TomLuLu

Salut ! C'est bon j'ai Desactiver\reactiver la restauration système. Mon PC marche très bien tu est un très bon helper j'espere qu'un jour je serait au même stade que toi Merci et @+

voila : StartupList report, 26/04/2007, 12:27:39 StartupList version: 1.52.2 Started from : C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\hijackthis\hijackthis.exe.EXE Detected: Windows XP (WinNT 5.01.2600) Detected: Internet Explorer v6.00 (6.00.2600.0000) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\WgaTray.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\hijackthis\hijackthis.exe.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Menu Démarrer\Programmes\Démarrage] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage] hp psc 1000 series.lnk = ? hpoddt01.exe.lnk = ? Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" WinampAgent = C:\Program Files\Winamp\winampa.exe !AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\system32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}] * StubPath = rundll32 iesetup.dll,IEAccessUserInst -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} -------------------------------------------------- Enumerating Task Scheduler jobs: FRU Task #Hewlett-Packard#hp psc 1200 series#1177349180.job -------------------------------------------------- Enumerating Download Program Files: [CKAVWebScan Object] InProcServer32 = C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll CODEBASE = http://webscanner.kaspersky.fr/kavwebscan_unicode.cab [{33564D57-0000-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB [{33564D57-9980-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab [WUWebControl Class] InProcServer32 = C:\WINDOWS\System32\wuweb.dll CODEBASE = http://update.microsoft.com/windowsupdate/...b?1177261547777 [NanoInstaller Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\NanoInst.dll CODEBASE = http://www.nanoscan.com/cabs/nanoinst.cab [Java Plug-in 1.6.0_01] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_01] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_01] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services Pilote ACPI Microsoft: System32\DRIVERS\ACPI.sys (system) Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start) Environnement de prise en charge de réseau AFD: \SystemRoot\System32\drivers\afd.sys (autostart) Avertissement: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start) Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart) Pilote de média asynchrone RAS: System32\DRIVERS\asyncmac.sys (manual start) Contrôleur de disque dur IDE/ESDI standard: System32\DRIVERS\atapi.sys (system) Protocole client ATM ARP: System32\DRIVERS\atmarpc.sys (manual start) Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote audio Stub: System32\DRIVERS\audstub.sys (manual start) avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart) avast! Mail Scanner: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start) avast! Web Scanner: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (manual start) AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system) AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart) AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system) Service de transfert intelligent en arrière-plan: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Explorateur d'ordinateur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote de CD-ROM: System32\DRIVERS\cdrom.sys (system) Service d'indexation: C:\WINDOWS\System32\cisvc.exe (manual start) Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (manual start) Application système COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Client DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote de disque: System32\DRIVERS\disk.sys (system) Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start) Client DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart) Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start) Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Creative AudioPCI (ES1371,ES1373) (WDM): system32\drivers\es1371mp.sys (manual start) Journal des événements: %SystemRoot%\system32\services.exe (autostart) Système d'événements de COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start) Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote de contrôleur de lecteur de disquettes: System32\DRIVERS\fdc.sys (manual start) Pilote de lecteur de disquettes: System32\DRIVERS\flpydisk.sys (manual start) Pilote du Gestionnaire de volume: System32\DRIVERS\ftdisk.sys (system) Firewall Driver: \SystemRoot\system32\drivers\fwdrv.sys (system) Énumérateur de port jeu: System32\DRIVERS\gameenum.sys (manual start) Classificateur de paquets générique: System32\DRIVERS\msgpc.sys (manual start) Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Accès du périphérique d'interface utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Pilote de classe HID Microsoft: System32\DRIVERS\hidusb.sys (manual start) IEEE-1284.4 Driver HPZid412: System32\DRIVERS\HPZid412.sys (manual start) Print Class Driver for IEEE-1284.4 HPZipr12: System32\DRIVERS\HPZipr12.sys (manual start) USB to IEEE-1284.4 Translation Driver HPZius12: System32\DRIVERS\HPZius12.sys (manual start) Pilote pour clavier i8042 et souris sur port PS/2: System32\DRIVERS\i8042prt.sys (system) Service COM de gravage de CD IMAPI: C:\WINDOWS\System32\imapi.exe (manual start) Pilote de filtre de trafic IP: System32\DRIVERS\ipfltdrv.sys (manual start) Pilote de tunnelage IP dans IP: System32\DRIVERS\ipinip.sys (manual start) Traducteur d'adresses réseau IP: System32\DRIVERS\ipnat.sys (manual start) Pilote IPSEC: System32\DRIVERS\ipsec.sys (system) Service énumérateur IR: System32\DRIVERS\irenum.sys (manual start) Pilote de bus Plug-and-Play ISA/EISA: System32\DRIVERS\isapnp.sys (system) Pilote de la classe Clavier: System32\DRIVERS\kbdclass.sys (system) Kerio HIPS Driver: \SystemRoot\system32\drivers\khips.sys (system) Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start) Sunbelt Kerio Personal Firewall 4: C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe (autostart) Serveur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Station de travail: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Assistance TCP/IP NetBIOS: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Affichage des messages: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Partage de Bureau à distance NetMeeting: C:\WINDOWS\System32\mnmsrvc.exe (manual start) Pilote de la classe Souris: System32\DRIVERS\mouclass.sys (system) Pilote HID de souris: System32\DRIVERS\mouhid.sys (manual start) Redirecteur client WebDav: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start) Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start) Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start) Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start) Pilote TAPI NDIS d'accès distant: System32\DRIVERS\ndistapi.sys (manual start) NDIS mode utilisateur E/S Protocole: System32\DRIVERS\ndisuio.sys (manual start) Pilote réseau étendu NDIS d'accès distant: System32\DRIVERS\ndiswan.sys (manual start) Interface NetBIOS: System32\DRIVERS\netbios.sys (system) NetBIOS sur TCP/IP: System32\DRIVERS\netbt.sys (system) DDE réseau: %SystemRoot%\system32\netdde.exe (manual start) DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (manual start) Ouverture de session réseau: %SystemRoot%\System32\lsass.exe (manual start) Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\System32\lsass.exe (manual start) Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) nv4: System32\DRIVERS\nv4.sys (manual start) Pilote de filtre de trafic IPX: System32\DRIVERS\nwlnkflt.sys (manual start) Pilote de transfert de trafic IPX: System32\DRIVERS\nwlnkfwd.sys (manual start) Pilote de port parallèle: System32\DRIVERS\parport.sys (manual start) Pilote de bus PCI: System32\DRIVERS\pci.sys (system) Plug-and-Play: %SystemRoot%\system32\services.exe (autostart) Pml Driver HPZ12: C:\WINDOWS\System32\HPZipm12.exe (manual start) Services IPSEC: %SystemRoot%\System32\lsass.exe (autostart) Miniport réseau étendu (PPTP): System32\DRIVERS\raspptp.sys (manual start) Pilote processeur: System32\DRIVERS\processr.sys (system) Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart) Planificateur de paquets QoS: System32\DRIVERS\psched.sys (manual start) Pilote de liaison parallèle directe: System32\DRIVERS\ptilink.sys (manual start) Pilote de connexion automatique d'accès distant: System32\DRIVERS\rasacd.sys (system) Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Miniport réseau étendu (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) Gestionnaire de connexions d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote PPPOE d'accès à distance: System32\DRIVERS\raspppoe.sys (manual start) Parallèle direct: System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start) Pilote de filtre de lecture digitale de CD audio: System32\DRIVERS\redbook.sys (system) Routage et accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Localisateur d'appels de procédure distante (RPC): %SystemRoot%\System32\locator.exe (manual start) Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C): System32\DRIVERS\RTL8139.SYS (manual start) Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart) Prise en charge des cartes à puces: %SystemRoot%\System32\SCardSvr.exe (manual start) Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start) Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: System32\DRIVERS\secdrv.sys (manual start) Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de filtre Serenum: System32\DRIVERS\serenum.sys (manual start) Pilote de port série: System32\DRIVERS\serial.sys (system) Pare-feu de connexion Internet (ICF) / Partage de connexion Internet (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start) Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart) Pilote de filtre de restauration système: System32\DRIVERS\sr.sys (system) Service de restauration système: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Srv: System32\DRIVERS\srv.sys (manual start) Service de découvertes SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Acquisition d'image Windows (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart) Pilote de bus logiciel: System32\DRIVERS\swenum.sys (manual start) Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{2914D0C2-8320-410D-A8A7-62D69539AA88} (manual start) Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start) Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start) Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote du protocole TCP/IP: System32\DRIVERS\tcpip.sys (system) Pilote de périphérique terminal: System32\DRIVERS\termdd.sys (system) Services Terminal Server: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de mise à jour microcode: System32\DRIVERS\update.sys (manual start) Gestionnaire de téléchargement: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Hôte de périphérique universel Plug-and-Play: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Onduleur: %SystemRoot%\System32\ups.exe (manual start) Pilote parent générique USB Microsoft: System32\DRIVERS\usbccgp.sys (manual start) Concentrateur USB2: System32\DRIVERS\usbhub.sys (manual start) Classe d'imprimantes USB Microsoft: System32\DRIVERS\usbprint.sys (manual start) Pilote de scanneur USB: System32\DRIVERS\usbscan.sys (manual start) Pilote de stockage de masse USB: System32\DRIVERS\USBSTOR.SYS (manual start) Pilote miniport de contrôleur hôte universel USB Microsoft: System32\DRIVERS\usbuhci.sys (manual start) Service Messenger Sharing Folders USN Journal Reader: C:\Program Files\MSN Messenger\usnsvc.exe (manual start) VgaSave: \SystemRoot\System32\drivers\vga.sys (system) Filtre de bus AGP VIA: System32\DRIVERS\viaagp.sys (system) ViaIde: System32\DRIVERS\viaide.sys (system) Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start) Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote ARP IP d'accès distant: System32\DRIVERS\wanarp.sys (manual start) Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Numéro de série du média portable: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Carte de performance WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start) Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 32 225 bytes Report generated in 0,187 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only pour le fichier oui c'est bon je l'ai envoyé . @+

Salut ! Valoi le log : Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\onjvoywm ******************* Script file located at: \??\C:\WINDOWS\System32\wcsyyofc.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Registry key HKLM\SYSTEM\CurrentControlSet\Services\Universal Printer NT Service deleted successfully. Registry key HKLM\SYSTEM\CurrentControlSet\Services\Seagate Communication deleted successfully. Completed script processing. ******************* Finished! Terminate. merci et @+

