

awlp
Membres-
Compteur de contenus
3 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par awlp
-
Bonsoir, je viens de laisser ce message sur un autre forum internet je pense que je n'étais pas sur le bon, afin de pouvoir éradiquer spyware-secure et diverse page de pubs intempestive qui pollue mon ordinateur, si vous pouvez me donner la solution je vous remercie à l'avance je vous joint la loge de hijackvis Logfile of HijackThis v1.99.1 Scan saved at 21:41:47, on 10/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Softwin\BitDefender8\bdnagent.exe C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redi...amp;key=IESTART R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redi...amp;key=IESTART R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\APPS\BAE\BAE.dll O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [bDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe" O4 - HKLM\..\Run: [WinServ 32] windserv.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118w.bay118.mail.live.com/mail/re...es/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) je vous met la log de dialhelp aussi DiagHelp version v1.1.2 - http://www.malekal.com excute le 10/07/2007 à 19:23:38,73 Liste des derniers fichies modifies/crees dans windir\system32 C:\WINDOWS\System32/drivers\adidsl.cfg -->26/05/2007 07:34:17 C:\WINDOWS\System32/drivers\aswmon.sys -->30/04/2007 17:41:55 C:\WINDOWS\System32/drivers\aswmon2.sys -->30/04/2007 17:41:42 C:\WINDOWS\System32/drivers\aswRdr.sys -->30/04/2007 17:39:41 C:\WINDOWS\System32/drivers\aswTdi.sys -->30/04/2007 17:38:51 C:\WINDOWS\System32/drivers\aavmker4.sys -->30/04/2007 17:37:23 C:\WINDOWS\System32/drivers\nmwcd.sys -->22/02/2007 10:15:56 C:\WINDOWS\System32\jdlcou_navps.dat -->10/07/2007 19:23:22 C:\WINDOWS\System32\jdlcou.dat -->10/07/2007 19:23:21 C:\WINDOWS\System32\wpa.dbl -->10/07/2007 18:41:02 C:\WINDOWS\System32\vsconfig.xml -->10/07/2007 18:40:25 C:\WINDOWS\System32\OODBS.lor -->10/07/2007 18:40:14 C:\WINDOWS\System32\jdlcou_nav.dat -->10/07/2007 17:23:29 C:\WINDOWS\System32\nvs2.inf -->10/07/2007 17:23:16 C:\WINDOWS\System32\jdlcou.exe -->10/07/2007 10:51:29 C:\WINDOWS\System32\FNTCACHE.DAT -->29/06/2007 06:52:53 C:\WINDOWS\System32\rnaph.dll -->28/06/2007 15:53:43 C:\WINDOWS\System32\iiSetup.log -->28/06/2007 15:20:20 C:\WINDOWS\System32\asfiles.txt -->28/06/2007 13:45:29 C:\WINDOWS\System32\Uninstall.ico -->28/06/2007 11:24:40 C:\WINDOWS\System32\Help.ico -->28/06/2007 11:24:40 C:\WINDOWS\System32\MRT.exe -->05/06/2007 23:38:42 C:\WINDOWS\System32\AUTOEXEC.NT -->02/06/2007 10:41:12 C:\WINDOWS\System32\PerfStringBackup.INI -->26/05/2007 07:18:07 C:\WINDOWS\System32\perfh00C.dat -->26/05/2007 07:18:07 C:\WINDOWS\System32\perfh009.dat -->26/05/2007 07:18:07 C:\WINDOWS\System32\perfc00C.dat -->26/05/2007 07:18:07 C:\WINDOWS\System32\perfc009.dat -->26/05/2007 07:18:07 C:\WINDOWS\System32\inetcomm.dll -->16/05/2007 17:13:53 C:\WINDOWS\System32\mshtml.dll -->08/05/2007 10:59:01 C:\WINDOWS\System32\CONFIG.NT -->07/05/2007 08:33:17 C:\WINDOWS\System32\mlfcache.dat -->30/04/2007 23:33:41 C:\WINDOWS.log -->10/07/2007 18:40:43 C:\WINDOWS\wiadebug.log -->10/07/2007 18:40:39 C:\WINDOWS\WindowsUpdate.log -->10/07/2007 18:40:38 C:\WINDOWS\wiaservc.log -->10/07/2007 18:40:37 C:\WINDOWS\bootstat.dat -->10/07/2007 18:40:19 C:\WINDOWS\SchedLgU.Txt -->10/07/2007 18:39:01 C:\WINDOWS\setupapi.log -->10/07/2007 17:14:07 C:\WINDOWS\msnfix.txt -->09/07/2007 22:42:42 C:\WINDOWS\NeroDigital.ini -->09/07/2007 12:38:57 C:\WINDOWS\win.ini -->28/06/2007 16:09:01 C:\WINDOWS\system.ini -->02/06/2007 10:41:12 C:\WINDOWS\adidsl.ini -->26/05/2007 07:35:37 C:\WINDOWS\Fast800.ini -->26/05/2007 07:34:17 C:\WINDOWS\118294.78 -->30/04/2007 18:15:41 C:\WINDOWS\yesmessenger.ini -->26/04/2007 16:32:21 Le volume dans le lecteur C s'appelle systeme Le numéro de série du volume est 88D3-E3B1 Répertoire de C:\WINDOWS\system32 10/08/2004 15:00 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 135 859 458 048 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle systeme Le numéro de série du volume est 88D3-E3B1 Répertoire de C:\WINDOWS\Downloaded Program Files 10/07/2007 17:03 <REP> . 10/07/2007 17:03 <REP> .. 24/08/2006 08:28 141 424 asinst.dll 17/05/2006 15:32 198 304 avsniffdlgs.dll 17/05/2006 15:26 537 704 AXXPEE.dll 07/12/2004 16:07 32 bdcore.dll 01/03/2005 14:08 118 784 bdupd.dll 28/03/2007 10:06 541 ca.pub 07/02/2007 02:00 2 504 catalog.dat 04/07/2007 11:05 <REP> CONFLICT.1 07/05/2007 16:38 500 120 daas_s.dll 23/09/2004 20:09 65 desktop.ini 25/07/2002 18:13 24 576 dwusplay.dll 25/07/2002 18:13 196 608 dwusplay.exe 07/02/2007 02:00 6 899 ecbootil.vxd 17/05/2006 15:26 42 112 ecmldr32.dll 07/02/2007 02:00 272 040 ecmsvr32.dll 14/07/2005 17:28 365 f3initialsetup1.0.0.15-3.inf 07/05/2007 16:39 192 920 fsauc.dll 15/06/2006 10:19 483 fscax.inf 01/03/2005 14:08 53 248 ipsupd.dll 25/07/2002 18:05 172 032 isusweb.dll 30/01/2007 17:28 902 jinstall-1_5_0_11.inf 09/03/2005 15:42 6 742 lang.ini 11/12/2006 17:44 367 LegitCheckControl.inf 23/04/2007 12:48 7 168 libcomm.dll 07/12/2004 16:07 32 libfn.dll 18/02/2005 16:22 126 live.ini 29/05/2003 16:00 160 864 messengerstatsclient.dll 23/02/2007 00:41 304 544 MessengerStatsPAClient.dll 28/02/2007 15:21 131 472 msgrchkr.dll 20/06/2006 16:44 379 704 MsnPUpld.dll 19/06/2006 15:40 393 MsnPUpld.inf 17/05/2006 15:28 6 850 navapi.vxd 17/05/2006 15:28 201 896 navapi32.dll 07/02/2007 02:00 124 536 naveng32.dll 07/02/2007 02:00 902 776 navex32a.dll 01/06/2006 02:57 1 331 oscan8.inf 01/06/2006 02:54 471 040 oscan8.ocx 31/05/2006 04:15 10 oscan81.ocx_x 20/06/2006 16:44 117 560 PURen-us.dll 15/10/2004 08:59 110 592 PURfr-xx.dll 09/03/2005 15:43 6 828 scanoptions.tsi 07/02/2007 02:00 97 712 scrauth.dat 09/11/2006 15:36 5 019 swflash.inf 07/02/2007 02:00 11 875 symaveng.cat 07/02/2007 02:00 1 061 symaveng.inf 07/02/2007 02:00 188 417 tcdefs.dat 07/02/2007 02:00 1 312 335 tcscan7.dat 07/02/2007 02:00 333 024 tcscan8.dat 07/02/2007 02:00 751 564 tcscan9.dat 07/02/2007 02:00 453 tinf.dat 07/02/2007 02:00 148 tinfidx.dat 07/02/2007 02:00 1 957 tinfl.dat 07/02/2007 02:00 64 232 tscan1.dat 07/02/2007 02:00 3 072 tscan1hd.dat 07/02/2007 02:00 4 778 v.grd 07/02/2007 02:00 2 269 v.sig 07/02/2007 02:00 106 244 virscan.inf 07/02/2007 02:00 977 025 virscan1.dat 07/02/2007 02:00 570 042 virscan2.dat 07/02/2007 02:00 147 728 virscan3.dat 07/02/2007 02:00 320 186 virscan4.dat 07/02/2007 02:00 3 411 419 virscan5.dat 07/02/2007 02:00 390 216 virscan6.dat 07/02/2007 02:00 6 542 038 virscan7.dat 07/02/2007 02:00 1 681 044 virscan8.dat 07/02/2007 02:00 4 120 566 virscan9.dat 07/02/2007 02:00 32 virscant.dat 07/02/2007 02:00 224 zdone.dat 67 fichier(s) 26 441 174 octets Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1 04/07/2007 11:05 <REP> . 04/07/2007 11:05 <REP> .. 