        : 75 kb
	Current Non-Paged Pool usage : 46 kb
	Non-Paged Pool usage peak    : 48 kb
	Current Page file usage      : 6408 kb
	Page file usage peak         : 35564 kb
	Page Faults                  : 19398

	Module list
	Module at 0x01000000: winlogon.exe
	Module at 0x7c910000: ntdll.dll
	Module at 0x7c800000: kernel32.dll
	Module at 0x77da0000: ADVAPI32.dll
	Module at 0x77e50000: RPCRT4.dll
	Module at 0x77680000: AUTHZ.dll
	Module at 0x77be0000: msvcrt.dll
	Module at 0x779e0000: CRYPT32.dll
	Module at 0x7e390000: USER32.dll
	Module at 0x77ef0000: GDI32.dll
	Module at 0x77a80000: MSASN1.dll
	Module at 0x758d0000: NDdeApi.dll
	Module at 0x758c0000: PROFMAP.dll
	Module at 0x6fee0000: NETAPI32.dll
	Module at 0x76960000: USERENV.dll
	Module at 0x76ba0000: PSAPI.DLL
	Module at 0x76b60000: REGAPI.dll
	Module at 0x77fc0000: Secur32.dll
	Module at 0x778e0000: SETUPAPI.dll
	Module at 0x77bd0000: VERSION.dll
	Module at 0x762f0000: WINSTA.dll
	Module at 0x76be0000: WINTRUST.dll
	Module at 0x76c40000: IMAGEHLP.dll
	Module at 0x719f0000: WS2_32.dll
	Module at 0x719e0000: WS2HELP.dll
	Module at 0x76320000: IMM32.DLL
	Module at 0x62dc0000: LPK.DLL
	Module at 0x753c0000: USP10.dll
	Module at 0x75900000: MSGINA.dll
	Module at 0x58b50000: COMCTL32.dll
	Module at 0x74730000: ODBC32.dll
	Module at 0x7c9d0000: SHELL32.dll
	Module at 0x77f40000: SHLWAPI.dll
	Module at 0x76340000: comdlg32.dll
	Module at 0x77390000: comctl32.dll
	Module at 0x20000000: odbcint.dll
	Module at 0x776a0000: SHSVCS.dll
	Module at 0x76b50000: sfc.dll
	Module at 0x76c10000: sfc_os.dll
	Module at 0x774a0000: ole32.dll
	Module at 0x77b50000: Apphelp.dll
	Module at 0x75140000: msctfime.ime
	Module at 0x72340000: WINSCARD.DLL
	Module at 0x76f00000: WTSAPI32.dll
	Module at 0x77210000: sxs.dll
	Module at 0x76ae0000: WINMM.dll
	Module at 0x5b090000: uxtheme.dll
	Module at 0x76590000: cscdll.dll
	Module at 0x758e0000: WlNotify.dll
	Module at 0x72f50000: WINSPOOL.DRV
	Module at 0x71a60000: MPR.dll
	Module at 0x01e50000: WgaLogon.dll
	Module at 0x770e0000: OLEAUT32.dll
	Module at 0x0ffd0000: rsaenh.dll
	Module at 0x77650000: NTMARTA.DLL
	Module at 0x76f10000: WLDAP32.dll
	Module at 0x71b50000: SAMLIB.dll
	Module at 0x76f80000: CLBCATQ.DLL
	Module at 0x77000000: COMRes.dll
	Module at 0x765b0000: cscui.dll
	Module at 0x01290000: xpsp2res.dll
	Module at 0x77c40000: msv1_0.dll
	Module at 0x76d10000: iphlpapi.dll

Process 000003ac: services.exe
	Current Memory usage         : 3344 kb
	Memory usage peak            : 3344 kb
	Current Paged Pool usage     : 22 kb
	Paged Pool usage peak        : 23 kb
	Current Non-Paged Pool usage : 6 kb
	Non-Paged Pool usage peak    : 7 kb
	Current Page file usage      : 1912 kb
	Page file usage peak         : 1912 kb
	Page Faults                  : 980

	Module list
	Module at 0x01000000: services.exe
	Module at 0x7c910000: ntdll.dll
	Module at 0x7c800000: kernel32.dll
	Module at 0x77be0000: msvcrt.dll
	Module at 0x77da0000: ADVAPI32.dll
	Module at 0x77e50000: RPCRT4.dll
	Module at 0x7e390000: USER32.dll
	Module at 0x77ef0000: GDI32.dll
	Module at 0x76960000: USERENV.dll
	Module at 0x76a20000: SCESRV.dll
	Module at 0x77680000: AUTHZ.dll
	Module at 0x7dbc0000: umpnpmgr.dll
	Module at 0x762f0000: WINSTA.dll
	Module at 0x6fee0000: NETAPI32.dll
	Module at 0x5fb00000: NCObjAPI.DLL
	Module at 0x76010000: MSVCP60.dll
	Module at 0x5cea0000: ShimEng.dll
	Module at 0x47260000: AcAdProc.dll
	Module at 0x76320000: IMM32.DLL
	Module at 0x62dc0000: LPK.DLL
	Module at 0x753c0000: USP10.dll
	Module at 0x77fc0000: secur32.dll
	Module at 0x77b50000: Apphelp.dll
	Module at 0x77bd0000: VERSION.dll
	Module at 0x77b80000: eventlog.dll
	Module at 0x719f0000: WS2_32.dll
	Module at 0x719e0000: WS2HELP.dll
	Module at 0x76ba0000: PSAPI.DLL
	Module at 0x76f00000: wtsapi32.dll

Process 000003b8: lsass.exe
	Current Memory usage         : 5204 kb
	Memory usage peak            : 5216 kb
	Current Paged Pool usage     : 38 kb
	Paged Pool usage peak        : 39 kb
	Current Non-Paged Pool usage : 7 kb
	Non-Paged Pool usage peak    : 8 kb
	Current Page file usage      : 2312 kb
	Page file usage peak         : 2352 kb
	Page Faults                  : 1483