Re, C:\WINDOWS\System32/drivers\fwdrv.err -->23/04/2007 20:24:08 C:\WINDOWS\System32/drivers\AFS2K.SYS -->23/04/2007 19:24:13 C:\WINDOWS\System32/drivers\aswmon.sys -->18/04/2007 18:12:31 C:\WINDOWS\System32/drivers\aswmon2.sys -->18/04/2007 18:12:12 C:\WINDOWS\System32/drivers\aswRdr.sys -->18/04/2007 18:10:01 C:\WINDOWS\System32/drivers\aswTdi.sys -->18/04/2007 18:09:10 C:\WINDOWS\System32/drivers\aavmker4.sys -->18/04/2007 18:07:49 C:\WINDOWS\System32\tmp.txt -->25/04/2007 20:56:34 C:\WINDOWS\System32\tmp.reg -->25/04/2007 20:56:34 C:\WINDOWS\System32\perfh00C.dat -->23/04/2007 21:12:31 C:\WINDOWS\System32\perfh009.dat -->23/04/2007 21:12:31 C:\WINDOWS\System32\perfc00C.dat -->23/04/2007 21:12:31 C:\WINDOWS\System32\perfc009.dat -->23/04/2007 21:12:31 C:\WINDOWS\System32\PerfStringBackup.INI -->23/04/2007 21:12:28 C:\WINDOWS\System32\wmpscheme.xml -->23/04/2007 19:57:06 C:\WINDOWS\System32\jupdate-1.6.0_01-b06.log -->23/04/2007 09:05:13 C:\WINDOWS\System32\h323log.txt -->22/04/2007 19:20:37 C:\WINDOWS\System32\CONFIG.NT -->22/04/2007 18:43:11 C:\WINDOWS\System32\wpa.dbl -->22/04/2007 18:34:44 C:\WINDOWS\System32\FNTCACHE.DAT -->22/04/2007 18:34:25 C:\WINDOWS\System32\$winnt$.inf -->22/04/2007 18:30:26 C:\WINDOWS\System32\nscompat.tlb -->22/04/2007 18:27:06 C:\WINDOWS\System32\amcompat.tlb -->22/04/2007 18:27:06 C:\WINDOWS\System32\WindowsLogon.manifest -->22/04/2007 18:25:41 C:\WINDOWS\System32\logonui.exe.manifest -->22/04/2007 18:25:41 C:\WINDOWS\System32\wuaucpl.cpl.manifest -->22/04/2007 18:25:32 C:\WINDOWS\System32\sapi.cpl.manifest -->22/04/2007 18:25:32 C:\WINDOWS\System32\nwc.cpl.manifest -->22/04/2007 18:25:32 C:\WINDOWS\System32\ncpa.cpl.manifest -->22/04/2007 18:25:32 C:\WINDOWS\System32\cdplayer.exe.manifest -->22/04/2007 18:25:32 C:\WINDOWS\System32\emptyregdb.dat -->22/04/2007 18:23:47 C:\WINDOWS\System32\aswBoot.exe -->18/04/2007 18:16:59 C:\WINDOWS.log -->25/04/2007 19:38:56 C:\WINDOWS\WindowsUpdate.log -->25/04/2007 19:38:55 C:\WINDOWS\wiadebug.log -->25/04/2007 19:38:52 C:\WINDOWS\wiaservc.log -->25/04/2007 19:38:51 C:\WINDOWS\bootstat.dat -->25/04/2007 19:38:29 C:\WINDOWS\SchedLgU.Txt -->25/04/2007 17:01:23 C:\WINDOWS\setupapi.log -->25/04/2007 13:50:18 C:\WINDOWS\svcpack.log -->23/04/2007 21:32:34 C:\WINDOWS\setupact.log -->23/04/2007 20:25:13 C:\WINDOWS\OEWABLog.txt -->23/04/2007 19:57:11 C:\WINDOWS\win.ini -->23/04/2007 19:26:58 C:\WINDOWS\hpoins01.dat -->23/04/2007 19:26:18 C:\WINDOWS\xpsp1hfm.log -->23/04/2007 18:42:24 C:\WINDOWS\tsoc.log -->23/04/2007 18:42:23 C:\WINDOWS\ntdtcsetup.log -->23/04/2007 18:42:23 C:\WINDOWS\twunk_16.exe |28/08/2001 14:00:00 C:\WINDOWS\twunk_32.exe |28/08/2001 14:00:00 C:\WINDOWS\twain.dll |28/08/2001 14:00:00 C:\WINDOWS\twain_32.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\append.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\aswBoot.exe |22/04/2007 18:38:10 C:\WINDOWS\system32\debug.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\dosx.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\dumphive.exe |23/04/2007 18:33:58 C:\WINDOWS\system32\dvdplay.exe |23/08/2001 19:47:34 C:\WINDOWS\system32\edlin.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\exe2bin.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\fastopen.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\HPZinw12.exe |23/04/2007 19:21:29 C:\WINDOWS\system32\HPZipm12.exe |23/04/2007 19:21:29 C:\WINDOWS\system32\java.exe |23/04/2007 09:05:18 C:\WINDOWS\system32\javaw.exe |23/04/2007 09:05:18 C:\WINDOWS\system32\javaws.exe |23/04/2007 09:05:18 C:\WINDOWS\system32\mem.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\mscdexnt.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\nlsfunc.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\Process.exe |23/04/2007 18:33:58 C:\WINDOWS\system32\redir.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\setver.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\share.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\SrchSTS.exe |23/04/2007 18:33:58 C:\WINDOWS\system32\swreg.exe |23/04/2007 18:33:58 C:\WINDOWS\system32\swsc.exe |23/04/2007 18:33:58 C:\WINDOWS\system32\swxcacls.exe |23/04/2007 18:33:58 C:\WINDOWS\system32\UHARC.EXE |18/02/2003 22:48:50 C:\WINDOWS\system32\usrmlnka.exe |23/08/2001 19:47:48 C:\WINDOWS\system32\usrprbda.exe |23/08/2001 19:47:48 C:\WINDOWS\system32\usrshuta.exe |23/08/2001 19:47:48 C:\WINDOWS\system32\amstream.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\atmfd.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\atmlib.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\compatUI.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\dgrpsetu.dll |22/04/2007 19:15:52 C:\WINDOWS\system32\dgsetup.dll |22/04/2007 19:15:52 C:\WINDOWS\system32\EqnClass.Dll |22/04/2007 19:15:52 C:\WINDOWS\system32\hpgwiamd.dll |09/03/2003 22:31:04 C:\WINDOWS\system32\hpotscl.dll |09/03/2003 22:31:04 C:\WINDOWS\system32\hpovst08.dll |09/03/2003 22:31:04 C:\WINDOWS\system32\HPZc3212.dll |09/03/2003 22:30:42 C:\WINDOWS\system32\hpzcoi07.dll |09/03/2003 22:30:52 C:\WINDOWS\system32\hpzcon07.dll |09/03/2003 22:30:50 C:\WINDOWS\system32\HPZidr12.dll |23/04/2007 19:21:29 C:\WINDOWS\system32\HPZipr12.dll |23/04/2007 19:21:29 C:\WINDOWS\system32\HPZipt12.dll |23/04/2007 19:21:29 C:\WINDOWS\system32\HPZisn12.dll |23/04/2007 19:21:29 C:\WINDOWS\system32\hpzsnt07.dll |09/03/2003 22:30:52 C:\WINDOWS\system32\hticons.dll |22/04/2007 18:22:29 C:\WINDOWS\system32\hypertrm.dll |22/04/2007 18:22:29 C:\WINDOWS\system32\iccvid.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\ir32_32.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\ir41_qc.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\ir41_qcx.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\ir50_32.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\ir50_qc.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\ir50_qcx.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\isrdbg32.dll |22/04/2007 18:24:16 C:\WINDOWS\system32\jgaw400.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\jgdw400.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\jgmd400.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\jgpl400.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\jgsd400.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\jgsh400.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\mdwmdmsp.dll |23/08/2001 19:47:06 C:\WINDOWS\system32\msdmo.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\msencode.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\nv4.dll |22/04/2007 19:19:15 C:\WINDOWS\system32\paqsp.dll |23/08/2001 19:47:16 C:\WINDOWS\system32\qedwipes.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\slbcsp.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\slbiop.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\slbrccsp.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\spnike.dll |23/08/2001 19:47:18 C:\WINDOWS\system32\sprio600.dll |23/08/2001 19:47:18 C:\WINDOWS\system32\sprio800.dll |23/08/2001 19:47:18 C:\WINDOWS\system32\spxcoins.dll |22/04/2007 19:15:52 C:\WINDOWS\system32\tsd32.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\usrcntra.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrcoina.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrdpa.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrdtea.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrfaxa.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrlbva.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrrtosa.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrsdpia.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrsvpia.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrv42a.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrv80a.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrvoica.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrvpa.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\win87em.dll |28/08/2001 14:00:00 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6435-02A4 Répertoire de C:\WINDOWS\system32 28/08/2001 14:00 4 096 csrss.exe 1 fichier(s) 4 096 octets 0 Rép(s) 23 425 736 704 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6435-02A4 Répertoire de C:\WINDOWS\Downloaded Program Files 25/04/2007 13:50 <REP> . 25/04/2007 13:50 <REP> .. 22/04/2007 18:25 65 desktop.ini 08/08/2006 11:45 576 kavwebscan.inf 23/03/2007 12:23 39 936 NanoInst.dll 23/03/2007 11:47 352 nanoinst.inf 26/03/2007 16:46 5 085 swflash.inf 11/08/2004 02:22 3 036 wmv9dmo.inf 30/06/2003 22:41 1 689 WMV9VCM.inf 26/05/2005 04:19 291 wuweb.inf 8 fichier(s) 51 030 octets Total des fichiers listés : 8 fichier(s) 51 030 octets 2 Rép(s) 23 425 732 608 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Liste des programmes installes Adobe Flash Player 9 ActiveX avast! Antivirus AVG Anti-Spyware 7.5 Correctif Windows XP - Article Base de Connaissances 834707 Correctif Windows XP - KB823559 Correctif Windows XP - KB828741 Correctif Windows XP - KB835732 Correctif Windows XP - KB842773 Disque de souvenirs HP Google Earth gtkmm Runtime Environment 2.4 HijackThis 1.99.1 hp psc 1200 series Java SE Runtime Environment 6 Update 1 Kaspersky Online Scanner KRISTAL Audio Engine Mozilla Firefox (2.0.0.3) Package du correctif Windows XP [voir Q329115 pour plus de détails] Panda NanoScan Photo et imagerie HP 2.0 - All-in-One Photo et imagerie HP 2.0 - All-in-One Pilote Photo et imagerie HP 2.0 - hp psc 1200 series Sunbelt Kerio Personal Firewall UHARC for Windows 1.4.0.2 UxTheme Multipatcher Fr VideoLAN VLC media player 0.8.6b WebFldrs XP Winamp (remove only) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Live Messenger Windows Live Sign-in Assistant Windows XP Hotfix (SP1) [see Q329048 for more information] Windows XP Hotfix (SP1) [see Q329390 for more information] Windows XP Hotfix (SP1) [see Q329441 for more information] Windows XP Hotfix (SP1) [see Q329834 for more information] Windows XP Hotfix (SP1) Q329170 Windows XP Hotfix (SP1) Q810577 Windows XP Hotfix (SP1) Q810833 Windows XP Hotfix (SP1) Q815021 Windows XP Hotfix (SP1) Q817606 WinHTTrack Website Copier 3.41-2 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6435-02A4 Répertoire de C:\Program Files 25/04/2007 13:06 <REP> . 25/04/2007 13:06 <REP> .. 22/04/2007 10:49 <REP> Alwil Software 22/04/2007 13:29 <REP> CDex_170b2 22/04/2007 10:21 <REP> ComPlus Applications 25/04/2007 13:05 <REP> Fichiers communs 22/04/2007 13:31 <REP> Free Audio Pack 25/04/2007 13:06 <REP> Google 25/04/2007 07:05 <REP> Grisoft 22/04/2007 20:16 <REP> gtkmm 23/04/2007 19:24 <REP> Hewlett-Packard 24/04/2007 12:49 <REP> IntelliTamper 22/04/2007 18:23 <REP> Internet Explorer 23/04/2007 09:05 <REP> Java 23/04/2007 08:39 <REP> Kreatives.org 22/04/2007 13:07 <REP> Lavalys 23/04/2007 19:57 <REP> Messenger 22/04/2007 10:24 <REP> microsoft frontpage 22/04/2007 18:24 <REP> Movie Maker 25/04/2007 12:51 <REP> Mozilla Firefox 22/04/2007 10:20 <REP> MSN 22/04/2007 10:20 <REP> MSN Gaming Zone 22/04/2007 19:01 <REP> MSN Messenger 23/04/2007 18:39 <REP> NetMeeting 22/04/2007 18:24 <REP> Outlook Express 22/04/2007 10:20 <REP> Services en ligne 22/04/2007 19:06 <REP> Sunbelt Software 22/04/2007 20:26 <REP> synfig 24/04/2007 17:50 <REP> UHARC for Windows 24/04/2007 19:14 <REP> UxTheme Multipatcher Fr 23/04/2007 12:34 <REP> VideoLAN 23/04/2007 12:39 <REP> Winamp 23/04/2007 19:57 <REP> Windows Media Player 22/04/2007 18:22 <REP> Windows NT 24/04/2007 21:33 <REP> WinHTTrack 22/04/2007 10:24 <REP> xerox 0 fichier(s) 0 octets 36 Rép(s) 23 425 404 928 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6435-02A4 Répertoire de C:\Program Files\fichiers communs 25/04/2007 13:05 <REP> . 25/04/2007 13:05 <REP> .. 23/04/2007 19:19 <REP> Hewlett-Packard 25/04/2007 13:05 <REP> InstallShield 23/04/2007 09:01 <REP> Java 22/04/2007 11:22 <REP> Microsoft Shared 22/04/2007 10:21 <REP> MSSoap 22/04/2007 11:14 <REP> ODBC 22/04/2007 10:21 <REP> Services 22/04/2007 11:14 <REP> SpeechEngines 22/04/2007 18:24 <REP> System 0 fichier(s) 0 octets 11 Rép(s) 23 425 404 928 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6435-02A4 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 22/04/2007 18:35 <REP> . 22/04/2007 18:35 <REP> .. 18/05/2001 17:57 561 209 MSONSEXT.DLL 03/06/1999 14:09 122 937 MSOWS409.DLL 07/03/2001 09:00 127 033 MSOWS40c.DLL 3 fichier(s) 811 179 octets 2 Rép(s) 23 425 404 928 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6435-02A4 Répertoire de C:\ 11/11/2001 00:00 68 096 diff.exe 27/08/2006 14:10 103 424 grep.exe 2 fichier(s) 171 520 octets 0 Rép(s) 23 425 404 928 octets libres c:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Télécharger des logiciels.exe c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UJQ3VZ6A\amcik[1].exe c:\Documents and Settings\Tom\Bureau\cdex_170b2_enu.exe c:\Documents and Settings\Tom\Bureau\everest-ultimate_everest_ultimate_4.0_francais_12281.exe c:\Documents and Settings\Tom\Bureau\install_flash_player(2).exe c:\Documents and Settings\Tom\Bureau\install_flash_player.exe c:\Documents and Settings\Tom\Bureau\Setup_FreeConverter.exe c:\Documents and Settings\Tom\Bureau\vlc-0.8.6b-win32.exe c:\Documents and Settings\Tom\Bureau\VundoFix.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\BCUnInstall.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Setup.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Drivers95\BCHELPER.EXE c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files\BCResident.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files\BCSrvMan.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files\BCView.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files\BCWipe.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files\BCWipeTM.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files\BestCrypt.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files\CryptoSwap.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files\insbcbus.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files\BCWipePD\bcwipepd.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files XP_amd64\insbcbus.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files XP_ia64\insbcbus.exe c:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\8MXI19YP\Firefox%20Setup%202.0.0.3[1].exe c:\Documents and Settings\Tom\Mes documents\Mes fichiers reçus\scanner\scanner.exe.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\aawsepersonal.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\ATF-Cleaner.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\avgas-setup-7.5.0.50.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\Firefox Setup 2.0.0.3.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\FixVundo.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\flash5-trialFr.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\flstudio7_RC6b.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\GoogleEarthWin.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\OTMoveIt.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\sunbelt-personal-firewall.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\synfig-0.61.05.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\Télécharger des logiciels.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\UxTheme_Multipatcher_Fr.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\VundoFix.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\winamp533_lite.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\clean\clean\pskill.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\hijackthis\hijackthis.exe.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\ProcessExplorerNt\procexp.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\radio.blog.2.5\radio.blog.2.5\creat.sound\bin\lame.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\reshack\ResHacker.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\dumphive.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\HostsChk.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\Process.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\Reboot.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\restart.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\SmiUpdate.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\swreg.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\swsc.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\swxcacls.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\unzip.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Local Settings\Temp\Répertoire temporaire 1 pour sfp.zip\sfp.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\hmwhvb39.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Application Data\Mozilla\Firefox\Profiles\pau5x2cb.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll Merci et @+

