Aller au contenu

pldta

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    92

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par pldta

  1. pldta
    Le voila : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:48:16, on 14/04/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\PixVue\bin\Daemon.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\Explorer.EXE C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Pascal Admin\Bureau\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &PixVue - {B28B4479-D9C2-41D1-B74D-74A1827037CD} - C:\Program Files\PixVue\bin\PixVue.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\SlySoft\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-1935655697-1993962763-1343024091-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Olivier') O4 - HKUS\S-1-5-21-1935655697-1993962763-1343024091-1006\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime (User 'Olivier') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: &Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://global.ahnlab.com O15 - Trusted Zone: http://www.cltnet.de O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab O16 - DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} (Corporate Language Training Interface) - http://www.cltnet.de/login/dplaunch.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155398021206 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9548D205-C2A3-4969-BEF2-92CBB72FF227}: NameServer = 192.168.0.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: PixVue - PixVue.Com - C:\Program Files\PixVue\bin\Daemon.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe -- End of file - 10732 bytes
  2. pldta
    Bonjour, Je viens de faire tourner ZHP sur ZHPdiag. Il me signale à la fin de l'analyse quatre lignes comme étant des malwares ---\\ Recherche d'infection de Base de Registres (O71) O71 - BDRI:[hklm\software\microsoft\internet explorer\extension compatibility\{43d9e6f0-1776-4897-ae14-ecedecbafec0}] O71 - BDRI:[hklm\software\microsoft\internet explorer\extension compatibility\{5a074b29-f830-49de-a31b-5bb9d7f6b407}] O71 - BDRI:[hklm\software\microsoft\internet explorer\extension compatibility\{5a074b21-f830-49de-a31b-5bb9d7f6b407}] O71 - BDRI:[hkcu\software\microsoft\windows\currentversion\run]:msmsgs J'ai ensuite fait tourner Antivir. celui-ci m'a trouvé un problème que je n'avais pas eu avant: C:\WINDOWS\pss\winsched.exeCommon Startup [DETECTION] Contains recognition pattern of the DR/StartPage.dbm.12 dropper [NOTE] A backup was created as '4a512687.qua' ( QUARANTINE ) J'ai fait tourner Malwarebytes qui n'a rien trouvé Quel sont les problèmes trouvés par ZHP. le fichier winsched.exeCommon Startup sert-il à quelque chose ? Merci pour votre réponse. Ci-dessous l'analyse de ZHP : Rapport de ZHPDiag v1.16.6 par Nicolas Coolman Enregistré le 13/04/2009 12:21:45 Platform : Microsoft Windows XP (5.1.2600) Service Pack 3 MSIE: Internet Explorer v8.0.6001.18702 ---\\ Processus lancés C:\WINDOWS\system32\NeroCheck.exe C:\WINDOWS\system32\PSDrvCheck.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ati2sgag.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\services.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe C:\Program Files\PixVue\bin\Daemon.exe C:\WINDOWS\System32\lsass.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\MsPMSPSv.exe ---\\ Pages de démarrage d'Internet Explorer (R0) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 ---\\ Pages de recherche d'Internet Explorer (R1) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ---\\ Browser Helper Objects de navigateur (O2) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll ---\\ Internet Explorer Toolbars (O3) O3 - Toolbar: &PixVue - {B28B4479-D9C2-41D1-B74D-74A1827037CD} - C:\Program Files\PixVue\bin\PixVue.dll ---\\ Applications démarrées automatiquement par le registre (O4) O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\SlySoft\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [ATIPtool] O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKLM\..\policies\Explorer: [HonorAutoRunSetting] Data="1" O4 - Global Startup: Nikon Monitor.lnk - C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe O4 - Global Startup: WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE ---\\ Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 ---\\ Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFBARH.ICO O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe,302 ---\\ Objets ActiveX (Downloaded Program Files)(O16) O16 - DPF: DirectAnimation Java Classes (DirectAnimation Java Classes) - O16 - DPF: Microsoft XML Parser for Java (Microsoft XML Parser for Java) - O16 - DPF: teleir_cert (teleir_cert) - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab O16 - DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} (Corporate Language Training Interface) - http://www.cltnet.de/login/dplaunch.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get/shock...director/sw.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155398021206 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab ---\\ Piratage de domaine (Lop.com) (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{9548D205-C2A3-4969-BEF2-92CBB72FF227}: 192.168.0.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{9548D205-C2A3-4969-BEF2-92CBB72FF227}: 192.168.0.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{9548D205-C2A3-4969-BEF2-92CBB72FF227}: 192.168.0.1 ---\\ Protocole additionnel et piratage de protocole (O18) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL ---\\ Valeur de registre AppInit_DLLs et sous-clés Winlogon Notify (O20) O20 - Winlogon Notify: SABWINLOStartup - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: AtiStartupEvent - C:\WINDOWS\System32\Ati2evxx.dll O20 - Winlogon Notify: WlDimsStartup - C:\WINDOWS\System32\%SystemRoot%\System32\dimsntfy.dll O20 - Winlogon Notify: C:\Program Files\PixVue\bin\WinLogon.DLL O20 - Winlogon Notify: WLEventStartup - C:\WINDOWS\System32\WgaLogon.dll O20 - Winlogon Notify: WRStartup - C:\WINDOWS\System32\WRLogonNTF.dll ---\\ Services NT non Microsoft et non désactivés (O23) O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: (Ati HotKey Poller) - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart (ATI Smart) - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard (AVG Anti-Spyware Guard) - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher (LVSrvLauncher) - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: PixVue (PixVue) - C:\Program Files\PixVue\bin\Daemon.exe O23 - Service: Sandboxie Service (SbieSvc) - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: Spouleur d'impression (Spooler) - C:\WINDOWS\system32\spoolsv.exe O23 - Service: Windows Defender (WinDefend) - C:\Program Files\Windows Defender\MsMpEng.exe O23 - Service: WMDM PMSP Service (WMDM PMSP Service) - C:\WINDOWS\System32\MsPMSPSv.exe ---\\ Enumération des composants Active Desktop (O24) O24 - Desktop Component 0: Ma page d'accueil - file:About:Home ---\\ Tâches planifiées en automatique (O39) O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\desktop.ini O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\MP Scheduled Scan.job O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\SA.DAT O39 - APT:Automatic Planified Task - C:\WINDOWS\Tasks\XoftSpy.job ---\\ Composants installés (ActiveSetup Installed Components) (O40) O40 - ASIC: Mise à jour de la version d’Internet Explorer - <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe O40 - ASIC: Lecteur Windows Media - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP O40 - ASIC: Internet Explorer - {26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig O40 - ASIC: Browser Customizations - {60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP O40 - ASIC: Personnalisation du navigateur - {60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP O40 - ASIC: Outlook Express - {881dd1c5-3dcf-431b-b061-f3f88e8be88a} - C:\WINDOWS\system32\shmgrate.exe OCInstallUserConfigOE O40 - ASIC: YInstStarterUpgrade Class - {0291E591-EA41-4c82-8106-3DC6CE7F7664} - C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll O40 - ASIC: Microsoft VM - {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - (not file) O40 - ASIC: Internet Explorer Classes for Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - (not file) O40 - ASIC: Rendu VML (Vector Graphics Rendering) - {10072CEC-8CC1-11D1-986E-00A0C955B42F} - (not file) O40 - ASIC: Macromedia Shockwave Director 10.1 - {166B1BCA-3F9C-11CF-8075-444553540000} - C:\WINDOWS\system32\Macromed\Director\SwDir.dll O40 - ASIC: Microsoft NetShow Player - {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - C:\WINDOWS\system32\MSDXM.OCX O40 - ASIC: Lecteur Windows Media Microsoft 6.4 - {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\system32\MSDXM.OCX O40 - ASIC: DirectAnimation - {283807B5-2C60-11D0-A31D-00AA00B92C03} - (not file) O40 - ASIC: Macromedia Shockwave Director 10.1 - {2A202491-F00D-11cf-87CC-0020AFEECF20} - (not file) O40 - ASIC: Themes Setup - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\WINDOWS\system32\regsvr32.exe /s /n /i:/UserInstall C:\WINDOWS\system32\themeui.dll O40 - ASIC: YInstStarter Class - {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll O40 - ASIC: YSearchSetting2 Class - {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll O40 - ASIC: Liaison de données Dynamic HTML pour Java - {36f8ec70-c29a-11d1-b5c7-0000f8051515} - (not file) O40 - ASIC: Offline Browsing Pack - {3af36230-a269-11d1-b5bf-0000f8051515} - (not file) O40 - ASIC: Uniscribe - {3bf42070-b3b1-11d1-b5c5-0000f8051515} - (not file) O40 - ASIC: Création avancée - {4278c270-a269-11d1-b5bf-0000f8051515} - (not file) O40 - ASIC: Microsoft Outlook Express 6 - {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install O40 - ASIC: NetMeeting 3.01 - {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT O40 - ASIC: DirectShow - {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - (not file) O40 - ASIC: DirectDrawEx - {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - (not file) O40 - ASIC: Internet Explorer Help - {45ea75a0-a269-11d1-b5bf-0000f8051515} - (not file) O40 - ASIC: Classes Java DirectAnimation - {4f216970-c90c-11d1-b5c7-0000f8051515} - (not file) O40 - ASIC: Microsoft Windows Script 5.6 - {4f645220-306d-11d2-995d-00c04f98bbc9} - (not file) O40 - ASIC: Windows Messenger 4.7 - {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser O40 - ASIC: (no name) - {5A8D6EE0-3E18-11D0-821E-444553540000} - (not file) O40 - ASIC: Internet Explorer Setup Tools - {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - (not file) O40 - ASIC: Browsing Enhancements - {630b1da0-b465-11d1-9948-00c04f98bbc9} - (not file) O40 - ASIC: Internet Explorer Classes for Java - {6A02B662-F864-F540-B99F-64E669A0CDED} - (not file) O40 - ASIC: Microsoft Windows Media Player - {6BF52A52-394A-11d3-B153-00C04F79FAA6} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub O40 - ASIC: MSN Site Access - {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - (not file) O40 - ASIC: .NET Framework - {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - (not file) O40 - ASIC: Web Folders - {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - (not file) O40 - ASIC: Carnet d'adresses 6 - {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install O40 - ASIC: Browser Customizations - {852C5690-352F-6BBE-463F-F7C582BC28B5} - (not file) O40 - ASIC: Mise à jour du Bureau Windows - {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll O40 - ASIC: Internet Explorer - {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings O40 - ASIC: (no name) - {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install O40 - ASIC: (no name) - {8D0DE800-CFA3-E1D0-7869-6A1471CACD98} - (not file) O40 - ASIC: Dynamic HTML Data Binding - {9381D8F2-0288-11D0-9501-00AA00B911A5} - (not file) O40 - ASIC: Internet Explorer Classes for Java - {96DD9866-10DB-276D-3961-CC1743BAFE73} - (not file) O40 - ASIC: .NET Framework - {B508B3F1-A24A-32C0-B310-85786919EF28} - (not file) O40 - ASIC: Internet Explorer Core Fonts - {C9E9A340-D1F1-11D0-821E-444553540600} - (not file) O40 - ASIC: Planificateur de tâches - {CC2A9BA0-3BDD-11D0-821E-444553540000} - (not file) O40 - ASIC: (no name) - {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - (not file) O40 - ASIC: Adobe Flash Player - {D27CDB6E-AE6D-11cf-96B8-444553540000} - C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx O40 - ASIC: HTML Help - {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - (not file) O40 - ASIC: Active Directory Service Interface - {E92B03AB-B707-11d2-9CBD-0000F87A369E} - (not file) ---\\ Pilotes lancés au démarrage (O41) O41 - Driver: Suppresseur d'écho acoustique (Noyau Microsoft) (aec) - C:\WINDOWS\system32\drivers\aec.sys O41 - Driver: Environnement de prise en charge de réseau AFD (AFD) - C:\WINDOWS\System32\drivers\afd.sys O41 - Driver: Pilote de processeur AMD K7 (AmdK7) - C:\WINDOWS\System32\DRIVERS\amdk7.sys O41 - Driver: Carte Fast Ethernet 10/100 Mbps ADMtek AN983/AN985/ADM951X (AN983) - C:\WINDOWS\System32\DRIVERS\AN983.sys O41 - Driver: Protocole client ARP 1394 (Arp1394) - C:\WINDOWS\System32\DRIVERS\arp1394.sys O41 - Driver: Pilote de média asynchrone RAS (AsyncMac) - C:\WINDOWS\System32\DRIVERS\asyncmac.sys O41 - Driver: (no object) (ati2mtag) - C:\WINDOWS\system32\DRIVERS\ati2mtag.sys O41 - Driver: Protocole client ATM ARP (Atmarpc) - C:\WINDOWS\System32\DRIVERS\atmarpc.sys O41 - Driver: Pilote audio Stub (audstub) - C:\WINDOWS\System32\DRIVERS\audstub.sys O41 - Driver: AVG Anti-Rootkit (AVG Anti-Rootkit) - C:\WINDOWS\System32\DRIVERS\anti_rkt.sys O41 - Driver: AVG Anti-Spyware Driver (AVG Anti-Spyware Driver) - C:\Program Files\AVG Anti-Spyware 7.5\guard.sys O41 - Driver: AVG Clean Driver (AVG Clean Driver) - C:\WINDOWS\System32\DRIVERS\cleanDrv.sys O41 - Driver: Avg Anti-Rootkit Clean Driver (AvgArCln) - C:\WINDOWS\System32\DRIVERS\AvgArCln.sys O41 - Driver: AVG Anti-Spyware Clean Driver (AvgAsCln) - C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys O41 - Driver: avgio (avgio) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys O41 - Driver: avgntflt (avgntflt) - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys O41 - Driver: avipbb (avipbb) - C:\WINDOWS\system32\DRIVERS\avipbb.sys O41 - Driver: (no object) (axwhisky) - C:\WINDOWS\system32\DRIVERS\axwhisky.sys O41 - Driver: (no object) (axwskbus) - C:\WINDOWS\system32\DRIVERS\axwskbus.sys O41 - Driver: Décodeur sous-titre fermé (CCDECODE) - C:\WINDOWS\system32\DRIVERS\CCDECODE.sys O41 - Driver: CH Control Manager Driver 1 (chdrvr01) - C:\WINDOWS\system32\DRIVERS\chdrvr01.sys O41 - Driver: CH Control Manager Driver 2 (chdrvr02) - C:\WINDOWS\system32\DRIVERS\chdrvr02.sys O41 - Driver: CH Control Manager Driver 3 (chdrvr03) - C:\WINDOWS\system32\DRIVERS\chdrvr03.sys O41 - Driver: (no object) (d347bus) - C:\WINDOWS\system32\DRIVERS\d347bus.sys O41 - Driver: (no object) (d347prt) - C:\WINDOWS\System32\Drivers\d347prt.sys O41 - Driver: (no object) (dmboot) - C:\WINDOWS\System32\drivers\dmboot.sys O41 - Driver: Pilote de Gestionnaire de disque logique (dmio) - C:\WINDOWS\System32\drivers\dmio.sys O41 - Driver: (no object) (dmload) - C:\WINDOWS\System32\drivers\dmload.sys O41 - Driver: Synthétiseur DLS du noyau Microsoft (DMusic) - C:\WINDOWS\system32\drivers\DMusic.sys O41 - Driver: driverhardwarev2 (driverhardwarev2) - C:\Program Files\HardwareDetection\driverhardwarev2.sys O41 - Driver: Filtre de décodeur DRM (Noyau Microsoft) (drmkaud) - C:\WINDOWS\system32\drivers\drmkaud.sys O41 - Driver: (no object) (dtscsi) - C:\WINDOWS\System32\Drivers\dtscsi.sys O41 - Driver: ElbyCDIO Driver (ElbyCDIO) - C:\WINDOWS\System32\Drivers\ElbyCDIO.sys O41 - Driver: (no object) (ElbyVCD) - C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys O41 - Driver: Creative EMU10K1/EMU10K2 Audio Driver (WDM) (emu10kx) - C:\WINDOWS\system32\drivers\e10kx2k.sys O41 - Driver: UVC Filter Service (FilterService) - C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys O41 - Driver: giveio (giveio) - C:\WINDOWS\system32\giveio.sys O41 - Driver: Classificateur de paquets générique (Gpc) - C:\WINDOWS\System32\DRIVERS\msgpc.sys O41 - Driver: Pilote de classe HID Microsoft (HidUsb) - C:\WINDOWS\system32\DRIVERS\hidusb.sys O41 - Driver: Pilote pour clavier i8042 et souris sur port PS/2 (i8042prt) - C:\WINDOWS\System32\DRIVERS\i8042prt.sys O41 - Driver: Pilote de filtre de trafic IP (IpFilterDriver) - C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys O41 - Driver: Pilote de tunnelage IP dans IP (IpInIp) - C:\WINDOWS\System32\DRIVERS\ipinip.sys O41 - Driver: Traducteur d'adresses réseau IP (IpNat) - C:\WINDOWS\System32\DRIVERS\ipnat.sys O41 - Driver: Pilote IPSEC (IPSec) - C:\WINDOWS\System32\DRIVERS\ipsec.sys O41 - Driver: Service énumérateur IR (IRENUM) - C:\WINDOWS\System32\DRIVERS\irenum.sys O41 - Driver: ITERAID_Service_Install (iteraid) - C:\WINDOWS\system32\DRIVERS\iteraid.sys O41 - Driver: Pilote HID de clavier (kbdhid) - C:\WINDOWS\system32\DRIVERS\kbdhid.sys O41 - Driver: Mélangeur audio Wave de noyau Microsoft (kmixer) - C:\WINDOWS\system32\drivers\kmixer.sys O41 - Driver: Logitech AEC Driver (LVcKap) - C:\WINDOWS\system32\DRIVERS\LVcKap.sys O41 - Driver: Logitech Machine Vision Engine Loader (LVMVDrv) - C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys O41 - Driver: Logitech POP Suppression Filter (lvpopflt) - C:\WINDOWS\system32\DRIVERS\lvpopflt.sys O41 - Driver: Logitech LVPr2Mon Driver (LVPr2Mon) - C:\WINDOWS\system32\drivers\LVPr2Mon.sys O41 - Driver: Logitech Selective Suspend Filter (lvselsus) - C:\WINDOWS\system32\DRIVERS\lvselsus.sys O41 - Driver: Logitech QuickCam Pro 5000(UVC) (LVUVC) - C:\WINDOWS\system32\DRIVERS\lvuvc.sys O41 - Driver: MEMSWEEP2 (MEMSWEEP2) - C:\WINDOWS\system32\52.tmp O41 - Driver: DiBcom DIB7700 based TV tuner device (mod7700) - C:\WINDOWS\System32\Drivers\mod7700.sys O41 - Driver: DiBcom Infrared Receiver (MODRC) - C:\WINDOWS\system32\DRIVERS\modrc.sys O41 - Driver: Pilote HID de souris (mouhid) - C:\WINDOWS\System32\DRIVERS\mouhid.sys O41 - Driver: Filtre BDA MPE (MPE) - C:\WINDOWS\system32\DRIVERS\MPE.sys O41 - Driver: Redirecteur client WebDav (MRxDAV) - C:\WINDOWS\System32\DRIVERS\mrxdav.sys O41 - Driver: MRXSMB (MRxSmb) - C:\WINDOWS\System32\DRIVERS\mrxsmb.sys O41 - Driver: Proxy de service de répartition Microsoft (MSKSSRV) - C:\WINDOWS\system32\drivers\MSKSSRV.sys O41 - Driver: Proxy d'horloge de répartition Microsoft (MSPCLOCK) - C:\WINDOWS\system32\drivers\MSPCLOCK.sys O41 - Driver: Proxy de gestion de qualité de répartition Microsoft (MSPQM) - C:\WINDOWS\system32\drivers\MSPQM.sys O41 - Driver: Pilote BIOS de gestion de systèmes Microsoft (mssmbios) - C:\WINDOWS\System32\DRIVERS\mssmbios.sys O41 - Driver: Convertisseur en T/site-à-site de répartition Microsoft (MSTEE) - C:\WINDOWS\system32\drivers\MSTEE.sys O41 - Driver: Codec NABTS/FEC VBI (NABTSFEC) - C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys O41 - Driver: Connection TV/vidéo Microsoft (NdisIP) - C:\WINDOWS\system32\DRIVERS\NdisIP.sys O41 - Driver: Pilote TAPI NDIS d'accès distant (NdisTapi) - C:\WINDOWS\System32\DRIVERS\ndistapi.sys O41 - Driver: NDIS mode utilisateur E/S Protocole (Ndisuio) - C:\WINDOWS\System32\DRIVERS\ndisuio.sys O41 - Driver: Pilote réseau étendu NDIS d'accès distant (NdisWan) - C:\WINDOWS\System32\DRIVERS\ndiswan.sys O41 - Driver: Interface NetBIOS (NetBIOS) - C:\WINDOWS\System32\DRIVERS\netbios.sys O41 - Driver: NetBIOS sur TCP/IP (NetBT) - C:\WINDOWS\System32\DRIVERS\netbt.sys O41 - Driver: Pilote réseau 1394 (NIC1394) - C:\WINDOWS\System32\DRIVERS\nic1394.sys O41 - Driver: Pilote de filtre de trafic IPX (NwlnkFlt) - C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys O41 - Driver: Pilote de transfert de trafic IPX (NwlnkFwd) - C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys O41 - Driver: Contrôleurs hôte IEEE 1394 compatible OHCI (ohci1394) - C:\WINDOWS\System32\DRIVERS\ohci1394.sys O41 - Driver: Creative OS Services Driver (ossrv) - C:\WINDOWS\system32\drivers\ctoss2k.sys O41 - Driver: (no object) (PalmUSBD) - C:\WINDOWS\system32\drivers\PalmUSBD.sys O41 - Driver: VSO Software pcouffin (pcouffin) - C:\WINDOWS\System32\Drivers\pcouffin.sys O41 - Driver: Pinnacle Virtual Miniport (PctvVirtualNdis) - C:\WINDOWS\system32\DRIVERS\PctvVirtualNdis.sys O41 - Driver: Miniport réseau étendu (PPTP) (PptpMiniport) - C:\WINDOWS\System32\DRIVERS\raspptp.sys O41 - Driver: (no object) (PrecSim) - C:\WINDOWS\system32\DRIVERS\precsim.sys O41 - Driver: Planificateur de paquets QoS (PSched) - C:\WINDOWS\System32\DRIVERS\psched.sys O41 - Driver: Pilote de liaison parallèle directe (Ptilink) - C:\WINDOWS\System32\DRIVERS\ptilink.sys O41 - Driver: PxHelp20 (PxHelp20) - C:\WINDOWS\System32\Drivers\PxHelp20.sys O41 - Driver: Pilote de connexion automatique d'accès distant (RasAcd) - C:\WINDOWS\System32\DRIVERS\rasacd.sys O41 - Driver: Miniport réseau étendu (L2TP) (Rasl2tp) - C:\WINDOWS\System32\DRIVERS\rasl2tp.sys O41 - Driver: Pilote PPPOE d'accès à distance (RasPppoe) - C:\WINDOWS\System32\DRIVERS\raspppoe.sys O41 - Driver: Parallèle direct (Raspti) - C:\WINDOWS\System32\DRIVERS\raspti.sys O41 - Driver: Rdbss (Rdbss) - C:\WINDOWS\System32\DRIVERS\rdbss.sys O41 - Driver: Pilote de redirecteur de périphérique Terminal Server (rdpdr) - C:\WINDOWS\System32\DRIVERS\rdpdr.sys O41 - Driver: Pilote de filtre de lecture digitale de CD audio (redbook) - C:\WINDOWS\System32\DRIVERS\redbook.sys O41 - Driver: SASDIFSV (SASDIFSV) - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS O41 - Driver: SASENUM (SASENUM) - C:\Program Files\SUPERAntiSpyware\SASENUM.SYS O41 - Driver: SASKUTIL (SASKUTIL) - C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys O41 - Driver: SbieDrv (SbieDrv) - C:\Program Files\Sandboxie\SbieDrv.sys O41 - Driver: Secdrv (Secdrv) - C:\WINDOWS\System32\DRIVERS\secdrv.sys O41 - Driver: Pilote de filtre Serenum (serenum) - C:\WINDOWS\System32\DRIVERS\serenum.sys O41 - Driver: Détrameur décalage BDA (SLIP) - C:\WINDOWS\system32\DRIVERS\SLIP.sys O41 - Driver: speedfan (speedfan) - C:\WINDOWS\system32\speedfan.sys O41 - Driver: Splitter audio du noyau Microsoft (splitter) - C:\WINDOWS\system32\drivers\splitter.sys O41 - Driver: (no object) (sptd) - C:\WINDOWS\System32\Drivers\sptd.sys O41 - Driver: Pilote de filtre de restauration système (sr) - C:\WINDOWS\System32\DRIVERS\sr.sys O41 - Driver: Srv (Srv) - C:\WINDOWS\System32\DRIVERS\srv.sys O41 - Driver: ssmdrv (ssmdrv) - C:\WINDOWS\system32\DRIVERS\ssmdrv.sys O41 - Driver: BDA IPSink (streamip) - C:\WINDOWS\system32\DRIVERS\StreamIP.sys O41 - Driver: SVKP (SVKP) - C:\WINDOWS\system32\SVKP.sys O41 - Driver: Pilote de bus logiciel (swenum) - C:\WINDOWS\System32\DRIVERS\swenum.sys O41 - Driver: Synthétiseur de table de sons GC noyau Microsoft (swmidi) - C:\WINDOWS\system32\drivers\swmidi.sys O41 - Driver: Périphérique audio système du noyau Microsoft (sysaudio) - C:\WINDOWS\system32\drivers\sysaudio.sys O41 - Driver: Pilote du protocole TCP/IP (Tcpip) - C:\WINDOWS\System32\DRIVERS\tcpip.sys O41 - Driver: Pilote de mise à jour microcode (Update) - C:\WINDOWS\System32\DRIVERS\update.sys O41 - Driver: Pilote USB audio (WDM) (usbaudio) - C:\WINDOWS\system32\drivers\usbaudio.sys O41 - Driver: Pilote parent générique USB Microsoft (usbccgp) - C:\WINDOWS\system32\DRIVERS\usbccgp.sys O41 - Driver: Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0 (usbehci) - C:\WINDOWS\system32\DRIVERS\usbehci.sys O41 - Driver: Pilote de concentrateur standard USB Microsoft (usbhub) - C:\WINDOWS\System32\DRIVERS\usbhub.sys O41 - Driver: Pilote miniport de contrôleur hôte ouvert USB Microsoft (usbohci) - C:\WINDOWS\system32\DRIVERS\usbohci.sys O41 - Driver: Classe d'imprimantes USB Microsoft (usbprint) - C:\WINDOWS\system32\DRIVERS\usbprint.sys O41 - Driver: Pilote de scanneur USB (usbscan) - C:\WINDOWS\system32\DRIVERS\usbscan.sys O41 - Driver: Pilote de stockage de masse USB (USBSTOR) - C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS O41 - Driver: Pilote miniport de contrôleur hôte universel USB Microsoft (usbuhci) - C:\WINDOWS\System32\DRIVERS\usbuhci.sys O41 - Driver: (no object) (VClone) - C:\WINDOWS\system32\DRIVERS\VClone.sys O41 - Driver: Filtre de bus AGP VIA (viaagp) - C:\WINDOWS\System32\DRIVERS\viaagp.sys O41 - Driver: Pilote ARP IP d'accès distant (Wanarp) - C:\WINDOWS\System32\DRIVERS\wanarp.sys O41 - Driver: Pilote WINMM de compatibilité audio WDM Microsoft (wdmaud) - C:\WINDOWS\system32\drivers\wdmaud.sys O41 - Driver: Codec Teletext standard (WSTCODEC) - C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Platform Driver (WudfPf) - C:\WINDOWS\system32\DRIVERS\WudfPf.sys O41 - Driver: Windows Driver Foundation - User-mode Driver Framework Reflector (WudfRd) - C:\WINDOWS\system32\DRIVERS\wudfrd.sys O41 - Driver: (no object) (NaiAvFilter1) - C:\WINDOWS\system32\drivers\naiavf5x.sys O41 - Driver: (no object) (NaiAvTdi1) - C:\WINDOWS\system32\drivers\mvstdi5x.sys O41 - Driver: Spy Sweeper File System Filer Driver: 0509 (SSFS0509) - C:\WINDOWS\SYSTEM32\Drivers\SSFS0509.SYS