25/06/2003 19:00 541 ca.pub 17/01/2006 17:11 580 663 daas_s.dll 03/02/2006 11:20 188 416 fsauc.dll 16/06/2006 15:31 181 856 fscax.dll 4 fichier(s) 951 476 octets Total des fichiers listés : 71 fichier(s) 27 392 650 octets 5 Rép(s) 135 859 453 952 octets libres Recherche de rootkit! (Merci S!Ri) infection possible Magic.Control : un scan F-Secure BlackLight est recommandé Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer" "C:\\Program Files\\Messenger\\msmsgs.exe"="c:\\windows\\$hf_mig$\\kb887472\\sp2qfe\\msmsgs.exe:*:Enabled:Windows Messenger" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"="C:\\Program Files\\IncrediMail\\bin\\ImLc.exe:*:Enabled:IncrediMail" "C:\\Documents and Settings\\famille\\Local Settings\\Temporary Internet Files\\Content.IE5\\Y065DK42\\magentic_install[1].exe"="C:\\Documents and Settings\\famille\\Local Settings\\Temporary Internet Files\\Content.IE5\\Y065DK42\\magentic_install[1].exe:*:Enabled:IncrediMail Installer" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\Program Files\\neuf Talk\\neuf Talk.exe"="c:\\program files\\neuf talk\\neuf talk.exe:*:Enabled:neuf Talk" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application" "C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"="C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer" "C:\\Documents and Settings\\famille\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\IncrediMail_Install.exe"="C:\\Documents and Settings\\famille\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer" "C:\\Program Files\\Magentic\\bin\\MgImp.exe"="C:\\Program Files\\Magentic\\bin\\MgImp.exe:*:Enabled:Magentic" "C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic" "C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic" "I:\\telechargement\\magentic_install.exe"="I:\\telechargement\\magentic_install.exe:*:Enabled:IncrediMail Installer" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" Rechercher adresses sensibles dans le fichier HOSTS... REGEDIT4 [taskmgr.exe] catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-10 19:23:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 172 - ImApp.exe 248 - guard.exe 396 - oodag.exe 556 - csrss.exe 584 - winlogon.exe 628 - services.exe 640 - lsass.exe 704 - usnsvc.exe 804 - svchost.exe 852 - svchost.exe 920 - svchost.exe 964 - svchost.exe 1044 - svchost.exe 1052 - svchost.exe 1120 - vsmon.exe 1400 - xcommsvr.exe 1432 - iexplore.exe 1460 - explorer.exe 1484 - bdss.exe 1680 - ashServ.exe 2380 - dllhost.exe 2432 - CLI.exe 2648 - alg.exe 2860 - livecall.exe 3128 - ashDisp.exe 3160 - zlclient.exe 3208 - RTHDCPL.exe 3216 - CLI.exe 3228 - Vm_sti.exe 3236 - bdnagent.exe 3244 - jdlcou.exe 3256 - MemOptimizer.ex 3296 - Ad-Watch.exe 3320 - ctfmon.exe 3740 - msnmsgr.exe 3988 - cmd.exe Total number of processes = 37 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\TUKERNEL.EXE 80720000 - \WINDOWS\system32\hal.dll F7A63000 - \WINDOWS\system32\KDCOM.DLL F7973000 - \WINDOWS\system32\BOOTVID.dll F7513000 - ACPI.sys F7A65000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS F7502000 - pci.sys F7563000 - isapnp.sys F7B2B000 - pciide.sys F77E3000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F7A67000 - aliide.sys F7A69000 - cmdide.sys F7A6B000 - toside.sys F7A6D000 - viaide.sys F7A6F000 - intelide.sys F7573000 - MountMgr.sys F74E3000 - ftdisk.sys F7A71000 - dmload.sys F74BD000 - dmio.sys F77EB000 - PartMgr.sys F7583000 - VolSnap.sys F7977000 - cpqarray.sys F74A5000 - \WINDOWS\system32\DRIVERS\SCSIPORT.SYS F748D000 - atapi.sys F797B000 - aha154x.sys F77F3000 - sparrow.sys F797F000 - symc810.sys F7593000 - aic78xx.sys F7983000 - dac960nt.sys F75A3000 - ql10wnt.sys F7987000 - amsint.sys F77FB000 - asc.sys F798B000 - asc3550.sys F7803000 - mraid35x.sys F780B000 - i2omp.sys F798F000 - ini910u.sys F75B3000 - ql1240.sys F75C3000 - aic78u2.sys F7813000 - symc8xx.sys F781B000 - sym_hi.sys F7823000 - sym_u3.sys F782B000 - ABP480N5.SYS F7833000 - asc3350p.sys F7A73000 - cd20xrnt.sys F75D3000 - ultra.sys F7474000 - adpu160m.sys F783B000 - dpti2o.sys F75E3000 - ql1080.sys F75F3000 - ql1280.sys F7603000 - ql12160.sys F7843000 - perc2.sys F7A75000 - perc2hib.sys F784B000 - hpn.sys F7993000 - cbidf2k.sys F7448000 - dac2w2k.sys F7613000 - disk.sys F7623000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F7428000 - fltMgr.sys F7633000 - PxHelp20.sys F7411000 - KSecDD.sys F73FE000 - WudfPf.sys F7371000 - Ntfs.sys F7344000 - NDIS.sys F7643000 - viaagp.sys F7330000 - srescan.sys F7653000 - sisagp.sys F7663000 - ohci1394.sys F7673000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F7315000 - Mup.sys F7683000 - alim1541.sys F7693000 - amdagp.sys F76A3000 - agp440.sys F76B3000 - agpCPQ.sys F76E3000 - \SystemRoot\system32\DRIVERS\nic1394.sys F72B5000 - \SystemRoot\system32\DRIVERS\intelppm.sys F691D000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys F6909000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F7943000 - \SystemRoot\system32\DRIVERS\usbohci.sys F68E6000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F794B000 - \SystemRoot\system32\DRIVERS\usbehci.sys F72A5000 - \SystemRoot\system32\DRIVERS\imapi.sys F7295000 - \SystemRoot\system32\DRIVERS\cdrom.sys F7285000 - \SystemRoot\system32\DRIVERS\redbook.sys F68C3000 - \SystemRoot\system32\DRIVERS\ks.sys F689E000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys F7953000 - \SystemRoot\system32\DRIVERS\RTL8139.SYS F7275000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F795B000 - \SystemRoot\system32\DRIVERS\mouclass.sys F7963000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F7B3B000 - \SystemRoot\system32\DRIVERS\audstub.sys F6B13000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F7A53000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F6887000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F6B03000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F6AF3000 - \SystemRoot\system32\DRIVERS\raspptp.sys F796B000 - \SystemRoot\system32\DRIVERS\TDI.SYS F6876000 - \SystemRoot\system32\DRIVERS\psched.sys F6AE3000 - \SystemRoot\system32\DRIVERS\msgpc.sys F785B000 - \SystemRoot\system32\DRIVERS\ptilink.sys F7893000 - \SystemRoot\system32\DRIVERS\raspti.sys F789B000 - \SystemRoot\system32\DRIVERS\wanatw4.sys F6845000 - \SystemRoot\system32\DRIVERS\rdpdr.sys F6AD3000 - \SystemRoot\system32\DRIVERS\termdd.sys F7A95000 - \SystemRoot\system32\DRIVERS\swenum.sys F67E9000 - \SystemRoot\system32\DRIVERS\update.sys F7241000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F6AC3000 - \SystemRoot\System32\Drivers\NDProxy.SYS F6A93000 - \SystemRoot\system32\DRIVERS\usbhub.sys F7A97000 - \SystemRoot\system32\DRIVERS\USBD.SYS AABA3000 - \SystemRoot\system32\drivers\RtkHDAud.sys AAB81000 - \SystemRoot\system32\drivers\portcls.sys F6A83000 - \SystemRoot\system32\drivers\drmk.sys F7A9B000 - \SystemRoot\System32\Drivers\i2omgmt.SYS F7A9F000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7B63000 - \SystemRoot\System32\Drivers\Null.SYS F7AA1000 - \SystemRoot\System32\Drivers\Beep.SYS F7B65000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys F78C3000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F78CB000 - \SystemRoot\System32\drivers\vga.sys F7AA3000 - \SystemRoot\System32\Drivers\mnmdd.SYS F7AA5000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F78D3000 - \SystemRoot\System32\Drivers\Msfs.SYS F78DB000 - \SystemRoot\System32\Drivers\Npfs.SYS F720D000 - \SystemRoot\system32\DRIVERS\rasacd.sys AA88B000 - \SystemRoot\system32\DRIVERS\ipsec.sys AA833000 - \SystemRoot\system32\DRIVERS\tcpip.sys F76F3000 - \SystemRoot\System32\Drivers\aswTdi.SYS AA772000 - \SystemRoot\system32\DRIVERS\ipnat.sys AA74A000 - \SystemRoot\system32\DRIVERS\netbt.sys F7703000 - \SystemRoot\system32\DRIVERS\wanarp.sys AA6EB000 - \SystemRoot\System32\vsdatant.sys F7713000 - \SystemRoot\system32\DRIVERS\arp1394.sys AA6C9000 - \SystemRoot\System32\drivers\afd.sys F7723000 - \SystemRoot\system32\DRIVERS\netbios.sys AA69E000 - \SystemRoot\system32\DRIVERS\rdbss.sys AA62F000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F7743000 - \SystemRoot\System32\Drivers\Fips.SYS F7B99000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys F78EB000 - \SystemRoot\System32\Drivers\Aavmker4.SYS F7783000 - \SystemRoot\System32\Drivers\Cdfs.SYS F78FB000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS AA5F0000 - \SystemRoot\System32\Drivers\usbVM31b.sys F7793000 - \SystemRoot\System32\Drivers\STREAM.SYS AA5D8000 - \SystemRoot\System32\Drivers\dump_atapi.sys F7AD9000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys AAB79000 - \SystemRoot\System32\drivers\Dxapi.sys F7903000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F7C7A000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\ati2dvag.dll BFA17000 - \SystemRoot\System32\ati2cqag.dll BFA51000 - \SystemRoot\System32\atikvmag.dll BFA87000 - \SystemRoot\System32\ati3duag.dll BFCEE000 - \SystemRoot\System32\ativvaxx.dll A8424000 - \SystemRoot\system32\DRIVERS\ndisuio.sys A8042000 - \SystemRoot\System32\Drivers\aswMon2.SYS A7EC5000 - \SystemRoot\system32\drivers\wdmaud.sys A8210000 - \SystemRoot\system32\drivers\sysaudio.sys A7D82000 - \SystemRoot\system32\DRIVERS\mrxdav.sys A7D19000 - \SystemRoot\System32\Drivers\HTTP.sys A7BD7000 - \SystemRoot\system32\DRIVERS\srv.sys A78B3000 - \SystemRoot\System32\Drivers\aswRdr.SYS A6E42000 - \SystemRoot\system32\drivers\kmixer.sys F7BDA000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 165 Liste des programmes installes Adobe Reader 8.1.0 - Français Adobe® Photoshop® Album Edition Découverte 3.0 Apple Software Update Archiveur WinRAR ATI Catalyst Control Center avast! Antivirus AVG Anti-Spyware 7.5 BitDefender 8 Free Edition Browser Address Error Redirector Camera RAW Plug-In for EPSON Creativity Suite CCleaner (remove only) Codeur Windows Media Série 9 EasyCleaner eMule EnveloppesEditor1.08 Google Toolbar for Internet Explorer HijackThis 1.99.1 IncrediMail Xe J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 4 J2SE Runtime Environment 5.0 Update 7 Java™ SE Runtime Environment 6 Lecteur Windows Media 11 Macromedia Flash Player 8 Macromedia Shockwave Player Magentic Messenger Plus! Live Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Language Pack - FRA Microsoft Digital Image Library 9 - Blocker Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Sites publics français Microsoft User-Mode Driver Framework Feature Pack 1.5 Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566) Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA Money Manager Ex 0.8.0.6 (beta) Mozilla Firefox (1.5.0.12) Multi Virus Cleaner 2007 Navilog1 Version 2.0.5 Navirad9600v1 Nero 7 Demo neuf Talk 1.4 Nokia Connectivity Cable Driver Nokia PC Suite O&O Defrag Professional Edition OpenOffice.org 2.2 Outerinfo Outil de mise à jour Google Package de pilotes Windows - Nokia Modem (11/03/2006 6.82.0.1) Paint.NET v3.07 PC Connectivity Solution Picasa 2 PL-2303 USB-to-Serial PowerDVD RealPlayer REALTEK GbE & FE Ethernet PCI NIC Driver Realtek High Definition Audio Driver Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) SmartSound Quicktracks Plugin Sonic Encoders Sonic Express Labeler Sonic MyDVD LE Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Spybot - Search & Destroy 1.4 Starware Toolbar Musique TuneUp Utilities 2006 TV sur PC Ulead VideoStudio 9.0 SE DVD VIMICRO USB PC Camera Vista Dual Scan 1.0 WebFldrs XP Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) Windows Driver Package - Nokia Modem (02/15/2007 3.1) Windows Internet Explorer 7 Windows Live Messenger Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 ZoneAlarm Le volume dans le lecteur C s'appelle systeme Le numéro de série du volume est 88D3-E3B1 Répertoire de C:\Program Files 10/07/2007 16:55 <REP> . 10/07/2007 16:55 <REP> .. 22/01/2007 16:46 <REP> 3rdParty 07/02/2007 13:40 <REP> Address 09/06/2007 23:31 <REP> Adobe 11/01/2007 17:20 <REP> Alwil Software 08/03/2007 10:37 <REP> Apple Software Update 04/12/2006 00:46 <REP> ATI Technologies 10/07/2007 17:26 <REP> AxBx 10/01/2007 23:10 <REP> CCleaner 22/01/2007 16:46 <REP> cryptdll 04/12/2006 01:22 <REP> CyberLink 03/06/2007 09:37 <REP> DIFX 10/07/2007 16:59 <REP> eMule 11/06/2007 23:25 <REP> EnveloppesEditor1.08 01/07/2007 17:05 <REP> epson 22/01/2007 16:46 <REP> Faces 28/06/2007 16:08 <REP> Fichiers communs 23/03/2007 08:53 <REP> Google 02/05/2007 10:15 <REP> Grisoft 22/01/2007 16:46 <REP> Help 10/07/2007 14:47 <REP> Hijackthis Version Française 26/05/2007 07:55 <REP> IncrediMail 22/01/2007 16:46 <REP> Info 06/07/2007 18:06 <REP> Internet Explorer 06/04/2007 15:24 <REP> Java 10/01/2007 23:17 <REP> Lavasoft 04/12/2006 01:10 <REP> Learn2.com 26/04/2007 08:14 <REP> Magentic 15/01/2007 13:07 <REP> Messenger 05/07/2007 16:42 <REP> Messenger Plus! Live 02/06/2007 12:13 <REP> Microsoft ActiveSync 11/05/2007 11:05 <REP> Microsoft CAPICOM 2.1.0.2 24/01/2007 22:39 <REP> Microsoft Digital Image 2006 23/09/2004 20:15 <REP> microsoft frontpage 14/01/2007 12:45 <REP> Microsoft Sites publics français 11/01/2007 09:02 <REP> Microsoft Visual Studio 11/01/2007 09:00 <REP> Microsoft Visual Studio 8 11/01/2007 09:01 <REP> Microsoft.NET 28/06/2007 14:49 <REP> Money Manager Ex 11/01/2007 23:59 <REP> Movie Maker 10/07/2007 18:45 <REP> Mozilla Firefox 06/04/2007 15:15 <REP> MSBuild 12/01/2007 01:17 <REP> MSECache 23/09/2004 19:59 <REP> MSN 23/09/2004 19:59 <REP> MSN Gaming Zone 04/07/2007 19:19 <REP> MSN Messenger 10/07/2007 17:19 <REP> Navilog1 09/07/2007 10:03 <REP> Navirad 01/04/2007 22:06 <REP> Nero 15/01/2007 14:32 <REP> NetMeeting 06/06/2007 23:02 <REP> Neuf 09/07/2007 14:43 <REP> neuf Talk 03/06/2007 09:36 <REP> Nokia 25/01/2007 01:32 <REP> Oberon Media 11/01/2007 17:14 <REP> OO Software 28/06/2007 23:28 <REP> OpenOffice.org 2.2 13/06/2007 06:56 <REP> Outlook Express 26/04/2007 14:03 <REP> Paint.NET 03/06/2007 09:37 <REP> PC Connectivity Solution 01/05/2007 00:37 <REP> Picasa2 02/06/2007 12:13 <REP> POI-Warner Speed Camera Updater 04/12/2006 01:09 <REP> Real 04/12/2006 00:48 <REP> Realtek 10/01/2007 23:32 <REP> RegCleaner 14/12/2005 14:45 <REP> RegSupreme Pro 14/01/2007 13:04 <REP> Save Flash 11/01/2007 23:59 <REP> Services en ligne 04/12/2006 01:20 <REP> SmartSound Software 28/06/2007 16:08 <REP> Softwin 04/12/2006 01:12 <REP> Sonic 07/07/2007 10:05 <REP> Spybot - Search & Destroy 17/03/2007 10:45 <REP> Starware370 22/01/2007 16:46 <REP> Template 10/07/2007 16:55 <REP> ToniArts 05/11/2005 14:42 <REP> TuneUp Utilities 22/06/2007 08:19 <REP> TuneUp Utilities 2006 04/12/2006 01:19 <REP> Ulead Systems 11/01/2007 01:29 <REP> Vimicro 03/02/2007 10:34 <REP> Windows Desktop Search 07/06/2007 17:13 <REP> Windows Live 04/12/2006 01:20 <REP> Windows Media Components 12/01/2007 02:13 <REP> Windows Media Connect 2 20/02/2007 08:52 <REP> Windows Media Player 12/01/2007 00:00 <REP> Windows NT 23/09/2004 20:01 <REP> Windows Plus 19/01/2007 11:03 <REP> WinRAR 23/09/2004 20:15 <REP> xerox 12/01/2007 00:24 <REP> Zone Labs 0 fichier(s) 0 octets 89 Rép(s) 135 859 081 216 octets libres Le volume dans le lecteur C s'appelle systeme Le numéro de série du volume est 88D3-E3B1 Répertoire de C:\Program Files\fichiers communs 28/06/2007 16:08 <REP> . 28/06/2007 16:08 <REP> .. 26/04/2007 13:50 <REP> ACD Systems 09/06/2007 23:32 <REP> Adobe 01/04/2007 22:09 <REP> Ahead 06/04/2007 15:16 <REP> DESIGNER 04/12/2006 01:13 <REP> InstallShield 04/12/2006 01:03 <REP> Java 01/06/2007 13:33 <REP> Microsoft Shared 23/09/2004 20:07 <REP> MSSoap 03/06/2007 09:35 <REP> Nokia 04/12/2006 01:10 <REP> Nullsoft 23/09/2004 19:53 <REP> ODBC 03/06/2007 09:37 <REP> PCSuite 25/03/2007 21:33 <REP> Real 11/01/2007 23:58 <REP> Services 28/06/2007 16:09 <REP> Softwin 11/01/2007 23:58 <REP> Sonic Shared 23/09/2004 19:53 <REP> SpeechEngines 11/01/2007 23:58 <REP> SureThing Shared 13/06/2007 06:56 <REP> System 04/12/2006 01:12 <REP> TiVo Shared 24/01/2007 14:21 <REP> Ulead Systems 25/03/2007 21:33 <REP> xing shared 30/04/2007 16:57 <REP> {38D3E3B1-0AE9-1036-0719-060511120021} 30/05/2007 08:20 <REP> {88D3E3B1-0AE9-1036-0719-060511120021} 0 fichier(s) 0 octets 26 Rép(s) 135 859 077 120 octets libres Le volume dans le lecteur C s'appelle systeme Le numéro de série du volume est 88D3-E3B1 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 06/04/2007 15:17 <REP> . 