Salut ! StartupList report, 25/04/2007, 20:36:46 StartupList version: 1.52.2 Started from : C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\hijackthis\hijackthis.exe.EXE Detected: Windows XP (WinNT 5.01.2600) Detected: Internet Explorer v6.00 (6.00.2600.0000) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\System32\WgaTray.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\hijackthis\hijackthis.exe.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Menu Démarrer\Programmes\Démarrage] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage] hp psc 1000 series.lnk = ? hpoddt01.exe.lnk = ? Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" WinampAgent = C:\Program Files\Winamp\winampa.exe !AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\system32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}] * StubPath = rundll32 iesetup.dll,IEAccessUserInst -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} -------------------------------------------------- Enumerating Task Scheduler jobs: FRU Task #Hewlett-Packard#hp psc 1200 series#1177349180.job -------------------------------------------------- Enumerating Download Program Files: [CKAVWebScan Object] InProcServer32 = C:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll CODEBASE = http://webscanner.kaspersky.fr/kavwebscan_unicode.cab [{33564D57-0000-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB [{33564D57-9980-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab [WUWebControl Class] InProcServer32 = C:\WINDOWS\System32\wuweb.dll CODEBASE = http://update.microsoft.com/windowsupdate/...b?1177261547777 [NanoInstaller Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\NanoInst.dll CODEBASE = http://www.nanoscan.com/cabs/nanoinst.cab [Java Plug-in 1.6.0_01] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_01] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [Java Plug-in 1.6.0_01] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab [shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services Pilote ACPI Microsoft: System32\DRIVERS\ACPI.sys (system) Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start) Environnement de prise en charge de réseau AFD: \SystemRoot\System32\drivers\afd.sys (autostart) Avertissement: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start) Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart) Pilote de média asynchrone RAS: System32\DRIVERS\asyncmac.sys (manual start) Contrôleur de disque dur IDE/ESDI standard: System32\DRIVERS\atapi.sys (system) Protocole client ATM ARP: System32\DRIVERS\atmarpc.sys (manual start) Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote audio Stub: System32\DRIVERS\audstub.sys (manual start) avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart) avast! Mail Scanner: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start) avast! Web Scanner: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (manual start) AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system) AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart) AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system) Service de transfert intelligent en arrière-plan: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Explorateur d'ordinateur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote de CD-ROM: System32\DRIVERS\cdrom.sys (system) Service d'indexation: C:\WINDOWS\System32\cisvc.exe (manual start) Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (manual start) Application système COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Client DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote de disque: System32\DRIVERS\disk.sys (system) Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start) Client DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart) Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start) Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Creative AudioPCI (ES1371,ES1373) (WDM): system32\drivers\es1371mp.sys (manual start) Journal des événements: %SystemRoot%\system32\services.exe (autostart) Système d'événements de COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start) Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote de contrôleur de lecteur de disquettes: System32\DRIVERS\fdc.sys (manual start) Pilote de lecteur de disquettes: System32\DRIVERS\flpydisk.sys (manual start) Pilote du Gestionnaire de volume: System32\DRIVERS\ftdisk.sys (system) Firewall Driver: \SystemRoot\system32\drivers\fwdrv.sys (system) Énumérateur de port jeu: System32\DRIVERS\gameenum.sys (manual start) Classificateur de paquets générique: System32\DRIVERS\msgpc.sys (manual start) Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Accès du périphérique d'interface utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Pilote de classe HID Microsoft: System32\DRIVERS\hidusb.sys (manual start) IEEE-1284.4 Driver HPZid412: System32\DRIVERS\HPZid412.sys (manual start) Print Class Driver for IEEE-1284.4 HPZipr12: System32\DRIVERS\HPZipr12.sys (manual start) USB to IEEE-1284.4 Translation Driver HPZius12: System32\DRIVERS\HPZius12.sys (manual start) Pilote pour clavier i8042 et souris sur port PS/2: System32\DRIVERS\i8042prt.sys (system) Service COM de gravage de CD IMAPI: C:\WINDOWS\System32\imapi.exe (manual start) Pilote de filtre de trafic IP: System32\DRIVERS\ipfltdrv.sys (manual start) Pilote de tunnelage IP dans IP: System32\DRIVERS\ipinip.sys (manual start) Traducteur d'adresses réseau IP: System32\DRIVERS\ipnat.sys (manual start) Pilote IPSEC: System32\DRIVERS\ipsec.sys (system) Service énumérateur IR: System32\DRIVERS\irenum.sys (manual start) Pilote de bus Plug-and-Play ISA/EISA: System32\DRIVERS\isapnp.sys (system) Pilote de la classe Clavier: System32\DRIVERS\kbdclass.sys (system) Kerio HIPS Driver: \SystemRoot\system32\drivers\khips.sys (system) Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start) Sunbelt Kerio Personal Firewall 4: C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe (autostart) Serveur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Station de travail: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Assistance TCP/IP NetBIOS: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Affichage des messages: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Partage de Bureau à distance NetMeeting: C:\WINDOWS\System32\mnmsrvc.exe (manual start) Pilote de la classe Souris: System32\DRIVERS\mouclass.sys (system) Pilote HID de souris: System32\DRIVERS\mouhid.sys (manual start) Redirecteur client WebDav: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start) Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start) Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start) Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start) Pilote TAPI NDIS d'accès distant: System32\DRIVERS\ndistapi.sys (manual start) NDIS mode utilisateur E/S Protocole: System32\DRIVERS\ndisuio.sys (manual start) Pilote réseau étendu NDIS d'accès distant: System32\DRIVERS\ndiswan.sys (manual start) Interface NetBIOS: System32\DRIVERS\netbios.sys (system) NetBIOS sur TCP/IP: System32\DRIVERS\netbt.sys (system) DDE réseau: %SystemRoot%\system32\netdde.exe (manual start) DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (manual start) Ouverture de session réseau: %SystemRoot%\System32\lsass.exe (manual start) Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\System32\lsass.exe (manual start) Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) nv4: System32\DRIVERS\nv4.sys (manual start) Pilote de filtre de trafic IPX: System32\DRIVERS\nwlnkflt.sys (manual start) Pilote de transfert de trafic IPX: System32\DRIVERS\nwlnkfwd.sys (manual start) Pilote de port parallèle: System32\DRIVERS\parport.sys (manual start) Pilote de bus PCI: System32\DRIVERS\pci.sys (system) Plug-and-Play: %SystemRoot%\system32\services.exe (autostart) Pml Driver HPZ12: C:\WINDOWS\System32\HPZipm12.exe (manual start) Services IPSEC: %SystemRoot%\System32\lsass.exe (autostart) Miniport réseau étendu (PPTP): System32\DRIVERS\raspptp.sys (manual start) Pilote processeur: System32\DRIVERS\processr.sys (system) Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart) Planificateur de paquets QoS: System32\DRIVERS\psched.sys (manual start) Pilote de liaison parallèle directe: System32\DRIVERS\ptilink.sys (manual start) Pilote de connexion automatique d'accès distant: System32\DRIVERS\rasacd.sys (system) Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Miniport réseau étendu (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) Gestionnaire de connexions d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote PPPOE d'accès à distance: System32\DRIVERS\raspppoe.sys (manual start) Parallèle direct: System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start) Pilote de filtre de lecture digitale de CD audio: System32\DRIVERS\redbook.sys (system) Routage et accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Localisateur d'appels de procédure distante (RPC): %SystemRoot%\System32\locator.exe (manual start) Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start) Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C): System32\DRIVERS\RTL8139.SYS (manual start) Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart) Prise en charge des cartes à puces: %SystemRoot%\System32\SCardSvr.exe (manual start) Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start) Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Seagate Communication: "C:\WINDOWS\System32\dllcache\seagatecom.exe" (autostart) Secdrv: System32\DRIVERS\secdrv.sys (manual start) Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de filtre Serenum: System32\DRIVERS\serenum.sys (manual start) Pilote de port série: System32\DRIVERS\serial.sys (system) Pare-feu de connexion Internet (ICF) / Partage de connexion Internet (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start) Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart) Pilote de filtre de restauration système: System32\DRIVERS\sr.sys (system) Service de restauration système: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Srv: System32\DRIVERS\srv.sys (manual start) Service de découvertes SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Acquisition d'image Windows (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart) Pilote de bus logiciel: System32\DRIVERS\swenum.sys (manual start) Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{2914D0C2-8320-410D-A8A7-62D69539AA88} (manual start) Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start) Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start) Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote du protocole TCP/IP: System32\DRIVERS\tcpip.sys (system) Pilote de périphérique terminal: System32\DRIVERS\termdd.sys (system) Services Terminal Server: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Universal Printer NT Service: "C:\WINDOWS\System32\dllcache\upnt.exe" (autostart) Pilote de mise à jour microcode: System32\DRIVERS\update.sys (manual start) Gestionnaire de téléchargement: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Hôte de périphérique universel Plug-and-Play: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Onduleur: %SystemRoot%\System32\ups.exe (manual start) Pilote parent générique USB Microsoft: System32\DRIVERS\usbccgp.sys (manual start) Concentrateur USB2: System32\DRIVERS\usbhub.sys (manual start) Classe d'imprimantes USB Microsoft: System32\DRIVERS\usbprint.sys (manual start) Pilote de scanneur USB: System32\DRIVERS\usbscan.sys (manual start) Pilote de stockage de masse USB: System32\DRIVERS\USBSTOR.SYS (manual start) Pilote miniport de contrôleur hôte universel USB Microsoft: System32\DRIVERS\usbuhci.sys (manual start) Service Messenger Sharing Folders USN Journal Reader: C:\Program Files\MSN Messenger\usnsvc.exe (manual start) VgaSave: \SystemRoot\System32\drivers\vga.sys (system) Filtre de bus AGP VIA: System32\DRIVERS\viaagp.sys (system) ViaIde: System32\DRIVERS\viaide.sys (system) Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start) Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote ARP IP d'accès distant: System32\DRIVERS\wanarp.sys (manual start) Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Numéro de série du média portable: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Carte de performance WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start) Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *Registry key not found* -------------------------------------------------- End of report, 32 390 bytes Report generated in 0,188 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only merci encore et @ +