	Module list
	Module at 0x01000000: lsass.exe
	Module at 0x7c910000: ntdll.dll
	Module at 0x7c800000: kernel32.dll
	Module at 0x77da0000: ADVAPI32.dll
	Module at 0x77e50000: RPCRT4.dll
	Module at 0x756b0000: LSASRV.dll
	Module at 0x71a60000: MPR.dll
	Module at 0x7e390000: USER32.dll
	Module at 0x77ef0000: GDI32.dll
	Module at 0x77a80000: MSASN1.dll
	Module at 0x77be0000: msvcrt.dll
	Module at 0x6fee0000: NETAPI32.dll
	Module at 0x76740000: NTDSAPI.dll
	Module at 0x76ed0000: DNSAPI.dll
	Module at 0x719f0000: WS2_32.dll
	Module at 0x719e0000: WS2HELP.dll
	Module at 0x76f10000: WLDAP32.dll
	Module at 0x77fc0000: Secur32.dll
	Module at 0x71b50000: SAMLIB.dll
	Module at 0x743b0000: SAMSRV.dll
	Module at 0x76730000: cryptdll.dll
	Module at 0x5cea0000: ShimEng.dll
	Module at 0x595b0000: AcGenral.DLL
	Module at 0x76ae0000: WINMM.dll
	Module at 0x774a0000: ole32.dll
	Module at 0x770e0000: OLEAUT32.dll
	Module at 0x77bb0000: MSACM32.dll
	Module at 0x77bd0000: VERSION.dll
	Module at 0x7c9d0000: SHELL32.dll
	Module at 0x77f40000: SHLWAPI.dll
	Module at 0x76960000: USERENV.dll
	Module at 0x5b090000: UxTheme.dll
	Module at 0x76320000: IMM32.DLL
	Module at 0x62dc0000: LPK.DLL
	Module at 0x753c0000: USP10.dll
	Module at 0x77390000: comctl32.dll
	Module at 0x58b50000: comctl32.dll
	Module at 0x20000000: msprivs.dll
	Module at 0x71c50000: kerberos.dll
	Module at 0x77c40000: msv1_0.dll
	Module at 0x76d10000: iphlpapi.dll
	Module at 0x74420000: netlogon.dll
	Module at 0x76760000: w32time.dll
	Module at 0x76010000: MSVCP60.dll
	Module at 0x76790000: schannel.dll
	Module at 0x779e0000: CRYPT32.dll
	Module at 0x742e0000: wdigest.dll
	Module at 0x0ffd0000: rsaenh.dll
	Module at 0x778e0000: setupapi.dll
	Module at 0x74370000: scecli.dll

Process 0000046c: svchost.exe
	Current Memory usage         : 3736 kb
	Memory usage peak            : 3736 kb
	Current Paged Pool usage     : 36 kb
	Paged Pool usage peak        : 36 kb
	Current Non-Paged Pool usage : 4 kb
	Non-Paged Pool usage peak    : 5 kb
	Current Page file usage      : 1616 kb
	Page file usage peak         : 1620 kb
	Page Faults                  : 980

	Module list
	Module at 0x01000000: svchost.exe
	Module at 0x7c910000: ntdll.dll
	Module at 0x7c800000: kernel32.dll
	Module at 0x77da0000: ADVAPI32.dll
	Module at 0x77e50000: RPCRT4.dll
	Module at 0x5cea0000: ShimEng.dll
	Module at 0x595b0000: AcGenral.DLL
	Module at 0x7e390000: USER32.dll
	Module at 0x77ef0000: GDI32.dll
	Module at 0x76ae0000: WINMM.dll
	Module at 0x774a0000: ole32.dll
	Module at 0x77be0000: msvcrt.dll
	Module at 0x770e0000: OLEAUT32.dll
	Module at 0x77bb0000: MSACM32.dll
	Module at 0x77bd0000: VERSION.dll
	Module at 0x7c9d0000: SHELL32.dll
	Module at 0x77f40000: SHLWAPI.dll
	Module at 0x76960000: USERENV.dll
	Module at 0x5b090000: UxTheme.dll
	Module at 0x76320000: IMM32.DLL
	Module at 0x62dc0000: LPK.DLL
	Module at 0x753c0000: USP10.dll
	Module at 0x77390000: comctl32.dll
	Module at 0x58b50000: comctl32.dll
	Module at 0x77650000: NTMARTA.DLL
	Module at 0x76f10000: WLDAP32.dll
	Module at 0x71b50000: SAMLIB.dll
	Module at 0x76870000: rpcss.dll
	Module at 0x77fc0000: Secur32.dll
	Module at 0x719f0000: WS2_32.dll
	Module at 0x719e0000: WS2HELP.dll
	Module at 0x20000000: xpsp2res.dll
	Module at 0x76f00000: WTSAPI32.dll
	Module at 0x762f0000: WINSTA.dll
	Module at 0x6fee0000: NETAPI32.dll
	Module at 0x77c40000: msv1_0.dll
	Module at 0x76d10000: iphlpapi.dll
	Module at 0x76f80000: CLBCATQ.DLL
	Module at 0x77000000: COMRes.dll

Process 000004b0: svchost.exe
	Current Memory usage         : 4152 kb
	Memory usage peak            : 4160 kb
	Current Paged Pool usage     : 38 kb
	Paged Pool usage peak        : 38 kb
	Current Non-Paged Pool usage : 14 kb
	Non-Paged Pool usage peak    : 16 kb
	Current Page file usage      : 1820 kb
	Page file usage peak         : 1844 kb
	Page Faults                  : 1159