O41 - Driver: Spy Sweeper Hookrack MiniDriver (SSHRMD) - C:\WINDOWS\SYSTEM32\Drivers\SSHRMD.SYS O41 - Driver: Spy Sweeper Interdiction Driver (SSIDRV) - C:\WINDOWS\SYSTEM32\Drivers\SSIDRV.SYS ---\\ Logiciels installés (O42) O42 - Logiciel: 4Diskclean Freeware O42 - Logiciel: Adobe Flash Player ActiveX O42 - Logiciel: Adobe Flash Player Plugin O42 - Logiciel: Adobe Photoshop CS2 O42 - Logiciel: Adobe Photoshop Elements 5.0 O42 - Logiciel: Advanced IRC O42 - Logiciel: ATI - Software Uninstall Utility O42 - Logiciel: Avira AntiVir Personal - Free Antivirus O42 - Logiciel: ASAPI Update O42 - Logiciel: ATI Display Driver O42 - Logiciel: Audacity 1.2.4 O42 - Logiciel: AVG Anti-Rootkit Free O42 - Logiciel: AVG Anti-Spyware 7.5 O42 - Logiciel: AVI/MPEG/RM/WMV Joiner 4.81 O42 - Logiciel: Avi2Dvd 0.4.5 beta O42 - Logiciel: AviSynth 2.5 O42 - Logiciel: BackupBuddy for Windows O42 - Logiciel: CCleaner (remove only) O42 - Logiciel: CH Control Manager O42 - Logiciel: Clean 5 O42 - Logiciel: CloneCD O42 - Logiciel: Cobian Backup 9 O42 - Logiciel: dBpoweramp FLAC Codec O42 - Logiciel: dBpoweramp Monkeys Audio Codec O42 - Logiciel: dBpoweramp Musepack Codec O42 - Logiciel: dBpoweramp Ogg Vorbis Codec O42 - Logiciel: dBpowerAMP Wavpack Codec O42 - Logiciel: dBpoweramp Windows Media Audio 10 Codec O42 - Logiciel: dMC Power Pack O42 - Logiciel: DoublePics v2.3.2(.4) O42 - Logiciel: DVD Shrink 3.2 O42 - Logiciel: EarMaster Pro 5 O42 - Logiciel: eMule O42 - Logiciel: EVEREST Ultimate Edition v5.00 O42 - Logiciel: EW : Cossacks O42 - Logiciel: Exifer O42 - Logiciel: Microsoft Flight Simulator 2004 Un siècle d'aviation O42 - Logiciel: Foxit Reader O42 - Logiciel: GedCom-Vision version 2.0e O42 - Logiciel: GHCS Software GedStar for PalmOS O42 - Logiciel: GNU Solfege 3.10.4 O42 - Logiciel: GrabIt 1.7.1 Beta (build 960) O42 - Logiciel: Greeting Card Creator O42 - Logiciel: Guitar Pro 4.0 O42 - Logiciel: Harmony Assistant O42 - Logiciel: Helicon Filter 2.02 O42 - Logiciel: Heredis 9 O42 - Logiciel: HijackThis 2.0.2 O42 - Logiciel: Windows Internet Explorer 7 O42 - Logiciel: Windows Internet Explorer 8 O42 - Logiciel: IFOEdit 0.971 Fr O42 - Logiciel: IsoBuster 1.9.1 O42 - Logiciel: jv16 PowerTools 1.3 O42 - Logiciel: Kaspersky Online Scanner O42 - Logiciel: Hotfix for Windows Media Format 11 SDK (KB929399) O42 - Logiciel: Security Update for CAPICOM (KB931906) O42 - Logiciel: K-Lite Mega Codec Pack 3.5.0 O42 - Logiciel: Kommute O42 - Logiciel: Label Editor O42 - Logiciel: Macromedia Shockwave Player O42 - Logiciel: Malwarebytes' Anti-Malware O42 - Logiciel: MaxSplitter v1.53 Free Edition O42 - Logiciel: Media Player Classic fr O42 - Logiciel: Microsoft Money O42 - Logiciel: Morefunc O42 - Logiciel: Mp3DirectCut O42 - Logiciel: Neat Image v5 Demo (with plug-in) O42 - Logiciel: Nero 6 Enterprise Edition O42 - Logiciel: Nero BurnRights (Ahead Software) O42 - Logiciel: OMeR O42 - Logiciel: P2400P Guide de référence O42 - Logiciel: Panda ActiveScan O42 - Logiciel: Paradise Update 1.1 O42 - Logiciel: Paradise O42 - Logiciel: PDFtoMusic O42 - Logiciel: PeerGuardian 2.0 O42 - Logiciel: PhotoFiltre O42 - Logiciel: Picasa 3 O42 - Logiciel: Planète Généalogie O42 - Logiciel: Privacy Eraser Pro 4.20 O42 - Logiciel: Microsoft Office Professional Plus 2007 O42 - Logiciel: Programme de gestion Camera de Logitech® O42 - Logiciel: QuickPar 0.9 O42 - Logiciel: RadCor 2.04 O42 - Logiciel: Radio Fr Solo 2.1 O42 - Logiciel: Sandboxie 3.34 O42 - Logiciel: SaverWiz O42 - Logiciel: Simple Sudoku 4.2 O42 - Logiciel: Sophos Anti-Rootkit 1.3 O42 - Logiciel: SpeedFan (remove only) O42 - Logiciel: Speeditup Free 4.01 O42 - Logiciel: Spybot - Search & Destroy 1.4 O42 - Logiciel: Tous les Noms de Famille de France V.6.5.1 O42 - Logiciel: StationRipper 2.71 O42 - Logiciel: StealthNet 0.8.4.1 O42 - Logiciel: Sudoku 3D Pro O42 - Logiciel: Sudoku V 3.0 O42 - Logiciel: TeamViewer 4 O42 - Logiciel: Tweak-XP Pro 4 O42 - Logiciel: Universal Extractor 1.6 O42 - Logiciel: Unlocker 1.8.6 O42 - Logiciel: VDMSound O42 - Logiciel: VobEdit 0.6 Fr O42 - Logiciel: WaveLab Lite O42 - Logiciel: Windows Genuine Advantage Notifications (KB905474) O42 - Logiciel: Windows Media Format 11 runtime O42 - Logiciel: Lecteur Windows Media 11 O42 - Logiciel: Windows XP Service Pack 3 O42 - Logiciel: WinHTTrack Website Copier 3.30 O42 - Logiciel: Archiveur WinRAR O42 - Logiciel: Wintree Version 3.0 d O42 - Logiciel: WinZip O42 - Logiciel: Windows Media Player 11 O42 - Logiciel: Microsoft User-Mode Driver Framework Feature Pack 1.0 O42 - Logiciel: ZebHelpProcess 2.33.6 O42 - Logiciel: EPSON Scan O42 - Logiciel: Lizardtech DjVu Control O42 - Logiciel: WinWAP for Windows 3.2 O42 - Logiciel: NikonCapture O42 - Logiciel: Windows Live Sign-in Assistant O42 - Logiciel: File Uploader O42 - Logiciel: Skype™ 4.0 O42 - Logiciel: Sibelius 5 Demo O42 - Logiciel: Adobe Help Center 2.1 O42 - Logiciel: Java 6 Update 11 O42 - Logiciel: Macromedia Flash Player O42 - Logiciel: ConvertHelper 2.1 O42 - Logiciel: Java 6 Update 7 O42 - Logiciel: MVision O42 - Logiciel: SmartList To Go O42 - Logiciel: MSXML 4.0 SP2 (KB927978) O42 - Logiciel: Sibelius Scorch (Firefox, Opera, Netscape only) O42 - Logiciel: Microsoft Baseline Security Analyzer 2.1 O42 - Logiciel: SanDisk SD Wi-Fi Card O42 - Logiciel: EPSON Smart Panel O42 - Logiciel: MSXML 4.0 SP2 Parser and SDK O42 - Logiciel: Microsoft Visual C++ 2005 Redistributable O42 - Logiciel: ConvertXtoDVD 3.2.9.94c O42 - Logiciel: PTLens O42 - Logiciel: Adobe Stock Photos 1.0 O42 - Logiciel: Logitech QuickCam O42 - Logiciel: MSXML 4.0 SP2 (KB954430) O42 - Logiciel: Picture Control Utility O42 - Logiciel: UMVPLStandalone O42 - Logiciel: Adobe Common File Installer O42 - Logiciel: Update for Outlook 2007 Junk Email Filter (kb962871) O42 - Logiciel: Security Update for Microsoft Office Word 2007 (KB956358) O42 - Logiciel: Update for Microsoft Office Outlook 2007 (KB952142) O42 - Logiciel: Security Update for Microsoft Office PowerPoint 2007 (KB951338) O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB954326) O42 - Logiciel: Security Update for Microsoft Office Excel 2007 (KB958437) O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB958439) O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB951944) O42 - Logiciel: Security Update for Microsoft Office system 2007 (KB956828) O42 - Logiciel: Update for Office 2007 (KB946691) O42 - Logiciel: Security Update for 2007 Microsoft Office System (KB951550) O42 - Logiciel: 2007 Microsoft Office Suite Service Pack 1 (SP1) O42 - Logiciel: Security Update for Microsoft Office Publisher 2007 (KB950114) O42 - Logiciel: Microsoft Office Access MUI (French) 2007 O42 - Logiciel: Microsoft Office Excel MUI (French) 2007 O42 - Logiciel: Microsoft Office PowerPoint MUI (French) 2007 O42 - Logiciel: Microsoft Office Publisher MUI (French) 2007 O42 - Logiciel: Microsoft Office Outlook MUI (French) 2007 O42 - Logiciel: Microsoft Office Word MUI (French) 2007 O42 - Logiciel: Microsoft Office Proof (Arabic) 2007 O42 - Logiciel: Microsoft Office Proof (German) 2007 O42 - Logiciel: Microsoft Office Proof (English) 2007 O42 - Logiciel: Microsoft Office Proof (French) 2007 O42 - Logiciel: Microsoft Office Proof (Dutch) 2007 O42 - Logiciel: Microsoft Office Proof (Spanish) 2007 O42 - Logiciel: Microsoft Office Proofing (French) 2007 O42 - Logiciel: Microsoft Office InfoPath MUI (French) 2007 O42 - Logiciel: Microsoft Office Shared MUI (French) 2007 O42 - Logiciel: Microsoft Office Language Pack 2007 Service Pack 1 (SP1) O42 - Logiciel: CDRWIN 5 O42 - Logiciel: SplashID O42 - Logiciel: Windows Defender O42 - Logiciel: Windows Defender Signatures O42 - Logiciel: Ulead DVD PictureShow 2 Trial O42 - Logiciel: MSXML 4.0 SP2 (KB925672) O42 - Logiciel: Adobe Reader 9.1 - Français O42 - Logiciel: VirtualDubMOD 1.5.10.3 Fr O42 - Logiciel: Microsoft .NET Framework 2.0 Service Pack 1 O42 - Logiciel: EPSON Copy Utility ---\\ Contenu des dossiers Fichiers Communs (O43) O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Adobe O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Adobe Systems Shared O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Ahead O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Apple O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Bcgsoft O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\BOONTY Shared O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Borland Shared O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Cisco Systems O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\DESIGNER O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\element5 Shared O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\InstallShield O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Java O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\LogiShrd O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Logitech O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Microsoft Shared O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\MSSoap O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\muvee Technologies O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Nikon O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\ODBC O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\PACE Anti-Piracy O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Python O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Real O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Services O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Skype O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\SpeechEngines O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\System O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Ulead Systems O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Webroot Shared O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Windows Live O43 - CFD:Common File Directory - C:\Program Files\Fichiers Communs\Wise Installation Wizard ---\\ Derniers fichiers modifiés ou crées sous System32 (O44) O44 - LFC:Last File Created - C:\WINDOWS\System32\admparse.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\advpack.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\advpack.dll.mui -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\amcompat.tlb -->11/04/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000B-00001102-00000004-00401102}.rfx -->13/04/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000B-00001102-00000004-00401102}.rfx -->13/04/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\corpol.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\dxtmsft.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\dxtrans.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\ezsidmv.dat -->08/02/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\FNTCACHE.DAT -->15/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\html.iec -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\icardie.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\ie4uinit.exe -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\ieakeng.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\ieaksie.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\ieakui.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\ieapfltr.dat -->06/02/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\ieapfltr.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\iedkcs32.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\ieframe.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\ieframe.dll.mui -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\iepeers.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\iernonce.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\iertutil.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\iesetup.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\ieudinit.exe -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\ieui.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\ieuinit.inf -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\imgutil.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\inetcpl.cpl -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\inseng.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\jscript.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\jsproxy.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\licmgr10.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\MRT.exe -->25/02/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\msfeeds.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\msfeedsbs.