Salut ! Suprimme ta version de hijackthis ce n'est pas la bonne : Salut ! télécharge [#ff0000]Hijackthis[/#ff0000] ( de merjin ) Sauvergarde-le dans un dossier dédié (ex C:\Hijackthis ) Lance-le clique sur Do a system scan and save a logfile . Ensuite le bloc-note va s'ouvrir : copie\colle le contenu du rapport dans ton prochain message. @ +

Hijackthis était depuis le debut appeler scanner.exe (je l'avait fait pour le vundo !) StartupList report, 25/04/2007, 13:27:11 StartupList version: 1.52.2 Started from : C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\hijackthis\scanner.EXE Detected: Windows XP (WinNT 5.01.2600) Detected: Internet Explorer v6.00 (6.00.2600.0000) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\WgaTray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\System32\wuauclt.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\hijackthis\scanner.exe -------------------------------------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage] hp psc 1000 series.lnk = ? hpoddt01.exe.lnk = ? -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" WinampAgent = C:\Program Files\Winamp\winampa.exe !AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} -------------------------------------------------- Enumerating Task Scheduler jobs: FRU Task #Hewlett-Packard#hp psc 1200 series#1177349180.job -------------------------------------------------- Enumerating Download Program Files: [{33564D57-9980-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab [WUWebControl Class] InProcServer32 = C:\WINDOWS\System32\wuweb.dll CODEBASE = http://update.microsoft.com/windowsupdate/...b?1177261547777 [shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- End of report, 5 501 bytes Report generated in 0,063 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only Le rapport kapersky (je prefere ): ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Wednesday, April 25, 2007 2:32:32 PM Système d'exploitation : Microsoft Windows XP Home Edition, (Build 2600) Kaspersky On-line Scanner version : 5.0.83.0 Dernière mise à jour de la base antivirus Kaspersky : 25/04/2007 Enregistrements dans la base antivirus Kaspersky : 284541 ------------------------------------------------------------------------------- Paramètres d'analyse: Analyser avec la base antivirus suivante: standard Analyser les archives: vrai Analyser les bases de messagerie: vrai Cible de l'analyse - Poste de travail: A:\ C:\ D:\ E:\ Statistiques de l'analyse: Total d'objets analysés: 29720 Nombre de virus trouvés: 10 Nombre d'objets infectés: 27 / 0 Nombre d'objets suspects: 0 Durée de l'analyse: 00:49:01 Nom de l'objet infecté / Nom du virus / Dernière action C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UJQ3VZ6A\amcik[1].exe Infecté : Backdoor.Win32.IRCBot.wt ignoré C:\Documents and Settings\LocalService.AUTORITE NT\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService.AUTORITE NT\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService.AUTORITE NT\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService.AUTORITE NT\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService.AUTORITE NT\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService.AUTORITE NT\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService.AUTORITE NT\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Application Data\Mozilla\Firefox\Profiles\pau5x2cb.default\cert8.db L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Application Data\Mozilla\Firefox\Profiles\pau5x2cb.default\formhistory.dat L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Application Data\Mozilla\Firefox\Profiles\pau5x2cb.default\history.dat L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Application Data\Mozilla\Firefox\Profiles\pau5x2cb.default\key3.db L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Application Data\Mozilla\Firefox\Profiles\pau5x2cb.default\parent.lock L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Application Data\Mozilla\Firefox\Profiles\pau5x2cb.default\search.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Application Data\Mozilla\Firefox\Profiles\pau5x2cb.default\urlclassifier2.sqlite L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Local Settings\Application Data\Microsoft\Messenger\radiogogole@hotmail.fr\SharingMetadata\Logs\Dfsr00005.log L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Local Settings\Application Data\Microsoft\Messenger\radiogogole@hotmail.fr\SharingMetadata\pending.dat L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Local Settings\Application Data\Microsoft\Messenger\radiogogole@hotmail.fr\SharingMetadata\Working\database_B864_3540_6435_2A4\dfsr.db L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Local Settings\Application Data\Microsoft\Messenger\radiogogole@hotmail.fr\SharingMetadata\Working\database_B864_3540_6435_2A4\fsr.log L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Local Settings\Application Data\Microsoft\Messenger\radiogogole@hotmail.fr\SharingMetadata\Working\database_B864_3540_6435_2A4\fsrtmp.log L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Local Settings\Application Data\Microsoft\Messenger\radiogogole@hotmail.fr\SharingMetadata\Working\database_B864_3540_6435_2A4\tmp.edb L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Local Settings\Application Data\Microsoft\Windows Live Contacts\radiogogole@hotmail.fr\real\members.stg L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Local Settings\Application Data\Microsoft\Windows Live Contacts\radiogogole@hotmail.fr\shadow\members.stg L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Local Settings\Application Data\Mozilla\Firefox\Profiles\pau5x2cb.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Local Settings\Application Data\Mozilla\Firefox\Profiles\pau5x2cb.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Local Settings\Application Data\Mozilla\Firefox\Profiles\pau5x2cb.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Local Settings\Application Data\Mozilla\Firefox\Profiles\pau5x2cb.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Local Settings\Historique\History.IE5\MSHist012007042520070426\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Local Settings\Temp\~DF176D.tmp L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Local Settings\Temp\~DF19B7.tmp L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Local Settings\Temp\~DFCDC5.tmp L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Local Settings\Temp\~DFCDEE.tmp L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log L'objet est verrouillé ignoré C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx L'objet est verrouillé ignoré C:\SDFix\backups\backups.zip/backups/algs.exe Infecté : Backdoor.Win32.PoeBot.c ignoré C:\SDFix\backups\backups.zip/backups/firewall.exe Infecté : Backdoor.Win32.PoeBot.c ignoré C:\SDFix\backups\backups.zip/backups/spooIsv.exe Infecté : Trojan.Win32.Pakes ignoré C:\SDFix\backups\backups.zip/backups/winamp.exe Infecté : Backdoor.Win32.Nepoe.c ignoré C:\SDFix\backups\backups.zip ZIP: infecté - 4 ignoré C:\System Volume Information\_restore{2FE2B9CF-E21C-43E3-B901-B54F276F614F}\RP2\A0011494.exe Infecté : Backdoor.Win32.IRCBot.wt ignoré C:\System Volume Information\_restore{2FE2B9CF-E21C-43E3-B901-B54F276F614F}\RP3\A0011543.exe Infecté : Backdoor.Win32.IRCBot.wt ignoré C:\System Volume Information\_restore{85A89437-DA1E-4288-92F7-49E97343E514}\RP25\A0012421.dll Infecté : Trojan-Spy.Win32.VBStat.h ignoré C:\System Volume Information\_restore{85A89437-DA1E-4288-92F7-49E97343E514}\RP25\A0012486.dll Infecté : Trojan.Win32.BHO.g ignoré C:\System Volume Information\_restore{85A89437-DA1E-4288-92F7-49E97343E514}\RP26\A0014593.exe Infecté : Backdoor.Win32.PoeBot.c ignoré C:\System Volume Information\_restore{85A89437-DA1E-4288-92F7-49E97343E514}\RP26\A0014594.exe Infecté : Trojan.Win32.Pakes ignoré C:\System Volume Information\_restore{85A89437-DA1E-4288-92F7-49E97343E514}\RP26\A0014595.exe Infecté : Backdoor.Win32.Mytobor.c ignoré C:\System Volume Information\_restore{85A89437-DA1E-4288-92F7-49E97343E514}\RP26\A0014596.exe Infecté : Trojan-Proxy.Win32.Agent.mf ignoré C:\System Volume Information\_restore{85A89437-DA1E-4288-92F7-49E97343E514}\RP26\A0014597.exe Infecté : Trojan-Proxy.Win32.Agent.mf ignoré C:\System Volume Information\_restore{85A89437-DA1E-4288-92F7-49E97343E514}\RP26\A0014598.exe Infecté : Trojan-Proxy.Win32.Agent.mf ignoré C:\System Volume Information\_restore{85A89437-DA1E-4288-92F7-49E97343E514}\RP26\A0014599.exe Infecté : Trojan-Proxy.Win32.Agent.mf ignoré C:\System Volume Information\_restore{85A89437-DA1E-4288-92F7-49E97343E514}\RP26\A0014600.exe Infecté : Trojan-Proxy.Win32.Agent.mf ignoré C:\System Volume Information\_restore{85A89437-DA1E-4288-92F7-49E97343E514}\RP26\A0014601.exe Infecté : Trojan-Proxy.Win32.Agent.mf ignoré C:\System Volume Information\_restore{85A89437-DA1E-4288-92F7-49E97343E514}\RP26\A0014602.exe Infecté : Trojan-Proxy.Win32.Agent.mf ignoré C:\System Volume Information\_restore{85A89437-DA1E-4288-92F7-49E97343E514}\RP26\A0014603.exe Infecté : Trojan-Proxy.Win32.Agent.mf ignoré C:\System Volume Information\_restore{85A89437-DA1E-4288-92F7-49E97343E514}\RP26\A0014604.exe Infecté : Trojan-Proxy.Win32.Agent.mf ignoré C:\System Volume Information\_restore{85A89437-DA1E-4288-92F7-49E97343E514}\RP26\A0014606.exe Infecté : Backdoor.Win32.Rbot.bsp ignoré C:\System Volume Information\_restore{85A89437-DA1E-4288-92F7-49E97343E514}\RP26\A0014607.exe Infecté : Trojan-Downloader.Win32.Small.edb ignoré C:\System Volume Information\_restore{85A89437-DA1E-4288-92F7-49E97343E514}\RP26\A0014608.exe Infecté : Trojan-Downloader.Win32.Small.edb ignoré C:\System Volume Information\_restore{85A89437-DA1E-4288-92F7-49E97343E514}\RP27\change.log L'objet est verrouillé ignoré C:\VundoFix Backups\rynouwib.dll.bad Infecté : Trojan-Spy.Win32.VBStat.h ignoré C:\VundoFix Backups\srcvnoxv.dll.bad Infecté : Trojan.Win32.BHO.g ignoré C:\WINDOWS\Debug\oakley.log L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\EventCache\{26C12F8A-F3A3-4240-8C2A-34BD19FFD033}.bin L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_47c.dat L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré Analyse terminée.

Voila le OTmoveit : DllUnregisterServer procedure not found in C:\WINDOWS\system32\geedb.dll C:\WINDOWS\system32\geedb.dll NOT unregistered. C:\WINDOWS\system32\geedb.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\gebcb.dll C:\WINDOWS\system32\gebcb.dll NOT unregistered. C:\WINDOWS\system32\gebcb.dll moved successfully. DllUnregisterServer procedure not found in C:\WINDOWS\system32\pmnnl.dll C:\WINDOWS\system32\pmnnl.dll NOT unregistered. C:\WINDOWS\system32\pmnnl.dll moved successfully. File/Folder C:\WINDOWS\System32\pujdqcj.exe not found. C:\WINDOWS\System32\jbiq.exe moved successfully. C:\WINDOWS\System32\tmp.txt moved successfully. C:\WINDOWS\System32\tmp.reg moved successfully. C:\WINDOWS\System32\dzoz.exe moved successfully. C:\WINDOWS\System32\vszi.exe moved successfully. C:\WINDOWS\System32\vhxzqo.exe moved successfully. C:\WINDOWS\System32\tzztx.exe moved successfully. C:\WINDOWS\System32\xdnntnqi.exe moved successfully. C:\WINDOWS\System32\sgqriqx.exe moved successfully. C:\WINDOWS\System32\qxtcgixq.exe moved successfully. C:\WINDOWS\System32\yogeg.exe moved successfully. C:\WINDOWS\System32\bagfvnnc.exe moved successfully. C:\WINDOWS\System32\zvopt.exe moved successfully. C:\WINDOWS\System32\yadbxpfq.exe moved successfully. C:\WINDOWS\System32\27031_nttpm.exe moved successfully. C:\WINDOWS\System32\vrhouhdz.exe moved successfully. C:\WINDOWS\System32\wbcm.exe moved successfully. C:\WINDOWS\system32\fawyy.exe moved successfully. File/Folder C:\WINDOWS\system32\anywgm.exe not found. C:\WINDOWS\system32\exfhxyp.exe moved successfully. File/Folder C:\WINDOWS\system32\feifpqc.exe not found. File/Folder C:\WINDOWS\system32\ijmy.exe not found. C:\WINDOWS\system32\jhltojag.exe moved successfully. C:\WINDOWS\system32\rdrc.exe moved successfully. C:\WINDOWS\system32\twbk.exe moved successfully. C:\Documents and Settings\Tom\Local Settings\Temp\BIT4E.tmp moved successfully. Created on 04/25/2007 07:10:51 Voila le AVG AS : --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 12:37:57 25/04/2007 + Résultat de l'analyse: HKLM\SYSTEM\ControlSet002\Enum\PCI\VEN_1813&DEV_4000&SUBSYS_000116BE&REV_02\3&61aaa01&0&38\\HardwareID -> Adware.HyperBar : Erreur lors du nettoyage. C:\System Volume Information\_restore{85A89437-DA1E-4288-92F7-49E97343E514}\RP26\A0012566.exe -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine). C:\_OTMoveIt\MovedFiles\WINDOWS\system32\bagfvnnc.exe -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine). C:\_OTMoveIt\MovedFiles\WINDOWS\system32\dzoz.exe -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine). C:\_OTMoveIt\MovedFiles\WINDOWS\system32\jbiq.exe -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine). C:\_OTMoveIt\MovedFiles\WINDOWS\system32\zvopt.exe -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine). C:\System Volume Information\_restore{85A89437-DA1E-4288-92F7-49E97343E514}\RP26\A0012565.exe -> Backdoor.Mytobor.c : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\1YVDGP53\84785_nttpm[1].exe -> Backdoor.Mytobor.c : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\2XQ14KTN\84785_sedfg[1].exe -> Backdoor.Mytobor.c : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\45Y305EZ\84785_nttpm[1].exe -> Backdoor.Mytobor.c : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\dllcache\seagatecom.exe -> Backdoor.Mytobor.c : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\dllcache\upnt.exe -> Backdoor.Mytobor.c : Nettoyé et sauvegardé (mise en quarantaine). C:\_OTMoveIt\MovedFiles\WINDOWS\system32\27031_nttpm.exe -> Backdoor.Mytobor.c : Nettoyé et sauvegardé (mise en quarantaine). C:\SDFix\backups\backups.zip/backups/algs.exe -> Backdoor.PoeBot.o : Nettoyé et sauvegardé (mise en quarantaine). C:\SDFix\backups\backups.zip/backups/firewall.exe -> Backdoor.PoeBot.o : Nettoyé et sauvegardé (mise en quarantaine). C:\SDFix\backups\backups.zip/backups/winamp.exe -> Backdoor.PoeBot.o : Nettoyé et sauvegardé (mise en quarantaine). C:\_OTMoveIt\MovedFiles\WINDOWS\system32\twbk.exe -> Backdoor.PoeBot.o : Nettoyé et sauvegardé (mise en quarantaine). C:\_OTMoveIt\MovedFiles\WINDOWS\system32\rdrc.exe -> Backdoor.Rbot.bsp : Nettoyé et sauvegardé (mise en quarantaine). C:\_OTMoveIt\MovedFiles\WINDOWS\system32\tzztx.exe -> Downloader.Small.edb : Nettoyé et sauvegardé (mise en quarantaine). C:\_OTMoveIt\MovedFiles\WINDOWS\system32\xdnntnqi.exe -> Downloader.Small.edb : Nettoyé et sauvegardé (mise en quarantaine). D:\Mes vidéos\DivX Movies\installdrivecleanerstart_fr.