	Module list
	Module at 0x01000000: svchost.exe
	Module at 0x7c910000: ntdll.dll
	Module at 0x7c800000: kernel32.dll
	Module at 0x77da0000: ADVAPI32.dll
	Module at 0x77e50000: RPCRT4.dll
	Module at 0x5cea0000: ShimEng.dll
	Module at 0x595b0000: AcGenral.DLL
	Module at 0x7e390000: USER32.dll
	Module at 0x77ef0000: GDI32.dll
	Module at 0x76ae0000: WINMM.dll
	Module at 0x774a0000: ole32.dll
	Module at 0x77be0000: msvcrt.dll
	Module at 0x770e0000: OLEAUT32.dll
	Module at 0x77bb0000: MSACM32.dll
	Module at 0x77bd0000: VERSION.dll
	Module at 0x7c9d0000: SHELL32.dll
	Module at 0x77f40000: SHLWAPI.dll
	Module at 0x76960000: USERENV.dll
	Module at 0x5b090000: UxTheme.dll
	Module at 0x76320000: IMM32.DLL
	Module at 0x62dc0000: LPK.DLL
	Module at 0x753c0000: USP10.dll
	Module at 0x77390000: comctl32.dll
	Module at 0x58b50000: comctl32.dll
	Module at 0x76870000: rpcss.dll
	Module at 0x77fc0000: Secur32.dll
	Module at 0x719f0000: WS2_32.dll
	Module at 0x719e0000: WS2HELP.dll
	Module at 0x20000000: xpsp2res.dll
	Module at 0x0ffd0000: rsaenh.dll
	Module at 0x71990000: mswsock.dll
	Module at 0x62e40000: hnetcfg.dll
	Module at 0x719d0000: wshtcpip.dll
	Module at 0x76ed0000: DNSAPI.dll
	Module at 0x76d10000: iphlpapi.dll
	Module at 0x76f60000: winrnr.dll
	Module at 0x76f10000: WLDAP32.dll
	Module at 0x76f70000: rasadhlp.dll
	Module at 0x76f80000: CLBCATQ.DLL
	Module at 0x77000000: COMRes.dll

Process 00000540: MsMpEng.exe
	Current Memory usage         : 20324 kb
	Memory usage peak            : 37148 kb
	Current Paged Pool usage     : 38 kb
	Paged Pool usage peak        : 41 kb
	Current Non-Paged Pool usage : 9 kb
	Non-Paged Pool usage peak    : 10 kb
	Current Page file usage      : 17956 kb
	Page file usage peak         : 35384 kb
	Page Faults                  : 19600

	Module list
	Module at 0x01000000: MsMpEng.exe
	Module at 0x7c910000: ntdll.dll
	Module at 0x7c800000: kernel32.dll
	Module at 0x78130000: MSVCR80.dll
	Module at 0x77be0000: msvcrt.dll
	Module at 0x5c800000: MpSvc.dll
	Module at 0x7c420000: MSVCP80.dll
	Module at 0x77da0000: ADVAPI32.dll
	Module at 0x77e50000: RPCRT4.dll
	Module at 0x77bd0000: VERSION.dll
	Module at 0x779e0000: CRYPT32.dll
	Module at 0x7e390000: USER32.dll
	Module at 0x77ef0000: GDI32.dll
	Module at 0x77a80000: MSASN1.dll
	Module at 0x76be0000: WINTRUST.dll
	Module at 0x76c40000: IMAGEHLP.dll
	Module at 0x5b800000: MpClient.dll
	Module at 0x7c9d0000: SHELL32.dll
	Module at 0x77f40000: SHLWAPI.dll
	Module at 0x774a0000: ole32.dll
	Module at 0x770e0000: OLEAUT32.dll
	Module at 0x76960000: USERENV.dll
	Module at 0x76320000: IMM32.DLL
	Module at 0x62dc0000: LPK.DLL
	Module at 0x753c0000: USP10.dll
	Module at 0x77390000: comctl32.dll
	Module at 0x58b50000: comctl32.dll
	Module at 0x0ffd0000: rsaenh.dll
	Module at 0x20000000: xpsp2res.dll
	Module at 0x77fc0000: secur32.dll
	Module at 0x6fee0000: netapi32.dll
	Module at 0x5a100000: mpengine.dll
	Module at 0x719f0000: WS2_32.dll
	Module at 0x719e0000: WS2HELP.dll
	Module at 0x76ba0000: PSAPI.DLL
	Module at 0x76d10000: iphlpapi.dll
	Module at 0x5e800000: mprtplug.dll
	Module at 0x5b090000: uxtheme.dll

Process 00000548: logonui.exe
	Current Memory usage         : 2092 kb
	Memory usage peak            : 5080 kb
	Current Paged Pool usage     : 33 kb
	Paged Pool usage peak        : 37 kb
	Current Non-Paged Pool usage : 4 kb
	Non-Paged Pool usage peak    : 6 kb
	Current Page file usage      : 2976 kb
	Page file usage peak         : 3016 kb
	Page Faults                  : 1850

	Module list
	Module at 0x01000000: logonui.exe
	Module at 0x7c910000: ntdll.dll
	Module at 0x7c800000: kernel32.dll
	Module at 0x77be0000: msvcrt.dll
	Module at 0x77da0000: ADVAPI32.dll
	Module at 0x77e50000: RPCRT4.dll
	Module at 0x77ef0000: GDI32.dll
	Module at 0x7e390000: USER32.dll
	Module at 0x77390000: COMCTL32.dll
	Module at 0x77f40000: SHLWAPI.dll
	Module at 0x7c9d0000: SHELL32.dll
	Module at 0x6fee0000: NETAPI32.dll
	Module at 0x774a0000: ole32.dll
	Module at 0x770e0000: OLEAUT32.dll
	Module at 0x6c650000: DUSER.dll
	Module at 0x76310000: MSIMG32.dll
	Module at 0x74bf0000: OLEACC.dll
	Module at 0x76010000: MSVCP60.dll
	Module at 0x5cea0000: ShimEng.dll
	Module at 0x595b0000: AcGenral.DLL
	Module at 0x76ae0000: WINMM.dll
	Module at 0x77bb0000: MSACM32.dll
	Module at 0x77bd0000: VERSION.dll
	Module at 0x76960000: USERENV.dll
	Module at 0x5b090000: UxTheme.dll
	Module at 0x76320000: IMM32.DLL
	Module at 0x62dc0000: LPK.DLL
	Module at 0x753c0000: USP10.dll
	Module at 0x75140000: msctfime.ime
	Module at 0x76f80000: CLBCATQ.DLL
	Module at 0x77000000: COMRes.dll
	Module at 0x73cc0000: shgina.dll
	Module at 0x762f0000: WINSTA.dll