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\msfeedssync.exe -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\mshta.exe -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\mshtml.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\mshtml.tlb -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\mshtmled.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\mshtmler.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\msls31.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\msrating.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\mstime.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\nscompat.tlb -->11/04/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\occache.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc009.dat -->29/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\perfc00C.dat -->29/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh009.dat -->29/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\perfh00C.dat -->29/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\PerfStringBackup.INI -->29/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\pngfilt.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\tdc.ocx -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\url.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\urlmon.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\vbscript.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\webcheck.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\win32k.sys -->09/02/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\WinFXDocObj.exe -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\wininet.dll -->08/03/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\wpa.dbl -->12/04/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\fwdrv.err -->30/01/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\lvuvc.hs -->08/02/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\mbam.sys -->11/02/2009 O44 - LFC:Last File Created - C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->11/02/2009 ---\\ Derniers fichiers créés dans Windows Prefetcher (O45) O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACRORD32.EXE-32E4AFCD.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-1A61B617.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ADOBE GAMMA LOADER.EXE-14139C8F.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ADOBE_UPDATER.EXE-07B31C62.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ALG.EXE-275708CF.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ATI2EVXX.EXE-07A42849.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVCENTER.EXE-05983540.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVGNT.EXE-08C8F6E1.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVNOTIFY.EXE-1A41E508.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\AVWSC.EXE-21D2C1ED.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\BACKUPBUDDY.EXE-1C0CA632.pf -->04/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CCLEANER.EXE-09CFC2BC.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CCSETUP218.EXE-14FF3CF2.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CLONECDTRAY.EXE-25FF090B.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CNMSM3Q.EXE-25C2FB69.pf -->05/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\COCIMANAGER.EXE-1E454E23.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\COMMAND.EXE-11140AF9.pf -->29/03/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\COMMUNICATIONS_HELPER.EXE-081C76F0.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CONTROL.EXE-24FBF8B3.pf -->03/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CSRSS.EXE-22452D1B.pf -->29/03/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\CTFMON.EXE-05E57A5E.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\DISPLAYRTF.EXE-04F5B507.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ELBYCHECK.EXE-190010DC.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\EMULE.EXE-01299854.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\EXPLORER.EXE-25097108.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\EXTEXPORT.EXE-1EED3F01.pf -->04/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\FIREFOX.EXE-06188867.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HARMOTAB.EXE-2227BF37.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HELPER.EXE-0324EC74.pf -->04/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HELPSVC.EXE-1C192440.pf -->12/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-0FDAF2E1.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IDEAS.EXE-1C0C3BF4.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IDRIVER.EXE-26D928F4.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IDRIVERT.EXE-3A46FEE3.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf -->12/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IMAPI.EXE-201490BB.pf -->12/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\IRSETUP.EXE-00C3B713.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JAVA.EXE-32FD225F.pf -->03/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JAVAW.EXE-392A4E93.pf -->04/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JQSNOTIFY.EXE-359F83C5.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JRE-6U13-WINDOWS-I586-P-IFTW.-1FA8BA4C.pf -->03/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JUCHECK.EXE-1E35CB2F.pf -->03/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\JUSCHED.EXE-04A13915.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\KPF4GUI.EXE-3B74775B.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\Layout.ini -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LOGITECHUPDATE.EXE-19035BD4.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LOGON.SCR-24ADF392.pf -->12/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LULNCHR.EXE-1E3FF27E.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LVCOMSX.EXE-02D614F6.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\LVPRCSRV.EXE-0371ED38.pf -->29/03/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MBAM.EXE-0D37CDF0.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MPAS-D.EXE-17905AE2.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MPCMDRUN.EXE-177DBF1A.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MPC_FR.EXE-3A1386D9.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MPSIGSTUB.EXE-1BB6DD6A.pf -->04/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MPSIGSTUB.EXE-1E076697.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSIEXEC.EXE-330626DC.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSIMN.EXE-183B59AF.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSMSGS.EXE-0620E8B3.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\MSNMSGR.EXE-3744B6D8.pf -->12/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NEROCHECK.EXE-30941580.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NKFILEUPLOADER.EXE-22BCF6CA.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NKMC.EXE-13F500A8.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NKMONITOR.EXE-13087D9B.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NO$GBA.EXE-396A4DF7.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\NTVDM.EXE-0A81AB7B.pf -->04/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\OFFLB.EXE-21E94D32.pf -->05/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PG2.EXE-281B562D.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PIANOBLUES_SF.EXE-091105BD.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PICASAPHOTOVIEWER.EXE-19823186.pf -->12/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PICASAUPDATER.EXE-16104B82.pf -->12/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\POWERPNT.EXE-2F92D967.pf -->12/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PREUPD.EXE-16574861.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\PSDRVCHECK.EXE-2ABC771E.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\QUICKCAM10.EXE-278834C4.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\READER_SL.EXE-2D713FFC.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\REGSETVALUE.EXE-2E909846.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RSTRUI.EXE-05C31B56.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-3C6C3DAD.pf -->04/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-4532DDE6.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-453420C4.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-52E82B3E.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-5560CAC5.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-5C54481E.pf -->04/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-5F325011.pf -->04/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\RUNDLL32.EXE-67E7CDE4.pf -->04/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\S-VIEWNX-130WF-EURFR.EXE-2496E5C0.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SANDBOXIEDCOMLAUNCH.EXE-33708E74.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SANDBOXIERPCSS.EXE-1BBC8C28.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SBIECTRL.EXE-0C1DFFD8.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SETUP.EXE-07746417.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SETUP.EXE-0FCBAD11.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SETUP.EXE-11045E11.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SETUP.EXE-28D54BB1.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SETUP.EXE-295A2E2B.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SETUP1.EXE-367A3761.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SNDVOL32.EXE-0EC6FD20.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\SPLASHID DESKTOP.EXE-31CF87B7.pf -->04/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ST6UNST.EXE-26CC7DB2.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\START.EXE-0EA2D7A3.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\TEAMVIEWER.EXE-29DFA4F3.pf -->12/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UPDATE.EXE-380C6CAC.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\UPDATER.EXE-08DC3AE3.pf -->04/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\USDOWNLOADER.EXE-2245AED0.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\USERINIT.EXE-0743FDA9.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\USNSVC.EXE-0114DAF6.pf -->12/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VERCLSID.EXE-28F52AD2.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VIEWNX INSTALLER.EXE-24A843AD.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\VIEWNX.EXE-20BC0F81.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WGATRAY.EXE-350D4455.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINLOGON.EXE-0957F9B2.pf -->29/03/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINRAR.EXE-0AA31BB9.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINWORD.EXE-15ED065E.pf -->12/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WINZIP32.EXE-2F3C90C9.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIAPSRV.EXE-02740A4B.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WMPLAYER.EXE-1ACCF80B.pf -->12/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WSCNTFY.EXE-0B14C27D.pf -->31/03/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\WZQKPICK.EXE-0FB748E8.pf -->13/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\W_V19400_BY_LARGO.EXE-0A1561EF.pf -->11/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ZATTOO-3.3.3BETA.EXE-29F90CE1.pf -->04/04/2009 O45 - LFCP:Last File Created Prefetch - C:\WINDOWS\Prefetch\ZHP2.EXE-26FA4F4E.pf -->13/04/2009 ---\\ ShellExecuteHooks, Opérations et fonctions au démarrage de Windows Explorer (O46) O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll O46 - SEH:ShellExecuteHooks - CShellExecuteHookImpl Object - {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\AVG Anti-Spyware 7.5\shellexecutehook.dll ---\\ Export de clé d'application autorisée (O47) O47 - AAKE:Key Export - "C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server" O47 - AAKE:Key Export - "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" O47 - AAKE:Key Export - "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Disabled:eMule" O47 - AAKE:Key Export - "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI" O47 - AAKE:Key Export - "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" O47 - AAKE:Key Export - "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" O47 - AAKE:Key Export - "C:\Program Files\Piolet\Piolet.exe"="C:\Program Files\Piolet\Piolet.exe:*:Enabled:Piolet" O47 - AAKE:Key Export - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" O47 - AAKE:Key Export - "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" O47 - AAKE:Key Export - "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" O47 - AAKE:Key Export - "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" O47 - AAKE:Key Export - "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" O47 - AAKE:Key Export - "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" O47 - AAKE:Key Export - "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" O47 - AAKE:Key Export - "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" O47 - AAKE:Key Export - "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" ---\\ Déni du service Local Security Authority (LSA) (O48) O48 - LSA:Local Security Authority Authentication Packages - C:\WINDOWS\System32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages - C:\WINDOWS\System32\scecli.dll ---\\ Contrôle du Safe Boot (CSB) (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\vgasave.