06/04/2007 15:17 <REP> .. 06/04/2007 15:11 <REP> 1036 26/10/2006 20:49 970 528 MSONSEXT.DLL 03/06/1999 13:09 122 937 MSOWS409.DLL 07/03/2001 08:00 127 033 MSOWS40c.DLL 3 fichier(s) 1 220 498 octets 3 Rép(s) 135 859 077 120 octets libres Le volume dans le lecteur C s'appelle systeme Le numéro de série du volume est 88D3-E3B1 Répertoire de C:\ 12/05/2007 18:22 68 096 diff.exe 12/05/2007 18:22 103 424 grep.exe 31/10/2005 17:56 700 416 StubInstaller.exe 3 fichier(s) 871 936 octets 0 Rép(s) 135 859 077 120 octets libres c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}\ARPPRODUCTICON.exe c:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_fre.exe c:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstCCD.exe c:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCS.exe c:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCSFEMsi.exe c:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe c:\Documents and Settings\All Users\Menu Démarrer\Programmes\Télécharger des logiciels.exe c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}\ARPPRODUCTICON.exe c:\Documents and Settings\famille\Application Data\Microsoft\Installer\{B72B0ECE-F41E-4EC4-AA37-1A00640680BF}\_1773C0A4E004EB4D3ECAE5.exe c:\Documents and Settings\famille\Application Data\Microsoft\Installer\{B72B0ECE-F41E-4EC4-AA37-1A00640680BF}\_6FEFF9B68218417F98F549.exe c:\Documents and Settings\famille\Application Data\Microsoft\Installer\{B72B0ECE-F41E-4EC4-AA37-1A00640680BF}\_C96AC1B409367E02762E8D.exe c:\Documents and Settings\famille\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\famille\Bureau\DiagHelp\diff.exe c:\Documents and Settings\famille\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\famille\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\famille\Bureau\DiagHelp\find2.exe c:\Documents and Settings\famille\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\famille\Bureau\DiagHelp\grep.exe c:\Documents and Settings\famille\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\famille\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\famille\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\famille\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\famille\Bureau\DiagHelp\streams.exe c:\Documents and Settings\famille\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\famille\Local Settings\Application Data\Magentic\Runtime\ScreenSaver\955A21B3-B96B-46DC0ABE9-70EFACFBC2B2\zoomfade.exe c:\Documents and Settings\famille\Local Settings\Application Data\Magentic\Runtime\ScreenSaver\E9EE8159-84BB-4D910B813-B8CEDC24EAAA\wind.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\ChCfg.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\RtlUpd.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\RtlUpd64.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\SetCDfmt.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\Setup.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\MSHDQFE\Win2K3\us\kb888111srvrtm.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\MSHDQFE\Win2K_XP\us\kb888111w2ksp4.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\MSHDQFE\Win2K_XP\us\kb888111xpsp1.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\MSHDQFE\Win2K_XP\us\kb888111xpsp2.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\WDM\Alcmtr.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\WDM\AlcWzrd.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\WDM\CPLUtl64.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\WDM\MicCal.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\WDM\RTHDCPL.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\WDM\RTLCPL.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\WDM\RtlUpd.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\WDM\RtlUpd64.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\WDM\SoundMan.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\java.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\javacpl.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\javaw.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\javaws.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\jucheck.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\jusched.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\keytool.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\kinit.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\klist.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\ktab.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\orbd.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\pack200.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\policytool.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\rmid.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\rmiregistry.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\servertool.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\tnameserv.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\unpack200.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\java.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\javacpl.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\java-rmi.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\javaw.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\javaws.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\jucheck.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\jusched.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\keytool.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\kinit.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\klist.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\ktab.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\orbd.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\pack200.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\policytool.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\rmid.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\rmiregistry.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\servertool.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\tnameserv.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\unpack200.exe c:\Documents and Settings\Invité\Application Data\Microsoft\Installer\{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}\ARPPRODUCTICON.exe c:\Documents and Settings\Administrateur\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\famille\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp j'ai passé aussi navilog1 je vous remercie à l'avance
-