Process 0000058c: svchost.exe
	Current Memory usage         : 6648 kb
	Memory usage peak            : 7384 kb
	Current Paged Pool usage     : 46 kb
	Paged Pool usage peak        : 51 kb
	Current Non-Paged Pool usage : 9 kb
	Non-Paged Pool usage peak    : 12 kb
	Current Page file usage      : 5700 kb
	Page file usage peak         : 5724 kb
	Page Faults                  : 3011

	Module list
	Module at 0x01000000: svchost.exe
	Module at 0x7c910000: ntdll.dll
	Module at 0x7c800000: kernel32.dll
	Module at 0x77da0000: ADVAPI32.dll
	Module at 0x77e50000: RPCRT4.dll
	Module at 0x5cea0000: ShimEng.dll
	Module at 0x595b0000: AcGenral.DLL
	Module at 0x7e390000: USER32.dll
	Module at 0x77ef0000: GDI32.dll
	Module at 0x76ae0000: WINMM.dll
	Module at 0x774a0000: ole32.dll
	Module at 0x77be0000: msvcrt.dll
	Module at 0x770e0000: OLEAUT32.dll
	Module at 0x77bb0000: MSACM32.dll
	Module at 0x77bd0000: VERSION.dll
	Module at 0x7c9d0000: SHELL32.dll
	Module at 0x77f40000: SHLWAPI.dll
	Module at 0x76960000: USERENV.dll
	Module at 0x5b090000: UxTheme.dll
	Module at 0x76320000: IMM32.DLL
	Module at 0x62dc0000: LPK.DLL
	Module at 0x753c0000: USP10.dll
	Module at 0x77390000: comctl32.dll
	Module at 0x58b50000: comctl32.dll
	Module at 0x77650000: NTMARTA.DLL
	Module at 0x76f10000: WLDAP32.dll
	Module at 0x71b50000: SAMLIB.dll
	Module at 0x20000000: xpsp2res.dll
	Module at 0x776a0000: shsvcs.dll
	Module at 0x762f0000: WINSTA.dll
	Module at 0x6fee0000: NETAPI32.dll
	Module at 0x0ffd0000: rsaenh.dll
	Module at 0x76d30000: dhcpcsvc.dll
	Module at 0x76ed0000: DNSAPI.dll
	Module at 0x719f0000: WS2_32.dll
	Module at 0x719e0000: WS2HELP.dll
	Module at 0x76d10000: iphlpapi.dll
	Module at 0x77fc0000: Secur32.dll
	Module at 0x71990000: mswsock.dll
	Module at 0x62e40000: hnetcfg.dll
	Module at 0x719d0000: wshtcpip.dll
	Module at 0x7db30000: wzcsvc.dll
	Module at 0x76e30000: rtutils.dll
	Module at 0x76ce0000: WMI.dll
	Module at 0x779e0000: CRYPT32.dll
	Module at 0x77a80000: MSASN1.dll
	Module at 0x76f00000: WTSAPI32.dll
	Module at 0x6f890000: ESENT.dll
	Module at 0x76ac0000: ATL.DLL
	Module at 0x76b70000: rastls.dll
	Module at 0x76610000: CRYPTUI.dll
	Module at 0x76be0000: WINTRUST.dll
	Module at 0x76c40000: IMAGEHLP.dll
	Module at 0x44080000: WININET.dll
	Module at 0x00e60000: Normaliz.dll
	Module at 0x43e00000: iertutil.dll
	Module at 0x76cf0000: MPRAPI.dll
	Module at 0x77c90000: ACTIVEDS.dll
	Module at 0x76dc0000: adsldpc.dll
	Module at 0x778e0000: SETUPAPI.dll
	Module at 0x76e90000: RASAPI32.dll
	Module at 0x76e40000: rasman.dll
	Module at 0x76e60000: TAPI32.dll
	Module at 0x76790000: SCHANNEL.dll
	Module at 0x72340000: WinSCard.dll
	Module at 0x76f80000: CLBCATQ.DLL
	Module at 0x77000000: COMRes.dll
	Module at 0x76c90000: raschap.dll
	Module at 0x75d30000: mlang.dll
	Module at 0x4cc80000: xmlprovi.dll
	Module at 0x76010000: MSVCP60.dll
	Module at 0x72f80000: WZCSAPI.DLL
	Module at 0x77c40000: msv1_0.dll

Process 000005b0: EvtEng.exe
	Current Memory usage         : 7692 kb
	Memory usage peak            : 7704 kb
	Current Paged Pool usage     : 41 kb
	Paged Pool usage peak        : 42 kb
	Current Non-Paged Pool usage : 6 kb
	Non-Paged Pool usage peak    : 9 kb
	Current Page file usage      : 3936 kb
	Page file usage peak         : 4332 kb
	Page Faults                  : 2203