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ip6fw.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpcdd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpdd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\rdpwd.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdpipe.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\tdtcp.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\vgasave.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Minimal\vgasave.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ip6fw.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpcdd.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpdd.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\rdpwd.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdpipe.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\tdtcp.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CS1\Network\vgasave.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Minimal\vgasave.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmboot.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmio.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\dmload.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ip6fw.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\ipnat.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpcdd.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpdd.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\rdpwd.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\sr.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdpipe.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\tdtcp.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vga.sys O49 - CSB:Control Safe Boot HKLM\...\CS3\Network\vgasave.sys ---\\ Image File Execution Options (IEFO) (O50) O50 - IEFO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d ---\\ Recherche d'infection de Base de Registres (O71) O71 - BDRI:[hklm\software\microsoft\internet explorer\extension compatibility\{43d9e6f0-1776-4897-ae14-ecedecbafec0}] O71 - BDRI:[hklm\software\microsoft\internet explorer\extension compatibility\{5a074b29-f830-49de-a31b-5bb9d7f6b407}] O71 - BDRI:[hklm\software\microsoft\internet explorer\extension compatibility\{5a074b21-f830-49de-a31b-5bb9d7f6b407}] O71 - BDRI:[hkcu\software\microsoft\windows\currentversion\run]:msmsgs O71 - BDRI:[hkcu\software\microsoft\windows\currentversion\run]:ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe
  3. pldta
    Merci pour votre réponse. Je pense que ce fichier a été exécuté il y a deux ans environ alors que Antivir ne le détecte que depuis hier (j'ai beaucoup durci depuis les règles d'utilisation du pc par ses différents utilisateurs, plus de téléchargements, plus de cracks). Y-a-il un risque et que Hijackthis ne voit pas de problèmes . Une analyse sur http://virusscan.jotti.org/ donne les résultats suivants : A-Squared Found nothing AntiVir Found BDS/Pcclient.586 ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found Trojan.Generic.751667 ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing G DATA Found Trojan.Generic.751667 Ikarus Found Backdoor.Rbot Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found Trj/Lineage.BZE Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing Cordialement
  4. pldta
    Bon, Google est rentré dans l'ordre. Par contre mon hijackthis a-t-il l'air normal? Peut-il y avoir des éléments non détectés par hijackthis avec ce truc qui m'a l'air méchant? Cordialement.
  5. pldta
    Complément au mai précédent : j'ai un truc bizarre : toutes les recherches sur Google me mettent le message suivant : du style : Forum Planète-Citroën Ce site risque d'endommager votre ordinateur. Forum, Messages, Discussions, Dernier message. Citroën 2cv/Dyane/Méhari. Citroën 2cv/Dyane/Méhari. Pièces détachées | Présentation des membres ... www.planete-citroen.com/ - Pages similaires "Avertissement- Attention, l'accès à ce site risque d'endommager votre ordinateur. Suggestions : * Accédez à la page précédente et sélectionnez un autre résultat. * Modifiez votre recherche pour trouver ce que vous cherchez. Vous pouvez également accéder à http://www.planete-citroen.com/ à vos propres risques. Pour obtenir des informations détaillées sur les problèmes que nous avons rencontrés, consultez la page de diagnostic de la Navigation sécurisée de Google concernant ce site. Pour plus d'informations sur la façon de vous protéger contre les logiciels nuisibles lorsque vous surfez, consultez le site StopBadware.org." Est-ce du à un virus?
  6. pldta
    Bonjour, Antivir vient de me détecter sur un fichier RAR qui trainait depuis au moins deux ans dans un coin de mes disques durs [DETECTION] Contains a recognition pattern of the (harmful) BDS/Pcclient.586 back-door program [WARNING] The file could not be copied to the quarantine directory. [WARNING] Failed! [NOTE] Attempting to perform action using the ARK lib. [NOTE] A backup was created as '4badb096.qua' ( QUARANTINE ) Antivir n'avait rien détecté avant. Est-ce qu'il y a un risque d'infection si ce fichier a été exécuté(je ne suis pas le seul utilisateur de ce micro) Autre question : en regardant les programmes ayant accès à internet dans Kerio je suis tombé sur : c.\windows\microsoft.net\framework\v2.0.50727\dfsvc.exe Vous savez ce que c'est ce processus? A tout hasard, un log Hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:21:04, on 31/01/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\PixVue\bin\Daemon.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\Explorer.EXE C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Mozilla Firefox\firefox.exe c:\program files\avira\antivir personaledition classic\avcenter.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Hijackthis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &PixVue - {B28B4479-D9C2-41D1-B74D-74A1827037CD} - C:\Program Files\PixVue\bin\PixVue.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\SlySoft\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: &Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://global.ahnlab.com O15 - Trusted Zone: http://www.cltnet.de O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab O16 - DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} (Corporate Language Training Interface) - http://www.cltnet.de/login/dplaunch.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155398021206 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9548D205-C2A3-4969-BEF2-92CBB72FF227}: NameServer = 192.168.0.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: PixVue - PixVue.Com - C:\Program Files\PixVue\bin\Daemon.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe -- End of file - 10591 bytes Merci pour votre aide. Cordialement.
  7. pldta
    Bonjour, On trouve sur internet un petit programme appelé RunAsAdmin que l'on peut trouver sur http://babin.nelly.free.fr/ras.htm qui permet de se connecter au choix en administrateur (sous XP) ou en utilisateur normal. Connaissez-vous ce programme et est-il efficace? Car c'est pratique de surfer en mode normal et d'être en mode administrateur uniquement quand on en a besoin.S ZHP (ZebHelpProcess) sur un log Hijackthis ne l'aime pas trop et le détecte comme un malware mais il s'enlève et se remet très facilement et ZHP ne trouve plus rien quand il est enlevé
  8. pldta
    merci pour ton aide. Cordialement.
  9. pldta
    Il n'y a rien d'anormal? Cordialement.
  10. pldta
    voici le résultat de RSIT: Logfile of random's system information tool 1.04 (written by random/random) Run by Pascal Admin at 2008-11-09 16:12:51 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 18 GB (45%) free of 40 GB Total RAM: 511 MB (17% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:12:57, on 09/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\PixVue\bin\Daemon.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\Documents de Pascal\Provi\RSIT.exe C:\Program Files\Hijackthis\Pascal Admin.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: &PixVue - {B28B4479-D9C2-41D1-B74D-74A1827037CD} - C:\Program Files\PixVue\bin\PixVue.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\SlySoft\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: &Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://global.ahnlab.com O15 - Trusted Zone: http://www.cltnet.de O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab O16 - DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} (Corporate Language Training Interface) - http://www.cltnet.de/login/dplaunch.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155398021206 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9548D205-C2A3-4969-BEF2-92CBB72FF227}: NameServer = 192.168.0.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: PixVue - PixVue.Com - C:\Program Files\PixVue\bin\Daemon.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe -- End of file - 10122 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\MP Scheduled Scan.job C:\WINDOWS\tasks\XoftSpy.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-07-07 324416] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {B28B4479-D9C2-41D1-B74D-74A1827037CD} - &PixVue - C:\Program Files\PixVue\bin\PixVue.dll [2005-10-02 2420736] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784] "PSDrvCheck"=C:\WINDOWS\system32\PSDrvCheck.exe [2003-08-28 396800] "!AVG Anti-Spyware"=C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe [2007-06-30 6731312] "CloneCDElbyCDFL"=C:\Program Files\SlySoft\CloneCD\ElbyCheck.exe [2002-11-02 45056] "CloneCDTray"=C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2002-12-02 73728] "LogitechCommunicationsManager"=C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe [2007-02-08 488984] "LogitechQuickCamRibbon"=C:\Program Files\Logitech\QuickCam10\QuickCam10.exe [2007-02-08 774168] "LVCOMSX"=C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe [2007-02-06 252704] "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-08-10 266497] "ATIPtool"= [] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe [2006-10-05 866584] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE C:\Documents and Settings\Pascal Admin\Menu Démarrer\Programmes\Démarrage Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2005-11-23 47104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PixVue] C:\Program Files\PixVue\bin\WinLogon.DLL [2005-09-22 45056] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 200064] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier] WRLogonNTF.