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Ignoré. C:\WINDOWS\system32\vuani.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\xkcvw.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine). C:\_OTMoveIt\MovedFiles\WINDOWS\system32\sgqriqx.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine). C:\_OTMoveIt\MovedFiles\WINDOWS\system32\vhxzqo.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine). C:\_OTMoveIt\MovedFiles\WINDOWS\system32\vrhouhdz.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine). C:\_OTMoveIt\MovedFiles\WINDOWS\system32\vszi.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine). C:\_OTMoveIt\MovedFiles\WINDOWS\system32\wbcm.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine). C:\_OTMoveIt\MovedFiles\WINDOWS\system32\yadbxpfq.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine). C:\_OTMoveIt\MovedFiles\WINDOWS\system32\yogeg.exe -> Proxy.Agent.mf : Nettoyé et sauvegardé (mise en quarantaine). C:\_OTMoveIt\MovedFiles\WINDOWS\system32\qxtcgixq.exe -> Proxy.Small : Nettoyé et sauvegardé (mise en quarantaine). :mozilla.15:C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Application Data\Mozilla\Firefox\Profiles\pau5x2cb.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. C:\Documents and Settings\Liam\Cookies\liam@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. :mozilla.34:C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Application Data\Mozilla\Firefox\Profiles\pau5x2cb.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé. :mozilla.52:C:\Documents and Settings\Liam\Application Data\Mozilla\Firefox\Profiles\dpppds9n.default\cookies.txt -> TrackingCookie.Estat : Nettoyé. :mozilla.25:C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Application Data\Mozilla\Firefox\Profiles\pau5x2cb.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.26:C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Application Data\Mozilla\Firefox\Profiles\pau5x2cb.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.27:C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Application Data\Mozilla\Firefox\Profiles\pau5x2cb.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.28:C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Application Data\Mozilla\Firefox\Profiles\pau5x2cb.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.29:C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Application Data\Mozilla\Firefox\Profiles\pau5x2cb.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.30:C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Application Data\Mozilla\Firefox\Profiles\pau5x2cb.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé. :mozilla.22:C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Application Data\Mozilla\Firefox\Profiles\pau5x2cb.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.23:C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Application Data\Mozilla\Firefox\Profiles\pau5x2cb.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.24:C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Application Data\Mozilla\Firefox\Profiles\pau5x2cb.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.18:C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Application Data\Mozilla\Firefox\Profiles\pau5x2cb.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.19:C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Application Data\Mozilla\Firefox\Profiles\pau5x2cb.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.50:C:\Documents and Settings\Liam\Application Data\Mozilla\Firefox\Profiles\dpppds9n.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.51:C:\Documents and Settings\Liam\Application Data\Mozilla\Firefox\Profiles\dpppds9n.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.53:C:\Documents and Settings\Liam\Application Data\Mozilla\Firefox\Profiles\dpppds9n.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\Liam\Cookies\liam@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. C:\SDFix\backups\backups.zip/backups/spooIsv.exe -> Trojan.Pakes : Nettoyé et sauvegardé (mise en quarantaine). C:\_OTMoveIt\MovedFiles\WINDOWS\system32\exfhxyp.exe -> Trojan.Pakes : Nettoyé et sauvegardé (mise en quarantaine). Fin du rapport et le Diaghelp (option 1) : C:\WINDOWS\System32/drivers\fwdrv.err -->23/04/2007 20:24:08 C:\WINDOWS\System32/drivers\AFS2K.SYS -->23/04/2007 19:24:13 C:\WINDOWS\System32/drivers\aswmon.sys -->18/04/2007 18:12:31 C:\WINDOWS\System32/drivers\aswmon2.sys -->18/04/2007 18:12:12 C:\WINDOWS\System32/drivers\aswRdr.sys -->18/04/2007 18:10:01 C:\WINDOWS\System32/drivers\aswTdi.sys -->18/04/2007 18:09:10 C:\WINDOWS\System32/drivers\aavmker4.sys -->18/04/2007 18:07:49 C:\WINDOWS\System32\x -->25/04/2007 12:25:49 C:\WINDOWS\System32\27031_nttpm.exe -->25/04/2007 12:20:55 C:\WINDOWS\System32\27031_sedfg.exe -->25/04/2007 12:16:59 C:\WINDOWS\System32\perfh00C.dat -->23/04/2007 21:12:31 C:\WINDOWS\System32\perfh009.dat -->23/04/2007 21:12:31 C:\WINDOWS\System32\perfc00C.dat -->23/04/2007 21:12:31 C:\WINDOWS\System32\perfc009.dat -->23/04/2007 21:12:31 C:\WINDOWS\System32\PerfStringBackup.INI -->23/04/2007 21:12:28 C:\WINDOWS\System32\wmpscheme.xml -->23/04/2007 19:57:06 C:\WINDOWS\System32\jupdate-1.6.0_01-b06.log -->23/04/2007 09:05:13 C:\WINDOWS\System32\h323log.txt -->22/04/2007 19:20:37 C:\WINDOWS\System32\xhseac.bat -->22/04/2007 18:46:38 C:\WINDOWS\System32\CONFIG.NT -->22/04/2007 18:43:11 C:\WINDOWS\System32\wpa.dbl -->22/04/2007 18:34:44 C:\WINDOWS\System32\FNTCACHE.DAT -->22/04/2007 18:34:25 C:\WINDOWS\System32\$winnt$.inf -->22/04/2007 18:30:26 C:\WINDOWS\System32\nscompat.tlb -->22/04/2007 18:27:06 C:\WINDOWS\System32\amcompat.tlb -->22/04/2007 18:27:06 C:\WINDOWS\System32\WindowsLogon.manifest -->22/04/2007 18:25:41 C:\WINDOWS\System32\logonui.exe.manifest -->22/04/2007 18:25:41 C:\WINDOWS\System32\wuaucpl.cpl.manifest -->22/04/2007 18:25:32 C:\WINDOWS\System32\sapi.cpl.manifest -->22/04/2007 18:25:32 C:\WINDOWS\System32\nwc.cpl.manifest -->22/04/2007 18:25:32 C:\WINDOWS\System32\ncpa.cpl.manifest -->22/04/2007 18:25:32 C:\WINDOWS\System32\cdplayer.exe.manifest -->22/04/2007 18:25:32 C:\WINDOWS.log -->25/04/2007 12:39:48 C:\WINDOWS\wiadebug.log -->25/04/2007 12:39:36 C:\WINDOWS\WindowsUpdate.log -->25/04/2007 12:39:35 C:\WINDOWS\wiaservc.log -->25/04/2007 12:39:33 C:\WINDOWS\bootstat.dat -->25/04/2007 12:39:17 C:\WINDOWS\ntbtlog.txt -->25/04/2007 12:11:47 C:\WINDOWS\SchedLgU.Txt -->25/04/2007 11:56:13 C:\WINDOWS\setupapi.log -->25/04/2007 11:44:18 C:\WINDOWS\svcpack.log -->23/04/2007 21:32:34 C:\WINDOWS\setupact.log -->23/04/2007 20:25:13 C:\WINDOWS\OEWABLog.txt -->23/04/2007 19:57:11 C:\WINDOWS\win.ini -->23/04/2007 19:26:58 C:\WINDOWS\hpoins01.dat -->23/04/2007 19:26:18 C:\WINDOWS\xpsp1hfm.log -->23/04/2007 18:42:24 C:\WINDOWS\tsoc.log -->23/04/2007 18:42:23 C:\WINDOWS\twunk_16.exe |28/08/2001 14:00:00 C:\WINDOWS\twunk_32.exe |28/08/2001 14:00:00 C:\WINDOWS\twain.dll |28/08/2001 14:00:00 C:\WINDOWS\twain_32.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\27031_nttpm.exe |25/04/2007 12:20:55 C:\WINDOWS\system32\27031_sedfg.exe |25/04/2007 12:16:59 C:\WINDOWS\system32\append.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\aswBoot.exe |22/04/2007 18:38:10 C:\WINDOWS\system32\debug.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\dosx.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\dumphive.exe |23/04/2007 18:33:58 C:\WINDOWS\system32\dvdplay.exe |23/08/2001 19:47:34 C:\WINDOWS\system32\edlin.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\exe2bin.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\fastopen.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\HPZinw12.exe |23/04/2007 19:21:29 C:\WINDOWS\system32\HPZipm12.exe |23/04/2007 19:21:29 C:\WINDOWS\system32\java.exe |23/04/2007 09:05:18 C:\WINDOWS\system32\javaw.exe |23/04/2007 09:05:18 C:\WINDOWS\system32\javaws.exe |23/04/2007 09:05:18 C:\WINDOWS\system32\mem.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\mscdexnt.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\nlsfunc.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\Process.exe |23/04/2007 18:33:58 C:\WINDOWS\system32\redir.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\setver.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\share.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\SrchSTS.exe |23/04/2007 18:33:58 C:\WINDOWS\system32\swreg.exe |23/04/2007 18:33:58 C:\WINDOWS\system32\swsc.exe |23/04/2007 18:33:58 C:\WINDOWS\system32\swxcacls.exe |23/04/2007 18:33:58 C:\WINDOWS\system32\UHARC.EXE |18/02/2003 22:48:50 C:\WINDOWS\system32\usrmlnka.exe |23/08/2001 19:47:48 C:\WINDOWS\system32\usrprbda.exe |23/08/2001 19:47:48 C:\WINDOWS\system32\usrshuta.exe |23/08/2001 19:47:48 C:\WINDOWS\system32\amstream.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\atmfd.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\atmlib.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\compatUI.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\dgrpsetu.dll |22/04/2007 19:15:52 C:\WINDOWS\system32\dgsetup.dll |22/04/2007 19:15:52 C:\WINDOWS\system32\EqnClass.Dll |22/04/2007 19:15:52 C:\WINDOWS\system32\hpgwiamd.dll |09/03/2003 22:31:04 C:\WINDOWS\system32\hpotscl.dll |09/03/2003 22:31:04 C:\WINDOWS\system32\hpovst08.dll |09/03/2003 22:31:04 C:\WINDOWS\system32\HPZc3212.dll |09/03/2003 22:30:42 C:\WINDOWS\system32\hpzcoi07.dll |09/03/2003 22:30:52 C:\WINDOWS\system32\hpzcon07.dll |09/03/2003 22:30:50 C:\WINDOWS\system32\HPZidr12.dll |23/04/2007 19:21:29 C:\WINDOWS\system32\HPZipr12.dll |23/04/2007 19:21:29 C:\WINDOWS\system32\HPZipt12.dll |23/04/2007 19:21:29 C:\WINDOWS\system32\HPZisn12.dll |23/04/2007 19:21:29 C:\WINDOWS\system32\hpzsnt07.dll |09/03/2003 22:30:52 C:\WINDOWS\system32\hticons.dll |22/04/2007 18:22:29 C:\WINDOWS\system32\hypertrm.dll |22/04/2007 18:22:29 C:\WINDOWS\system32\iccvid.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\ir32_32.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\ir41_qc.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\ir41_qcx.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\ir50_32.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\ir50_qc.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\ir50_qcx.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\isrdbg32.dll |22/04/2007 18:24:16 C:\WINDOWS\system32\jgaw400.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\jgdw400.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\jgmd400.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\jgpl400.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\jgsd400.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\jgsh400.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\mdwmdmsp.dll |23/08/2001 19:47:06 C:\WINDOWS\system32\msdmo.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\msencode.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\nv4.dll |22/04/2007 19:19:15 C:\WINDOWS\system32\paqsp.dll |23/08/2001 19:47:16 C:\WINDOWS\system32\qedwipes.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\slbcsp.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\slbiop.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\slbrccsp.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\spnike.dll |23/08/2001 19:47:18 C:\WINDOWS\system32\sprio600.dll |23/08/2001 19:47:18 C:\WINDOWS\system32\sprio800.dll |23/08/2001 19:47:18 C:\WINDOWS\system32\spxcoins.dll |22/04/2007 19:15:52 C:\WINDOWS\system32\tsd32.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\usrcntra.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrcoina.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrdpa.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrdtea.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrfaxa.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrlbva.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrrtosa.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrsdpia.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrsvpia.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrv42a.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrv80a.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrvoica.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrvpa.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\win87em.dll |28/08/2001 14:00:00 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6435-02A4 Répertoire de C:\WINDOWS\system32 28/08/2001 14:00 4 096 csrss.exe 1 fichier(s) 4 096 octets 0 Rép(s) 23 848 824 832 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6435-02A4 Répertoire de C:\WINDOWS\Downloaded Program Files 25/04/2007 11:44 <REP> . 25/04/2007 11:44 <REP> .. 