	Module list
	Module at 0x00400000: EvtEng.exe
	Module at 0x7c910000: ntdll.dll
	Module at 0x7c800000: kernel32.dll
	Module at 0x50740000: PsRegApi.dll
	Module at 0x778e0000: SETUPAPI.dll
	Module at 0x77be0000: msvcrt.dll
	Module at 0x77da0000: ADVAPI32.dll
	Module at 0x77e50000: RPCRT4.dll
	Module at 0x77ef0000: GDI32.dll
	Module at 0x7e390000: USER32.dll
	Module at 0x76340000: comdlg32.dll
	Module at 0x77f40000: SHLWAPI.dll
	Module at 0x58b50000: COMCTL32.dll
	Module at 0x7c9d0000: SHELL32.dll
	Module at 0x72f50000: WINSPOOL.DRV
	Module at 0x774a0000: ole32.dll
	Module at 0x770e0000: OLEAUT32.dll
	Module at 0x50830000: TraceAPI.DLL
	Module at 0x76ac0000: ATL.DLL
	Module at 0x76320000: IMM32.DLL
	Module at 0x62dc0000: LPK.DLL
	Module at 0x753c0000: USP10.dll
	Module at 0x77390000: comctl32.dll
	Module at 0x20000000: xpsp2res.dll
	Module at 0x76f80000: CLBCATQ.DLL
	Module at 0x77000000: COMRes.dll
	Module at 0x77bd0000: VERSION.dll
	Module at 0x4dd40000: msado15.dll
	Module at 0x768e0000: MSDART.DLL
	Module at 0x73ec0000: oledb32.dll
	Module at 0x74fb0000: OLEDB32R.DLL
	Module at 0x4df00000: msdasql.dll
	Module at 0x611e0000: MSDATL3.dll
	Module at 0x74730000: ODBC32.dll
	Module at 0x00670000: odbcint.dll
	Module at 0x00690000: MSDASQLR.DLL
	Module at 0x1b5d0000: MSWSTR10.DLL
	Module at 0x76080000: comsvcs.dll
	Module at 0x750a0000: colbact.DLL
	Module at 0x77fc0000: Secur32.dll
	Module at 0x75060000: MTXCLU.DLL
	Module at 0x71a10000: WSOCK32.dll
	Module at 0x719f0000: WS2_32.dll
	Module at 0x719e0000: WS2HELP.dll
	Module at 0x6fee0000: NETAPI32.dll
	Module at 0x76d50000: CLUSAPI.DLL
	Module at 0x75020000: RESUTILS.DLL
	Module at 0x76960000: USERENV.dll
	Module at 0x4de20000: odbcjt32.dll
	Module at 0x1b000000: msjet40.dll
	Module at 0x58f60000: odbcji32.dll
	Module at 0x1b2c0000: msjter40.dll
	Module at 0x1b2d0000: MSJINT40.DLL
	Module at 0x6ff40000: odbccp32.dll
	Module at 0x73f40000: msadce.dll
	Module at 0x063e0000: msadcer.dll
	Module at 0x5b090000: uxtheme.dll

Process 00000604: S24EvMon.exe
	Current Memory usage         : 5724 kb
	Memory usage peak            : 5724 kb
	Current Paged Pool usage     : 40 kb
	Paged Pool usage peak        : 40 kb
	Current Non-Paged Pool usage : 8 kb
	Non-Paged Pool usage peak    : 11 kb
	Current Page file usage      : 2912 kb
	Page file usage peak         : 2912 kb
	Page Faults                  : 1471

	Module list
	Module at 0x00400000: S24EvMon.exe
	Module at 0x7c910000: ntdll.dll
	Module at 0x7c800000: kernel32.dll
	Module at 0x778e0000: SETUPAPI.dll
	Module at 0x77be0000: msvcrt.dll
	Module at 0x77da0000: ADVAPI32.dll
	Module at 0x77e50000: RPCRT4.dll
	Module at 0x77ef0000: GDI32.dll
	Module at 0x7e390000: USER32.dll
	Module at 0x50830000: TraceAPI.DLL
	Module at 0x50740000: PsRegApi.dll
	Module at 0x76340000: comdlg32.dll
	Module at 0x77f40000: SHLWAPI.dll
	Module at 0x58b50000: COMCTL32.dll
	Module at 0x7c9d0000: SHELL32.dll
	Module at 0x72f50000: WINSPOOL.DRV
	Module at 0x774a0000: ole32.dll
	Module at 0x770e0000: OLEAUT32.dll
	Module at 0x76ac0000: ATL.DLL
	Module at 0x76d10000: iphlpapi.dll
	Module at 0x719f0000: WS2_32.dll
	Module at 0x719e0000: WS2HELP.dll
	Module at 0x6fee0000: NETAPI32.dll
	Module at 0x50490000: LIBEAY32.dll
	Module at 0x71a10000: WSOCK32.dll
	Module at 0x50320000: IntStngs.dll
	Module at 0x77fc0000: Secur32.dll
	Module at 0x73d20000: MFC42.DLL
	Module at 0x77bd0000: VERSION.dll
	Module at 0x50410000: IWMSPROV.DLL
	Module at 0x76320000: IMM32.DLL
	Module at 0x62dc0000: LPK.DLL
	Module at 0x753c0000: USP10.dll
	Module at 0x77390000: comctl32.dll
	Module at 0x61d70000: MFC42LOC.DLL
	Module at 0x5b090000: uxtheme.dll
	Module at 0x76f80000: CLBCATQ.DLL
	Module at 0x77000000: COMRes.dll
	Module at 0x75570000: netcfgx.dll
	Module at 0x76d50000: CLUSAPI.dll
	Module at 0x76ed0000: DNSAPI.dll
	Module at 0x75140000: msctfime.ime
	Module at 0x76960000: USERENV.dll
	Module at 0x76be0000: WINTRUST.dll
	Module at 0x779e0000: CRYPT32.dll
	Module at 0x77a80000: MSASN1.dll
	Module at 0x76c40000: IMAGEHLP.dll

Process 0000064c: svchost.exe
	Current Memory usage         : 2924 kb
	Memory usage peak            : 2924 kb
	Current Paged Pool usage     : 29 kb
	Paged Pool usage peak        : 35 kb
	Current Non-Paged Pool usage : 3 kb
	Non-Paged Pool usage peak    : 3 kb
	Current Page file usage      : 1208 kb
	Page file usage peak         : 1228 kb
	Page Faults                  : 765