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"=C:\Program Files\AVG Anti-Spyware 7.5\shellexecutehook.dll [2007-06-30 79408] "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-10-05 83224] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 77824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=5F000000 ""= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Disabled:eMule" "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Enabled:Sunbelt Kerio Firewall GUI" "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent" "C:\Program Files\Piolet\Piolet.exe"="C:\Program Files\Piolet\Piolet.exe:*:Enabled:Piolet" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\N] shell\AutoRun\command - N:\wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f249260-bde1-11db-8b9d-0004e21f0f63}] shell\AutoRun\command - K:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a3ae3301-abc0-11dc-8c75-0004e21f0f63}] shell\AutoRun\command - K:\LaunchU3.exe ======List of files/folders created in the last 1 months====== 2008-11-09 16:12:51 ----D---- C:\rsit 2008-11-09 14:02:49 ----D---- C:\WINDOWS\AU_Temp 2008-11-09 12:49:02 ----A---- C:\RootkitReveal.txt 2008-11-09 11:54:22 ----D---- C:\WINDOWS\AU_Temp(2) 2008-11-09 11:54:07 ----A---- C:\xscan.txt 2008-11-09 10:03:20 ----N---- C:\WINDOWS\SchedLgU.Txt 2008-11-03 14:47:39 ----D---- C:\Program Files\EarMaster Pro 5 2008-11-03 14:47:39 ----D---- C:\Documents and Settings\Pascal Admin\Application Data\EarMaster 2008-11-03 14:47:39 ----D---- C:\Documents and Settings\All Users\Application Data\EarMaster 2008-11-01 17:34:49 ----D---- C:\Program Files\ConvertHelper 2008-10-26 17:27:50 ----D---- C:\Program Files\LizardTech 2008-10-25 15:49:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2008-10-16 18:53:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2008-10-16 18:53:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$ 2008-10-16 18:52:53 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2008-10-16 18:51:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2008-10-16 18:51:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2008-10-11 15:27:52 ----A---- C:\WINDOWS\IfoEdit.INI 2008-10-11 15:26:35 ----D---- C:\Program Files\IfoEdit 2008-10-11 08:52:05 ----D---- C:\Documents and Settings\Pascal Admin\Application Data\Sibelius Software 2008-10-11 08:42:46 ----D---- C:\Program Files\Sibelius Software 2008-10-10 07:29:06 ----A---- C:\WINDOWS\system32\xactengine2_3.dll 2008-10-10 07:29:05 ----A---- C:\WINDOWS\system32\xinput1_2.dll 2008-10-10 07:26:55 ----D---- C:\Program Files\Synaesthete ======List of files/folders modified in the last 1 months====== 2008-11-09 16:12:55 ----D---- C:\WINDOWS\Prefetch 2008-11-09 16:12:55 ----D---- C:\Program Files\Hijackthis 2008-11-09 15:59:16 ----D---- C:\WINDOWS\system32\CatRoot2 2008-11-09 15:26:50 ----D---- C:\WINDOWS\Temp 2008-11-09 14:46:24 ----D---- C:\Program Files\Mozilla Firefox 2008-11-09 14:24:16 ----D---- C:\WINDOWS\system32\drivers 2008-11-09 14:16:37 ----SHD---- C:\System Volume Information 2008-11-09 14:16:37 ----D---- C:\WINDOWS\system32\Restore 2008-11-09 14:10:53 ----D---- C:\WINDOWS 2008-11-09 14:08:59 ----SD---- C:\WINDOWS\Tasks 2008-11-09 14:05:20 ----D---- C:\Program Files\AVG Anti-Spyware 7.5 2008-11-09 14:03:46 ----D---- C:\WINDOWS\system32\config 2008-11-09 14:03:23 ----D---- C:\WINDOWS\system32\wbem 2008-11-09 14:03:22 ----D---- C:\WINDOWS\Registration 2008-11-09 14:03:01 ----D---- C:\Documents and Settings\Pascal Admin\Application Data\uTorrent 2008-11-09 14:02:47 ----D---- C:\Sandbox 2008-11-09 13:49:05 ----D---- C:\WINDOWS\Debug 2008-11-09 12:29:15 ----D---- C:\WINDOWS\system32 2008-11-09 11:55:36 ----D---- C:\WINDOWS\report 2008-11-09 11:55:07 ----D---- C:\WINDOWS\AU_Backup 2008-11-09 10:59:16 ----D---- C:\Program Files\ZebHelpProcess 2 2008-11-09 10:34:33 ----D---- C:\Program Files\PeerGuardian2 2008-11-09 09:58:19 ----D---- C:\WINDOWS\pss 2008-11-08 22:43:40 ----D---- C:\quarantine 2008-11-08 15:31:26 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-11-08 15:31:23 ----HD---- C:\WINDOWS\inf 2008-11-04 07:46:22 ----A---- C:\WINDOWS\NeroDigital.ini 2008-11-03 14:47:39 ----RD---- C:\Program Files 2008-11-03 14:46:59 ----SHD---- C:\WINDOWS\Installer 2008-11-03 14:46:59 ----SHD---- C:\Config.Msi 2008-11-01 14:31:26 ----A---- C:\WINDOWS\win.ini 2008-10-31 12:03:09 ----D---- C:\Program Files\eMule 2008-10-29 14:49:53 ----D---- C:\WINDOWS\A5W_DATA 2008-10-29 14:49:53 ----A---- C:\WINDOWS\A5W.INI 2008-10-27 16:26:23 ----A---- C:\WINDOWS\WININIT.INI 2008-10-27 11:26:24 ----D---- C:\Downloads 2008-10-27 08:48:19 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2008-10-27 08:47:40 ----D---- C:\Program Files\Fichiers communs\Adobe 2008-10-27 08:46:43 ----D---- C:\Program Files\Adobe 2008-10-27 08:06:14 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-10-26 18:21:00 ----D---- C:\Documents and Settings\Pascal Admin\Application Data\Skype 2008-10-26 17:27:50 ----HD---- C:\Program Files\InstallShield Installation Information 2008-10-25 15:49:52 ----RSHDC---- C:\WINDOWS\system32\dllcache 2008-10-25 15:48:07 ----HD---- C:\WINDOWS\$hf_mig$ 2008-10-18 10:54:29 ----A---- C:\WINDOWS\Radio_Fr.ini 2008-10-18 10:54:20 ----D---- C:\Program Files\Radio Fr Solo 2008-10-16 18:52:23 ----D---- C:\Program Files\Internet Explorer 2008-10-16 18:52:09 ----D---- C:\WINDOWS\ie7updates 2008-10-15 17:35:43 ----A---- C:\WINDOWS\system32\netapi32.dll 2008-10-11 09:00:41 ----D---- C:\Documents and Settings\Pascal Admin\Application Data\AdobeUM 2008-10-11 08:42:48 ----RSD---- C:\WINDOWS\Fonts 2008-10-10 20:24:13 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-10-10 07:29:07 ----D---- C:\WINDOWS\system32\DirectX ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856] R1 AVG Anti-Spyware Driver;AVG Anti-Spyware Driver; \??\C:\Program Files\AVG Anti-Spyware 7.5\guard.sys [] R1 AvgArCln;Avg Anti-Rootkit Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgArCln.sys [2007-01-18 3968] R1 AvgAsCln;AVG Anti-Spyware Clean Driver; C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys [2006-09-05 3968] R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-08-10 75072] R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 284184] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 91672] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R1 VIAPFD;VIAPFD; C:\WINDOWS\System32\Drivers\VIAPFD.SYS [2001-05-04 3033] R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2002-11-29 16320] R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys [] R3 AN983;Carte Fast Ethernet 10/100 Mbps ADMtek AN983/AN985/ADM951X; C:\WINDOWS\System32\DRIVERS\AN983.sys [2002-08-28 36224] R3 AsapiW2K;ASAPIW2K; C:\WINDOWS\system32\drivers\Asapiw2k.sys [2002-04-17 11264] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-11-23 1410560] R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 chdrvr01;CH Control Manager Driver 1; C:\WINDOWS\system32\DRIVERS\chdrvr01.sys [2006-11-21 215104] R3 chdrvr02;CH Control Manager Driver 2; C:\WINDOWS\system32\DRIVERS\chdrvr02.sys [2005-12-22 3744] R3 chdrvr03;CH Control Manager Driver 3; C:\WINDOWS\system32\DRIVERS\chdrvr03.sys [2005-12-22 9024] R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2002-11-28 15360] R3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM); C:\WINDOWS\system32\drivers\e10kx2k.sys [2001-10-02 1757928] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\drivers\LVPr2Mon.sys [2007-02-06 25632] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2001-09-11 186944] R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\HardwareDetection\driverhardwarev2.sys [] S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [] S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-02-03 22560] S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-06-15 85969] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064] S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-02-03 1507232] S3 lvselsus;Logitech Selective Suspend Filter; C:\WINDOWS\system32\DRIVERS\lvselsus.sys [2006-06-22 55984] S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504] S3 LVUVC;Logitech QuickCam Pro 5000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-02-03 1939360] S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\52.tmp [] S3 mod7700;DiBcom DIB7700 based TV tuner device; C:\WINDOWS\System32\Drivers\mod7700.sys [2007-12-11 554240] S3 MODRC;DiBcom Infrared Receiver; C:\WINDOWS\system32\DRIVERS\modrc.sys [2007-10-19 13824] S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824] S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2001-11-21 12338] S3 PctvVirtualNdis;Pinnacle Virtual Miniport; C:\WINDOWS\system32\DRIVERS\PctvVirtualNdis.sys [2007-02-02 13696] S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AdobeActiveFileMonitor5.0;Adobe Active File Monitor V5; C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [2006-09-14 102400] R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-25 68865] R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-25 151297] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-11-23 393216] R2 AVG Anti-Spyware Guard;AVG Anti-Spyware Guard; C:\Program Files\AVG Anti-Spyware 7.5\guard.exe [2007-06-30 312880] R2 KPF4;Sunbelt Kerio Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2006-07-18 1205784] R2 LVPrcSrv;Logitech Process Monitor; c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344] R2 PixVue;PixVue; C:\Program Files\PixVue\bin\Daemon.exe [2005-10-02 151552] R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2008-04-27 47104] R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-10-05 13592] R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520] S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-11-22 520192] S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-03-11 72704] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-05-10 827392] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [] S4 VSOMRIXF;VSOMRIXF; C:\DOCUME~1\PASCAL~1\LOCALS~1\Temp\VSOMRIXF.exe [] -----------------EOF----------------- et : info.txt logfile of random's system information tool 1.04 2008-11-09 16:13:01 ======Uninstall list====== -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\News\CTNews.isu" -->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\Taskbar\Taskbar.isu" -->MsiExec.exe /I{C4CBAD7E-DF4A-4FEC-AC17-8BC709AFB844} -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27B9131D-CEFA-42C5-8D7D-56EFD80BAA25}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDFC3C8D-823E-4FCF-870B-E756B27CB57E}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3568156-59C3-42DF-A520-2C25B6706C91}\setup.exe" -l0x9 -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x40c -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x40c -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf 4Diskclean Freeware-->"C:\Program Files\4DiskcleanF\unins000.exe" Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101} Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101} Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Help Center 2.1-->MsiExec.exe /I{25569723-DC5A-4467-A639-79535BF01B71} Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-040C-2E257A25E34D} Adobe Photoshop Elements 5.0-->msiexec /I {A7B609FB-83D8-4FC3-8477-1BC65ECFE85B} Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001} Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101} Advanced IRC-->C:\Program Files\Advanced IRC\Uninstall.exe Alcohol 120% (Trial Version)-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe ASAPI Update-->C:\WINDOWS\system32\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Audacity 1.2.4-->"C:\Program Files\Audacity\unins000.exe" AVG Anti-Rootkit Free-->C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe AVG Anti-Spyware 7.5-->C:\Program Files\AVG Anti-Spyware 7.5\Uninstall.exe AVI/MPEG/RM/WMV Joiner 4.81-->"C:\Program Files\AVI MPEG RM WMV Joiner\unins000.exe" Avi2Dvd 0.4.5 beta-->C:\Program Files\Avi2Dvd\uninst.exe Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe" BackupBuddy for Windows-->C:\Palm\BBNG\UNWISE.EXE C:\Palm\BBNG\INSTALL.LOG CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" CDRWIN 5-->MsiExec.exe /I{9B2B0EAD-2CC7-4589-B3AA-D23BAB724065} CH Control Manager-->"C:\Program Files\CH Products\Control Manager\unins000.exe" Clean 5-->C:\PROGRA~1\Pinnacle\CLEAN5~1\UNINST~1.EXE C:\PROGRA~1\Pinnacle\CLEAN5~1\INSTALL.LOG CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD" Cobian Backup 8-->C:\Program Files\Cobian Backup 8\cbUninstall.exe Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE} ConvertHelper 2.1-->"C:\Program Files\ConvertHelper\unins000.exe" Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" dBpoweramp FLAC Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat dBpoweramp Monkeys Audio Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat dBpoweramp Musepack Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Musepack Codec.dat dBpoweramp Ogg Vorbis Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat dBpowerAMP Wavpack Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Wavpack Codec.dat dBpoweramp Windows Media Audio 10 Codec-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat dMC Power Pack-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dMC Power Pack.dat DoublePics v2.3.2(.4)-->C:\WINDOWS\iun506.exe C:\Program Files\DoublePics\irunin.ini DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe" EarMaster Pro 5-->"C:\Program Files\EarMaster Pro 5\unins000.exe" eMule-->"C:\Program Files\eMule\Uninstall.exe" EPSON Copy Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x40c ADDREMOVEDLG EPSON Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C51957C2-F025-4FB3-B181-09131504A29D}\setup.exe" -l0x40c MyUninstall EPSON Scan-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\SETUP.EXE" -l0x40c UNINSTALL EPSON Smart Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\SETUP.EXE" -l0x40c Uninstall EW : Cossacks-->C:\WINDOWS\uncsetup.exe Exifer-->"C:\Program Files\Exifer\unins000.exe" Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe GedCom-Vision version 2.0e-->"C:\Program Files\GedCom-Vision\unins000.exe" GHCS Software GedStar for PalmOS-->C:\WINDOWS\ctpu.exe -uC:\Program Files\GedStar\install.log -lC:\WINDOWS\ResENU.dll GNU Solfege 3.10.4-->"C:\Program Files\GNU Solfege\unins000.exe" Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72} GrabIt 1.7.1 Beta (build 960)-->"C:\Program Files\GrabIt\unins000.exe" Greeting Card Creator-->C:\PROGRA~1\GREETI~1\UNWISE.EXE C:\PROGRA~1\GREETI~1\INSTALL.LOG Guitar Pro 4.0-->C:\PROGRA~1\GUITAR~1\UNWISE.EXE C:\PROGRA~1\GUITAR~1\INSTALL.LOG Harmony Assistant-->C:\Program Files\Harmony Assistant\Uninstal\Uninstal.exe Helicon Filter 2.02-->"C:\Program Files\Helicon Software\Helicon Filter\unins000.exe" Heredis 9-->C:\WINDOWS\unvise32.exe C:\Program Files\BSD Concept\Heredis 9\uninstal.log HijackThis 2.0.2-->"C:\Program Files\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" IFOEdit 0.971 Fr-->C:\Program Files\IfoEdit\UnInstall_IfoEdit.exe IsoBuster 1.9.1-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe" J2SE Runtime Environment 5.0 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010} J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} jv16 PowerTools 1.3-->"C:\Program Files\jv16 PowerTools\unins000.exe" Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe K-Lite Mega Codec Pack 3.5.