22/04/2007 18:25 65 desktop.ini 26/03/2007 16:46 5 085 swflash.inf 11/08/2004 02:22 3 036 wmv9dmo.inf 26/05/2005 04:19 291 wuweb.inf 4 fichier(s) 8 477 octets Total des fichiers listés : 4 fichier(s) 8 477 octets 2 Rép(s) 23 848 820 736 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Liste des programmes installes Adobe Flash Player 9 ActiveX avast! Antivirus AVG Anti-Spyware 7.5 Correctif Windows XP - Article Base de Connaissances 834707 Correctif Windows XP - KB823559 Correctif Windows XP - KB828741 Correctif Windows XP - KB835732 Correctif Windows XP - KB842773 Disque de souvenirs HP gtkmm Runtime Environment 2.4 HijackThis 1.99.1 hp psc 1200 series Java SE Runtime Environment 6 Update 1 KRISTAL Audio Engine Mozilla Firefox (2.0.0.3) Package du correctif Windows XP [voir Q329115 pour plus de détails] Photo et imagerie HP 2.0 - All-in-One Photo et imagerie HP 2.0 - All-in-One Pilote Photo et imagerie HP 2.0 - hp psc 1200 series Sunbelt Kerio Personal Firewall UHARC for Windows 1.4.0.2 UxTheme Multipatcher Fr VideoLAN VLC media player 0.8.6b WebFldrs XP Winamp (remove only) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Live Messenger Windows Live Sign-in Assistant Windows XP Hotfix (SP1) [see Q329048 for more information] Windows XP Hotfix (SP1) [see Q329390 for more information] Windows XP Hotfix (SP1) [see Q329441 for more information] Windows XP Hotfix (SP1) [see Q329834 for more information] Windows XP Hotfix (SP1) Q329170 Windows XP Hotfix (SP1) Q810577 Windows XP Hotfix (SP1) Q810833 Windows XP Hotfix (SP1) Q815021 Windows XP Hotfix (SP1) Q817606 WinHTTrack Website Copier 3.41-2 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6435-02A4 Répertoire de C:\Program Files 25/04/2007 07:05 <REP> . 25/04/2007 07:05 <REP> .. 22/04/2007 10:49 <REP> Alwil Software 22/04/2007 13:29 <REP> CDex_170b2 22/04/2007 10:21 <REP> ComPlus Applications 23/04/2007 09:01 <REP> Fichiers communs 22/04/2007 13:31 <REP> Free Audio Pack 25/04/2007 07:05 <REP> Grisoft 22/04/2007 20:16 <REP> gtkmm 23/04/2007 19:24 <REP> Hewlett-Packard 24/04/2007 12:49 <REP> IntelliTamper 22/04/2007 18:23 <REP> Internet Explorer 23/04/2007 09:05 <REP> Java 23/04/2007 08:39 <REP> Kreatives.org 22/04/2007 13:07 <REP> Lavalys 23/04/2007 19:57 <REP> Messenger 22/04/2007 10:24 <REP> microsoft frontpage 22/04/2007 18:24 <REP> Movie Maker 25/04/2007 12:41 <REP> Mozilla Firefox 22/04/2007 10:20 <REP> MSN 22/04/2007 10:20 <REP> MSN Gaming Zone 22/04/2007 19:01 <REP> MSN Messenger 23/04/2007 18:39 <REP> NetMeeting 22/04/2007 18:24 <REP> Outlook Express 22/04/2007 10:20 <REP> Services en ligne 22/04/2007 19:06 <REP> Sunbelt Software 22/04/2007 20:26 <REP> synfig 24/04/2007 17:50 <REP> UHARC for Windows 24/04/2007 19:14 <REP> UxTheme Multipatcher Fr 23/04/2007 12:34 <REP> VideoLAN 23/04/2007 12:39 <REP> Winamp 23/04/2007 19:57 <REP> Windows Media Player 22/04/2007 18:22 <REP> Windows NT 24/04/2007 21:33 <REP> WinHTTrack 22/04/2007 10:24 <REP> xerox 0 fichier(s) 0 octets 35 Rép(s) 23 848 153 088 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6435-02A4 Répertoire de C:\Program Files\fichiers communs 23/04/2007 09:01 <REP> . 23/04/2007 09:01 <REP> .. 23/04/2007 19:19 <REP> Hewlett-Packard 23/04/2007 09:01 <REP> Java 22/04/2007 11:22 <REP> Microsoft Shared 22/04/2007 10:21 <REP> MSSoap 22/04/2007 11:14 <REP> ODBC 22/04/2007 10:21 <REP> Services 22/04/2007 11:14 <REP> SpeechEngines 22/04/2007 18:24 <REP> System 0 fichier(s) 0 octets 10 Rép(s) 23 848 153 088 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6435-02A4 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 22/04/2007 18:35 <REP> . 22/04/2007 18:35 <REP> .. 18/05/2001 17:57 561 209 MSONSEXT.DLL 03/06/1999 14:09 122 937 MSOWS409.DLL 07/03/2001 09:00 127 033 MSOWS40c.DLL 3 fichier(s) 811 179 octets 2 Rép(s) 23 848 153 088 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6435-02A4 Répertoire de C:\ 11/11/2001 00:00 68 096 diff.exe 27/08/2006 14:10 103 424 grep.exe 2 fichier(s) 171 520 octets 0 Rép(s) 23 848 153 088 octets libres c:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Télécharger des logiciels.exe c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UJQ3VZ6A\amcik[1].exe c:\Documents and Settings\Tom\Bureau\cdex_170b2_enu.exe c:\Documents and Settings\Tom\Bureau\everest-ultimate_everest_ultimate_4.0_francais_12281.exe c:\Documents and Settings\Tom\Bureau\install_flash_player(2).exe c:\Documents and Settings\Tom\Bureau\install_flash_player.exe c:\Documents and Settings\Tom\Bureau\Setup_FreeConverter.exe c:\Documents and Settings\Tom\Bureau\vlc-0.8.6b-win32.exe c:\Documents and Settings\Tom\Bureau\VundoFix.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\BCUnInstall.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Setup.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Drivers95\BCHELPER.EXE c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files\BCResident.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files\BCSrvMan.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files\BCView.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files\BCWipe.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files\BCWipeTM.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files\BestCrypt.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files\CryptoSwap.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files\insbcbus.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files\BCWipePD\bcwipepd.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files XP_amd64\insbcbus.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files XP_ia64\insbcbus.exe c:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\8MXI19YP\Firefox%20Setup%202.0.0.3[1].exe c:\Documents and Settings\Tom\Mes documents\Mes fichiers reçus\scanner\scanner.exe.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\ATF-Cleaner.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\avgas-setup-7.5.0.50.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\Firefox Setup 2.0.0.3.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\FixVundo.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\flash5-trialFr.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\flstudio7_RC6b.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\OTMoveIt.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\sunbelt-personal-firewall.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\synfig-0.61.05.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\Télécharger des logiciels.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\UxTheme_Multipatcher_Fr.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\VundoFix.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\winamp533_lite.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\clean\clean\pskill.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\hijackthis\scanner.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\ProcessExplorerNt\procexp.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\reshack\ResHacker.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\dumphive.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\HostsChk.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\Process.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\Reboot.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\restart.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\SmiUpdate.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\swreg.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\swsc.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\swxcacls.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\unzip.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Local Settings\Temp\Répertoire temporaire 1 pour sfp.zip\sfp.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\hmwhvb39.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Application Data\Mozilla\Firefox\Profiles\pau5x2cb.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll merci et @ +

Re, Voila le Vundofix : VundoFix V6.3.20 Checking Java version... Scan started at 12:22:08 24/04/2007 Listing files found while scanning.... C:\WINDOWS\system32\awtqqom.dll C:\WINDOWS\system32\cbxuvwu.dll C:\WINDOWS\system32\cbxwvvt.dll C:\WINDOWS\system32\ddcbabc.dll C:\WINDOWS\system32\ddcbaxv.dll C:\WINDOWS\system32\ddcyaaw.dll C:\WINDOWS\system32\ddcyaya.dll C:\WINDOWS\system32\efcbcca.dll C:\WINDOWS\system32\fccbcaw.dll C:\WINDOWS\system32\fccddaw.dll C:\WINDOWS\System32\hjjlm.bak1 C:\WINDOWS\System32\hjjlm.bak2 C:\WINDOWS\System32\hjjlm.ini C:\WINDOWS\system32\iifdbby.dll C:\WINDOWS\system32\jfcyayao.dll C:\WINDOWS\system32\khfddda.dll C:\WINDOWS\system32\ljjigge.dll C:\WINDOWS\system32\ljjiigh.dll C:\WINDOWS\system32\mljhhef.dll C:\WINDOWS\system32\mljhhfd.dll C:\WINDOWS\System32\mljjh.dll C:\WINDOWS\system32\mljjkkj.dll C:\WINDOWS\system32\opnnkhi.dll C:\WINDOWS\system32\pftigqqm.dll C:\WINDOWS\system32\pmnnmki.dll C:\WINDOWS\system32\pmnoonm.dll C:\WINDOWS\system32\qomkhgf.dll C:\WINDOWS\system32\qwtuvlsb.dll C:\WINDOWS\system32\rqrspnk.dll C:\WINDOWS\system32\rynouwib.dll C:\WINDOWS\system32\ssqroom.dll C:\WINDOWS\system32\urqpmlj.dll C:\WINDOWS\system32\urqpnll.dll C:\WINDOWS\system32\xxyaawu.dll C:\WINDOWS\system32\xxyayxy.dll C:\WINDOWS\system32\xxywttu.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\awtqqom.dll C:\WINDOWS\system32\awtqqom.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\cbxuvwu.dll C:\WINDOWS\system32\cbxuvwu.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\cbxwvvt.dll C:\WINDOWS\system32\cbxwvvt.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ddcbabc.dll C:\WINDOWS\system32\ddcbabc.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ddcbaxv.dll C:\WINDOWS\system32\ddcbaxv.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ddcyaaw.dll C:\WINDOWS\system32\ddcyaaw.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ddcyaya.dll C:\WINDOWS\system32\ddcyaya.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\efcbcca.dll C:\WINDOWS\system32\efcbcca.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\fccbcaw.dll C:\WINDOWS\system32\fccbcaw.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\fccddaw.dll C:\WINDOWS\system32\fccddaw.dll Has been deleted! Attempting to delete C:\WINDOWS\System32\hjjlm.bak1 C:\WINDOWS\System32\hjjlm.bak1 Has been deleted! Attempting to delete C:\WINDOWS\System32\hjjlm.bak2 C:\WINDOWS\System32\hjjlm.bak2 Has been deleted! Attempting to delete C:\WINDOWS\System32\hjjlm.ini C:\WINDOWS\System32\hjjlm.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\iifdbby.dll C:\WINDOWS\system32\iifdbby.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\jfcyayao.dll C:\WINDOWS\system32\jfcyayao.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\khfddda.dll C:\WINDOWS\system32\khfddda.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ljjigge.dll C:\WINDOWS\system32\ljjigge.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ljjiigh.dll C:\WINDOWS\system32\ljjiigh.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mljhhef.dll C:\WINDOWS\system32\mljhhef.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mljhhfd.dll C:\WINDOWS\system32\mljhhfd.dll Has been deleted! Attempting to delete C:\WINDOWS\System32\mljjh.dll C:\WINDOWS\System32\mljjh.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mljjkkj.dll C:\WINDOWS\system32\mljjkkj.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\opnnkhi.dll C:\WINDOWS\system32\opnnkhi.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pftigqqm.dll C:\WINDOWS\system32\pftigqqm.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pmnnmki.dll C:\WINDOWS\system32\pmnnmki.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pmnoonm.dll C:\WINDOWS\system32\pmnoonm.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\qomkhgf.dll C:\WINDOWS\system32\qomkhgf.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\qwtuvlsb.dll C:\WINDOWS\system32\qwtuvlsb.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\rqrspnk.dll C:\WINDOWS\system32\rqrspnk.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\rynouwib.dll C:\WINDOWS\system32\rynouwib.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ssqroom.dll C:\WINDOWS\system32\ssqroom.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\urqpmlj.dll C:\WINDOWS\system32\urqpmlj.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\urqpnll.dll C:\WINDOWS\system32\urqpnll.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\xxyaawu.dll C:\WINDOWS\system32\xxyaawu.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\xxyayxy.dll C:\WINDOWS\system32\xxyayxy.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\xxywttu.dll C:\WINDOWS\system32\xxywttu.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\System32\srcvnoxv.dll C:\WINDOWS\System32\srcvnoxv.dll Has been deleted! Performing Repairs to the registry. Done! Voila le hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 14:13:03, on 24/04/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\System32\WgaTray.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\System32\wuauclt.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\hijackthis\scanner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8524A091-40F2-463A-8546-9C9476567078} - C:\WINDOWS\System32\mljjh.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9DED2B32-743B-47EB-874C-28AECF2A268D} - C:\WINDOWS\System32\urqpnll.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177261547777 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe merci et @ +