bonsoir, jai déjà laissé un message afin de pouvoir éradiquer spyware-secure et diverse page de pubs intempestive qui pollue mon ordinateur, si vous pouvez me donner la solution je vous remercie à l'avance je vous joint la loge de hijackvis Logfile of HijackThis v1.99.1 Scan saved at 21:41:47, on 10/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Softwin\BitDefender8\bdnagent.exe C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redi...amp;key=IESTART R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redi...amp;key=IESTART R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\APPS\BAE\BAE.dll O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [bDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe" O4 - HKLM\..\Run: [WinServ 32] windserv.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118w.bay118.mail.live.com/mail/re...es/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) je vous met la log de dialhelp aussi DiagHelp version v1.1.2 - http://www.malekal.com excute le 10/07/2007 à 19:23:38,73 Liste des derniers fichies modifies/crees dans windir\system32 C:\WINDOWS\System32/drivers\adidsl.cfg -->26/05/2007 07:34:17 C:\WINDOWS\System32/drivers\aswmon.sys -->30/04/2007 17:41:55 C:\WINDOWS\System32/drivers\aswmon2.sys -->30/04/2007 17:41:42 C:\WINDOWS\System32/drivers\aswRdr.sys -->30/04/2007 17:39:41 C:\WINDOWS\System32/drivers\aswTdi.sys -->30/04/2007 17:38:51 C:\WINDOWS\System32/drivers\aavmker4.sys -->30/04/2007 17:37:23 C:\WINDOWS\System32/drivers\nmwcd.sys -->22/02/2007 10:15:56 C:\WINDOWS\System32\jdlcou_navps.dat -->10/07/2007 19:23:22 C:\WINDOWS\System32\jdlcou.dat -->10/07/2007 19:23:21 C:\WINDOWS\System32\wpa.dbl -->10/07/2007 18:41:02 C:\WINDOWS\System32\vsconfig.xml -->10/07/2007 18:40:25 C:\WINDOWS\System32\OODBS.lor -->10/07/2007 18:40:14 C:\WINDOWS\System32\jdlcou_nav.dat -->10/07/2007 17:23:29 C:\WINDOWS\System32\nvs2.inf -->10/07/2007 17:23:16 C:\WINDOWS\System32\jdlcou.exe -->10/07/2007 10:51:29 C:\WINDOWS\System32\FNTCACHE.DAT -->29/06/2007 06:52:53 C:\WINDOWS\System32\rnaph.dll -->28/06/2007 15:53:43 C:\WINDOWS\System32\iiSetup.log -->28/06/2007 15:20:20 C:\WINDOWS\System32\asfiles.txt -->28/06/2007 13:45:29 C:\WINDOWS\System32\Uninstall.ico -->28/06/2007 11:24:40 C:\WINDOWS\System32\Help.ico -->28/06/2007 11:24:40 C:\WINDOWS\System32\MRT.exe -->05/06/2007 23:38:42 C:\WINDOWS\System32\AUTOEXEC.NT -->02/06/2007 10:41:12 C:\WINDOWS\System32\PerfStringBackup.INI -->26/05/2007 07:18:07 C:\WINDOWS\System32\perfh00C.dat -->26/05/2007 07:18:07 C:\WINDOWS\System32\perfh009.dat -->26/05/2007 07:18:07 C:\WINDOWS\System32\perfc00C.dat -->26/05/2007 07:18:07 C:\WINDOWS\System32\perfc009.dat -->26/05/2007 07:18:07 C:\WINDOWS\System32\inetcomm.dll -->16/05/2007 17:13:53 C:\WINDOWS\System32\mshtml.dll -->08/05/2007 10:59:01 C:\WINDOWS\System32\CONFIG.NT -->07/05/2007 08:33:17 C:\WINDOWS\System32\mlfcache.dat -->30/04/2007 23:33:41 C:\WINDOWS.log -->10/07/2007 18:40:43 C:\WINDOWS\wiadebug.log -->10/07/2007 18:40:39 C:\WINDOWS\WindowsUpdate.log -->10/07/2007 18:40:38 C:\WINDOWS\wiaservc.log -->10/07/2007 18:40:37 C:\WINDOWS\bootstat.dat -->10/07/2007 18:40:19 C:\WINDOWS\SchedLgU.Txt -->10/07/2007 18:39:01 C:\WINDOWS\setupapi.log -->10/07/2007 17:14:07 C:\WINDOWS\msnfix.txt -->09/07/2007 22:42:42 C:\WINDOWS\NeroDigital.ini -->09/07/2007 12:38:57 C:\WINDOWS\win.ini -->28/06/2007 16:09:01 C:\WINDOWS\system.ini -->02/06/2007 10:41:12 C:\WINDOWS\adidsl.ini -->26/05/2007 07:35:37 C:\WINDOWS\Fast800.ini -->26/05/2007 07:34:17 C:\WINDOWS\118294.78 -->30/04/2007 18:15:41 C:\WINDOWS\yesmessenger.ini -->26/04/2007 16:32:21 Le volume dans le lecteur C s'appelle systeme Le numéro de série du volume est 88D3-E3B1 Répertoire de C:\WINDOWS\system32 10/08/2004 15:00 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 135 859 458 048 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle systeme Le numéro de série du volume est 88D3-E3B1 Répertoire de C:\WINDOWS\Downloaded Program Files 10/07/2007 17:03 <REP> . 10/07/2007 17:03 <REP> .. 24/08/2006 08:28 141 424 asinst.dll 17/05/2006 15:32 198 304 avsniffdlgs.dll 17/05/2006 15:26 537 704 AXXPEE.dll 07/12/2004 16:07 32 bdcore.dll 01/03/2005 14:08 118 784 bdupd.dll 28/03/2007 10:06 541 ca.pub 07/02/2007 02:00 2 504 catalog.dat 04/07/2007 11:05 <REP> CONFLICT.1 07/05/2007 16:38 500 120 daas_s.dll 23/09/2004 20:09 65 desktop.ini 25/07/2002 18:13 24 576 dwusplay.dll 25/07/2002 18:13 196 608 dwusplay.exe 07/02/2007 02:00 6 899 ecbootil.vxd 17/05/2006 15:26 42 112 ecmldr32.dll 07/02/2007 02:00 272 040 ecmsvr32.dll 14/07/2005 17:28 365 f3initialsetup1.0.0.15-3.inf 07/05/2007 16:39 192 920 fsauc.dll 15/06/2006 10:19 483 fscax.inf 01/03/2005 14:08 53 248 ipsupd.dll 25/07/2002 18:05 172 032 isusweb.dll 30/01/2007 17:28 902 jinstall-1_5_0_11.inf 09/03/2005 15:42 6 742 lang.ini 11/12/2006 17:44 367 LegitCheckControl.inf 23/04/2007 12:48 7 168 libcomm.dll 07/12/2004 16:07 32 libfn.dll 18/02/2005 16:22 126 live.ini 29/05/2003 16:00 160 864 messengerstatsclient.dll 23/02/2007 00:41 304 544 MessengerStatsPAClient.dll 28/02/2007 15:21 131 472 msgrchkr.dll 20/06/2006 16:44 379 704 MsnPUpld.dll 19/06/2006 15:40 393 MsnPUpld.inf 17/05/2006 15:28 6 850 navapi.vxd 17/05/2006 15:28 201 896 navapi32.dll 07/02/2007 02:00 124 536 naveng32.dll 07/02/2007 02:00 902 776 navex32a.dll 01/06/2006 02:57 1 331 oscan8.inf 01/06/2006 02:54 471 040 oscan8.ocx 31/05/2006 04:15 10 oscan81.ocx_x 20/06/2006 16:44 117 560 PURen-us.dll 15/10/2004 08:59 110 592 PURfr-xx.dll 09/03/2005 15:43 6 828 scanoptions.tsi 07/02/2007 02:00 97 712 scrauth.dat 09/11/2006 15:36 5 019 swflash.inf 07/02/2007 02:00 11 875 symaveng.cat 07/02/2007 02:00 1 061 symaveng.inf 07/02/2007 02:00 188 417 tcdefs.dat 07/02/2007 02:00 1 312 335 tcscan7.dat 07/02/2007 02:00 333 024 tcscan8.dat 07/02/2007 02:00 751 564 tcscan9.dat 07/02/2007 02:00 453 tinf.dat 07/02/2007 02:00 148 tinfidx.dat 07/02/2007 02:00 1 957 tinfl.dat 07/02/2007 02:00 64 232 tscan1.dat 07/02/2007 02:00 3 072 tscan1hd.dat 07/02/2007 02:00 4 778 v.grd 07/02/2007 02:00 2 269 v.sig 07/02/2007 02:00 106 244 virscan.inf 07/02/2007 02:00 977 025 virscan1.dat 07/02/2007 02:00 570 042 virscan2.dat 07/02/2007 02:00 147 728 virscan3.dat 07/02/2007 02:00 320 186 virscan4.dat 07/02/2007 02:00 3 411 419 virscan5.dat 07/02/2007 02:00 390 216 virscan6.dat 07/02/2007 02:00 6 542 038 virscan7.dat 07/02/2007 02:00 1 681 044 virscan8.dat 07/02/2007 02:00 4 120 566 virscan9.dat 07/02/2007 02:00 32 virscant.dat 07/02/2007 02:00 224 zdone.dat 67 fichier(s) 26 441 174 octets Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1 04/07/2007 11:05 <REP> . 04/07/2007 11:05 <REP> .. 25/06/2003 19:00 541 ca.pub 17/01/2006 17:11 580 663 daas_s.dll 03/02/2006 11:20 188 416 fsauc.dll 16/06/2006 15:31 181 856 fscax.dll 4 fichier(s) 951 476 octets Total des fichiers listés : 71 fichier(s) 27 392 650 octets 5 Rép(s) 135 859 453 952 octets libres Recherche de rootkit! (Merci S!Ri) infection possible Magic.Control : un scan F-Secure BlackLight est recommandé Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer" "C:\\Program Files\\Messenger\\msmsgs.exe"="c:\\windows\\$hf_mig$\\kb887472\\sp2qfe\\msmsgs.exe:*:Enabled:Windows Messenger" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail" "C:\\Program Files\\IncrediMail\\bin\\ImLc.exe"="C:\\Program Files\\IncrediMail\\bin\\ImLc.exe:*:Enabled:IncrediMail" "C:\\Documents and Settings\\famille\\Local Settings\\Temporary Internet Files\\Content.IE5\\Y065DK42\\magentic_install[1].exe"="C:\\Documents and Settings\\famille\\Local Settings\\Temporary Internet Files\\Content.IE5\\Y065DK42\\magentic_install[1].exe:*:Enabled:IncrediMail Installer" "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule" "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox" "C:\\Program Files\\neuf Talk\\neuf Talk.exe"="c:\\program files\\neuf talk\\neuf talk.exe:*:Enabled:neuf Talk" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application" "C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"="C:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer" "C:\\Documents and Settings\\famille\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\IncrediMail_Install.exe"="C:\\Documents and Settings\\famille\\Local Settings\\Temp\\ImInstaller\\IncrediMail\\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer" "C:\\Program Files\\Magentic\\bin\\MgImp.exe"="C:\\Program Files\\Magentic\\bin\\MgImp.exe:*:Enabled:Magentic" "C:\\Program