	Module list
	Module at 0x01000000: svchost.exe
	Module at 0x7c910000: ntdll.dll
	Module at 0x7c800000: kernel32.dll
	Module at 0x77da0000: ADVAPI32.dll
	Module at 0x77e50000: RPCRT4.dll
	Module at 0x5cea0000: ShimEng.dll
	Module at 0x595b0000: AcGenral.DLL
	Module at 0x7e390000: USER32.dll
	Module at 0x77ef0000: GDI32.dll
	Module at 0x76ae0000: WINMM.dll
	Module at 0x774a0000: ole32.dll
	Module at 0x77be0000: msvcrt.dll
	Module at 0x770e0000: OLEAUT32.dll
	Module at 0x77bb0000: MSACM32.dll
	Module at 0x77bd0000: VERSION.dll
	Module at 0x7c9d0000: SHELL32.dll
	Module at 0x77f40000: SHLWAPI.dll
	Module at 0x76960000: USERENV.dll
	Module at 0x5b090000: UxTheme.dll
	Module at 0x76320000: IMM32.DLL
	Module at 0x62dc0000: LPK.DLL
	Module at 0x753c0000: USP10.dll
	Module at 0x77390000: comctl32.dll
	Module at 0x58b50000: comctl32.dll
	Module at 0x76710000: dnsrslvr.dll
	Module at 0x76ed0000: DNSAPI.dll
	Module at 0x719f0000: WS2_32.dll
	Module at 0x719e0000: WS2HELP.dll
	Module at 0x76d10000: iphlpapi.dll

Process 00000768: svchost.exe
	Current Memory usage         : 3108 kb
	Memory usage peak            : 3108 kb
	Current Paged Pool usage     : 32 kb
	Paged Pool usage peak        : 35 kb
	Current Non-Paged Pool usage : 2 kb
	Non-Paged Pool usage peak    : 3 kb
	Current Page file usage      : 1248 kb
	Page file usage peak         : 1252 kb
	Page Faults                  : 810

	Module list
	Module at 0x01000000: svchost.exe
	Module at 0x7c910000: ntdll.dll
	Module at 0x7c800000: kernel32.dll
	Module at 0x77da0000: ADVAPI32.dll
	Module at 0x77e50000: RPCRT4.dll
	Module at 0x5cea0000: ShimEng.dll
	Module at 0x595b0000: AcGenral.DLL
	Module at 0x7e390000: USER32.dll
	Module at 0x77ef0000: GDI32.dll
	Module at 0x76ae0000: WINMM.dll
	Module at 0x774a0000: ole32.dll
	Module at 0x77be0000: msvcrt.dll
	Module at 0x770e0000: OLEAUT32.dll
	Module at 0x77bb0000: MSACM32.dll
	Module at 0x77bd0000: VERSION.dll
	Module at 0x7c9d0000: SHELL32.dll
	Module at 0x77f40000: SHLWAPI.dll
	Module at 0x76960000: USERENV.dll
	Module at 0x5b090000: UxTheme.dll
	Module at 0x76320000: IMM32.DLL
	Module at 0x62dc0000: LPK.DLL
	Module at 0x753c0000: USP10.dll
	Module at 0x77390000: comctl32.dll
	Module at 0x58b50000: comctl32.dll
	Module at 0x77650000: NTMARTA.DLL
	Module at 0x76f10000: WLDAP32.dll
	Module at 0x71b50000: SAMLIB.dll
	Module at 0x20000000: xpsp2res.dll
	Module at 0x74bb0000: lmhsvc.dll
	Module at 0x76d10000: iphlpapi.dll
	Module at 0x719f0000: WS2_32.dll
	Module at 0x719e0000: WS2HELP.dll

Process 00000778: vsmon.exe
	Module at 0x00000000: 

Process 000007a8: userinit.exe
	Current Memory usage         : 3168 kb
	Memory usage peak            : 3236 kb
	Current Paged Pool usage     : 32 kb
	Paged Pool usage peak        : 40 kb
	Current Non-Paged Pool usage : 2 kb
	Non-Paged Pool usage peak    : 3 kb
	Current Page file usage      : 1100 kb
	Page file usage peak         : 1124 kb
	Page Faults                  : 883

	Module list
	Module at 0x01000000: userinit.exe
	Module at 0x7c910000: ntdll.dll
	Module at 0x7c800000: kernel32.dll
	Module at 0x7e390000: USER32.dll
	Module at 0x77ef0000: GDI32.dll
	Module at 0x77da0000: ADVAPI32.dll
	Module at 0x77e50000: RPCRT4.dll
	Module at 0x779e0000: CRYPT32.dll
	Module at 0x77be0000: msvcrt.dll
	Module at 0x77a80000: MSASN1.dll
	Module at 0x72f50000: WINSPOOL.DRV
	Module at 0x5cea0000: ShimEng.dll
	Module at 0x595b0000: AcGenral.DLL
	Module at 0x76ae0000: WINMM.dll
	Module at 0x774a0000: ole32.dll
	Module at 0x770e0000: OLEAUT32.dll
	Module at 0x77bb0000: MSACM32.dll
	Module at 0x77bd0000: VERSION.dll
	Module at 0x7c9d0000: SHELL32.dll
	Module at 0x77f40000: SHLWAPI.dll
	Module at 0x76960000: USERENV.dll
	Module at 0x5b090000: UxTheme.dll
	Module at 0x76320000: IMM32.DLL
	Module at 0x62dc0000: LPK.DLL
	Module at 0x753c0000: USP10.dll
	Module at 0x77390000: comctl32.dll
	Module at 0x58b50000: comctl32.dll
	Module at 0x77b50000: Apphelp.dll
	Module at 0x77fc0000: Secur32.dll

Process 000007c4: explorer.exe
	Current Memory usage         : 10860 kb
	Memory usage peak            : 11520 kb
	Current Paged Pool usage     : 45 kb
	Paged Pool usage peak        : 47 kb
	Current Non-Paged Pool usage : 6 kb
	Non-Paged Pool usage peak    : 6 kb
	Current Page file usage      : 8376 kb
	Page file usage peak         : 9200 kb
	Page Faults                  : 3346