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Kommute-->"C:\Program Files\Kommute\uninstall.exe" La France à la loupe-->MsiExec.exe /I{E3F2269F-EC1F-494D-B700-E543EB509EFC} Label Editor-->"C:\Program Files\Steinberg\Label Editor\Uninstall.exe" "C:\Program Files\Steinberg\Label Editor\install.log" Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Lizardtech DjVu Control-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{105CFC7C-6992-11D5-BD9D-000102C10FD8}\Setup.exe" -l0x40c Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870} Logitech QuickCam-->MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C} Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2} Macromedia Flash Player-->MsiExec.exe /X{27579b3c-5470-4496-be6c-0c872674f19f} Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log MaxSplitter v1.53 Free Edition-->C:\Program Files\MaxSplitter\Uninstall.exe "C:\Program Files\MaxSplitter\install.log" Media Player Classic fr-->"C:\Program Files\Media Player Classic\uninstall.exe" Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft Baseline Security Analyzer 2.1-->MsiExec.exe /I{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5} Microsoft Flight Simulator 2004 Un siècle d'aviation-->"C:\Program Files\Microsoft Games\Flight Simulator 9\UNINSTAL.EXE" /runtemp /addremove Microsoft Money-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120 Microsoft Office 2000 Professional-->MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7} Microsoft Office Word Viewer 2003-->MsiExec.exe /I{9085040C-6000-11D3-8CFE-0150048383C9} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mise à jour de sécurité pour Lecteur Windows Media 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Morefunc-->"C:\WINDOWS\lsb_un20.exe" /C=UC /N=Morefunc MP Manager-->MsiExec.exe /X{5C997FDD-D970-4133-8298-AD113800673C} Mp3DirectCut-->C:\Program Files\Mp3DirectCut\uninstall.exe MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93} Neat Image v5 Demo (with plug-in)-->"C:\Program Files\Neat Image\unins000.exe" Nero 6 Enterprise Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL Nero BurnRights (Ahead Software)-->C:\WINDOWS\UNNeroBurnRights.exe /UNINSTALL Nikon Message Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x40c UNINSTALL Nikon RAW Codec-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C8616041-2802-4DE2-B3BD-6285AAD65C2A}\Setup.exe" -l0x40c -removeonly NikonCapture-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{21DDC579-834B-4C14-8122-853994FA2214}\Setup.exe" -l0x9 UNINSTALL OMeR-->C:\Program Files\Omer\Uninstal\Uninstal.exe P2400P Guide de référence-->C:\Program Files\EPSON\P2400P\REF_G\DOCUNINS.EXE Palm Desktop-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BA0F44C2-A883-11D1-AD0A-006097D15E2C}\Setup.exe" Uninstall Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan Paradise Update 1.1-->"D:\jeux\Paradise\Paradise\unins000.exe" Paradise-->"D:\jeux\Paradise\unins000.exe" PDFtoMusic-->C:\Program Files\PDFtoMusic\Uninstal\Uninstal.exe PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe" Personal Ancestral File 5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D94A8E22-DF2B-4107-9E51-608A60A7671D}\Setup.exe" PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe" PictureProject-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x40c UNINSTALL PixVue-->MsiExec.exe /I{CC9F419B-1E64-49BB-8A13-9608EBF985D7} Planète Généalogie-->"C:\Program Files\BSD Concept\Planète Généalogie\unins000.exe" Privacy Eraser Pro 4.20-->"C:\Program Files\PrivacyEraser Computing\Privacy Eraser Pro\unins000.exe" Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT PTLens-->MsiExec.exe /I{77DF2AB8-FE4F-40D3-92B2-3D8EDFF8DC43} QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe RadCor 2.04-->"C:\Program Files\RadCor\SETUP\setup.exe" /u Radio Fr Solo 2.1-->C:\Program Files\Radio Fr Solo\Uninstall.exe Sandboxie 3.26-->"C:\WINDOWS\Installer\SandboxieInstall.exe" /remove SanDisk SD Wi-Fi Card-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6B73F555-C1A7-4EEC-B481-889637C5C728}\setup.exe" -l0x9 SaverWiz-->C:\PROGRA~1\SaverWiz\UNWISE.EXE C:\PROGRA~1\SaverWiz\INSTALL.LOG ScanToWeb-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Sibelius 5 Demo-->MsiExec.exe /X{24EDCB2B-A50E-43AB-8340-74BB46B1E9FE} Sibelius Scorch (Firefox, Opera, Netscape only)-->MsiExec.exe /I{5F4B558D-8AEB-4DEE-AAB3-C00D1D9A86BA} Simple Sudoku 4.2-->"C:\Program Files\Simple Sudoku\unins000.exe" Skype 3.0-->"C:\Program Files\Skype\Phone\unins000.exe" Skype Plugin Manager-->MsiExec.exe /I{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03} SmartList To Go-->MsiExec.exe /X{36FBFDA5-E422-4C01-BA7C-C067E8ACFD90} Sophos Anti-Rootkit 1.3-->C:\Program Files\Sophos\Sophos Anti-Rootkit\helper.exe remove SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe" Speeditup Free 4.01-->C:\WINDOWS\iun6002.exe "C:\Program Files\SpeedItUpFree\irunin.ini" SplashID-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9DBBC53C-AD7B-44ED-91A7-7568B51182F8}\Setup.exe" -l0x9 Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" StationRipper 2.71-->C:\Program Files\StationRipper\uninstall-StationRipper.exe StealthNet 0.8.2.1-->"C:\Program Files\StealthNet\unins000.exe" Sudoku 3D Pro-->C:\Program Files\Sudoku 3D Pro\Uninstall.exe Sudoku V 3.0-->"C:\Program Files\Sudoku\unins000.exe" Sunbelt Kerio Personal Firewall-->MsiExec.exe /X{E659E0EE-10E6-49B7-8696-60F38D0EB174} SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} TablePCRT-->MsiExec.exe /X{C46A5F24-B91F-477C-B634-DB99A7D7792A} Tous les Noms de Famille de France V.6.5.1-->C:\WINDOWS\st6unst.exe -n "C:\Tous les Noms de Famille de France\ST6UNST.LOG" Tweak-XP Pro 4-->C:\WINDOWS\iun6002.exe "C:\Program Files\Tweak-XP Pro 4\irunin.ini" Ulead DVD PictureShow 2 Trial-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9212616-FCA2-4173-BD99-5C741EB3A068}\setup.exe" -l0x40c UMVPLStandalone-->MsiExec.exe /X{8AC049F7-1383-45C3-9E7D-F93CA667F9E1} Unlocker 1.8.6-->C:\Program Files\Unlocker\uninst.exe VDMSound-->C:\Program Files\VDMSound\uninst.exe VirtualDubMOD 1.5.10.3 Fr-->"C:\Program Files\VirtualDubMOD\unins000.exe" VobEdit 0.6 Fr-->C:\Program Files\IfoEdit\UnInstall_VobEdit.exe WaveLab Lite-->"C:\Program Files\Steinberg\WaveLab Lite\Uninstall.exe" "C:\Program Files\Steinberg\WaveLab Lite\install.log" Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C} Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401} Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411} Windows Live Sign-in Assistant-->MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinHTTrack Website Copier 3.30-->"C:\Program Files\WinHTTrack\unins000.exe" Wintree Version 3.0 d-->"C:\Program Files\WINTREE\unins000.exe" WinWAP for Windows 3.2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EFC6F99-16F9-49B1-8DC4-233144B1347D}\Setup.exe" WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall ZebHelpProcess 2.31-->"C:\Program Files\ZebHelpProcess 2\unins000.exe" =====HijackThis Backups===== O23 - Service: VSOMRIXF - Unknown owner - C:\DOCUME~1\PASCAL~1\LOCALS~1\Temp\VSOMRIXF.exe (file missing) ======Security center information====== AV: Avira AntiVir PersonalEdition FW: Sunbelt Kerio Personal Firewall ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\VDMSound;C:\Program Files\Fichiers communs\Ulead Systems\MPEG;C:\Program Files\PixVue\bin;C:\PROGRA~1\Thri\3D SexVilla;C:\PROGRA~1\thri2\3D SexVilla;C:\Program Files\Fichiers communs\Adobe\AGL "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 6 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=0602 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO "VDMSPath"=C:\Program Files\VDMSound -----------------EOF-----------------
  11. pldta
    Bonjour, mon pc étant libre service à la maison je me suis aperçu après avoir constaté des lenteurs qu'on avait lancé un fichier qui après analyse par virus Total donne ceci : AhnLab-V3 2008.11.7.1 2008.11.09 - AntiVir 7.9.0.26 2008.11.07 - Authentium 5.1.0.4 2008.11.08 - Avast 4.8.1248.0 2008.11.08 Win32:Trojan-gen {Other} AVG 8.0.0.161 2008.11.09 Generic10.AFQJ BitDefender 7.2 2008.11.09 - CAT-QuickHeal 9.50 2008.11.08 - ClamAV 0.94.1 2008.11.09 Worm.Autoit-32 DrWeb 4.44.0.09170 2008.11.09 - eSafe 7.0.17.0 2008.11.06 Suspicious File eTrust-Vet 31.6.6198 2008.11.07 - Ewido 4.0 2008.11.09 - F-Prot 4.4.4.56 2008.11.08 - F-Secure 8.0.14332.0 2008.11.09 W32/Packed_FSG.D Fortinet 3.117.0.0 2008.11.09 - GData 19 2008.11.09 Win32:Trojan-gen {Other} Ikarus T3.1.1.45.0 2008.11.09 Virus.Win32.Flooder.DA K7AntiVirus 7.10.520 2008.11.08 - Kaspersky 7.0.0.125 2008.11.09 - McAfee 5428 2008.11.08 - Microsoft 1.4104 2008.11.09 - NOD32 3597 2008.11.08 - Norman 5.80.02 2008.11.07 - Panda 9.0.0.4 2008.11.09 - PCTools 4.4.2.0 2008.11.09 Packed/FSG Prevx1 V2 2008.11.09 Worm Rising 21.02.62.00 2008.11.09 - SecureWeb-Gateway 6.7.6 2008.11.09 Win32.Malware.gen#FSG (suspicious) Sophos 4.35.0 2008.11.08 Mal/Packer Je me suis aperçu que mon site de démarrage sous Explorer avait changé. Je me suis également aperçu grâce à ccleaner que j'avais dans mes fichier de démarrage un truc bizarre Winsched.exe qui se lançait dans le répertoire C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage. Je l'ai bloqué. Il a disparu du répertoire. J'ai passé Antivir et AVG antispyware en mode sans échec qui n'ont rien détecté. j'ai nettoyé . C'était toujours long et j'avais toujours ce winsched bloqué par ccleaner. J'ai fini par restaurer le système à une date antérieure, je ne vois plus ce fichier Winsched mais je me demande si mon système est toujours infecté; Voicu le rapport HijackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:45:58, on 09/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\PixVue\bin\Daemon.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Sandboxie\SbieSvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Nikon\PictureProject\NkbMonitor.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: &PixVue - {B28B4479-D9C2-41D1-B74D-74A1827037CD} - C:\Program Files\PixVue\bin\PixVue.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\SlySoft\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: &Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://global.ahnlab.com O15 - Trusted Zone: http://www.cltnet.de O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab O16 - DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} (Corporate Language Training Interface) - http://www.cltnet.de/login/dplaunch.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155398021206 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/a...gnerADP-1.1.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{9548D205-C2A3-4969-BEF2-92CBB72FF227}: NameServer = 192.168.0.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: PixVue - PixVue.Com - C:\Program Files\PixVue\bin\Daemon.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe -- End of file - 10091 bytes merci pour votre aide.
  12. pldta
    Je reçois depuis une semaine des mails deux fois par jour de titre "Mail delivery Subsystem" avec le contenu suivant (sur une adresse mail Web de nom XXXXX@toto.fr ): This is an automatically generated Delivery Status Notification THIS IS A WARNING MESSAGE ONLY. YOU DO NOT NEED TO RESEND YOUR MESSAGE. Delivery to the following recipient has been delayed: XXXXX@paycounter.com Message will be retried for 1 more day(s) Technical details of temporary failure: DISABLED_USER: Account temporarily disabled ----- Message header follows ----- Received: by 10.35.47.10 with SMTP id z10mr3325939pyj.15.1203934007723; Mon, 25 Feb 2008 02:06:47 -0800 (PST) Return-Path: <XXXXX@toto.fr> Received: from dsl.static8510563115.ttnet.net.tr ([85.105.63.115]) by mx.google.com with SMTP id p57si5674268pyb.15.2008.02.25.02.06.43; Mon, 25 Feb 2008 02:06:47 -0800 (PST) Received-SPF: neutral (google.com: 85.105.63.115 is neither permitted nor denied by best guess record for domain of XXXXX@toto.fr) client-ip=85.105.63.115; Authentication-Results: mx.google.com; spf=neutral (google.com: 85.105.63.115 is neither permitted nor denied by best guess record for domain of XXXXX@toto.fr) smtp.mail=XXXXX@toto.fr Date: Mon, 25 Feb 2008 02:06:47 -0800 (PST) X-Mailer: CME-V6.5.4.3; MSN Return-Path: communications_msn_cs_enus@cimail15.msn.com Received: (qmail 4565 by uid 632); Mon, 25 Feb 2008 12:06:46 +0200 Message-Id: <20080225140646.4567.qmail@dsl.static8510563115.ttnet.net.tr> To: <XXXXX@paycounter.com> Subject: February 75% OFF From: <XXXXX@paycounter.com> MIME-Version: 1.0 Content-Type: text/html; charset="ISO-8859-1" Content-Transfer-Encoding: 7bit ----- Message body suppressed ----- est-ce que je n'ai pas un problème de sécurité quelque part? Je ne connais pas cette adresse XXXXX@paycounter.com et n'ai envoyé aucun message dessus Cordialement.
  13. pldta
    Merci pour tout , mon PC est de nouveau en forme.
  14. pldta
    Voici le résultat de la procédure. Je n'ai pas eu de pb avec les différentes étapes, le plus corsé étant de faire tourner ABG AS en VGA, la fenêtre de VGA estr plus grande que l'écran mais bon on y arrive. Le fait de faire tourner AVG AS en mode sans échec visiblement permet de trouver plus de problèmes. Le rapport d'AVG : --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 12:32:54 19/04/2007 + Résultat de l'analyse: D:\Documents de Cécile\Mes fichiers reçus\DAP.rar/DAP\dapie.dll -> Adware.Dap : Nettoyé et sauvegardé (mise en quarantaine). D:\Documents de Cécile\Mes fichiers reçus\DAP.rar/DAP\dapns.dll -> Adware.Dap : Nettoyé et sauvegardé (mise en quarantaine). E:\U_w95-4\XP\internet\telechargement\Aspirateur_webstriper.exe -> Adware.TimeSink : Nettoyé et sauvegardé (mise en quarantaine). D:\Documents de Pascal\Trucs Windows 95 et 98\html\astuces\arreter.html -> Trojan.ExitWindows.b : Nettoyé et sauvegardé (mise en quarantaine). D:\System Volume Information\_restore{DC7E0091-EC97-43EE-B622-CDE3004E48C2}\RP723\A0723217.exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine). D:\System Volume Information\_restore{DC7E0091-EC97-43EE-B622-CDE3004E48C2}\RP723\A0723229.exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine). D:\System Volume Information\_restore{DC7E0091-EC97-43EE-B622-CDE3004E48C2}\RP723\A0723374.exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine). D:\Utiltaires présents\dbc_derivev50.5.exe.zip/dbc_derive.exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine). E:\Utiltaires présents\dbc_derivev50.5.exe.zip/dbc_derive.exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine). F:\Utiltaires présents\dbc_derivev50.5.exe.zip/dbc_derive.exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine). Fin du rapport Quant à Kapersky voici ce qu'il a raconté : *KASPERSKY ON-LINE SCANNER REPORT* Thursday, April 19, 2007 5:43:08 PM Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 19/04/2007 Enregistrements dans la base antivirus Kaspersky : 281835 *Paramètres d'analyse* Analyser avec la base antivirus suivante standard Analyser les archives vrai Analyser les bases de messagerie vrai *Cible de l'analyse* Poste de travail A:\ C:\ D:\ E:\ F:\ G:\ H:\ J:\ L:\ M:\ N:\ O:\ P:\ Q:\ *Statistiques de l'analyse* Total d'objets analysés 146284 Nombre de virus trouvés 0 Nombre d'objets infectés 0 / 0 Nombre d'objets suspects 0 Durée de l'analyse 04:50:37 *Nom de l'objet infecté* *Nom du virus* *Dernière action* C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12102006-120824.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20070419_Time-123726455_EnterceptExceptions.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20070419_Time-123726455_EnterceptRules.dat L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_PCPASCAL.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_PCPASCAL.log L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt L'objet est verrouillé ignoré C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun.log L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Pascal Admin\Application Data\Mozilla\Firefox\Profiles\ksf78zvj.default\cert8.db L'objet est verrouillé ignoré C:\Documents and Settings\Pascal Admin\Application Data\Mozilla\Firefox\Profiles\ksf78zvj.default\history.dat L'objet est verrouillé ignoré C:\Documents and Settings\Pascal Admin\Application Data\Mozilla\Firefox\Profiles\ksf78zvj.default\key3.db L'objet est verrouillé ignoré C:\Documents and Settings\Pascal Admin\Application Data\Mozilla\Firefox\Profiles\ksf78zvj.default\parent.lock L'objet est verrouillé ignoré C:\Documents and Settings\Pascal Admin\Application Data\Mozilla\Firefox\Profiles\ksf78zvj.default\search.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\Pascal Admin\Application Data\Mozilla\Firefox\Profiles\ksf78zvj.default\urlclassifier2.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\Pascal Admin\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Pascal Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\Pascal Admin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Pascal Admin\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{19B0D424-6582-4B31-98E0-FAD128174187} L'objet est verrouillé ignoré C:\Documents and Settings\Pascal Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ksf78zvj.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré C:\Documents and Settings\Pascal Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ksf78zvj.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré C:\Documents and Settings\Pascal Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ksf78zvj.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré C:\Documents and Settings\Pascal Admin\Local Settings\Application Data\Mozilla\Firefox\Profiles\ksf78zvj.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré C:\Documents and Settings\Pascal Admin\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Pascal Admin\Local Settings\Historique\History.IE5\MSHist012007041920070420\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Pascal Admin\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Pascal Admin\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\Pascal Admin\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx L'objet est verrouillé ignoré C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const L'objet est verrouillé ignoré C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.mst L'objet est verrouillé ignoré C:\Program Files\Webroot\Spy Sweeper\Masters.base L'objet est verrouillé ignoré C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré C:\System Volume Information\_restore{DC7E0091-EC97-43EE-B622-CDE3004E48C2}\RP725\change.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\config\ACEEvent.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\Temp\PixVue\1960\D0000000.FCS L'objet est verrouillé ignoré C:\WINDOWS\Temp\PixVue\1960\I0000002.FCS L'objet est verrouillé ignoré C:\WINDOWS\Temp\PixVue\1960\L0000001.FCS L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré E:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré F:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré *Analyse terminée.* Merci pour l'aide apportée par les experts de ce forum.
  15. pldta
    Voila le résultat des courses : POSSIBLY INFECTED/MALWARE (Note: this file was only classified as malware by scanners known to generate more false positives than the average scanner. Do not consider these results definately accurate. Also, because of this, results of this scan will not be recorded in the database.) MD5 3b4d5a849905c74d141a33b4c3c7fdbf Packers detected: LAYOR Scanner results Scan taken on 18 Apr 2007 17:13:45 (GMT) AntiVir Found TR/Crypt.XPACK.Gen ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Rising Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing
  16. pldta
    Bonjour, AVG vient de me détecter TRojan.small dans un fichier ZIP. Je me suis donc demandé si lors de l'exécution de ce fichier, il y a d'ailleurs longtemps, mon micro n'avait pas attrapé une saleté J'ai suivi la procédure indiquée ci-dessus (installation Antivir , paramétrage, passage , suppression d'antivir tout ça en mode sans échec) puis Hijackthis. Antivir me détecte dans le même fichier d'ailleurs (c'est plutôt rassurant) un truc qui s'appelle TR/Crypt.XPACK.Gen. Ce qui est plus ennuyeux c'est que mon antivirus habituel (Viruscan 8 founi gratuitement par mon entreprise ne trouve rien. Question subsidiaire : antivir me signale un autre fichier comme étant "compressed with an unusual runtime compression tool (PCK/FSG).Please verify the origin of the file" De quoi s'agit-il? Voici la log d'Hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 17:04:53, on 18/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\PixVue\bin\Daemon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\wwSecure.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Nikon\NkView6\NkvMon.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Hijackthis\Scanner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: &PixVue - {B28B4479-D9C2-41D1-B74D-74A1827037CD} - C:\Program Files\PixVue\bin\PixVue.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [PSDrvCheck] C:\WINDOWS\system32\PSDrvCheck.exe O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\SlySoft\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: &Messenger Backup - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure...teleir_cert.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155398021206 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://drivers1.free.fr/hardwaredetection.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmesse...pdownloader.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: PixVue - C:\Program Files\PixVue\bin\WinLogon.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\AVG Anti-Spyware 7.5\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing) O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: PixVue - PixVue.Com - C:\Program Files\PixVue\bin\Daemon.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe O23 - Service: Washer Security Access (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe Merci pour votre réponse
×
×
  • Créer...