Files\\Magentic\\bin\\Magentic.exe"="C:\\Program Files\\Magentic\\bin\\Magentic.exe:*:Enabled:Magentic" "C:\\Program Files\\Magentic\\bin\\MgApp.exe"="C:\\Program Files\\Magentic\\bin\\MgApp.exe:*:Enabled:Magentic" "I:\\telechargement\\magentic_install.exe"="I:\\telechargement\\magentic_install.exe:*:Enabled:IncrediMail Installer" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" Rechercher adresses sensibles dans le fichier HOSTS... REGEDIT4 [taskmgr.exe] catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-07-10 19:23:51 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 172 - ImApp.exe 248 - guard.exe 396 - oodag.exe 556 - csrss.exe 584 - winlogon.exe 628 - services.exe 640 - lsass.exe 704 - usnsvc.exe 804 - svchost.exe 852 - svchost.exe 920 - svchost.exe 964 - svchost.exe 1044 - svchost.exe 1052 - svchost.exe 1120 - vsmon.exe 1400 - xcommsvr.exe 1432 - iexplore.exe 1460 - explorer.exe 1484 - bdss.exe 1680 - ashServ.exe 2380 - dllhost.exe 2432 - CLI.exe 2648 - alg.exe 2860 - livecall.exe 3128 - ashDisp.exe 3160 - zlclient.exe 3208 - RTHDCPL.exe 3216 - CLI.exe 3228 - Vm_sti.exe 3236 - bdnagent.exe 3244 - jdlcou.exe 3256 - MemOptimizer.ex 3296 - Ad-Watch.exe 3320 - ctfmon.exe 3740 - msnmsgr.exe 3988 - cmd.exe Total number of processes = 37 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\TUKERNEL.EXE 80720000 - \WINDOWS\system32\hal.dll F7A63000 - \WINDOWS\system32\KDCOM.DLL F7973000 - \WINDOWS\system32\BOOTVID.dll F7513000 - ACPI.sys F7A65000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS F7502000 - pci.sys F7563000 - isapnp.sys F7B2B000 - pciide.sys F77E3000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS F7A67000 - aliide.sys F7A69000 - cmdide.sys F7A6B000 - toside.sys F7A6D000 - viaide.sys F7A6F000 - intelide.sys F7573000 - MountMgr.sys F74E3000 - ftdisk.sys F7A71000 - dmload.sys F74BD000 - dmio.sys F77EB000 - PartMgr.sys F7583000 - VolSnap.sys F7977000 - cpqarray.sys F74A5000 - \WINDOWS\system32\DRIVERS\SCSIPORT.SYS F748D000 - atapi.sys F797B000 - aha154x.sys F77F3000 - sparrow.sys F797F000 - symc810.sys F7593000 - aic78xx.sys F7983000 - dac960nt.sys F75A3000 - ql10wnt.sys F7987000 - amsint.sys F77FB000 - asc.sys F798B000 - asc3550.sys F7803000 - mraid35x.sys F780B000 - i2omp.sys F798F000 - ini910u.sys F75B3000 - ql1240.sys F75C3000 - aic78u2.sys F7813000 - symc8xx.sys F781B000 - sym_hi.sys F7823000 - sym_u3.sys F782B000 - ABP480N5.SYS F7833000 - asc3350p.sys F7A73000 - cd20xrnt.sys F75D3000 - ultra.sys F7474000 - adpu160m.sys F783B000 - dpti2o.sys F75E3000 - ql1080.sys F75F3000 - ql1280.sys F7603000 - ql12160.sys F7843000 - perc2.sys F7A75000 - perc2hib.sys F784B000 - hpn.sys F7993000 - cbidf2k.sys F7448000 - dac2w2k.sys F7613000 - disk.sys F7623000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS F7428000 - fltMgr.sys F7633000 - PxHelp20.sys F7411000 - KSecDD.sys F73FE000 - WudfPf.sys F7371000 - Ntfs.sys F7344000 - NDIS.sys F7643000 - viaagp.sys F7330000 - srescan.sys F7653000 - sisagp.sys F7663000 - ohci1394.sys F7673000 - \WINDOWS\system32\DRIVERS\1394BUS.SYS F7315000 - Mup.sys F7683000 - alim1541.sys F7693000 - amdagp.sys F76A3000 - agp440.sys F76B3000 - agpCPQ.sys F76E3000 - \SystemRoot\system32\DRIVERS\nic1394.sys F72B5000 - \SystemRoot\system32\DRIVERS\intelppm.sys F691D000 - \SystemRoot\system32\DRIVERS\ati2mtag.sys F6909000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS F7943000 - \SystemRoot\system32\DRIVERS\usbohci.sys F68E6000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS F794B000 - \SystemRoot\system32\DRIVERS\usbehci.sys F72A5000 - \SystemRoot\system32\DRIVERS\imapi.sys F7295000 - \SystemRoot\system32\DRIVERS\cdrom.sys F7285000 - \SystemRoot\system32\DRIVERS\redbook.sys F68C3000 - \SystemRoot\system32\DRIVERS\ks.sys F689E000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys F7953000 - \SystemRoot\system32\DRIVERS\RTL8139.SYS F7275000 - \SystemRoot\system32\DRIVERS\i8042prt.sys F795B000 - \SystemRoot\system32\DRIVERS\mouclass.sys F7963000 - \SystemRoot\system32\DRIVERS\kbdclass.sys F7B3B000 - \SystemRoot\system32\DRIVERS\audstub.sys F6B13000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys F7A53000 - \SystemRoot\system32\DRIVERS\ndistapi.sys F6887000 - \SystemRoot\system32\DRIVERS\ndiswan.sys F6B03000 - \SystemRoot\system32\DRIVERS\raspppoe.sys F6AF3000 - \SystemRoot\system32\DRIVERS\raspptp.sys F796B000 - \SystemRoot\system32\DRIVERS\TDI.SYS F6876000 - \SystemRoot\system32\DRIVERS\psched.sys F6AE3000 - \SystemRoot\system32\DRIVERS\msgpc.sys F785B000 - \SystemRoot\system32\DRIVERS\ptilink.sys F7893000 - \SystemRoot\system32\DRIVERS\raspti.sys F789B000 - \SystemRoot\system32\DRIVERS\wanatw4.sys F6845000 - \SystemRoot\system32\DRIVERS\rdpdr.sys F6AD3000 - \SystemRoot\system32\DRIVERS\termdd.sys F7A95000 - \SystemRoot\system32\DRIVERS\swenum.sys F67E9000 - \SystemRoot\system32\DRIVERS\update.sys F7241000 - \SystemRoot\system32\DRIVERS\mssmbios.sys F6AC3000 - \SystemRoot\System32\Drivers\NDProxy.SYS F6A93000 - \SystemRoot\system32\DRIVERS\usbhub.sys F7A97000 - \SystemRoot\system32\DRIVERS\USBD.SYS AABA3000 - \SystemRoot\system32\drivers\RtkHDAud.sys AAB81000 - \SystemRoot\system32\drivers\portcls.sys F6A83000 - \SystemRoot\system32\drivers\drmk.sys F7A9B000 - \SystemRoot\System32\Drivers\i2omgmt.SYS F7A9F000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS F7B63000 - \SystemRoot\System32\Drivers\Null.SYS F7AA1000 - \SystemRoot\System32\Drivers\Beep.SYS F7B65000 - \SystemRoot\System32\DRIVERS\AvgAsCln.sys F78C3000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS F78CB000 - \SystemRoot\System32\drivers\vga.sys F7AA3000 - \SystemRoot\System32\Drivers\mnmdd.SYS F7AA5000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys F78D3000 - \SystemRoot\System32\Drivers\Msfs.SYS F78DB000 - \SystemRoot\System32\Drivers\Npfs.SYS F720D000 - \SystemRoot\system32\DRIVERS\rasacd.sys AA88B000 - \SystemRoot\system32\DRIVERS\ipsec.sys AA833000 - \SystemRoot\system32\DRIVERS\tcpip.sys F76F3000 - \SystemRoot\System32\Drivers\aswTdi.SYS AA772000 - \SystemRoot\system32\DRIVERS\ipnat.sys AA74A000 - \SystemRoot\system32\DRIVERS\netbt.sys F7703000 - \SystemRoot\system32\DRIVERS\wanarp.sys AA6EB000 - \SystemRoot\System32\vsdatant.sys F7713000 - \SystemRoot\system32\DRIVERS\arp1394.sys AA6C9000 - \SystemRoot\System32\drivers\afd.sys F7723000 - \SystemRoot\system32\DRIVERS\netbios.sys AA69E000 - \SystemRoot\system32\DRIVERS\rdbss.sys AA62F000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys F7743000 - \SystemRoot\System32\Drivers\Fips.SYS F7B99000 - \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys F78EB000 - \SystemRoot\System32\Drivers\Aavmker4.SYS F7783000 - \SystemRoot\System32\Drivers\Cdfs.SYS F78FB000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS AA5F0000 - \SystemRoot\System32\Drivers\usbVM31b.sys F7793000 - \SystemRoot\System32\Drivers\STREAM.SYS AA5D8000 - \SystemRoot\System32\Drivers\dump_atapi.sys F7AD9000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys AAB79000 - \SystemRoot\System32\drivers\Dxapi.sys F7903000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys F7C7A000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\ati2dvag.dll BFA17000 - \SystemRoot\System32\ati2cqag.dll BFA51000 - \SystemRoot\System32\atikvmag.dll BFA87000 - \SystemRoot\System32\ati3duag.dll BFCEE000 - \SystemRoot\System32\ativvaxx.dll A8424000 - \SystemRoot\system32\DRIVERS\ndisuio.sys A8042000 - \SystemRoot\System32\Drivers\aswMon2.SYS A7EC5000 - \SystemRoot\system32\drivers\wdmaud.sys A8210000 - \SystemRoot\system32\drivers\sysaudio.sys A7D82000 - \SystemRoot\system32\DRIVERS\mrxdav.sys A7D19000 - \SystemRoot\System32\Drivers\HTTP.sys A7BD7000 - \SystemRoot\system32\DRIVERS\srv.sys A78B3000 - \SystemRoot\System32\Drivers\aswRdr.SYS A6E42000 - \SystemRoot\system32\drivers\kmixer.sys F7BDA000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 165 Liste des programmes installes Adobe Reader 8.1.0 - Français Adobe® Photoshop® Album Edition Découverte 3.0 Apple Software Update Archiveur WinRAR ATI Catalyst Control Center avast! Antivirus AVG Anti-Spyware 7.5 BitDefender 8 Free Edition Browser Address Error Redirector Camera RAW Plug-In for EPSON Creativity Suite CCleaner (remove only) Codeur Windows Media Série 9 EasyCleaner eMule EnveloppesEditor1.08 Google Toolbar for Internet Explorer HijackThis 1.99.1 IncrediMail Xe J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 4 J2SE Runtime Environment 5.0 Update 7 Java SE Runtime Environment 6 Lecteur Windows Media 11 Macromedia Flash Player 8 Macromedia Shockwave Player Magentic Messenger Plus! Live Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Language Pack - FRA Microsoft Digital Image Library 9 - Blocker Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Sites publics français Microsoft User-Mode Driver Framework Feature Pack 1.5 Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566) Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA Money Manager Ex 0.8.0.6 (beta) Mozilla Firefox (1.5.0.12) Multi Virus Cleaner 2007 Navilog1 Version 2.0.5 Navirad9600v1 Nero 7 Demo neuf Talk 1.4 Nokia Connectivity Cable Driver Nokia PC Suite O&O Defrag Professional Edition OpenOffice.org 2.2 Outerinfo Outil de mise à jour Google Package de pilotes Windows - Nokia Modem (11/03/2006 6.82.0.1) Paint.NET v3.07 PC Connectivity Solution Picasa 2 PL-2303 USB-to-Serial PowerDVD RealPlayer REALTEK GbE & FE Ethernet PCI NIC Driver Realtek High Definition Audio Driver Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) SmartSound Quicktracks Plugin Sonic Encoders Sonic Express Labeler Sonic MyDVD LE Sonic RecordNow Audio Sonic RecordNow Copy Sonic RecordNow Data Spybot - Search & Destroy 1.4 Starware Toolbar Musique TuneUp Utilities 2006 TV sur PC Ulead VideoStudio 9.0 SE DVD VIMICRO USB PC Camera Vista Dual Scan 1.0 WebFldrs XP Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) Windows Driver Package - Nokia Modem (02/15/2007 3.1) Windows Internet Explorer 7 Windows Live Messenger Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 ZoneAlarm Le volume dans le lecteur C s'appelle systeme Le numéro de série du volume est 88D3-E3B1 Répertoire de C:\Program Files 10/07/2007 16:55 <REP> . 10/07/2007 16:55 <REP> .. 22/01/2007 16:46 <REP> 3rdParty 07/02/2007 13:40 <REP> Address 09/06/2007 23:31 <REP> Adobe 11/01/2007 17:20 <REP> Alwil Software 08/03/2007 10:37 <REP> Apple Software Update 04/12/2006 00:46 <REP> ATI Technologies 10/07/2007 17:26 <REP> AxBx 10/01/2007 23:10 <REP> CCleaner 22/01/2007 16:46 <REP> cryptdll 04/12/2006 01:22 <REP> CyberLink 03/06/2007 09:37 <REP> DIFX 10/07/2007 16:59 <REP> eMule 11/06/2007 23:25 <REP> EnveloppesEditor1.08 01/07/2007 17:05 <REP> epson 22/01/2007 16:46 <REP> Faces 28/06/2007 16:08 <REP> Fichiers communs 23/03/2007 08:53 <REP> Google 02/05/2007 10:15 <REP> Grisoft 22/01/2007 16:46 <REP> Help 10/07/2007 14:47 <REP> Hijackthis Version Française 26/05/2007 07:55 <REP> IncrediMail 22/01/2007 16:46 <REP> Info 06/07/2007 18:06 <REP> Internet Explorer 06/04/2007 15:24 <REP> Java 10/01/2007 23:17 <REP> Lavasoft 04/12/2006 01:10 <REP> Learn2.com 26/04/2007 08:14 <REP> Magentic 15/01/2007 13:07 <REP> Messenger 05/07/2007 16:42 <REP> Messenger Plus! Live 02/06/2007 12:13 <REP> Microsoft ActiveSync 11/05/2007 11:05 <REP> Microsoft CAPICOM 2.1.0.2 24/01/2007 22:39 <REP> Microsoft Digital Image 2006 23/09/2004 20:15 <REP> microsoft frontpage 14/01/2007 12:45 <REP> Microsoft Sites publics français 11/01/2007 09:02 <REP> Microsoft Visual Studio 11/01/2007 09:00 <REP> Microsoft Visual Studio 8 11/01/2007 09:01 <REP> Microsoft.NET 28/06/2007 14:49 <REP> Money Manager Ex 11/01/2007 23:59 <REP> Movie Maker 10/07/2007 18:45 <REP> Mozilla Firefox 06/04/2007 15:15 <REP> MSBuild 12/01/2007 01:17 <REP> MSECache 23/09/2004 19:59 <REP> MSN 23/09/2004 19:59 <REP> MSN Gaming Zone 04/07/2007 19:19 <REP> MSN Messenger 10/07/2007 17:19 <REP> Navilog1 09/07/2007 10:03 <REP> Navirad 01/04/2007 22:06 <REP> Nero 15/01/2007 14:32 <REP> NetMeeting 06/06/2007 23:02 <REP> Neuf 09/07/2007 14:43 <REP> neuf Talk 03/06/2007 09:36 <REP> Nokia 25/01/2007 01:32 <REP> Oberon Media 11/01/2007 17:14 <REP> OO Software 28/06/2007 23:28 <REP> OpenOffice.org 2.2 13/06/2007 06:56 <REP> Outlook Express 26/04/2007 14:03 <REP> Paint.NET 03/06/2007 09:37 <REP> PC Connectivity Solution 01/05/2007 00:37 <REP> Picasa2 02/06/2007 12:13 <REP> POI-Warner Speed Camera Updater 04/12/2006 01:09 <REP> Real 04/12/2006 00:48 <REP> Realtek 10/01/2007 23:32 <REP> RegCleaner 14/12/2005 14:45 <REP> RegSupreme Pro 14/01/2007 13:04 <REP> Save Flash 11/01/2007 23:59 <REP> Services en ligne 04/12/2006 01:20 <REP> SmartSound Software 28/06/2007 16:08 <REP> Softwin 04/12/2006 01:12 <REP> Sonic 07/07/2007 10:05 <REP> Spybot - Search & Destroy 17/03/2007 10:45 <REP> Starware370 22/01/2007 16:46 <REP> Template 10/07/2007 16:55 <REP> ToniArts 05/11/2005 14:42 <REP> TuneUp Utilities 22/06/2007 08:19 <REP> TuneUp Utilities 2006 04/12/2006 01:19 <REP> Ulead Systems 11/01/2007 01:29 <REP> Vimicro 03/02/2007 10:34 <REP> Windows Desktop Search 07/06/2007 17:13 <REP> Windows Live 04/12/2006 01:20 <REP> Windows Media Components 12/01/2007 02:13 <REP> Windows Media Connect 2 20/02/2007 08:52 <REP> Windows Media Player 12/01/2007 00:00 <REP> Windows NT 23/09/2004 20:01 <REP> Windows Plus 19/01/2007 11:03 <REP> WinRAR 23/09/2004 20:15 <REP> xerox 12/01/2007 00:24 <REP> Zone Labs 0 fichier(s) 0 octets 89 Rép(s) 135 859 081 216 octets libres Le volume dans le lecteur C s'appelle systeme Le numéro de série du volume est 88D3-E3B1 Répertoire de C:\Program Files\fichiers communs 28/06/2007 16:08 <REP> . 28/06/2007 16:08 <REP> .. 26/04/2007 13:50 <REP> ACD Systems 09/06/2007 23:32 <REP> Adobe 01/04/2007 22:09 <REP> Ahead 06/04/2007 15:16 <REP> DESIGNER 04/12/2006 01:13 <REP> InstallShield 04/12/2006 01:03 <REP> Java 01/06/2007 13:33 <REP> Microsoft Shared 23/09/2004 20:07 <REP> MSSoap 03/06/2007 09:35 <REP> Nokia 04/12/2006 01:10 <REP> Nullsoft 23/09/2004 19:53 <REP> ODBC 03/06/2007 09:37 <REP> PCSuite 25/03/2007 21:33 <REP> Real 11/01/2007 23:58 <REP> Services 28/06/2007 16:09 <REP> Softwin 11/01/2007 23:58 <REP> Sonic Shared 23/09/2004 19:53 <REP> SpeechEngines 11/01/2007 23:58 <REP> SureThing Shared 13/06/2007 06:56 <REP> System 04/12/2006 01:12 <REP> TiVo Shared 24/01/2007 14:21 <REP> Ulead Systems 25/03/2007 21:33 <REP> xing shared 30/04/2007 16:57 <REP> {38D3E3B1-0AE9-1036-0719-060511120021} 30/05/2007 08:20 <REP> {88D3E3B1-0AE9-1036-0719-060511120021} 0 fichier(s) 0 octets 26 Rép(s) 135 859 077 120 octets libres Le volume dans le lecteur C s'appelle systeme Le numéro de série du volume est 88D3-E3B1 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 06/04/2007 15:17 <REP> . 06/04/2007 15:17 <REP> .. 