	Module list
	Module at 0x01000000: Explorer.EXE
	Module at 0x7c910000: ntdll.dll
	Module at 0x7c800000: kernel32.dll
	Module at 0x77da0000: ADVAPI32.dll
	Module at 0x77e50000: RPCRT4.dll
	Module at 0x75f10000: BROWSEUI.dll
	Module at 0x77ef0000: GDI32.dll
	Module at 0x7e390000: USER32.dll
	Module at 0x77be0000: msvcrt.dll
	Module at 0x774a0000: ole32.dll
	Module at 0x77f40000: SHLWAPI.dll
	Module at 0x770e0000: OLEAUT32.dll
	Module at 0x77720000: SHDOCVW.dll
	Module at 0x779e0000: CRYPT32.dll
	Module at 0x77a80000: MSASN1.dll
	Module at 0x76610000: CRYPTUI.dll
	Module at 0x76be0000: WINTRUST.dll
	Module at 0x76c40000: IMAGEHLP.dll
	Module at 0x6fee0000: NETAPI32.dll
	Module at 0x44080000: WININET.dll
	Module at 0x00400000: Normaliz.dll
	Module at 0x43e00000: iertutil.dll
	Module at 0x76f10000: WLDAP32.dll
	Module at 0x77bd0000: VERSION.dll
	Module at 0x7c9d0000: SHELL32.dll
	Module at 0x5b090000: UxTheme.dll
	Module at 0x5cea0000: ShimEng.dll
	Module at 0x595b0000: AcGenral.DLL
	Module at 0x76ae0000: WINMM.dll
	Module at 0x77bb0000: MSACM32.dll
	Module at 0x76960000: USERENV.dll
	Module at 0x76320000: IMM32.DLL
	Module at 0x62dc0000: LPK.DLL
	Module at 0x753c0000: USP10.dll
	Module at 0x77390000: comctl32.dll
	Module at 0x58b50000: comctl32.dll
	Module at 0x75140000: msctfime.ime
	Module at 0x77b50000: appHelp.dll
	Module at 0x76f80000: CLBCATQ.DLL
	Module at 0x77000000: COMRes.dll
	Module at 0x765b0000: cscui.dll
	Module at 0x76590000: CSCDLL.dll
	Module at 0x5b950000: themeui.dll
	Module at 0x77fc0000: Secur32.dll
	Module at 0x76310000: MSIMG32.dll
	Module at 0x20000000: xpsp2res.dll

Process 00000704: aawservice.exe
	Current Memory usage         : 12020 kb
	Memory usage peak            : 80164 kb
	Current Paged Pool usage     : 66 kb
	Paged Pool usage peak        : 70 kb
	Current Non-Paged Pool usage : 4 kb
	Non-Paged Pool usage peak    : 4 kb
	Current Page file usage      : 10504 kb
	Page file usage peak         : 82088 kb
	Page Faults                  : 38947

	Module list
	Module at 0x00400000: aawservice.exe
	Module at 0x7c910000: ntdll.dll
	Module at 0x7c800000: kernel32.dll
	Module at 0x10000000: CEAPI.dll
	Module at 0x77da0000: ADVAPI32.dll
	Module at 0x77e50000: RPCRT4.dll
	Module at 0x77f40000: SHLWAPI.dll
	Module at 0x77ef0000: GDI32.dll
	Module at 0x7e390000: USER32.dll
	Module at 0x77be0000: msvcrt.dll
	Module at 0x719f0000: WS2_32.dll
	Module at 0x719e0000: WS2HELP.dll
	Module at 0x004a0000: PKArchive85u.dll
	Module at 0x7c9d0000: SHELL32.dll
	Module at 0x774a0000: ole32.dll
	Module at 0x779e0000: CRYPT32.dll
	Module at 0x77a80000: MSASN1.dll
	Module at 0x76f10000: WLDAP32.dll
	Module at 0x76ba0000: PSAPI.DLL
	Module at 0x77bd0000: VERSION.dll
	Module at 0x44080000: WININET.dll
	Module at 0x00350000: Normaliz.dll
	Module at 0x43e00000: iertutil.dll
	Module at 0x00360000: Update.dll
	Module at 0x71a10000: WSOCK32.dll
	Module at 0x76960000: USERENV.dll
	Module at 0x76320000: IMM32.DLL
	Module at 0x62dc0000: LPK.DLL
	Module at 0x753c0000: USP10.dll
	Module at 0x77390000: comctl32.dll
	Module at 0x58b50000: comctl32.dll
	Module at 0x0ffd0000: rsaenh.dll

Process 000001b0: AAWTray.exe
	Current Memory usage         : 2396 kb
	Memory usage peak            : 2396 kb
	Current Paged Pool usage     : 29 kb
	Paged Pool usage peak        : 32 kb
	Current Non-Paged Pool usage : 2 kb
	Non-Paged Pool usage peak    : 2 kb
	Current Page file usage      : 752 kb
	Page file usage peak         : 752 kb
	Page Faults                  : 628

	Module list
	Module at 0x00400000: AAWTray.exe
	Module at 0x7c910000: ntdll.dll
	Module at 0x7c800000: kernel32.dll
	Module at 0x7e390000: USER32.dll
	Module at 0x77ef0000: GDI32.dll
	Module at 0x7c9d0000: SHELL32.dll
	Module at 0x77da0000: ADVAPI32.dll
	Module at 0x77e50000: RPCRT4.dll
	Module at 0x77be0000: msvcrt.dll
	Module at 0x77f40000: SHLWAPI.dll
	Module at 0x76320000: IMM32.DLL
	Module at 0x62dc0000: LPK.DLL
	Module at 0x753c0000: USP10.dll
	Module at 0x77390000: comctl32.dll
	Module at 0x58b50000: comctl32.dll
	Module at 0x5b090000: uxtheme.dll
	Module at 0x75140000: msctfime.ime
	Module at 0x774a0000: ole32.dll





Que dois je faire?...
Il y a d'autres bizarreries que je tente de résoudre... 
A +...  Visiblement notre discussion ne s'arrête pas là...

jlpjlp · Answer

desisntalle ad aware et reinstalle le pour voir

Infodelph · Answer

Bravo! Ça a marché! Le message d'erreur n'est plus!
Merciiii
Del

jlpjlp · Answer

ok parfait

bon surf cette fois!