Voila le diaghelp C:\WINDOWS\System32/drivers\fwdrv.err -->23/04/2007 20:24:08 C:\WINDOWS\System32/drivers\AFS2K.SYS -->23/04/2007 19:24:13 C:\WINDOWS\System32/drivers\aswmon.sys -->18/04/2007 18:12:31 C:\WINDOWS\System32/drivers\aswmon2.sys -->18/04/2007 18:12:12 C:\WINDOWS\System32/drivers\aswRdr.sys -->18/04/2007 18:10:01 C:\WINDOWS\System32/drivers\aswTdi.sys -->18/04/2007 18:09:10 C:\WINDOWS\System32/drivers\aavmker4.sys -->18/04/2007 18:07:49 C:\WINDOWS\System32\perfh00C.dat -->23/04/2007 21:12:31 C:\WINDOWS\System32\perfh009.dat -->23/04/2007 21:12:31 C:\WINDOWS\System32\perfc00C.dat -->23/04/2007 21:12:31 C:\WINDOWS\System32\perfc009.dat -->23/04/2007 21:12:31 C:\WINDOWS\System32\PerfStringBackup.INI -->23/04/2007 21:12:28 C:\WINDOWS\System32\wmpscheme.xml -->23/04/2007 19:57:06 C:\WINDOWS\System32\jbiq.exe -->23/04/2007 18:54:32 C:\WINDOWS\System32\tmp.txt -->23/04/2007 18:34:48 C:\WINDOWS\System32\tmp.reg -->23/04/2007 18:34:48 C:\WINDOWS\System32\dzoz.exe -->23/04/2007 17:58:51 C:\WINDOWS\System32\vszi.exe -->23/04/2007 12:10:07 C:\WINDOWS\System32\jupdate-1.6.0_01-b06.log -->23/04/2007 09:05:13 C:\WINDOWS\System32\vhxzqo.exe -->23/04/2007 08:32:44 C:\WINDOWS\System32\tzztx.exe -->22/04/2007 21:13:05 C:\WINDOWS\System32\xdnntnqi.exe -->22/04/2007 21:10:59 C:\WINDOWS\System32\sgqriqx.exe -->22/04/2007 21:10:59 C:\WINDOWS\System32\qxtcgixq.exe -->22/04/2007 19:48:28 C:\WINDOWS\System32\yogeg.exe -->22/04/2007 19:32:21 C:\WINDOWS\System32\bagfvnnc.exe -->22/04/2007 19:32:21 C:\WINDOWS\System32\zvopt.exe -->22/04/2007 19:27:37 C:\WINDOWS\System32\yadbxpfq.exe -->22/04/2007 19:27:36 C:\WINDOWS\System32\27031_nttpm.exe -->22/04/2007 19:26:06 C:\WINDOWS\System32\vrhouhdz.exe -->22/04/2007 19:22:35 C:\WINDOWS\System32\h323log.txt -->22/04/2007 19:20:37 C:\WINDOWS\System32\wbcm.exe -->22/04/2007 19:18:58 C:\WINDOWS.log -->24/04/2007 12:31:58 C:\WINDOWS\wiadebug.log -->24/04/2007 12:31:53 C:\WINDOWS\wiaservc.log -->24/04/2007 12:31:52 C:\WINDOWS\WindowsUpdate.log -->24/04/2007 12:31:51 C:\WINDOWS\bootstat.dat -->24/04/2007 12:31:33 C:\WINDOWS\SchedLgU.Txt -->24/04/2007 12:22:25 C:\WINDOWS\svcpack.log -->23/04/2007 21:32:34 C:\WINDOWS\setupapi.log -->23/04/2007 21:15:29 C:\WINDOWS\ntbtlog.txt -->23/04/2007 21:07:07 C:\WINDOWS\setupact.log -->23/04/2007 20:25:13 C:\WINDOWS\OEWABLog.txt -->23/04/2007 19:57:11 C:\WINDOWS\win.ini -->23/04/2007 19:26:58 C:\WINDOWS\hpoins01.dat -->23/04/2007 19:26:18 C:\WINDOWS\xpsp1hfm.log -->23/04/2007 18:42:24 C:\WINDOWS\tsoc.log -->23/04/2007 18:42:23 C:\WINDOWS\twunk_16.exe |28/08/2001 14:00:00 C:\WINDOWS\twunk_32.exe |28/08/2001 14:00:00 C:\WINDOWS\twain.dll |28/08/2001 14:00:00 C:\WINDOWS\twain_32.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\27031_nttpm.exe |22/04/2007 19:26:03 C:\WINDOWS\system32\abmwc.exe |22/04/2007 19:18:58 C:\WINDOWS\system32\append.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\aswBoot.exe |22/04/2007 18:38:10 C:\WINDOWS\system32\bagfvnnc.exe |22/04/2007 19:32:20 C:\WINDOWS\system32\debug.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\dosx.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\dumphive.exe |23/04/2007 18:33:58 C:\WINDOWS\system32\dvdplay.exe |23/08/2001 19:47:34 C:\WINDOWS\system32\dzoz.exe |23/04/2007 17:58:50 C:\WINDOWS\system32\edlin.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\exe2bin.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\exfhxyp.exe |22/04/2007 18:45:32 C:\WINDOWS\system32\fastopen.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\fawyy.exe |22/04/2007 18:44:09 C:\WINDOWS\system32\HPZinw12.exe |23/04/2007 19:21:29 C:\WINDOWS\system32\HPZipm12.exe |23/04/2007 19:21:29 C:\WINDOWS\system32\java.exe |23/04/2007 09:05:18 C:\WINDOWS\system32\javaw.exe |23/04/2007 09:05:18 C:\WINDOWS\system32\javaws.exe |23/04/2007 09:05:18 C:\WINDOWS\system32\jbiq.exe |23/04/2007 18:54:32 C:\WINDOWS\system32\jhltojag.exe |22/04/2007 18:33:39 C:\WINDOWS\system32\mem.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\mscdexnt.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\nlsfunc.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\Process.exe |23/04/2007 18:33:58 C:\WINDOWS\system32\qxtcgixq.exe |22/04/2007 19:48:26 C:\WINDOWS\system32\rdrc.exe |22/04/2007 18:55:22 C:\WINDOWS\system32\redir.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\setver.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\sgqriqx.exe |22/04/2007 21:10:59 C:\WINDOWS\system32\share.exe |28/08/2001 14:00:00 C:\WINDOWS\system32\SrchSTS.exe |23/04/2007 18:33:58 C:\WINDOWS\system32\swreg.exe |23/04/2007 18:33:58 C:\WINDOWS\system32\swsc.exe |23/04/2007 18:33:58 C:\WINDOWS\system32\swxcacls.exe |23/04/2007 18:33:58 C:\WINDOWS\system32\twbk.exe |22/04/2007 18:46:37 C:\WINDOWS\system32\tzztx.exe |22/04/2007 21:13:05 C:\WINDOWS\system32\usrmlnka.exe |23/08/2001 19:47:48 C:\WINDOWS\system32\usrprbda.exe |23/08/2001 19:47:48 C:\WINDOWS\system32\usrshuta.exe |23/08/2001 19:47:48 C:\WINDOWS\system32\vhxzqo.exe |23/04/2007 08:32:44 C:\WINDOWS\system32\vrhouhdz.exe |22/04/2007 19:22:35 C:\WINDOWS\system32\vszi.exe |23/04/2007 12:10:07 C:\WINDOWS\system32\vuani.exe |22/04/2007 19:07:41 C:\WINDOWS\system32\wbcm.exe |22/04/2007 19:18:57 C:\WINDOWS\system32\xdnntnqi.exe |22/04/2007 21:10:59 C:\WINDOWS\system32\xkcvw.exe |22/04/2007 19:00:44 C:\WINDOWS\system32\yadbxpfq.exe |22/04/2007 19:27:36 C:\WINDOWS\system32\yogeg.exe |22/04/2007 19:32:20 C:\WINDOWS\system32\zvopt.exe |22/04/2007 19:27:36 C:\WINDOWS\system32\amstream.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\atmfd.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\atmlib.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\compatUI.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\dgrpsetu.dll |22/04/2007 19:15:52 C:\WINDOWS\system32\dgsetup.dll |22/04/2007 19:15:52 C:\WINDOWS\system32\EqnClass.Dll |22/04/2007 19:15:52 C:\WINDOWS\system32\gebcb.dll |22/04/2007 19:12:54 C:\WINDOWS\system32\geedb.dll |22/04/2007 19:12:54 C:\WINDOWS\system32\hpgwiamd.dll |09/03/2003 22:31:04 C:\WINDOWS\system32\hpotscl.dll |09/03/2003 22:31:04 C:\WINDOWS\system32\hpovst08.dll |09/03/2003 22:31:04 C:\WINDOWS\system32\HPZc3212.dll |09/03/2003 22:30:42 C:\WINDOWS\system32\hpzcoi07.dll |09/03/2003 22:30:52 C:\WINDOWS\system32\hpzcon07.dll |09/03/2003 22:30:50 C:\WINDOWS\system32\HPZidr12.dll |23/04/2007 19:21:29 C:\WINDOWS\system32\HPZipr12.dll |23/04/2007 19:21:29 C:\WINDOWS\system32\HPZipt12.dll |23/04/2007 19:21:29 C:\WINDOWS\system32\HPZisn12.dll |23/04/2007 19:21:29 C:\WINDOWS\system32\hpzsnt07.dll |09/03/2003 22:30:52 C:\WINDOWS\system32\hticons.dll |22/04/2007 18:22:29 C:\WINDOWS\system32\hypertrm.dll |22/04/2007 18:22:29 C:\WINDOWS\system32\iccvid.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\ir32_32.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\ir41_qc.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\ir41_qcx.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\ir50_32.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\ir50_qc.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\ir50_qcx.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\isrdbg32.dll |22/04/2007 18:24:16 C:\WINDOWS\system32\jgaw400.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\jgdw400.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\jgmd400.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\jgpl400.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\jgsd400.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\jgsh400.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\mdwmdmsp.dll |23/08/2001 19:47:06 C:\WINDOWS\system32\msdmo.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\msencode.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\nv4.dll |22/04/2007 19:19:15 C:\WINDOWS\system32\paqsp.dll |23/08/2001 19:47:16 C:\WINDOWS\system32\pmnnl.dll |22/04/2007 19:12:54 C:\WINDOWS\system32\qedwipes.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\slbcsp.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\slbiop.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\slbrccsp.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\spnike.dll |23/08/2001 19:47:18 C:\WINDOWS\system32\sprio600.dll |23/08/2001 19:47:18 C:\WINDOWS\system32\sprio800.dll |23/08/2001 19:47:18 C:\WINDOWS\system32\spxcoins.dll |22/04/2007 19:15:52 C:\WINDOWS\system32\srcvnoxv.dll |22/04/2007 19:14:09 C:\WINDOWS\system32\tsd32.dll |28/08/2001 14:00:00 C:\WINDOWS\system32\usrcntra.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrcoina.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrdpa.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrdtea.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrfaxa.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrlbva.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrrtosa.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrsdpia.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrsvpia.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrv42a.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrv80a.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrvoica.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\usrvpa.dll |23/08/2001 19:47:20 C:\WINDOWS\system32\win87em.dll |28/08/2001 14:00:00 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6435-02A4 Répertoire de C:\WINDOWS\system32 28/08/2001 14:00 4 096 csrss.exe 1 fichier(s) 4 096 octets 0 Rép(s) 23 787 966 464 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6435-02A4 Répertoire de C:\WINDOWS\system32 23/04/2007 18:54 30 781 jbiq.exe 1 fichier(s) 30 781 octets 0 Rép(s) 23 787 966 464 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6435-02A4 Répertoire de C:\WINDOWS\Downloaded Program Files 23/04/2007 09:18 <REP> . 23/04/2007 09:18 <REP> .. 22/04/2007 18:25 65 desktop.ini 11/08/2004 02:22 3 036 wmv9dmo.inf 26/05/2005 04:19 291 wuweb.inf 3 fichier(s) 3 392 octets Total des fichiers listés : 3 fichier(s) 3 392 octets 2 Rép(s) 23 787 966 464 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006 http://www.gmer.net scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Liste des programmes installes avast! Antivirus Correctif Windows XP - Article Base de Connaissances 834707 Correctif Windows XP - KB823559 Correctif Windows XP - KB828741 Correctif Windows XP - KB835732 Correctif Windows XP - KB842773 Disque de souvenirs HP gtkmm Runtime Environment 2.4 HijackThis 1.99.1 hp psc 1200 series Java SE Runtime Environment 6 Update 1 KRISTAL Audio Engine Mozilla Firefox (2.0.0.3) Package du correctif Windows XP [voir Q329115 pour plus de détails] Photo et imagerie HP 2.0 - All-in-One Photo et imagerie HP 2.0 - All-in-One Pilote Photo et imagerie HP 2.0 - hp psc 1200 series Sunbelt Kerio Personal Firewall VideoLAN VLC media player 0.8.6b WebFldrs XP Winamp (remove only) Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Live Messenger Windows Live Sign-in Assistant Windows XP Hotfix (SP1) [see Q329048 for more information] Windows XP Hotfix (SP1) [see Q329390 for more information] Windows XP Hotfix (SP1) [see Q329441 for more information] Windows XP Hotfix (SP1) [see Q329834 for more information] Windows XP Hotfix (SP1) Q329170 Windows XP Hotfix (SP1) Q810577 Windows XP Hotfix (SP1) Q810833 Windows XP Hotfix (SP1) Q815021 Windows XP Hotfix (SP1) Q817606 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6435-02A4 Répertoire de C:\Program Files 24/04/2007 12:49 <REP> . 24/04/2007 12:49 <REP> .. 22/04/2007 10:49 <REP> Alwil Software 22/04/2007 13:29 <REP> CDex_170b2 22/04/2007 10:21 <REP> ComPlus Applications 23/04/2007 09:01 <REP> Fichiers communs 22/04/2007 13:31 <REP> Free Audio Pack 22/04/2007 20:16 <REP> gtkmm 23/04/2007 19:24 <REP> Hewlett-Packard 24/04/2007 12:49 <REP> IntelliTamper 22/04/2007 18:23 <REP> Internet Explorer 23/04/2007 09:05 <REP> Java 23/04/2007 08:39 <REP> Kreatives.org 22/04/2007 13:07 <REP> Lavalys 23/04/2007 19:57 <REP> Messenger 22/04/2007 10:24 <REP> microsoft frontpage 22/04/2007 18:24 <REP> Movie Maker 24/04/2007 13:34 <REP> Mozilla Firefox 22/04/2007 10:20 <REP> MSN 22/04/2007 10:20 <REP> MSN Gaming Zone 22/04/2007 19:01 <REP> MSN Messenger 23/04/2007 18:39 <REP> NetMeeting 22/04/2007 18:24 <REP> Outlook Express 22/04/2007 10:20 <REP> Services en ligne 22/04/2007 19:06 <REP> Sunbelt Software 22/04/2007 20:26 <REP> synfig 23/04/2007 12:34 <REP> VideoLAN 23/04/2007 12:39 <REP> Winamp 23/04/2007 19:57 <REP> Windows Media Player 22/04/2007 18:22 <REP> Windows NT 22/04/2007 10:24 <REP> xerox 0 fichier(s) 0 octets 31 Rép(s) 23 733 665 792 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6435-02A4 Répertoire de C:\Program Files\fichiers communs 23/04/2007 09:01 <REP> . 23/04/2007 09:01 <REP> .. 23/04/2007 19:19 <REP> Hewlett-Packard 23/04/2007 09:01 <REP> Java 22/04/2007 11:22 <REP> Microsoft Shared 22/04/2007 10:21 <REP> MSSoap 22/04/2007 11:14 <REP> ODBC 22/04/2007 10:21 <REP> Services 22/04/2007 11:14 <REP> SpeechEngines 22/04/2007 18:24 <REP> System 0 fichier(s) 0 octets 10 Rép(s) 23 733 665 792 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6435-02A4 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 22/04/2007 18:35 <REP> . 22/04/2007 18:35 <REP> .. 18/05/2001 17:57 561 209 MSONSEXT.DLL 03/06/1999 14:09 122 937 MSOWS409.DLL 07/03/2001 09:00 127 033 MSOWS40c.DLL 3 fichier(s) 811 179 octets 2 Rép(s) 23 733 665 792 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 6435-02A4 Répertoire de C:\ 11/11/2001 00:00 68 096 diff.exe 27/08/2006 14:10 103 424 grep.exe 22/04/2007 19:26 128 000 seagatecom.exe 3 fichier(s) 299 520 octets 0 Rép(s) 23 733 665 792 octets libres c:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Télécharger des logiciels.exe c:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UJQ3VZ6A\amcik[1].exe c:\Documents and Settings\Tom\Bureau\cdex_170b2_enu.exe c:\Documents and Settings\Tom\Bureau\everest-ultimate_everest_ultimate_4.0_francais_12281.exe c:\Documents and Settings\Tom\Bureau\install_flash_player(2).exe c:\Documents and Settings\Tom\Bureau\install_flash_player.exe c:\Documents and Settings\Tom\Bureau\Setup_FreeConverter.exe c:\Documents and Settings\Tom\Bureau\vlc-0.8.6b-win32.exe c:\Documents and Settings\Tom\Bureau\VundoFix.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\BCUnInstall.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Setup.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Drivers95\BCHELPER.EXE c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files\BCResident.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files\BCSrvMan.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files\BCView.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files\BCWipe.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files\BCWipeTM.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files\BestCrypt.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files\CryptoSwap.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files\insbcbus.