06/04/2007 15:11 <REP> 1036 26/10/2006 20:49 970 528 MSONSEXT.DLL 03/06/1999 13:09 122 937 MSOWS409.DLL 07/03/2001 08:00 127 033 MSOWS40c.DLL 3 fichier(s) 1 220 498 octets 3 Rép(s) 135 859 077 120 octets libres Le volume dans le lecteur C s'appelle systeme Le numéro de série du volume est 88D3-E3B1 Répertoire de C:\ 12/05/2007 18:22 68 096 diff.exe 12/05/2007 18:22 103 424 grep.exe 31/10/2005 17:56 700 416 StubInstaller.exe 3 fichier(s) 871 936 octets 0 Rép(s) 135 859 077 120 octets libres c:\Documents and Settings\Administrateur\Application Data\Microsoft\Installer\{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}\ARPPRODUCTICON.exe c:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_fre.exe c:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstCCD.exe c:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCS.exe c:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCSFEMsi.exe c:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe c:\Documents and Settings\All Users\Menu Démarrer\Programmes\Télécharger des logiciels.exe c:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}\ARPPRODUCTICON.exe c:\Documents and Settings\famille\Application Data\Microsoft\Installer\{B72B0ECE-F41E-4EC4-AA37-1A00640680BF}\_1773C0A4E004EB4D3ECAE5.exe c:\Documents and Settings\famille\Application Data\Microsoft\Installer\{B72B0ECE-F41E-4EC4-AA37-1A00640680BF}\_6FEFF9B68218417F98F549.exe c:\Documents and Settings\famille\Application Data\Microsoft\Installer\{B72B0ECE-F41E-4EC4-AA37-1A00640680BF}\_C96AC1B409367E02762E8D.exe c:\Documents and Settings\famille\Bureau\DiagHelp\catchme.exe c:\Documents and Settings\famille\Bureau\DiagHelp\diff.exe c:\Documents and Settings\famille\Bureau\DiagHelp\dumphive.exe c:\Documents and Settings\famille\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\famille\Bureau\DiagHelp\find2.exe c:\Documents and Settings\famille\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\famille\Bureau\DiagHelp\grep.exe c:\Documents and Settings\famille\Bureau\DiagHelp\KProcCheck.exe c:\Documents and Settings\famille\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\famille\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\famille\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\famille\Bureau\DiagHelp\streams.exe c:\Documents and Settings\famille\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\famille\Local Settings\Application Data\Magentic\Runtime\ScreenSaver\955A21B3-B96B-46DC0ABE9-70EFACFBC2B2\zoomfade.exe c:\Documents and Settings\famille\Local Settings\Application Data\Magentic\Runtime\ScreenSaver\E9EE8159-84BB-4D910B813-B8CEDC24EAAA\wind.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\ChCfg.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\RtlUpd.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\RtlUpd64.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\SetCDfmt.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\Setup.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\MSHDQFE\Win2K3\us\kb888111srvrtm.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\MSHDQFE\Win2K_XP\us\kb888111w2ksp4.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\MSHDQFE\Win2K_XP\us\kb888111xpsp1.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\MSHDQFE\Win2K_XP\us\kb888111xpsp2.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\WDM\Alcmtr.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\WDM\AlcWzrd.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\WDM\CPLUtl64.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\WDM\MicCal.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\WDM\RTHDCPL.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\WDM\RTLCPL.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\WDM\RtlUpd.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\WDM\RtlUpd64.exe c:\Documents and Settings\famille\Local Settings\Temp\VK35966\WDM\SoundMan.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\java.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\javacpl.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\javaw.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\javaws.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\jucheck.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\jusched.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\keytool.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\kinit.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\klist.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\ktab.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\orbd.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\pack200.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\policytool.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\rmid.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\rmiregistry.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\servertool.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\tnameserv.exe c:\Documents and Settings\famille\Local Settings\Temp\VK52716\bin\unpack200.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\java.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\javacpl.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\java-rmi.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\javaw.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\javaws.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\jucheck.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\jusched.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\keytool.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\kinit.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\klist.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\ktab.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\orbd.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\pack200.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\policytool.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\rmid.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\rmiregistry.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\servertool.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\tnameserv.exe c:\Documents and Settings\famille\Local Settings\Temp\VK54152\bin\unpack200.exe c:\Documents and Settings\Invité\Application Data\Microsoft\Installer\{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}\ARPPRODUCTICON.exe c:\Documents and Settings\Administrateur\Application Data\Microsoft\IdentityCRL\Production\ppcrlconfig.dll c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig.dll c:\Documents and Settings\famille\Application Data\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll ****** Fin du rapport DiagHelp j'ai passé aussi navilog1 je vous remercie à l'avance
-
bonjour et merci d'essayer de me donner la solution pour éliminer les fenetres intempestives type spyware secure et jeux qui apparaissent sans arret voici le log de hitjackis si pouvez m'aider celà sera sympa merci à vous d'avance j'ai essayé plusieurs solutions évoqués dans le forum mais impossible Logfile of HijackThis v1.99.1 Scan saved at 13:53:31, on 10/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\VM_STI.EXE C:\Program Files\Softwin\BitDefender8\bdnagent.exe C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\PROGRA~1\INCRED~1\bin\IMApp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\MSN Messenger\livecall.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://format.packardbell.com/cgi-bin/redi...amp;key=IESTART R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redi...amp;key=IESTART R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\APPS\BAE\BAE.dll O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera O4 - HKLM\..\Run: [bDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe" O4 - HKLM\..\Run: [siteAdvisor] C:\Program Files\SiteAdvisor\4979\SiteAdv.exe O4 - HKLM\..\Run: [WinServ 32] windserv.exe O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by118w.bay118.mail.live.com/mail/re...es/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://securite.neuf.fr/Ols/fscax.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)