Infodelph · Answer

Bon... oui c'est encore la même...
Voici mon rapport d,analyse avec AntiVir... 3 virus! 
J'ai déjà fait une analyse hier et les avais mis en quarantaire mais les voila de retour...
On dirait qu'on est encore ensemble pour un bout... ;-)
Merci d'avance...




AntiVir PersonalEdition Classic
Report file date: vendredi 18 janvier 2008  12:00

Scanning for 1054433 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 2)  [5.1.2600]
Username:         SYSTEM
Computer name:    NOM-38AB163A8B7

Version information:
BUILD.DAT    : 270           15603 Bytes  2007-09-19 13:32:00
AVSCAN.EXE   : 7.0.6.1      290856 Bytes  2007-08-23 19:16:29
AVSCAN.DLL   : 7.0.6.0       49192 Bytes  2007-08-16 18:23:51
LUKE.DLL     : 7.0.5.3      147496 Bytes  2007-08-14 21:32:47
LUKERES.DLL  : 7.0.6.1       10280 Bytes  2007-08-21 18:35:20
ANTIVIR0.VDF : 6.40.0.0    11030528 Bytes  2007-07-18 20:27:15
ANTIVIR1.VDF : 7.0.1.95    3367424 Bytes  2007-12-14 16:46:24
ANTIVIR2.VDF : 7.0.2.0      948736 Bytes  2008-01-15 04:58:10
ANTIVIR3.VDF : 7.0.2.15     191488 Bytes  2008-01-17 08:14:50
AVEWIN32.DLL : 7.6.0.48    3080704 Bytes  2008-01-17 04:58:13
AVWINLL.DLL  : 1.0.0.7       14376 Bytes  2007-02-26 16:36:26
AVPREF.DLL   : 7.0.2.2       25640 Bytes  2007-07-18 13:39:17
AVREP.DLL    : 7.0.0.1      155688 Bytes  2007-04-16 19:16:24
AVPACK32.DLL : 7.6.0.3      360488 Bytes  2008-01-17 04:58:14
AVREG.DLL    : 7.0.1.6       30760 Bytes  2007-07-18 13:17:06
AVARKT.DLL   : 1.0.0.20     278568 Bytes  2007-08-28 18:26:33
AVEVTLOG.DLL : 7.0.0.20      86056 Bytes  2007-07-18 13:10:18
NETNT.DLL    : 7.0.0.0        7720 Bytes  2007-03-08 17:09:42
RCIMAGE.DLL  : 7.0.1.30    2342952 Bytes  2007-08-07 18:38:13
RCTEXT.DLL   : 7.0.62.0      86056 Bytes  2007-08-21 18:50:37
SQLITE3.DLL  : 3.3.17.1     339968 Bytes  2007-07-23 15:37:21

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:, 
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 18 janvier 2008  12:00

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'vsserv.exe' - '1' Module(s) have been scanned
Scan process 'bdss.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned
Scan process 'RAMASST.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'TOSCDSPD.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'bdagent.exe' - '1' Module(s) have been scanned
Scan process 'bdmcon.exe' - '1' Module(s) have been scanned
Scan process 'TPSBattM.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'CFD.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'TPSMain.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'ltmoh.exe' - '1' Module(s) have been scanned
Scan process 'THotkey.exe' - '1' Module(s) have been scanned
Scan process 'TvsTray.exe' - '1' Module(s) have been scanned
Scan process 'SmoothView.exe' - '1' Module(s) have been scanned
Scan process 'DLACTRLW.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'livesrv.exe' - '1' Module(s) have been scanned
Scan process 'xcommsvr.exe' - '1' Module(s) have been scanned
Scan process 'TAPPSRV.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'scsiaccess.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'DVDRAMSV.exe' - '1' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
61 processes with 61 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
      [NOTE]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '38' files ).


Starting the file scan:

Begin scan in 'C:\' <S3A2422D002FR>
C:\hiberfil.sys
      [WARNING]   The file could not be opened!
C:\pagefile.sys
      [WARNING]   The file could not be opened!
C:\QooBox\Quarantine\catchme2008-01-14_232446.14.zip
  [0] Archive type: ZIP
  --> Gnu53.sys
      [DETECTION] Contains detection pattern of the worm WORM/Ntech.Z.4
      [INFO]      The file was moved to '4804ed63.qua'!
C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP4\A0001464.sys
      [DETECTION] Contains detection pattern of the worm WORM/Ntech.Z.4
      [INFO]      The file was moved to '47c0ed55.qua'!
C:\System Volume Information\_restore{22191401-F8EB-403E-A525-F6F527A36804}\RP4\A0001493.sys
      [DETECTION] Contains detection pattern of the worm WORM/Ntech.Z.4
      [INFO]      The file was moved to '47c0ed56.qua'!


End of the scan: vendredi 18 janvier 2008  13:38
Used time:  1:38:45 min

The scan has been done completely.

  13298 Scanning directories
 349180 Files were scanned
      3 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      3 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
 349177 Files not concerned
   7606 Archives were scanned
      7 Warnings
      0 Notes

jlpjlp · Answer

ok ca va etre rapide cette fois normalement!


vire tout ce qui est dans le fichier quarantine ; en allant dans poste de travail puis C puis qoobox

C:\QooBox\Quarantine\catchme2008-01-14_232446.14.zip

___________________________

ensuite pour les fichiers dans system volume information

désactive la restauration système pour purger les virus qui sont dedans
puis redemarre ton ordi
 puis réactive là 

(dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre)

_________________________

refais un scan antivir pour verifier

a plus

Infodelph · Answer

Merci merci!
Je n'ose plus dire que tout est réglé... Mais pour l'instant plus de problème... Merci!

jlpjlp · Answer

ok 

bonne continuation , si pb tu dis

Trojan au démarrage de Windows et d'Internet

29 réponses

Newsletters