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files\BCWipePD\bcwipepd.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files XP_amd64\insbcbus.exe c:\Documents and Settings\Tom\Local Settings\Temp\~BCSelfExt.TMP\Program Files XP_ia64\insbcbus.exe c:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\8MXI19YP\Firefox%20Setup%202.0.0.3[1].exe c:\Documents and Settings\Tom\Mes documents\Mes fichiers reçus\scanner\scanner.exe.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\download-KRISTAL_AE_Setup.exe.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\Firefox Setup 2.0.0.3.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\FixVundo.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\flash5-trialFr.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\Flash8-fr.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\flstudio7_RC6b.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\gtkmm-runtime-2.4.8cvs-2.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\Install_Messenger.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\installer-9567-17-Winamp-5-Full-5-32-French.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\intellitamper_v2.07.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SDFix.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\sunbelt-personal-firewall.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\synfig-0.61.05.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\Télécharger des logiciels.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\vlc_vlc_0.8.6b_francais_10829.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\vlc-0.8.6b-win32.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\VundoFix.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\vundofix_vundofix_6.1.4_anglais_25107.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\winamp533_lite.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\clean\clean\pskill.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\hijackthis\scanner.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\dumphive.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\GenericRenosFix.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\HostsChk.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\Process.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\Reboot.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\restart.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\SmiUpdate.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\SrchSTS.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\swreg.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\swsc.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\swxcacls.exe c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\SmitfraudFix\unzip.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\Tom\Application Data\Mozilla\Firefox\Profiles\hmwhvb39.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll c:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Application Data\Mozilla\Firefox\Profiles\pau5x2cb.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll @++

Re, Voila le VundoFix : VundoFix V6.3.20 Checking Java version... Scan started at 12:22:08 24/04/2007 Listing files found while scanning.... C:\WINDOWS\system32\awtqqom.dll C:\WINDOWS\system32\cbxuvwu.dll C:\WINDOWS\system32\cbxwvvt.dll C:\WINDOWS\system32\ddcbabc.dll C:\WINDOWS\system32\ddcbaxv.dll C:\WINDOWS\system32\ddcyaaw.dll C:\WINDOWS\system32\ddcyaya.dll C:\WINDOWS\system32\efcbcca.dll C:\WINDOWS\system32\fccbcaw.dll C:\WINDOWS\system32\fccddaw.dll C:\WINDOWS\System32\hjjlm.bak1 C:\WINDOWS\System32\hjjlm.bak2 C:\WINDOWS\System32\hjjlm.ini C:\WINDOWS\system32\iifdbby.dll C:\WINDOWS\system32\jfcyayao.dll C:\WINDOWS\system32\khfddda.dll C:\WINDOWS\system32\ljjigge.dll C:\WINDOWS\system32\ljjiigh.dll C:\WINDOWS\system32\mljhhef.dll C:\WINDOWS\system32\mljhhfd.dll C:\WINDOWS\System32\mljjh.dll C:\WINDOWS\system32\mljjkkj.dll C:\WINDOWS\system32\opnnkhi.dll C:\WINDOWS\system32\pftigqqm.dll C:\WINDOWS\system32\pmnnmki.dll C:\WINDOWS\system32\pmnoonm.dll C:\WINDOWS\system32\qomkhgf.dll C:\WINDOWS\system32\qwtuvlsb.dll C:\WINDOWS\system32\rqrspnk.dll C:\WINDOWS\system32\rynouwib.dll C:\WINDOWS\system32\ssqroom.dll C:\WINDOWS\system32\urqpmlj.dll C:\WINDOWS\system32\urqpnll.dll C:\WINDOWS\system32\xxyaawu.dll C:\WINDOWS\system32\xxyayxy.dll C:\WINDOWS\system32\xxywttu.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\awtqqom.dll C:\WINDOWS\system32\awtqqom.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\cbxuvwu.dll C:\WINDOWS\system32\cbxuvwu.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\cbxwvvt.dll C:\WINDOWS\system32\cbxwvvt.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ddcbabc.dll C:\WINDOWS\system32\ddcbabc.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ddcbaxv.dll C:\WINDOWS\system32\ddcbaxv.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ddcyaaw.dll C:\WINDOWS\system32\ddcyaaw.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ddcyaya.dll C:\WINDOWS\system32\ddcyaya.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\efcbcca.dll C:\WINDOWS\system32\efcbcca.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\fccbcaw.dll C:\WINDOWS\system32\fccbcaw.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\fccddaw.dll C:\WINDOWS\system32\fccddaw.dll Has been deleted! Attempting to delete C:\WINDOWS\System32\hjjlm.bak1 C:\WINDOWS\System32\hjjlm.bak1 Has been deleted! Attempting to delete C:\WINDOWS\System32\hjjlm.bak2 C:\WINDOWS\System32\hjjlm.bak2 Has been deleted! Attempting to delete C:\WINDOWS\System32\hjjlm.ini C:\WINDOWS\System32\hjjlm.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\iifdbby.dll C:\WINDOWS\system32\iifdbby.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\jfcyayao.dll C:\WINDOWS\system32\jfcyayao.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\khfddda.dll C:\WINDOWS\system32\khfddda.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ljjigge.dll C:\WINDOWS\system32\ljjigge.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ljjiigh.dll C:\WINDOWS\system32\ljjiigh.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mljhhef.dll C:\WINDOWS\system32\mljhhef.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mljhhfd.dll C:\WINDOWS\system32\mljhhfd.dll Has been deleted! Attempting to delete C:\WINDOWS\System32\mljjh.dll C:\WINDOWS\System32\mljjh.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\mljjkkj.dll C:\WINDOWS\system32\mljjkkj.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\opnnkhi.dll C:\WINDOWS\system32\opnnkhi.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pftigqqm.dll C:\WINDOWS\system32\pftigqqm.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pmnnmki.dll C:\WINDOWS\system32\pmnnmki.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\pmnoonm.dll C:\WINDOWS\system32\pmnoonm.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\qomkhgf.dll C:\WINDOWS\system32\qomkhgf.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\qwtuvlsb.dll C:\WINDOWS\system32\qwtuvlsb.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\rqrspnk.dll C:\WINDOWS\system32\rqrspnk.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\rynouwib.dll C:\WINDOWS\system32\rynouwib.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\ssqroom.dll C:\WINDOWS\system32\ssqroom.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\urqpmlj.dll C:\WINDOWS\system32\urqpmlj.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\urqpnll.dll C:\WINDOWS\system32\urqpnll.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\xxyaawu.dll C:\WINDOWS\system32\xxyaawu.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\xxyayxy.dll C:\WINDOWS\system32\xxyayxy.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\xxywttu.dll C:\WINDOWS\system32\xxywttu.dll Has been deleted! Performing Repairs to the registry. Done! Voila le hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 12:37:03, on 24/04/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\System32\WgaTray.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\System32\wuauclt.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\hijackthis\scanner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\System32\srcvnoxv.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8524A091-40F2-463A-8546-9C9476567078} - C:\WINDOWS\System32\mljjh.dll (file missing) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9DED2B32-743B-47EB-874C-28AECF2A268D} - C:\WINDOWS\System32\urqpnll.dll (file missing) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177261547777 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe _________________________________________________________________________________________________ O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8524A091-40F2-463A-8546-9C9476567078} - C:\WINDOWS\System32\mljjh.dll (file missing) Le "file missing" et le "no file" c'est bon signe sa veut dire qu'il y sont pu non ? @ +

Re, Pour les mise a jour c'était prévue t'inquiete mais le site d'attribune est indisponible donc je verrais sa demain merci encore et @ +

Re, Voila le SDfix : SDFix: Version 1.79 Run by Tom - 23/04/2007 - 21:07:33,29 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting... Normal Mode: Checking Files: Below files will be copied to Backups folder then removed: C:\WINDOWS\system32\algs.exe - Deleted C:\WINDOWS\system32\firewall.exe - Deleted C:\WINDOWS\system32\spooIsv.exe - Deleted C:\WINDOWS\system32\winamp.exe - Deleted C:\WINDOWS\Temp\removalfile.bat - Deleted Removing Temp Files ADS Check: Checking if ADS is attached to system32 Folder C:\WINDOWS\system32 No streams found. Checking if ADS is attached to svchost.exe C:\WINDOWS\system32\svchost.exe No streams found. Final Check: Remaining Services: ------------------ Remaining Files: --------------- Backups Folder: - C:\SDFix\backups\backups.zip Checking For Files with Hidden Attributes: C:\WINDOWS\system32\gebcb.dll C:\WINDOWS\system32\geedb.dll C:\WINDOWS\system32\mljjh.dll C:\WINDOWS\system32\pmnnl.dll C:\WINDOWS\system32\anywgm.exe C:\WINDOWS\system32\exfhxyp.exe C:\WINDOWS\system32\fawyy.exe C:\WINDOWS\system32\feifpqc.exe C:\WINDOWS\system32\ijmy.exe C:\WINDOWS\system32\jhltojag.exe C:\WINDOWS\system32\rdrc.exe C:\WINDOWS\system32\twbk.exe C:\Documents and Settings\Tom\Local Settings\Temp\BIT4E.tmp Finished Voila le Vundofix VundoFix V6.3.19 Checking Java version... Sun Java not detected Scan started at 17:11:00 22/04/2007 Listing files found while scanning.... No infected files were found. Beginning removal... VundoFix V6.1.4 Checking Java version... Sun Java not detected Scan started at 08:45:17 23/04/2007 Listing files found while scanning.... No infected files were found. VundoFix V6.1.4 Checking Java version... Scan started at 13:09:46 23/04/2007 Listing files found while scanning.... No infected files were found. Beginning removal... Donc comme tu a dit c'était pas la bonne version de vundofix ! Et le rapport hijackthis : Logfile of HijackThis v1.99.1 Scan saved at 21:20:34, on 23/04/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\WgaTray.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\eadf4c6243f4f494bf29c74db1a1b1fc\update\update.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\hijackthis\scanner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {0F1846E8-7FE0-4AF0-88AB-2B14565A76E3} - C:\WINDOWS\System32\mljjh.dll O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\System32\srcvnoxv.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9DED2B32-743B-47EB-874C-28AECF2A268D} - C:\WINDOWS\System32\urqpnll.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177261547777 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: mljjh - C:\WINDOWS\System32\mljjh.dll O20 - Winlogon Notify: urqpnll - C:\WINDOWS\SYSTEM32\urqpnll.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe Ps : Dans quel ligne de mon hijackthis aa tu vu le trojan @ +

Bonjour a tous, Voila j'ai en ce moment quelques probleme avec des .exe du genre qsjai.exe ou des truc du genre ! Comme je suis un helper noob j'ai essayer tout seul, je croiyait que c'était du vundo a cause de ces lignes dans mon Hijackthis (que j'avais renommer scanner.exe ) : O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\System32\srcvnoxv.dll O2 - BHO: (no name) - {30BA0E15-A4F0-4315-8F51-4674EF1C77B4} - C:\WINDOWS\System32\mljjh.dll O20 - Winlogon Notify: mljjh - C:\WINDOWS\System32\mljjh.dll O20 - Winlogon Notify: urqpnll - C:\WINDOWS\SYSTEM32\urqpnll.dll Donc j'ai télécharger Vundofix.exe de attribune mais il n'a rien trouvé !! Donc voila comme je sait que ce site regroupe de trés bon helper je viens demander de l'aide Merci d'avance et @ + Logfile of HijackThis v1.99.1 Scan saved at 20:19:33, on 23/04/2007 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\winamp.exe C:\WINDOWS\System32\firewall.exe C:\WINDOWS\System32\spooIsv.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\System32\WgaTray.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\System32\wuauclt.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\Tom.SQSQQ-G4RJD6533\Bureau\hijackthis\scanner.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.ircfast.com/index.php?rvs=hompag R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\System32\srcvnoxv.dll O2 - BHO: (no name) - {30BA0E15-A4F0-4315-8F51-4674EF1C77B4} - C:\WINDOWS\System32\mljjh.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9DED2B32-743B-47EB-874C-28AECF2A268D} - C:\WINDOWS\System32\urqpnll.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Winamp Agent] C:\WINDOWS\System32\winamp.exe O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\System32\pujdqcj.exe O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe O4 - HKLM\..\Run: [spooler SubSystem App] C:\WINDOWS\System32\spooIsv.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177261547777 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: mljjh - C:\WINDOWS\System32\mljjh.dll O20 - Winlogon Notify: urqpnll - C:\WINDOWS\SYSTEM32\urqpnll.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe